Create test fixture directories and integration tests for Phase 7 profile validation exit gate: Invalid profiles (tests/fixtures/profiles/invalid/): - unknown-key.yaml: unrecognized extraction tuning key - bad-combinator.yaml: malformed match combinators (scalar not list) - secret-key.yaml: forbidden api_key (PROFILE_SECRETS_FORBIDDEN) - malformed.yaml: unclosed bracket (YAML syntax error) Valid profiles (tests/fixtures/profiles/valid/): - minimal.yaml: smallest valid profile (name, description, priority only) - invoice-minimal.yaml: simplified invoice with match and extraction Resolution fixtures (tests/fixtures/profiles/resolution/): - custom-invoice.yaml: priority 100 overrides built-in (priority 50) - README.md: documents resolution priority order Integration tests (tests/integration/advanced/profiles.rs): - test_invalid_profiles_rejected: validates all 4 invalid profiles fail - test_valid_profiles_accepted: validates all 2 valid profiles pass - test_profile_resolution_order: tests --profile-dir override behavior - test_invalid_fixture_error_types: validates specific error messages Acceptance criteria: ✓ pdftract profiles validate rejects all 4 invalid files ✓ pdftract profiles validate accepts all 2 valid files ✓ Profile resolution order test passes Closes bf-2ypn2
56 lines
2.1 KiB
Markdown
56 lines
2.1 KiB
Markdown
# bf-3f8ua: TH-04 JavaScript Detection Fixture
|
|
|
|
## Summary
|
|
|
|
Verified that `tests/fixtures/security/embedded-js.pdf` exists and the TH-04 security test suite passes.
|
|
|
|
## What Was Done
|
|
|
|
### Fixture Verification
|
|
- Confirmed `tests/fixtures/security/embedded-js.pdf` exists (1.1K)
|
|
- Regenerated fixture using `tests/fixtures/security/generate_embedded_js.py`
|
|
- Fixture contains 3 JavaScript actions:
|
|
1. Catalog /OpenAction: `app.alert("pwn")`
|
|
2. Page 0 /AA /O: `app.alert('page_open')`
|
|
3. Page 1 annotation /A: `app.alert('annot_action')`
|
|
|
|
### Test Results
|
|
All 4 tests in `crates/pdftract-core/tests/TH-04-js-presence.rs` pass:
|
|
|
|
1. ✅ `test_javascript_detection` - Verifies:
|
|
- Extraction succeeds (exit 0)
|
|
- Exactly 3 JavaScript actions detected
|
|
- Each action has correct location (catalog.openaction, page.0.aa.o, page.1.annot.0.a)
|
|
- Each action has code excerpt truncated to 200 chars
|
|
- JAVASCRIPT_PRESENT diagnostic emitted
|
|
|
|
2. ✅ `test_json_output_includes_javascript_actions` - Verifies JSON output includes javascript_actions array
|
|
|
|
3. ✅ `test_no_javascript` - Negative test: PDF without JavaScript has empty javascript_actions array
|
|
|
|
4. ✅ `test_no_js_engine_in_deps` - Ensures no JS engine (boa, deno_core, v8, quickjs) in dependencies
|
|
|
|
### Command Output
|
|
```bash
|
|
cd /home/coding/pdftract/crates/pdftract-core && cargo test --test TH-04-js-presence --no-fail-fast -- --nocapture
|
|
|
|
running 4 tests
|
|
test test_javascript_detection ... ok
|
|
test integration_tests::test_json_output_includes_javascript_actions ... ok
|
|
test test_no_javascript ... ok
|
|
test test_no_js_engine_in_deps ... ok
|
|
|
|
test result: ok. 4 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
|
|
```
|
|
|
|
## Acceptance Criteria Status
|
|
|
|
- ✅ `tests/fixtures/security/embedded-js.pdf` exists with embedded JS
|
|
- ✅ TH-04 security test passes (all 4 tests)
|
|
- ✅ No JS execution occurs during extraction (verified by test_javascript_detection)
|
|
|
|
## References
|
|
- TH-04 Threat Model (plan lines 893)
|
|
- Test file: `crates/pdftract-core/tests/TH-04-js-presence.rs`
|
|
- Fixture: `tests/fixtures/security/embedded-js.pdf`
|
|
- Generator: `tests/fixtures/security/generate_embedded_js.py`
|