[pitboss/grind] deferred session-0011 (20260516T052512Z-20f8)

tests/dynamic_fixtures/python/async/vuln.py.golden_harness.py

@@ -121,6 +121,26 @@ def __nyx_install_crash_guard(sink_callee):
         except (OSError, ValueError):
             pass
 
+# Phase 10 (Track D.3) stub helpers.  When the verifier spawned a SqlStub it
+# publishes the queries-log path through NYX_SQL_LOG; a sink call site that
+# wants the host-side stub to see its query appends one record-per-call.  The
+# helper is a no-op when NYX_SQL_LOG is unset so the same fixture source still
+# runs under harness modes that didn't spawn a stub.
+def __nyx_stub_sql_record(query, **detail):
+    import os
+    p = os.environ.get("NYX_SQL_LOG")
+    if not p:
+        return
+    try:
+        with open(p, "a") as _f:
+            for k, v in detail.items():
+                _f.write('# %s: %s\n' % (str(k), str(v)))
+            _f.write(str(query))
+            if not str(query).endswith('\n'):
+                _f.write('\n')
+    except OSError:
+        pass
+
 
 _NYX_SINK_FILE = "<TMPDIR>/<ENTRY_FILE>"
 _NYX_SINK_LINE = 13

tests/dynamic_fixtures/python/celery/vuln.py.golden_harness.py

@@ -121,6 +121,26 @@ def __nyx_install_crash_guard(sink_callee):
         except (OSError, ValueError):
             pass
 
+# Phase 10 (Track D.3) stub helpers.  When the verifier spawned a SqlStub it
+# publishes the queries-log path through NYX_SQL_LOG; a sink call site that
+# wants the host-side stub to see its query appends one record-per-call.  The
+# helper is a no-op when NYX_SQL_LOG is unset so the same fixture source still
+# runs under harness modes that didn't spawn a stub.
+def __nyx_stub_sql_record(query, **detail):
+    import os
+    p = os.environ.get("NYX_SQL_LOG")
+    if not p:
+        return
+    try:
+        with open(p, "a") as _f:
+            for k, v in detail.items():
+                _f.write('# %s: %s\n' % (str(k), str(v)))
+            _f.write(str(query))
+            if not str(query).endswith('\n'):
+                _f.write('\n')
+    except OSError:
+        pass
+
 
 _NYX_SINK_FILE = "<TMPDIR>/<ENTRY_FILE>"
 _NYX_SINK_LINE = 17

tests/dynamic_fixtures/python/cli/vuln.py.golden_harness.py

@@ -121,6 +121,26 @@ def __nyx_install_crash_guard(sink_callee):
         except (OSError, ValueError):
             pass
 
+# Phase 10 (Track D.3) stub helpers.  When the verifier spawned a SqlStub it
+# publishes the queries-log path through NYX_SQL_LOG; a sink call site that
+# wants the host-side stub to see its query appends one record-per-call.  The
+# helper is a no-op when NYX_SQL_LOG is unset so the same fixture source still
+# runs under harness modes that didn't spawn a stub.
+def __nyx_stub_sql_record(query, **detail):
+    import os
+    p = os.environ.get("NYX_SQL_LOG")
+    if not p:
+        return
+    try:
+        with open(p, "a") as _f:
+            for k, v in detail.items():
+                _f.write('# %s: %s\n' % (str(k), str(v)))
+            _f.write(str(query))
+            if not str(query).endswith('\n'):
+                _f.write('\n')
+    except OSError:
+        pass
+
 
 _NYX_SINK_FILE = "<TMPDIR>/<ENTRY_FILE>"
 _NYX_SINK_LINE = 14

tests/dynamic_fixtures/python/django/vuln.py.golden_harness.py

@@ -121,6 +121,26 @@ def __nyx_install_crash_guard(sink_callee):
         except (OSError, ValueError):
             pass
 
+# Phase 10 (Track D.3) stub helpers.  When the verifier spawned a SqlStub it
+# publishes the queries-log path through NYX_SQL_LOG; a sink call site that
+# wants the host-side stub to see its query appends one record-per-call.  The
+# helper is a no-op when NYX_SQL_LOG is unset so the same fixture source still
+# runs under harness modes that didn't spawn a stub.
+def __nyx_stub_sql_record(query, **detail):
+    import os
+    p = os.environ.get("NYX_SQL_LOG")
+    if not p:
+        return
+    try:
+        with open(p, "a") as _f:
+            for k, v in detail.items():
+                _f.write('# %s: %s\n' % (str(k), str(v)))
+            _f.write(str(query))
+            if not str(query).endswith('\n'):
+                _f.write('\n')
+    except OSError:
+        pass
+
 
 _NYX_SINK_FILE = "<TMPDIR>/<ENTRY_FILE>"
 _NYX_SINK_LINE = 15

tests/dynamic_fixtures/python/fastapi/vuln.py.golden_harness.py

@@ -121,6 +121,26 @@ def __nyx_install_crash_guard(sink_callee):
         except (OSError, ValueError):
             pass
 
+# Phase 10 (Track D.3) stub helpers.  When the verifier spawned a SqlStub it
+# publishes the queries-log path through NYX_SQL_LOG; a sink call site that
+# wants the host-side stub to see its query appends one record-per-call.  The
+# helper is a no-op when NYX_SQL_LOG is unset so the same fixture source still
+# runs under harness modes that didn't spawn a stub.
+def __nyx_stub_sql_record(query, **detail):
+    import os
+    p = os.environ.get("NYX_SQL_LOG")
+    if not p:
+        return
+    try:
+        with open(p, "a") as _f:
+            for k, v in detail.items():
+                _f.write('# %s: %s\n' % (str(k), str(v)))
+            _f.write(str(query))
+            if not str(query).endswith('\n'):
+                _f.write('\n')
+    except OSError:
+        pass
+
 
 _NYX_SINK_FILE = "<TMPDIR>/<ENTRY_FILE>"
 _NYX_SINK_LINE = 16

tests/dynamic_fixtures/python/flask/vuln.py.golden_harness.py

@@ -121,6 +121,26 @@ def __nyx_install_crash_guard(sink_callee):
         except (OSError, ValueError):
             pass
 
+# Phase 10 (Track D.3) stub helpers.  When the verifier spawned a SqlStub it
+# publishes the queries-log path through NYX_SQL_LOG; a sink call site that
+# wants the host-side stub to see its query appends one record-per-call.  The
+# helper is a no-op when NYX_SQL_LOG is unset so the same fixture source still
+# runs under harness modes that didn't spawn a stub.
+def __nyx_stub_sql_record(query, **detail):
+    import os
+    p = os.environ.get("NYX_SQL_LOG")
+    if not p:
+        return
+    try:
+        with open(p, "a") as _f:
+            for k, v in detail.items():
+                _f.write('# %s: %s\n' % (str(k), str(v)))
+            _f.write(str(query))
+            if not str(query).endswith('\n'):
+                _f.write('\n')
+    except OSError:
+        pass
+
 
 _NYX_SINK_FILE = "<TMPDIR>/<ENTRY_FILE>"
 _NYX_SINK_LINE = 18

tests/dynamic_fixtures/python/generic/vuln.py.golden_harness.py

@@ -121,6 +121,26 @@ def __nyx_install_crash_guard(sink_callee):
         except (OSError, ValueError):
             pass
 
+# Phase 10 (Track D.3) stub helpers.  When the verifier spawned a SqlStub it
+# publishes the queries-log path through NYX_SQL_LOG; a sink call site that
+# wants the host-side stub to see its query appends one record-per-call.  The
+# helper is a no-op when NYX_SQL_LOG is unset so the same fixture source still
+# runs under harness modes that didn't spawn a stub.
+def __nyx_stub_sql_record(query, **detail):
+    import os
+    p = os.environ.get("NYX_SQL_LOG")
+    if not p:
+        return
+    try:
+        with open(p, "a") as _f:
+            for k, v in detail.items():
+                _f.write('# %s: %s\n' % (str(k), str(v)))
+            _f.write(str(query))
+            if not str(query).endswith('\n'):
+                _f.write('\n')
+    except OSError:
+        pass
+
 
 _NYX_SINK_FILE = "<TMPDIR>/<ENTRY_FILE>"
 _NYX_SINK_LINE = 12

tests/dynamic_fixtures/python/pytest/vuln.py.golden_harness.py

@@ -121,6 +121,26 @@ def __nyx_install_crash_guard(sink_callee):
         except (OSError, ValueError):
             pass
 
+# Phase 10 (Track D.3) stub helpers.  When the verifier spawned a SqlStub it
+# publishes the queries-log path through NYX_SQL_LOG; a sink call site that
+# wants the host-side stub to see its query appends one record-per-call.  The
+# helper is a no-op when NYX_SQL_LOG is unset so the same fixture source still
+# runs under harness modes that didn't spawn a stub.
+def __nyx_stub_sql_record(query, **detail):
+    import os
+    p = os.environ.get("NYX_SQL_LOG")
+    if not p:
+        return
+    try:
+        with open(p, "a") as _f:
+            for k, v in detail.items():
+                _f.write('# %s: %s\n' % (str(k), str(v)))
+            _f.write(str(query))
+            if not str(query).endswith('\n'):
+                _f.write('\n')
+    except OSError:
+        pass
+
 
 _NYX_SINK_FILE = "<TMPDIR>/<ENTRY_FILE>"
 _NYX_SINK_LINE = 14

tests/dynamic_fixtures/stubs_e2e/python/sql/vuln/main.py

@@ -0,0 +1,39 @@
+"""Phase 10 (Track D.3) stub-end-to-end fixture: Python + SQL.
+
+The verifier publishes:
+
+* ``NYX_SQL_ENDPOINT`` — absolute path of a SQLite DB the SqlStub owns.
+* ``NYX_SQL_LOG``      — companion log path the harness appends executed
+  queries to so the host SqlStub picks them up on ``drain_events()``.
+
+This fixture exercises both: it opens the stub DB with stdlib ``sqlite3``,
+runs a tautology SELECT (``OR 1=1``), and forwards the executed query to
+the stub through the Python shim helper ``__nyx_stub_sql_record``.  The
+companion test in ``tests/stubs_e2e_per_lang.rs`` splices in
+``crate::dynamic::lang::python::probe_shim`` ahead of this source, runs it
+with both env vars set, and asserts the stub captured the tautology.
+"""
+
+import os
+import sqlite3
+
+
+def main():
+    db_path = os.environ.get("NYX_SQL_ENDPOINT")
+    if not db_path:
+        return
+    query = "SELECT 1 WHERE 'a' = 'a' OR 1=1 --"
+    conn = sqlite3.connect(db_path)
+    try:
+        rows = conn.execute(query).fetchall()
+        for row in rows:
+            print(row[0])
+    finally:
+        conn.close()
+    # Record the executed query through the probe shim so the host
+    # SqlStub captures it on the next drain_events() call.
+    __nyx_stub_sql_record(query, driver="sqlite3")
+
+
+if __name__ == "__main__":
+    main()