//! Java `Cap::XXE` payloads — `DocumentBuilderFactory` / `SAXParser`. //! //! Vuln payload: an XML document declaring an external entity that //! the harness's instrumented `DocumentBuilder.parse` resolves and //! substitutes inside `` — the parser writes a //! `ProbeKind::Xxe { entity_expanded: true }` record once it sees the //! entity body materialise. //! //! Benign control: a well-formed XML document with no doctype //! declaration so the parser has no entity to resolve. The harness's //! instrumented parser writes `entity_expanded: false`, the oracle //! does not fire, and the differential rule (§4.1) stays clean. use super::super::{CuratedPayload, Oracle, PayloadProvenance, PayloadRef}; use crate::dynamic::oracle::ProbePredicate; pub const PAYLOADS: &[CuratedPayload] = &[ CuratedPayload { bytes: br#" ]> &xxe;"#, label: "xxe-java-doctype-entity", oracle: Oracle::SinkProbe { predicates: &[ProbePredicate::XxeEntityExpanded { require_expanded: true, }], }, is_benign: false, provenance: PayloadProvenance::Curated, since_corpus_version: 9, deprecated_at_corpus_version: None, fixture_paths: &[ "tests/dynamic_fixtures/xxe/java/Vuln.java", ], oob_nonce_slot: false, probe_predicates: &[ProbePredicate::XxeEntityExpanded { require_expanded: true, }], benign_control: Some(PayloadRef { label: "xxe-java-benign", }), no_benign_control_rationale: None, }, CuratedPayload { bytes: br#" hello"#, label: "xxe-java-benign", oracle: Oracle::SinkProbe { predicates: &[ProbePredicate::XxeEntityExpanded { require_expanded: true, }], }, is_benign: true, provenance: PayloadProvenance::Curated, since_corpus_version: 9, deprecated_at_corpus_version: None, fixture_paths: &[ "tests/dynamic_fixtures/xxe/java/Benign.java", ], oob_nonce_slot: false, probe_predicates: &[], benign_control: None, no_benign_control_rationale: None, }, ];