Commit graph

5 commits

Author SHA1 Message Date
jedarden
bbbb7640d4 chore(bf-xqib3): remove obsolete generators and compiled artifacts from tests/fixtures/
Remove 5 DELETE-category generator files identified in bf-1iefu:
- tests/fixtures/scanned/generate_scanned_fixtures.rs (Rust stub, use Python version)
- tests/fixtures/security/generate_sensitive_fixture.py (duplicate, Rust version preferred)
- tests/fixtures/encoding/generate_unmapped_glyphs.rs (superseded by Python version)
- tests/fixtures/malformed/gen-bomb-10k-2g.sh (superseded by Python version)
- tests/fixtures/forms/generate_form_fixtures.d (orphaned Makefile dependency)

Verification: No compiled object files (.o, .so, .a, .dylib, .dll) or executable binaries found. The .bin files in fixtures root are test data files, not compiled artifacts.
2026-07-05 20:14:39 -04:00
jedarden
34c6a3719d feat(bf-2ypn2): add Phase 7 profiles exit gate fixtures
Create test fixture directories and integration tests for Phase 7 profile
validation exit gate:

Invalid profiles (tests/fixtures/profiles/invalid/):
- unknown-key.yaml: unrecognized extraction tuning key
- bad-combinator.yaml: malformed match combinators (scalar not list)
- secret-key.yaml: forbidden api_key (PROFILE_SECRETS_FORBIDDEN)
- malformed.yaml: unclosed bracket (YAML syntax error)

Valid profiles (tests/fixtures/profiles/valid/):
- minimal.yaml: smallest valid profile (name, description, priority only)
- invoice-minimal.yaml: simplified invoice with match and extraction

Resolution fixtures (tests/fixtures/profiles/resolution/):
- custom-invoice.yaml: priority 100 overrides built-in (priority 50)
- README.md: documents resolution priority order

Integration tests (tests/integration/advanced/profiles.rs):
- test_invalid_profiles_rejected: validates all 4 invalid profiles fail
- test_valid_profiles_accepted: validates all 2 valid profiles pass
- test_profile_resolution_order: tests --profile-dir override behavior
- test_invalid_fixture_error_types: validates specific error messages

Acceptance criteria:
✓ pdftract profiles validate rejects all 4 invalid files
✓ pdftract profiles validate accepts all 2 valid files
✓ Profile resolution order test passes

Closes bf-2ypn2
2026-07-04 23:56:32 -04:00
jedarden
38d1deb57c wip: intermediate state from previous work 2026-05-29 08:25:23 -04:00
jedarden
ef4da654ce feat(pdftract-3b1mk): implement TH-09 inspector XSS test with CSP headers
This commit implements the TH-09 XSS mitigation for the inspector mode:

1. **CSP Middleware** (`crates/pdftract-cli/src/middleware/csp.rs`)
   - Adds Content-Security-Policy header to all inspector responses
   - Policy: `default-src 'self'; script-src 'self'` per TH-09
   - Defense-in-depth for XSS prevention (primary defense is SVG rendering)

2. **Inspector Integration**
   - Updated `create_router_with_audit()` to apply CSP middleware
   - CSP headers now present on index page and all API endpoints

3. **XSS Payload Fixture** (`tests/fixtures/security/xss-payload.pdf`)
   - Minimal PDF containing four XSS payload variants:
     - `<script>alert(1)</script>`
     - `<img src=x onerror="alert(2)">`
     - `javascript:alert(3)`
     - `<iframe src="javascript:alert(4)">`
   - Provenance documented in `xss-payload.provenance.md`

4. **TH-09 Test Suite** (`crates/pdftract-cli/tests/TH-09-inspector-xss.rs`)
   - `test_csp_header_on_index()`: Verifies CSP on index page
   - `test_csp_header_on_api_endpoints()`: Verifies CSP on API endpoints
   - `test_inspector_renders_svg()`: Verifies SVG rendering (not innerHTML)
   - `test_inspector_handles_normal_content()`: Negative test for normal PDFs
   - `test_headless_browser_no_script_execution()`: Chrome test (gated on chrome-test feature)

5. **Dependencies**
   - Added `chromiumoxide` dependency (optional, dev-only)
   - Added `chrome-test` feature flag for headless browser tests

6. **Provenance Entry**
   - Added xss-payload.pdf to tests/fixtures/profiles/PROVENANCE.md

**Acceptance Criteria Status:**
-  CSP header assertion passes (no headless browser required)
-  Fixture committed with XSS payloads
-  Test file exists
-  Provenance documented in PROVENANCE.md
-  Headless-browser test gated on chrome-test feature (requires Chrome)
-  Full SVG rendering verification pending Phase 7.9.3

**Note:** The CLI library has pre-existing compilation errors in grep/worker.rs
unrelated to this change. The CSP middleware and inspector integration compile
cleanly.

Closes: pdftract-3b1mk
2026-05-26 20:38:21 -04:00
jedarden
a3d9ce19e6 test(pdftract-43jxa): implement TH-07 ps leak security test
Implement TH-07 security test validating that PDF password ingress
channels properly prevent password disclosure via process arg list.

Test cases:
- --password VALUE rejected with exit 64 without opt-in
- --password VALUE with PDFTRACT_INSECURE_CLI_PASSWORD=1 proceeds with warning
- --password-stdin works correctly
- PDFTRACT_PASSWORD env var works correctly
- Password leaks in /proc/<pid>/cmdline under opt-in (proving the vulnerability)
- Password does NOT leak with --password-stdin or env var

Closes: pdftract-43jxa
2026-05-25 00:45:57 -04:00