test(security): add failing test for HIGH-1 prototype pollution

Three PoC fixtures (tool name, bash command, model name) reproduce the audit's HIGH-1 attack. Tests assert Object.prototype.calls stays undefined after parsing. They fail against current parser.ts -- Task 3 will close the pollution sink with Object.create(null).
2026-04-28 23:19:39 +00:00 · 2026-04-17 07:29:37 +02:00 · 2026-04-17 07:29:37 +02:00 · e890d9bfc3
commit e890d9bfc3
parent f2d1753d3a
4 changed files with 80 additions and 0 deletions
--- a/tests/fixtures/security/proto-bash.jsonl
+++ b/tests/fixtures/security/proto-bash.jsonl
@ -0,0 +1 @@
+{"type":"assistant","sessionId":"security-test","timestamp":"2026-04-16T00:00:00Z","message":{"id":"pwn-bash","type":"message","role":"assistant","model":"claude-opus-4-6","content":[{"type":"tool_use","id":"b1","name":"Bash","input":{"command":"/x/__proto__"}}],"usage":{"input_tokens":1,"output_tokens":1}}}
				`@ -0,0 +1 @@`
				`{"type":"assistant","sessionId":"security-test","timestamp":"2026-04-16T00:00:00Z","message":{"id":"pwn-bash","type":"message","role":"assistant","model":"claude-opus-4-6","content":[{"type":"tool_use","id":"b1","name":"Bash","input":{"command":"/x/__proto__"}}],"usage":{"input_tokens":1,"output_tokens":1}}}`