[pitboss] phase 21: Track M.3 — ScheduledJob + GraphQLResolver + WebSocket + Middleware + Migration

tests/dynamic_fixtures/migration/laravel/benign.php

@@ -0,0 +1,13 @@
+<?php
+// Phase 21 — Laravel migration benign control.
+// use Illuminate\\Database\\Migrations\\Migration;
+
+class AddUsers {
+    public function up() {
+        $col = getenv('NYX_PAYLOAD') ?: 'email';
+        $safe = preg_replace('/[^A-Za-z0-9_]/', '_', $col);
+        $stmt = "ALTER TABLE users ADD COLUMN " . $safe . " TEXT";
+        echo "LARAVEL_SQL: " . $stmt . "\n";
+        return $stmt;
+    }
+}

tests/dynamic_fixtures/migration/laravel/vuln.php

@@ -0,0 +1,25 @@
+<?php
+// Phase 21 (Track M.3) — Laravel migration vuln fixture.
+//
+// `AddUsers::up()` invokes `Schema::table` via a class-static
+// fallthrough but splices a tainted column name into a raw
+// `DB::statement` call.
+
+// use Illuminate\\Database\\Migrations\\Migration;
+// use Illuminate\\Database\\Schema;
+
+class AddUsers {
+    public function up() {
+        $col = getenv('NYX_PAYLOAD') ?: 'email';
+        // SINK: tainted column name concatenated into raw DDL.
+        $stmt = "ALTER TABLE users ADD COLUMN " . $col . " TEXT";
+        DBStatementWrapper::statement($stmt);
+        return $stmt;
+    }
+}
+
+class DBStatementWrapper {
+    public static function statement($sql) {
+        echo "LARAVEL_SQL: " . $sql . "\n";
+    }
+}