scrubkit-core 0.1.2

A modern, privacy-first metadata scrubber built with Rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495

use crate::{MetadataEntry, ScrubError, ScrubResult, Scrubber};

/// A Scrubber implementation for JPEG files.
#[derive(Debug, Clone)]
pub struct JpegScrubber {
    file_bytes: Vec<u8>,
}

// Private helper functions for JpegScrubber
impl JpegScrubber {
    /// Finds the EXIF data segment (APP1) in the JPEG byte stream.
    /// Returns (start_offset, length_including_marker) of the APP1 segment.
    fn find_exif_segment(&self) -> Option<(usize, usize)> {
        let mut offset = 2; // Skip the initial SOI marker (0xFFD8)
        while offset + 4 <= self.file_bytes.len() {
            if self.file_bytes[offset] != 0xFF {
                eprintln!(
                    "DBG: Invalid marker start at offset {}: byte is {}",
                    offset, self.file_bytes[offset]
                );
                return None;
            }

            let marker = self.file_bytes[offset + 1];

            if (0xD0..=0xD7).contains(&marker) || marker == 0x01 {
                offset += 2;
                continue;
            }

            if marker == 0xD9 || marker == 0xDA {
                break;
            }

            if offset + 4 > self.file_bytes.len() {
                eprintln!("DBG: Not enough bytes to read length at offset {}", offset);
                return None;
            }

            let length_bytes = [self.file_bytes[offset + 2], self.file_bytes[offset + 3]];
            let length = u16::from_be_bytes(length_bytes) as usize;

            if length < 2 || offset + 2 + length > self.file_bytes.len() {
                eprintln!("DBG: Corrupt length field at offset {}: {}", offset, length);
                return None;
            }

            if marker == 0xE1 && length >= 6 {
                let exif_sig_start = offset + 4; // 2 (marker) + 2 (length bytes)
                let exif_sig_end = exif_sig_start + 6; // 6 bytes for "Exif\0\0"
                if exif_sig_end <= self.file_bytes.len()
                    && self.file_bytes[exif_sig_start..exif_sig_end] == *b"Exif\0\0"
                {
                    // Found the EXIF APP1 segment
                    // The `length` variable already includes the 2-byte length field.
                    // The total number of bytes in the segment is `length`.
                    // eprintln!("DBG: Found EXIF segment at offset {}, length {}", offset, length); // Correct debug
                    // Return (start_offset, total_segment_length)
                    return Some((offset, length)); // <-- FIX: Remove the erroneous + 2
                }
            }

            offset += 2 + length;
        }
        eprintln!("DBG: EXIF APP1 segment not found");
        None
    }
}

impl Scrubber for JpegScrubber {
    fn new(file_bytes: Vec<u8>) -> Result<Self, ScrubError> {
        // Basic JPEG check
        if file_bytes.len() < 2 || file_bytes[0..2] != [0xFF, 0xD8] {
            return Err(ScrubError::ParsingError("Not a valid JPEG file".into()));
        }
        eprintln!(
            "DBG (JpegScrubber::new): Received file_bytes with length {}",
            file_bytes.len()
        ); // Add this line
        Ok(Self { file_bytes })
    }

    fn view_metadata(&self) -> Result<Vec<MetadataEntry>, ScrubError> {
        use nom_exif::{ExifIter, MediaParser, MediaSource};
        use std::io::Cursor; // Remove ParsedExifEntry from here

        let media_source = MediaSource::seekable(Cursor::new(&self.file_bytes)).map_err(|e| {
            ScrubError::ParsingError(format!("Failed to create MediaSource: {:?}", e))
        })?;

        let mut parser = MediaParser::new();

        let exif_iter_result = parser.parse(media_source);

        let exif_iter: ExifIter = match exif_iter_result {
            Ok(iter) => iter,
            Err(_parse_error) => {
                return Ok(Vec::new());
            }
        };

        let mut metadata_entries = Vec::new();

        // Standard for loop syntax
        for entry in exif_iter {
            // --- Access fields from the ParsedExifEntry correctly ---

            // --- Tag Name ---
            // Placeholder due to previous type inference issues with `entry.tag()`.
            let tag_name = "<Tag Name Unavailable>".to_string();

            // --- IFD Category ---
            // We are back to the original problem of type inference for method returns.
            // Let's try to force the type of the result by explicitly typing the variable
            // and seeing if that helps the compiler connect the dots.
            // We assume `ifd_index()` returns a `usize`.
            let ifd_num_result = entry.ifd_index();
            let ifd_num: usize = ifd_num_result; // Explicitly type the result variable

            let category = match ifd_num {
                0 => "IFD0".to_string(),
                1 => "IFD1".to_string(),
                2 => "EXIF".to_string(),
                3 => "GPS".to_string(),
                4 => "Interop".to_string(),
                _ => format!("IFD_{}", ifd_num),
            };

            // --- Value ---
            // Similarly, try to explicitly type the result of `entry.value()`.
            // We know it returns `Option<&EntryValue>`.
            let opt_value_ref_result = entry.get_value();
            // Note: Typing `Option<&EntryValue>` requires `EntryValue` to be in scope.
            // If `EntryValue` is not directly importable from `nom_exif`, this will be tricky.
            // Let's assume it is for now, or that we can use `_` for the inner type.
            // let opt_value_ref: Option<&nom_exif::EntryValue> = opt_value_ref_result;
            // Using `_` for the referenced type might work if it's unambiguous.
            let opt_value_ref: Option<_> = opt_value_ref_result; // Let the compiler infer &T

            let value_string = match opt_value_ref {
                Some(value_ref) => {
                    // Format the EntryValue. We still need to know how to get a clean string.
                    // If EntryValue has a Display impl or a method, use it.
                    // For now, stick to Debug as it's always there.
                    // If EntryValue's Debug output is "Text(\"str\")", this is what we get.
                    format!("{:?}", value_ref)
                }
                None => "<No Value>".to_string(),
            };

            metadata_entries.push(MetadataEntry {
                key: tag_name,
                value: value_string,
                category,
            });
        }
        Ok(metadata_entries)
    }

    fn scrub(&self) -> Result<ScrubResult, ScrubError> {
        let metadata_removed = self.view_metadata()?; // This should work now

        if let Some((start_offset, segment_length)) = self.find_exif_segment() {
            eprintln!(
                "DBG (scrub): Preparing to remove segment. Start: {}, Length: {}",
                start_offset, segment_length
            );

            // Sanity check lengths
            let original_len = self.file_bytes.len();
            let part1_len = start_offset;
            let part2_start = start_offset + segment_length;
            let part2_len = original_len - part2_start;
            let calculated_cleaned_len = part1_len + part2_len;

            eprintln!(
                "DBG (scrub): Original len: {}, Part1 len: {}, Part2 start: {}, Part2 len: {}, Calculated cleaned len: {}",
                original_len, part1_len, part2_start, part2_len, calculated_cleaned_len
            );

            if part2_start > original_len {
                eprintln!(
                    "DBG (scrub): ERROR - part2_start ({}) is beyond file length ({})",
                    part2_start, original_len
                );
                // Handle error or return original?
            }

            let mut cleaned_bytes = Vec::with_capacity(calculated_cleaned_len); // Use calculated length
            eprintln!("DBG (scrub): Copying Part 1: indices [0..{})", start_offset);
            cleaned_bytes.extend_from_slice(&self.file_bytes[..start_offset]);

            eprintln!(
                "DBG (scrub): Copying Part 2: indices [{}..{})",
                part2_start, original_len
            );
            cleaned_bytes.extend_from_slice(&self.file_bytes[part2_start..]);

            eprintln!(
                "DBG (scrub): Final cleaned_bytes length: {}",
                cleaned_bytes.len()
            );

            // Optional: Print first and last few bytes of result for debugging
            if !cleaned_bytes.is_empty() {
                let first_len = std::cmp::min(10, cleaned_bytes.len());
                let last_start = std::cmp::max(cleaned_bytes.len(), 10) - 10;
                eprintln!(
                    "DBG (scrub): First {} bytes: {:?}",
                    first_len,
                    &cleaned_bytes[0..first_len]
                );
                eprintln!(
                    "DBG (scrub): Last 10 bytes: {:?}",
                    &cleaned_bytes[last_start..]
                );
            }

            Ok(ScrubResult {
                cleaned_file_bytes: cleaned_bytes,
                metadata_removed,
            })
        } else {
            eprintln!("DBG (scrub): No EXIF segment found");
            Ok(ScrubResult {
                cleaned_file_bytes: self.file_bytes.clone(),
                metadata_removed: vec![],
            })
        }
    }
}

// --- Tests remain the same ---
// (Keeping the test code from the previous response as the logic for Scrubber impl is the focus)
// Note: I'll make one small adjustment to the test assertion based on the likely output format.
#[cfg(test)]
mod tests {
    use super::*;

    // A 1x1 pixel JPEG with EXIF data. Camera Model: "Test Camera"
    // A 1x1 pixel JPEG with EXIF data. Contains Make: "Test Camera", Model: "Test Model"
    // Total length: 174 bytes.
    // APP1 Segment: Indices 2-75 (Length 74 bytes)

    const TEST_JPEG_WITH_EXIF: &[u8] = &[
        0xFF, 0xD8, 0xFF, 0xE1, 0x00, 0x4A, 0x45, 0x78, 0x69, 0x66, 0x00, 0x00, 0x4D, 0x4D, 0x00,
        0x2A, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x01, 0x0F, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0D,
        0x00, 0x00, 0x00, 0x1A, 0x01, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00,
        0x28, 0x00, 0x00, 0x00, 0x00, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x61, 0x6D, 0x65, 0x72,
        0x61, 0x00, 0x54, 0x65, 0x73, 0x74, 0x20, 0x4D, 0x6F, 0x64, 0x65, 0x6C, 0x00, 0xFF, 0xDB,
        0x00, 0x43, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
        0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
        0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
        0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
        0x01, 0x01, 0x01, 0x01, 0xFF, 0xC0, 0x00, 0x11, 0x08, 0x00, 0x01, 0x00, 0x01, 0x03, 0x01,
        0x22, 0x00, 0x02, 0x11, 0x01, 0x03, 0x11, 0x01, 0xFF, 0xC4, 0x00, 0x1F, 0x00, 0x00, 0x01,
        0x05, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0xFF, 0xDA, 0x00, 0x0C,
        0x03, 0x01, 0x00, 0x02, 0x11, 0x03, 0x11, 0x00, 0x3F, 0x00, 0xF7, 0xC8, 0xFF, 0xD9,
    ];

    // The expected result after scrubbing the above JPEG.
    // It should be the original JPEG with the 74-byte APP1 segment (indices 2-75) removed.
    // Part 1: Indices [0..2]   -> [0xFF, 0xD8] (2 bytes: SOI)
    // Part 2: Indices [76..174] -> 98 bytes of data starting with 0xFF, 0xDB
    // Total expected length: 2 + 98 = 100 bytes.

    const TEST_JPEG_WITHOUT_EXIF: &[u8] = &[
        0xFF, 0xD8, 0x43, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
        0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
        0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
        0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
        0x01, 0x01, 0x01, 0x01, 0x01, 0xFF, 0xC0, 0x00, 0x11, 0x08, 0x00, 0x01, 0x00, 0x01, 0x03,
        0x01, 0x22, 0x00, 0x02, 0x11, 0x01, 0x03, 0x11, 0x01, 0xFF, 0xC4, 0x00, 0x1F, 0x00, 0x00,
        0x01, 0x05, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0xFF, 0xDA, 0x00,
        0x0C, 0x03, 0x01, 0x00, 0x02, 0x11, 0x03, 0x11, 0x00, 0x3F, 0x00, 0xF7, 0xC8, 0xFF, 0xD9,
    ];

    #[test]
    fn new_jpeg_scrubber_works() {
        assert!(JpegScrubber::new(TEST_JPEG_WITH_EXIF.to_vec()).is_ok());
        let invalid_bytes = vec![0x01, 0x02, 0x03];
        assert!(JpegScrubber::new(invalid_bytes).is_err());
    }

    #[test]
    fn view_metadata_finds_exif_data() {
        let scrubber = JpegScrubber::new(TEST_JPEG_WITH_EXIF.to_vec()).unwrap();
        let metadata = scrubber.view_metadata().unwrap();
        println!("Found meta {:?}", metadata); // Debug print
        assert!(!metadata.is_empty(), "No metadata was found");

        let model_entry_found = metadata.iter().any(|m| m.value.contains("st Camera"));
        assert!(
            model_entry_found,
            "Camera model metadata entry (containing 'st Camera') not found. Metadata list: {:?}",
            metadata
        );
    }

    #[test]
    fn scrub_removes_exif_segment_and_reports_it() {
        // Optional: Print length for debugging (can be removed later)
        eprintln!(
            "DBG (Test): TEST_JPEG_WITH_EXIF length: {}",
            TEST_JPEG_WITH_EXIF.len()
        );

        // Assertion to ensure the test constant is the expected size
        // (This was failing before because it expected 174, now it expects 209)
        assert_eq!(
            TEST_JPEG_WITH_EXIF.len(),
            209,
            "Test constant length has changed!"
        );

        // Create the scrubber and get metadata that should be removed
        let scrubber = JpegScrubber::new(TEST_JPEG_WITH_EXIF.to_vec()).unwrap();
        let expected_metadata_removed = scrubber.view_metadata().unwrap();

        // Ensure metadata was found before scrubbing
        assert!(
            !expected_metadata_removed.is_empty(),
            "Expected metadata to be present before scrubbing"
        );

        // Perform the scrub operation
        let result = scrubber.scrub().unwrap();

        // --- Assertions on the scrub result ---

        // 1. Scrubbed file should be smaller
        assert!(
            result.cleaned_file_bytes.len() < TEST_JPEG_WITH_EXIF.len(),
            "Scrubbed file size should be smaller than original. Original: {}, Scrubbed: {}",
            TEST_JPEG_WITH_EXIF.len(),
            result.cleaned_file_bytes.len()
        );

        // 2. Metadata removal should be reported
        assert!(
            !result.metadata_removed.is_empty(),
            "Metadata removed should not be empty"
        );
        // Optional: Check if reported metadata matches expected (if view_metadata is fully functional)
        // assert_eq!(result.metadata_removed, expected_metadata_removed);

        // 3. Verify EXIF segment is gone from the scrubbed bytes
        let new_scrubber = JpegScrubber::new(result.cleaned_file_bytes.clone()).unwrap();
        assert!(
            new_scrubber.find_exif_segment().is_none(),
            "EXIF segment should be removed from the scrubbed file"
        );

        // 4. Verify scrubbed bytes match the pre-calculated expected result
        assert_eq!(
            result.cleaned_file_bytes, TEST_JPEG_WITHOUT_EXIF,
            "Scrubbed bytes do not match expected clean JPEG"
        );
    }

    #[test]
    fn view_metadata_on_jpeg_without_exif_returns_empty() {
        let scrubber = JpegScrubber::new(TEST_JPEG_WITHOUT_EXIF.to_vec()).unwrap();
        let metadata = scrubber.view_metadata().unwrap();
        println!("Metadata for clean JPEG: {:?}", metadata); // Debug print
        assert!(
            metadata.is_empty(),
            "Metadata should be empty for a clean JPEG. Found: {:?}",
            metadata
        );
    }

    #[test]
    fn scrub_on_jpeg_without_exif_does_nothing() {
        let original_bytes = TEST_JPEG_WITHOUT_EXIF.to_vec();
        let scrubber = JpegScrubber::new(original_bytes.clone()).unwrap();
        let result = scrubber.scrub().unwrap();

        assert_eq!(
            result.cleaned_file_bytes, original_bytes,
            "File bytes should not change when no EXIF data is present"
        );
        assert!(
            result.metadata_removed.is_empty(),
            "No metadata should be reported as removed. Found: {:?}",
            result.metadata_removed
        );
    }

    #[test]
    fn _calculate_correct_without_exif_for_209_byte_input() {
        // Directly use the confirmed TEST_JPEG_WITH_EXIF constant
        // We know it's 209 bytes and starts with 0xFF, 0xD8, 0xFF, 0xE1, 0x00, 0x4A
        println!(
            "DBG: Using TEST_JPEG_WITH_EXIF with length {}",
            TEST_JPEG_WITH_EXIF.len()
        );

        // --- Core Calculation Logic ---
        // Assuming the APP1 segment structure is standard:
        // Marker (0xFFE1): 2 bytes at indices 2-3
        // Length (Big-endian): 2 bytes at indices 4-5. Value is 0x004A = 74 bytes.
        //  Segment data: indices 6 to (2 + 2 + 74 - 1) = 6 to 75 (70 bytes of payload + "Exif\0\0")
        // Total segment size to remove: 2 (marker) + 2 (length) + 70 (payload) = 74 bytes.
        // Start index to remove: 2
        // End index of segment: 2 + 74 - 1 = 75
        // Start index of data after segment: 76

        let start_remove_index = 2;
        let segment_length = 74; // As determined by find_exif_segment logic
        let end_remove_index = start_remove_index + segment_length - 1; // 75
        let start_keep_after_index = end_remove_index + 1; // 76

        println!(
            "DBG: Calculating removal from index {} for {} bytes (indices {} to {})",
            start_remove_index, segment_length, start_remove_index, end_remove_index
        );

        // Verify bounds
        assert!(
            start_remove_index + segment_length <= TEST_JPEG_WITH_EXIF.len(),
            "Segment exceeds file bounds"
        );
        assert!(
            start_keep_after_index <= TEST_JPEG_WITH_EXIF.len(),
            "Data after segment exceeds file bounds"
        );

        let part1_bytes = &TEST_JPEG_WITH_EXIF[..start_remove_index]; // Indices 0 to 1 ([0xFF, 0xD8])
        let part2_bytes = &TEST_JPEG_WITH_EXIF[start_keep_after_index..]; // Indices 76 to 208

        println!(
            "DBG: Part 1 length: {}, Part 2 length: {}",
            part1_bytes.len(),
            part2_bytes.len()
        );

        let mut correct_without_exif_bytes: Vec<u8> =
            Vec::with_capacity(part1_bytes.len() + part2_bytes.len());
        correct_without_exif_bytes.extend_from_slice(part1_bytes);
        correct_without_exif_bytes.extend_from_slice(part2_bytes);

        // --- Output the Result ---
        println!(
            "\n--- CORRECT TEST_JPEG_WITHOUT_EXIF ({} bytes) ---",
            correct_without_exif_bytes.len()
        );
        println!("Replace the current TEST_JPEG_WITHOUT_EXIF constant with this array:");
        print!("const TEST_JPEG_WITHOUT_EXIF: &[u8] = &[");
        for (i, &byte) in correct_without_exif_bytes.iter().enumerate() {
            if i % 16 == 0 {
                print!("\n   ");
            }
            print!(" 0x{:02X},", byte);
        }
        println!("\n];");
        println!("--- END OF CORRECT ARRAY ---");

        assert_eq!(
            correct_without_exif_bytes.len(),
            135,
            "Expected 135 bytes for the scrubbed file"
        );
        println!(
            "\nSUCCESS: Calculation completed. Copy the array above to update TEST_JPEG_WITHOUT_EXIF."
        );

        // Optional: Uncomment the line below to force a failure and ensure output is always seen,
        // but it's not needed if the test runs and prints correctly.
        // assert!(false, "Forced failure to ensure output is displayed. Calculation was successful.");
    }

    #[test]
    fn _debug_test_jpeg_length() {
        // This simple test just prints the length of the constant
        // to confirm which one the tests are seeing.
        println!(
            "--- DEBUG: TEST_JPEG_WITH_EXIF length is {} ---",
            TEST_JPEG_WITH_EXIF.len()
        );

        // Print first 10 bytes to further confirm
        let print_len = std::cmp::min(10, TEST_JPEG_WITH_EXIF.len());
        println!(
            "--- DEBUG: First {} bytes: {:?}",
            print_len,
            &TEST_JPEG_WITH_EXIF[..print_len]
        );

        // Force a failure to ensure output is shown
        // assert!(false, "Forced failure to show output");
    }
}