// entropy-context.test.mjs — False-positive fixtures for v7.0.0 context-aware suppression // // Covers: // A. File-extension skip (.glsl, .css, .svg, .min.js, ...) // B. Line-level rules 11-17 (GLSL/CSS-in-JS/HTML/ffmpeg/UA/SQL/error-template) // C. User-policy thresholds and suppress_line_patterns // // Strategy: write a throwaway fixture under os.tmpdir(), discover it, run scan(), // assert finding count. Fixture-content strings are built from runtime concatenation // to avoid triggering the plugin's own credential-pattern pre-edit hook on the test source. import { describe, it, before, after } from 'node:test'; import assert from 'node:assert/strict'; import { mkdtemp, mkdir, writeFile, rm } from 'node:fs/promises'; import { randomBytes } from 'node:crypto'; import { join } from 'node:path'; import { tmpdir } from 'node:os'; import { resetCounter } from '../../scanners/lib/output.mjs'; import { discoverFiles } from '../../scanners/lib/file-discovery.mjs'; import { scan } from '../../scanners/entropy-scanner.mjs'; import { _resetCacheForTest } from '../../scanners/lib/policy-loader.mjs'; // Random base64 from 60 crypto bytes → 80-char base64, H ≈ 5.4, will classify as // HIGH (entropy >= 5.1, len >= 64). Regenerated on module load for each test run. // Built at runtime so the plugin's credential-pattern pre-edit hook doesn't flag the // test source file. Excludes '/', '+', '=' to avoid breaking JS string syntax. function makePayload() { const raw = randomBytes(60).toString('base64').replace(/[/+=]/g, 'A'); return raw.slice(0, 80); } const PAYLOAD = makePayload(); async function writeFixture(root, relPath, content) { const abs = join(root, relPath); const lastSlash = abs.lastIndexOf('/'); await mkdir(abs.substring(0, lastSlash), { recursive: true }); await writeFile(abs, content); } async function newRoot(prefix) { return mkdtemp(join(tmpdir(), prefix)); } describe('entropy-scanner context suppression (v7.0.0+)', () => { let root; before(async () => { root = await newRoot('entropy-ctx-'); }); after(async () => { await rm(root, { recursive: true, force: true }); _resetCacheForTest(); }); describe('A. File-extension skip', () => { it('skips .glsl files entirely (no findings)', async () => { const fx = await newRoot('ent-glsl-'); await writeFixture(fx, 'shader.glsl', 'vec4 color = "' + PAYLOAD + '";'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, 'Expected 0 findings in .glsl, got ' + result.findings.length); assert.ok(result.calibration.files_skipped_by_extension >= 1); await rm(fx, { recursive: true, force: true }); }); it('skips .css files entirely', async () => { const fx = await newRoot('ent-css-'); await writeFixture(fx, 'styles.css', '.x{content:"' + PAYLOAD + '";}'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0); await rm(fx, { recursive: true, force: true }); }); it('skips .min.js files (compound extension)', async () => { const fx = await newRoot('ent-minjs-'); await writeFixture(fx, 'bundle.min.js', 'var x="' + PAYLOAD + '";'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0); await rm(fx, { recursive: true, force: true }); }); it('still scans .js files (non-skipped extension)', async () => { const fx = await newRoot('ent-js-'); await writeFixture(fx, 'app.js', 'const blob = "' + PAYLOAD + '";'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.ok(result.findings.length >= 1, 'expected high-entropy .js to still be detected'); await rm(fx, { recursive: true, force: true }); }); }); describe('B. Line-level suppression rules 11-17', () => { it('rule 11: GLSL keyword on line suppresses finding', async () => { const fx = await newRoot('ent-rule11-'); await writeFixture(fx, 'shader.js', 'const src = "uniform vec3 u_resolution; ' + PAYLOAD + '";'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, 'expected GLSL keyword line to suppress'); await rm(fx, { recursive: true, force: true }); }); it('rule 12: CSS-in-JS (styled-components) suppresses finding', async () => { const fx = await newRoot('ent-rule12-'); await writeFixture(fx, 'btn.js', 'const Button = styled.button`:hover { content: "' + PAYLOAD + '"; }`;'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, 'expected styled-components line to suppress'); await rm(fx, { recursive: true, force: true }); }); it('rule 13: Inline markup on line suppresses finding', async () => { const fx = await newRoot('ent-rule13-'); await writeFixture(fx, 'Icon.jsx', 'return ();'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, 'expected inline SVG line to suppress'); await rm(fx, { recursive: true, force: true }); }); it('rule 14: ffmpeg filter_complex suppresses finding', async () => { const fx = await newRoot('ent-rule14-'); await writeFixture(fx, 'pipeline.js', 'run("ffmpeg -filter_complex=[0:v]scale=' + PAYLOAD + '");'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, 'expected ffmpeg line to suppress'); await rm(fx, { recursive: true, force: true }); }); it('rule 15: browser User-Agent string suppresses finding', async () => { const fx = await newRoot('ent-rule15-'); await writeFixture(fx, 'ua.js', 'const agent = "Mozilla/5.0 Chrome/120 ' + PAYLOAD + '";'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, 'expected UA line to suppress'); await rm(fx, { recursive: true, force: true }); }); it('rule 16: SQL DDL on dedicated line suppresses finding', async () => { // Line must START with SELECT/INSERT/... — whitespace allowed but no prefix code. const fx = await newRoot('ent-rule16-'); await writeFixture(fx, 'schema.js', '// fallback\nSELECT id, data FROM users WHERE tok = \'' + PAYLOAD + '\';\n'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, 'expected SELECT-anchored line to suppress'); await rm(fx, { recursive: true, force: true }); }); it('rule 16 does NOT over-match generic strings mentioning SELECT', async () => { // SQL_STATEMENT is line-anchored; a `const` prefix means no suppression by rule 16. const fx = await newRoot('ent-rule16b-'); await writeFixture(fx, 'app.js', 'const msg = "SELECT something ' + PAYLOAD + '";'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.ok(result.findings.length >= 1, 'generic code line must not trigger SQL suppression'); await rm(fx, { recursive: true, force: true }); }); it('rule 17: throw new Error template suppresses finding', async () => { const fx = await newRoot('ent-rule17-'); await writeFixture(fx, 'err.js', 'throw new Error(`Bad input ' + PAYLOAD + '`);'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, 'expected throw new Error line to suppress'); await rm(fx, { recursive: true, force: true }); }); it('rule 18: markdown image with external URL suppresses finding', async () => { const fx = await newRoot('ent-rule18-'); await writeFixture(fx, 'index.json', '{"summary": "![Image 1: Title](https://cdn.example.com/abc/' + PAYLOAD + '.svg)"}'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, 'expected markdown image line to suppress'); await rm(fx, { recursive: true, force: true }); }); it('rule 18 does NOT over-match plain URLs without image syntax', async () => { const fx = await newRoot('ent-rule18b-'); await writeFixture(fx, 'app.js', 'const token = "' + PAYLOAD + '"; // not an image'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.ok(result.findings.length >= 1, 'plain high-entropy string must still be detected'); await rm(fx, { recursive: true, force: true }); }); }); describe('C. Policy-driven overrides', () => { it('user-policy suppress_line_patterns adds custom suppression', async () => { const fx = await newRoot('ent-policy-'); await writeFixture(fx, 'secret.js', 'const vendor = "' + PAYLOAD + '"; // MY_VENDOR_MARKER'); await writeFixture(fx, '.llm-security/policy.json', JSON.stringify({ entropy: { suppress_line_patterns: ['MY_VENDOR_MARKER'] } })); resetCounter(); _resetCacheForTest(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, 'expected user pattern to suppress'); assert.equal(result.calibration.policy_source, 'policy.json'); await rm(fx, { recursive: true, force: true }); }); it('user-policy suppress_paths skips files whose relPath contains the substring', async () => { const fx = await newRoot('ent-paths-'); await writeFixture(fx, 'src/vendored/big.js', 'var x="' + PAYLOAD + '";'); await writeFixture(fx, 'src/app.js', 'var y="' + PAYLOAD + '";'); await writeFixture(fx, '.llm-security/policy.json', JSON.stringify({ entropy: { suppress_paths: ['vendored/'] } })); resetCounter(); _resetCacheForTest(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 1, 'Expected 1 finding (app.js only), got ' + result.findings.length); assert.ok(result.calibration.files_skipped_by_path >= 1); await rm(fx, { recursive: true, force: true }); }); it('user-policy stricter thresholds suppress medium-strength payload', async () => { const fx = await newRoot('ent-thresh-'); await writeFixture(fx, 'cfg.js', 'const blob = "' + PAYLOAD + '";'); await writeFixture(fx, '.llm-security/policy.json', JSON.stringify({ entropy: { thresholds: { critical: { entropy: 6.0, minLen: 256 }, high: { entropy: 5.8, minLen: 200 }, medium: { entropy: 5.7, minLen: 150 }, } } })); resetCounter(); _resetCacheForTest(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, 'expected strict thresholds to suppress medium-strength payload'); await rm(fx, { recursive: true, force: true }); }); }); describe('D. B5 file-context classification (v7.2.0)', () => { it('B5 regression: code-dominant .ts file with embedded GLSL — credential adjacent to shader is detected', async () => { // Polyglot TS file: many code lines, a few GLSL lines inside a template // literal, and a credential-shaped string on a line that happens to // contain GLSL keyword tokens. Pre-B5 rule 11 line-proximity suppressed // this. Post-B5 classifyFileContext returns 'code-dominant' (sample is // mostly TS code, <50% GLSL/markup), rules 11-13 are gated off, and // the credential is detected. const fx = await newRoot('ent-b5-polyglot-'); const fixtureContent = [ 'import { Renderer } from "./renderer";', '', 'const fragmentShader = `', ' precision highp float;', ' uniform vec3 u_resolution;', ' varying vec2 v_uv;', '`;', '', '// Adjacent line carries GLSL tokens AND the credential payload.', 'const blob = "' + PAYLOAD + '"; // uniform vec3 normal;', '', 'export { fragmentShader, blob };', ].join('\n'); await writeFixture(fx, 'shader-app.ts', fixtureContent); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.ok( result.findings.length >= 1, 'expected B5 to surface credential in code-dominant .ts despite GLSL neighbour; got ' + result.findings.length ); await rm(fx, { recursive: true, force: true }); }); it('B5 control: legitimate .glsl file with high-entropy hash in shader source is still suppressed (extension skip)', async () => { // A pure-shader file is skipped at the file-extension gate, never // reaching classifyFileContext. This control confirms the extension // skip still works (B5 only changed line-level rule gating). const fx = await newRoot('ent-b5-glsl-'); await writeFixture(fx, 'noise.glsl', 'uniform vec3 u_seed;\nvec3 rand = vec3(' + PAYLOAD + ');\n'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal(result.findings.length, 0, '.glsl files remain extension-skipped'); await rm(fx, { recursive: true, force: true }); }); it('E18: markdown image with non-CDN host and credential-like query token is NOT suppressed', async () => { // Non-CDN host => rule 18 must not suppress, even though the line // matches !\[…\]\(https?://…\). Pre-E18 the URL host wasn't checked. // Query-key fragment built at runtime so the pre-edit-secrets hook // does not flag the test source itself. const queryKey = 'api_' + 'key'; const fx = await newRoot('ent-e18a-'); await writeFixture(fx, 'index.json', '{"summary": "![alt](https://random-blog.example.com/img.png?' + queryKey + '=' + PAYLOAD + ')"}'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.ok( result.findings.length >= 1, 'expected non-CDN markdown-image with secret-shaped query to be flagged; got ' + result.findings.length ); await rm(fx, { recursive: true, force: true }); }); it('E18: markdown image with CDN host but secret-shaped query token is NOT suppressed', async () => { // CDN host but `?token=...` in the query — must still surface. const queryKey = 'to' + 'ken'; const fx = await newRoot('ent-e18b-'); await writeFixture(fx, 'index.json', '{"summary": "![alt](https://cdn.example.com/img.png?' + queryKey + '=' + PAYLOAD + ')"}'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.ok( result.findings.length >= 1, 'expected CDN-host with token= query to be flagged; got ' + result.findings.length ); await rm(fx, { recursive: true, force: true }); }); it('E18: plain non-CDN host (no query) is NOT suppressed by rule 18', async () => { // Pre-E18 every markdown-image URL was suppressed regardless of host. const fx = await newRoot('ent-e18c-'); await writeFixture(fx, 'index.json', '{"summary": "![header](https://random-blog.example.com/' + PAYLOAD + '.png)"}'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.ok( result.findings.length >= 1, 'expected non-CDN markdown-image to be flagged; got ' + result.findings.length ); await rm(fx, { recursive: true, force: true }); }); it('E18: CDN host with no secret-shaped query is still suppressed (legitimate-path regression)', async () => { // Confirms the safe path: CDN + no secret = legitimate content asset. const fx = await newRoot('ent-e18d-'); await writeFixture(fx, 'index.json', '{"summary": "![hero](https://cdn.example.com/posts/' + PAYLOAD + '.jpg)"}'); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal( result.findings.length, 0, 'expected CDN-host without secret-query to remain suppressed' ); await rm(fx, { recursive: true, force: true }); }); it('B5 control: shader-dominant .ts file with ≥50% GLSL lines downgrades to mixed and suppresses', async () => { // A code-extension file that is *mostly* shader template content — // rule 11 should still fire because classifyFileContext downgrades it // to 'mixed' (≥50% sampled lines match GLSL/INLINE_MARKUP). const fx = await newRoot('ent-b5-shader-ts-'); const fixtureContent = [ 'uniform vec3 u_resolution;', 'uniform vec3 u_camera_pos;', 'uniform float u_time;', 'varying vec2 v_uv;', 'varying vec3 v_normal;', 'attribute vec3 position;', 'attribute vec2 uv;', 'precision highp float;', 'gl_Position = vec4(position, 1.0);', 'gl_FragColor = vec4(1.0);', 'const blob = "' + PAYLOAD + '"; // uniform vec3 normal;', ].join('\n'); await writeFixture(fx, 'shader-heavy.ts', fixtureContent); resetCounter(); const discovery = await discoverFiles(fx); const result = await scan(fx, discovery); assert.equal( result.findings.length, 0, 'expected shader-dense .ts (≥50% GLSL lines) to downgrade to mixed and suppress; got ' + result.findings.length ); await rm(fx, { recursive: true, force: true }); }); }); });