pdftract/notes/bf-3f8ua.md
jedarden 34c6a3719d feat(bf-2ypn2): add Phase 7 profiles exit gate fixtures
Create test fixture directories and integration tests for Phase 7 profile
validation exit gate:

Invalid profiles (tests/fixtures/profiles/invalid/):
- unknown-key.yaml: unrecognized extraction tuning key
- bad-combinator.yaml: malformed match combinators (scalar not list)
- secret-key.yaml: forbidden api_key (PROFILE_SECRETS_FORBIDDEN)
- malformed.yaml: unclosed bracket (YAML syntax error)

Valid profiles (tests/fixtures/profiles/valid/):
- minimal.yaml: smallest valid profile (name, description, priority only)
- invoice-minimal.yaml: simplified invoice with match and extraction

Resolution fixtures (tests/fixtures/profiles/resolution/):
- custom-invoice.yaml: priority 100 overrides built-in (priority 50)
- README.md: documents resolution priority order

Integration tests (tests/integration/advanced/profiles.rs):
- test_invalid_profiles_rejected: validates all 4 invalid profiles fail
- test_valid_profiles_accepted: validates all 2 valid profiles pass
- test_profile_resolution_order: tests --profile-dir override behavior
- test_invalid_fixture_error_types: validates specific error messages

Acceptance criteria:
✓ pdftract profiles validate rejects all 4 invalid files
✓ pdftract profiles validate accepts all 2 valid files
✓ Profile resolution order test passes

Closes bf-2ypn2
2026-07-04 23:56:32 -04:00

56 lines
2.1 KiB
Markdown

# bf-3f8ua: TH-04 JavaScript Detection Fixture
## Summary
Verified that `tests/fixtures/security/embedded-js.pdf` exists and the TH-04 security test suite passes.
## What Was Done
### Fixture Verification
- Confirmed `tests/fixtures/security/embedded-js.pdf` exists (1.1K)
- Regenerated fixture using `tests/fixtures/security/generate_embedded_js.py`
- Fixture contains 3 JavaScript actions:
1. Catalog /OpenAction: `app.alert("pwn")`
2. Page 0 /AA /O: `app.alert('page_open')`
3. Page 1 annotation /A: `app.alert('annot_action')`
### Test Results
All 4 tests in `crates/pdftract-core/tests/TH-04-js-presence.rs` pass:
1.`test_javascript_detection` - Verifies:
- Extraction succeeds (exit 0)
- Exactly 3 JavaScript actions detected
- Each action has correct location (catalog.openaction, page.0.aa.o, page.1.annot.0.a)
- Each action has code excerpt truncated to 200 chars
- JAVASCRIPT_PRESENT diagnostic emitted
2.`test_json_output_includes_javascript_actions` - Verifies JSON output includes javascript_actions array
3.`test_no_javascript` - Negative test: PDF without JavaScript has empty javascript_actions array
4.`test_no_js_engine_in_deps` - Ensures no JS engine (boa, deno_core, v8, quickjs) in dependencies
### Command Output
```bash
cd /home/coding/pdftract/crates/pdftract-core && cargo test --test TH-04-js-presence --no-fail-fast -- --nocapture
running 4 tests
test test_javascript_detection ... ok
test integration_tests::test_json_output_includes_javascript_actions ... ok
test test_no_javascript ... ok
test test_no_js_engine_in_deps ... ok
test result: ok. 4 passed; 0 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.00s
```
## Acceptance Criteria Status
-`tests/fixtures/security/embedded-js.pdf` exists with embedded JS
- ✅ TH-04 security test passes (all 4 tests)
- ✅ No JS execution occurs during extraction (verified by test_javascript_detection)
## References
- TH-04 Threat Model (plan lines 893)
- Test file: `crates/pdftract-core/tests/TH-04-js-presence.rs`
- Fixture: `tests/fixtures/security/embedded-js.pdf`
- Generator: `tests/fixtures/security/generate_embedded_js.py`