Appearance
Clipboard Bypass and Evasion Tests (DM-CLIPBYPASS)
Adversarial clipboard tests focusing on multi-format payloads, file-list types, transform evasion, chunking strategies, fuzzing, and race conditions.
Objectives
- Deny file-list and non-text formats even when text is allowed.
- Prevent reassembly of exfiltrated data across small transfers and formats.
Preconditions
runtime.dataMotion.settings.clipboard.enabled: trueand deny-by-default posture for outbound.
Controls Under Test
runtime.dataMotion.rules[]withchannel: "clipboard"and format-aware matching (MIME, CF_HDROP, etc.).- Rate limiting and size caps; processing pipelines (e.g.,
builtin.stripFormats,htmlSanitize).
Test Scenarios
| ID | Scenario | Procedure | Expected Outcome |
|---|---|---|---|
| DM-CLIPBYPASS-01 | CF_HDROP / FileList | Copy file list (e.g., multiple files) and attempt paste on host. | Denied; channel: "clipboard", mime: file-list; action deny. |
| DM-CLIPBYPASS-02 | RTF/HTML OLE & data URIs | Copy rich text with embedded OLE object or data: URIs; paste to host editor. | Denied or transformed; process with stripFormats/htmlSanitize results; no payload leakage. |
| DM-CLIPBYPASS-03 | Polyglot Payloads | Set CF_TEXT (benign) and CF_HDROP (malicious) simultaneously; paste to a target supporting both. | Sandbox prefers safest format; CF_HDROP is stripped/denied; only text passes. |
| DM-CLIPBYPASS-04 | Chunked Copy/Reassembly | Copy small chunks sequentially and recombine on host. | Rate limit/deny triggers; cumulative size policy prevents reassembly. |
| DM-CLIPBYPASS-05 | Encrypted Payload in Text | Base64 ciphertext with known host key; attempt decode on host. | Denied per onUnknownClassification: "deny" for opaque content. |
| DM-CLIPBYPASS-06 | Clipboard Managers/History | Use a manager to recall blocked payload; attempt host paste. | Inbound denies prevent re-exposure; audit shows inbound deny. |
| DM-CLIPBYPASS-07 | MIME Type Fuzzing | Script flood of 50+ rare MIME types (e.g., Embed Source, Object Descriptor) to clipboard. | All undefined types denied by default; audit log records 50+ specific deny events. |
| DM-CLIPBYPASS-08 | Race Conditions (TOCTOU) | Rapidly toggle clipboard between 'Safe' and 'Classified' strings (e.g., 10ms intervals); paste continuously. | Monitor evaluates state at access; no classified data leaks; potentially triggers rate limiting. |
| DM-CLIPBYPASS-09 | Unicode Surrogates/Homoglyphs | Use homoglyphs and surrogate pairs to conceal keywords in text; attempt paste to host DLP bypass. | Denied or normalized to plain text and re-evaluated; audit shows transform and no leakage. |
| DM-CLIPBYPASS-10 | Structured JSON Disguised as RTF | Embed JSON in RTF/HTML; attempt to pass via text-only fallbacks. | Transforms strip rich formats; JSON analyzed as text and policy denies if classified indicators present. |
| DM-CLIPBYPASS-11 | Cumulative Rate-Limit Evasion | Send 100 small pastes spaced to avoid per-event limits; recombine on host. | Cumulative quota triggers deny; audit shows cumulativeBytes and rate-limit fields. |
| DM-CLIPBYPASS-12 | Image Crop/Resize Evasion | Crop a large image to just below the imageMegapixels threshold (e.g., 0.24 MP when limit is 0.25 MP); attempt outbound paste. | Allowed at boundary; verify megapixel calculation is exact (width × height ÷ 1 000 000). Audit: metrics.image.megapixels confirms decoded value, not file-size estimate. |
| DM-CLIPBYPASS-13 | Format Conversion Evasion | Convert an image between formats (PNG → BMP → DIB) and place each on the clipboard; attempt outbound paste of each. | Decoded dimensions are reported consistently regardless of clipboard format. All formats produce the same metrics.image.megapixels and metrics.image.widthPx/heightPx. |
| DM-CLIPBYPASS-14 | Dimension Spoof via Aspect Ratio | Create a tall, narrow image (e.g., 100 × 20000 px = 2.0 MP) that fits width constraints but exceeds height. Attempt outbound paste with imageDimensions.height.max: 1440. | Denied; height check catches the oversized dimension even though width is within limits. Audit: action: "deny", metrics.image.heightPx: 20000. |
| DM-CLIPBYPASS-15 | Tiled Screenshot Reassembly | Capture multiple small screenshots (each under MP and dimension thresholds) in rapid succession; attempt reassembly on host. | Individual pastes may be allowed (each under threshold). Combined with rate limiting (DM-CLIP-08), cumulative image data triggers deny. Audit shows progressive cumulativeBytes and rate-limit signals. |
Evidence Requirements
- Audit category:
dataMotionwithchannel: "clipboard",direction,action,outcome,rule.id, and content type (MIME or format). - When processing: include
transforms(e.g.,stripFormats). - When rate-limited: include rate-limit fields and cumulative bytes.
Troubleshooting
- Confirm rule priority and format detection (CF_HDROP vs MIME); ensure defaultAction is
deny. - Verify pipelines are configured correctly and do not re-encode back to risky formats.
