feat(detect): Detect TOC/bookmark entries that leak redacted content#212
Open
mlissner wants to merge 3 commits into
Open
feat(detect): Detect TOC/bookmark entries that leak redacted content#212mlissner wants to merge 3 commits into
mlissner wants to merge 3 commits into
Conversation
This was referenced Apr 7, 2026
When someone redacts a heading but forgets to sanitize the PDF bookmarks, the bookmark still contains the original text. Adds get_redaction_bboxes() to collect all redaction-shaped objects (rectangles, images, annotations, cross-hatches, X-replacement text) in a single pass. get_toc_leaks() spatially matches bookmark targets against these bboxes, then checks if the bookmark title contains words absent from the page text. Also adds X-replacement text locations to the bbox collection so TOC leaks are detected even when the only redaction evidence is replaced characters. Fixes #2 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Synthetic 7-page PDF covering all redaction types (applied redaction, black bar, dark image, X-replacement, unapplied Redact, dark highlight, and a no-redaction control). Each page is self-documenting. Also adds real-world court filing where JOSH MERRITT's name leaks through the bookmark despite being X'd out and covered by images. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
mlissner
force-pushed
the
2-detect-toc-bookmark-leaks-20260407
branch
from
4bb99e9 to
72eedab
Compare
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
get_redaction_bboxes()to collect all redaction-shaped objects (rectangles, images, annotations, cross-hatches, X-replacement text) in a single pass — shared between bad-redaction detection and TOC leak detection for performanceget_toc_leaks()spatially matches bookmark targets against redaction bboxes (20pt y-tolerance), then checks if the bookmark title contains words absent from the page textFixes #2
Test plan
test_toc_leakverifies all 7 pages of the synthetic PDFtest_toc_leak_realverifies the real-world court filing🤖 Generated with Claude Code