open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/llm-security/tests/scanners/entropy-context.test.mjs
Kjell Tore Guttormsen 765bc74f52 feat(llm-security): v7.0.0 commit 7 — rule 18 (markdown image URL suppression) 
E2E verification against content-heavy repo (`content-claude-code`) revealed
413 entropy findings (8 HIGH / 405 MEDIUM) from markdown image CDN URLs in
JSON content indexes — e.g., `![Image 1: Title](https://www-cdn.anthropic.com/images/.../cf1dd2167fcf12f5882333ddc58a5bc1f0026952.svg)`.
These are legitimate content-repo artifacts, not credentials. The 40-char
hash segment in the CDN URL trips Shannon entropy (H=5.29 over 300 chars),
and rule 13 (inline <svg>) doesn't match since there's no literal `<svg>`
tag — the `.svg` is just a URL path suffix.

Added rule 18 `MARKDOWN_IMAGE = /!\[[^\]]*\]\(\s*https?:\/\//` — matches
`![alt](http…)` / `![alt](https…)`. Line-level (not string-level) so URL
is not over-specific.

E2E impact on `content-claude-code`:
- Before: BLOCK / 65 / 8H 437M 0L
- After:  WARNING / 56 / 3H 427M 0L

Hyperframes unchanged: BLOCK / 80 / 1C 4H 92M — real CRITICAL SQL-injection
and HIGH findings still detected.

Tests: 2 new (positive + negative fixture) bringing entropy-context to 26,
total suite 1485 → 1487.

Docs updated to "rules 11-18" and "8 new line-suppression rules".

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-19 22:37:39 +02:00

265 lines
12 KiB
JavaScript
Raw Blame History

// entropy-context.test.mjs — False-positive fixtures for v7.0.0 context-aware suppression
//
// Covers:
// A. File-extension skip (.glsl, .css, .svg, .min.js, ...)
// B. Line-level rules 11-17 (GLSL/CSS-in-JS/HTML/ffmpeg/UA/SQL/error-template)
// C. User-policy thresholds and suppress_line_patterns
//
// Strategy: write a throwaway fixture under os.tmpdir(), discover it, run scan(),
// assert finding count. Fixture-content strings are built from runtime concatenation
// to avoid triggering the plugin's own credential-pattern pre-edit hook on the test source.
import { describe, it, before, after } from 'node:test';
import assert from 'node:assert/strict';
import { mkdtemp, mkdir, writeFile, rm } from 'node:fs/promises';
import { randomBytes } from 'node:crypto';
import { join } from 'node:path';
import { tmpdir } from 'node:os';
import { resetCounter } from '../../scanners/lib/output.mjs';
import { discoverFiles } from '../../scanners/lib/file-discovery.mjs';
import { scan } from '../../scanners/entropy-scanner.mjs';
import { _resetCacheForTest } from '../../scanners/lib/policy-loader.mjs';
// Random base64 from 60 crypto bytes → 80-char base64, H ≈ 5.4, will classify as
// HIGH (entropy >= 5.1, len >= 64). Regenerated on module load for each test run.
// Built at runtime so the plugin's credential-pattern pre-edit hook doesn't flag the
// test source file. Excludes '/', '+', '=' to avoid breaking JS string syntax.
function makePayload() {
const raw = randomBytes(60).toString('base64').replace(/[/+=]/g, 'A');
return raw.slice(0, 80);
}
const PAYLOAD = makePayload();
async function writeFixture(root, relPath, content) {
const abs = join(root, relPath);
const lastSlash = abs.lastIndexOf('/');
await mkdir(abs.substring(0, lastSlash), { recursive: true });
await writeFile(abs, content);
}
async function newRoot(prefix) {
return mkdtemp(join(tmpdir(), prefix));
}
describe('entropy-scanner context suppression (v7.0.0+)', () => {
let root;
before(async () => {
root = await newRoot('entropy-ctx-');
});
after(async () => {
await rm(root, { recursive: true, force: true });
_resetCacheForTest();
});
describe('A. File-extension skip', () => {
it('skips .glsl files entirely (no findings)', async () => {
const fx = await newRoot('ent-glsl-');
await writeFixture(fx, 'shader.glsl', 'vec4 color = "' + PAYLOAD + '";');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0, 'Expected 0 findings in .glsl, got ' + result.findings.length);
assert.ok(result.calibration.files_skipped_by_extension >= 1);
await rm(fx, { recursive: true, force: true });
});
it('skips .css files entirely', async () => {
const fx = await newRoot('ent-css-');
await writeFixture(fx, 'styles.css', '.x{content:"' + PAYLOAD + '";}');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0);
await rm(fx, { recursive: true, force: true });
});
it('skips .min.js files (compound extension)', async () => {
const fx = await newRoot('ent-minjs-');
await writeFixture(fx, 'bundle.min.js', 'var x="' + PAYLOAD + '";');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0);
await rm(fx, { recursive: true, force: true });
});
it('still scans .js files (non-skipped extension)', async () => {
const fx = await newRoot('ent-js-');
await writeFixture(fx, 'app.js', 'const blob = "' + PAYLOAD + '";');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.ok(result.findings.length >= 1, 'expected high-entropy .js to still be detected');
await rm(fx, { recursive: true, force: true });
});
});
describe('B. Line-level suppression rules 11-17', () => {
it('rule 11: GLSL keyword on line suppresses finding', async () => {
const fx = await newRoot('ent-rule11-');
await writeFixture(fx, 'shader.js',
'const src = "uniform vec3 u_resolution; ' + PAYLOAD + '";');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0, 'expected GLSL keyword line to suppress');
await rm(fx, { recursive: true, force: true });
});
it('rule 12: CSS-in-JS (styled-components) suppresses finding', async () => {
const fx = await newRoot('ent-rule12-');
await writeFixture(fx, 'btn.js',
'const Button = styled.button`:hover { content: "' + PAYLOAD + '"; }`;');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0, 'expected styled-components line to suppress');
await rm(fx, { recursive: true, force: true });
});
it('rule 13: Inline <svg> markup on line suppresses finding', async () => {
const fx = await newRoot('ent-rule13-');
await writeFixture(fx, 'Icon.jsx',
'return (<svg viewBox="0 0 24 24"><path d="' + PAYLOAD + '"/></svg>);');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0, 'expected inline SVG line to suppress');
await rm(fx, { recursive: true, force: true });
});
it('rule 14: ffmpeg filter_complex suppresses finding', async () => {
const fx = await newRoot('ent-rule14-');
await writeFixture(fx, 'pipeline.js',
'run("ffmpeg -filter_complex=[0:v]scale=' + PAYLOAD + '");');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0, 'expected ffmpeg line to suppress');
await rm(fx, { recursive: true, force: true });
});
it('rule 15: browser User-Agent string suppresses finding', async () => {
const fx = await newRoot('ent-rule15-');
await writeFixture(fx, 'ua.js',
'const agent = "Mozilla/5.0 Chrome/120 ' + PAYLOAD + '";');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0, 'expected UA line to suppress');
await rm(fx, { recursive: true, force: true });
});
it('rule 16: SQL DDL on dedicated line suppresses finding', async () => {
// Line must START with SELECT/INSERT/... — whitespace allowed but no prefix code.
const fx = await newRoot('ent-rule16-');
await writeFixture(fx, 'schema.js',
'// fallback\nSELECT id, data FROM users WHERE tok = \'' + PAYLOAD + '\';\n');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0, 'expected SELECT-anchored line to suppress');
await rm(fx, { recursive: true, force: true });
});
it('rule 16 does NOT over-match generic strings mentioning SELECT', async () => {
// SQL_STATEMENT is line-anchored; a `const` prefix means no suppression by rule 16.
const fx = await newRoot('ent-rule16b-');
await writeFixture(fx, 'app.js',
'const msg = "SELECT something ' + PAYLOAD + '";');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.ok(result.findings.length >= 1, 'generic code line must not trigger SQL suppression');
await rm(fx, { recursive: true, force: true });
});
it('rule 17: throw new Error template suppresses finding', async () => {
const fx = await newRoot('ent-rule17-');
await writeFixture(fx, 'err.js',
'throw new Error(`Bad input <code>' + PAYLOAD + '</code>`);');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0, 'expected throw new Error line to suppress');
await rm(fx, { recursive: true, force: true });
});
it('rule 18: markdown image with external URL suppresses finding', async () => {
const fx = await newRoot('ent-rule18-');
await writeFixture(fx, 'index.json',
'{"summary": "![Image 1: Title](https://cdn.example.com/abc/' + PAYLOAD + '.svg)"}');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0, 'expected markdown image line to suppress');
await rm(fx, { recursive: true, force: true });
});
it('rule 18 does NOT over-match plain URLs without image syntax', async () => {
const fx = await newRoot('ent-rule18b-');
await writeFixture(fx, 'app.js',
'const token = "' + PAYLOAD + '"; // not an image');
resetCounter();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.ok(result.findings.length >= 1, 'plain high-entropy string must still be detected');
await rm(fx, { recursive: true, force: true });
});
});
describe('C. Policy-driven overrides', () => {
it('user-policy suppress_line_patterns adds custom suppression', async () => {
const fx = await newRoot('ent-policy-');
await writeFixture(fx, 'secret.js', 'const vendor = "' + PAYLOAD + '"; // MY_VENDOR_MARKER');
await writeFixture(fx, '.llm-security/policy.json', JSON.stringify({
entropy: { suppress_line_patterns: ['MY_VENDOR_MARKER'] }
}));
resetCounter();
_resetCacheForTest();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0, 'expected user pattern to suppress');
assert.equal(result.calibration.policy_source, 'policy.json');
await rm(fx, { recursive: true, force: true });
});
it('user-policy suppress_paths skips files whose relPath contains the substring', async () => {
const fx = await newRoot('ent-paths-');
await writeFixture(fx, 'src/vendored/big.js', 'var x="' + PAYLOAD + '";');
await writeFixture(fx, 'src/app.js', 'var y="' + PAYLOAD + '";');
await writeFixture(fx, '.llm-security/policy.json', JSON.stringify({
entropy: { suppress_paths: ['vendored/'] }
}));
resetCounter();
_resetCacheForTest();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 1, 'Expected 1 finding (app.js only), got ' + result.findings.length);
assert.ok(result.calibration.files_skipped_by_path >= 1);
await rm(fx, { recursive: true, force: true });
});
it('user-policy stricter thresholds suppress medium-strength payload', async () => {
const fx = await newRoot('ent-thresh-');
await writeFixture(fx, 'cfg.js', 'const blob = "' + PAYLOAD + '";');
await writeFixture(fx, '.llm-security/policy.json', JSON.stringify({
entropy: {
thresholds: {
critical: { entropy: 6.0, minLen: 256 },
high: { entropy: 5.8, minLen: 200 },
medium: { entropy: 5.7, minLen: 150 },
}
}
}));
resetCounter();
_resetCacheForTest();
const discovery = await discoverFiles(fx);
const result = await scan(fx, discovery);
assert.equal(result.findings.length, 0, 'expected strict thresholds to suppress medium-strength payload');
await rm(fx, { recursive: true, force: true });
});
});
});
Reference in a new issue View git blame Copy permalink