agent: lumotia — Phase B.6 pin IPC-allowlist vs capability-JSON mirror invariant
Phase B.6 audit of commits7aee534(Trust-3/6 main-window guard + size cap on clipboard + paste surface),12b413d(broaden clipboard/paste allowlist to documented secondary windows), andf7af7b0(Trust-4 main- window guard on extract_content_tags_cmd). Existing coverage is strong: * commands/security.rs: 4 tests for ensure_main_window_label + ensure_window_in_set_label accept/reject paths. * commands/clipboard.rs: 3 size-cap tests via a shadow size_check helper. * commands/paste.rs: comprehensive — 4 backend-order, 4 clipboard-restore, 7 terminal-classification, 3 paste-size-cap, plus paste_cap_matches_clipboard_cap that pins the MAX_CLIPBOARD_BYTES == MAX_PASTE_BYTES invariant the commit explicitly cared about. * commands/llm.rs: extract_content_tags_cmd Trust-4 — unconditional ensure_main_window guard with no surface to test beyond what's there. One real residual. The12b413dcommit message states: "mirror the secondary-windows capability grant in src-tauri/capabilities/secondary-windows.json so the IPC trust boundary and the permission grant stay in lock-step." But no test pins the mirror invariant. A future change could: * add a new window to secondary-windows.json and forget to update CLIPBOARD_ALLOWED_WINDOWS or PASTE_REPLACING_ALLOWED_WINDOWS; * typo a label in one of the Rust consts; * remove a window from the JSON while leaving the const intact; * remove a window from the const while leaving the JSON intact. Each of those silently drifts the IPC trust boundary against the capability grant. The two halves stay in lock-step on intent — but the intent lives only in the commit message and a docstring, not in a runtime check. Fix (test-only, no production behaviour change): * Promote CLIPBOARD_ALLOWED_WINDOWS and PASTE_REPLACING_ALLOWED_WINDOWS from private to pub(crate) so a single shared test can reference them. * Cross-reference both consts in a new docstring back to the pinning test. * Add commands::security::tests_capability_mirror::allowlists_match_capability_jsons. The test reads capabilities/main.json + capabilities/secondary-windows.json at CARGO_MANIFEST_DIR, parses with serde_json, collects every label declared in the "windows" arrays, and asserts every label in both Rust allowlists is in that declared set. Asymmetric on purpose: the JSON may legitimately declare windows that don't need clipboard/paste (e.g. tasks-float doesn't), so the test does NOT assert const ⊇ JSON, only const ⊆ JSON. The over-restrict direction is safe; the under-restrict direction is the IPC bypass we care about. Verification: * cargo test -p lumotia --lib commands::security → 5/5 pass including the new allowlists_match_capability_jsons. * cargo fmt --check → clean (applied fmt after the test edit). * cargo clippy -p lumotia --all-targets -- -D warnings → clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -26,8 +26,10 @@ use crate::commands::security::{ensure_main_window, ensure_window_in_set};
|
||||
/// Windows allowed to invoke `paste_text_replacing`. The
|
||||
/// `transcription-preview` window's paste-to-foreground flow legitimately
|
||||
/// uses this command; mirror the secondary-windows capability grant in
|
||||
/// `src-tauri/capabilities/secondary-windows.json`.
|
||||
const PASTE_REPLACING_ALLOWED_WINDOWS: &[&str] = &["main", "transcription-preview"];
|
||||
/// `src-tauri/capabilities/secondary-windows.json`. The mirror invariant
|
||||
/// is pinned by
|
||||
/// `commands::security::tests_capability_mirror::allowlists_match_capability_jsons`.
|
||||
pub(crate) const PASTE_REPLACING_ALLOWED_WINDOWS: &[&str] = &["main", "transcription-preview"];
|
||||
|
||||
/// Refuse-to-paste limit. Matches `commands::clipboard::MAX_CLIPBOARD_BYTES`
|
||||
/// (1 MiB) so paste and copy surfaces share a single rejection rule.
|
||||
|
||||
Reference in New Issue
Block a user