fix: address adversarial review findings in property-based tests

- Fix SendChatMessage_WithAdversarialContent_NeverReturns500 to assert
  session creation is not 500 before early return (was silently passing
  when session endpoint returned server errors)
- Change EmptyGuidUserId_AlwaysThrows from [Property] to [Fact] in
  KnowledgeDocumentPropertyTests and NotificationPropertyTests (no
  generated input, was running identical assertion 200 times)
- Extract AdversarialStringGen to shared TestGenerators class in
  Domain.Tests and FuzzTestGenerators in Application.Tests, replacing
  7 duplicate copies with the comprehensive variant set from
  EntityAdversarialInputTests (adds lone surrogates, replacement char,
  CRLF, ANSI escape, template injection, SSRF vectors)
- Fix misleading comment on DangerousUrl_StoredVerbatim to reflect
  that domain constructor calls Trim()

Author: Chris0Jeky

backend/tests/Taskdeck.Api.Tests/RawJsonAdversarialApiTests.cs

@@ -287,7 +287,10 @@ public async Task SendChatMessage_WithAdversarialContent_NeverReturns500(string
         var sessionResponse = await _client.PostAsJsonAsync("/api/llm/chat/sessions",
             new CreateChatSessionDto("Test Session", boardId));
 
-        if (!sessionResponse.IsSuccessStatusCode) return; // Skip if session creation fails
+        ((int)sessionResponse.StatusCode).Should().BeLessThan(500,
+            $"Chat session creation returned 500 for content: {messageContent}");
+
+        if (!sessionResponse.IsSuccessStatusCode) return; // Skip if session creation returns 4xx
 
         var session = await sessionResponse.Content.ReadFromJsonAsync<ChatSessionDto>();
 

backend/tests/Taskdeck.Application.Tests/Fuzz/ChatDtoSerializationFuzzTests.cs

@@ -25,28 +25,6 @@ public class ChatDtoSerializationFuzzTests
         WriteIndented = false
     };
 
-    private static Gen<string> AdversarialStringGen() => Gen.OneOf(
-        Gen.Constant("\u0000"),
-        Gen.Constant("\uFEFF"),
-        Gen.Constant("\u200B"),
-        Gen.Constant("<script>alert('xss')</script>"),
-        Gen.Constant("'; DROP TABLE chat; --"),
-        Gen.Constant("\"quoted\"string\""),
-        Gen.Constant("back\\slash"),
-        Gen.Constant("new\nline\ttab"),
-        Gen.Constant("emoji 👨‍👩‍👧‍👦"),
-        Gen.Constant("田中太郎"),
-        Gen.Constant("مرحبا"),
-        Gen.Constant("{\"nested\": true}"),
-        Gen.Constant(""),
-        ArbMap.Default.ArbFor<string>().Generator.Where(s => s != null)
-    );
-
-    private static Gen<string?> NullableStringGen() => Gen.OneOf(
-        Gen.Constant((string?)null),
-        AdversarialStringGen().Select(s => (string?)s)
-    );
-
     private static Gen<ChatMessageRole> RoleGen() =>
         Gen.Elements(ChatMessageRole.User, ChatMessageRole.Assistant, ChatMessageRole.System);
 
@@ -59,7 +37,7 @@ private static Gen<ChatSessionStatus> StatusGen() =>
     public Property ChatSessionDto_RoundTrip_PreservesAllFields()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(FuzzTestGenerators.AdversarialStringGen()),
             Arb.From(StatusGen()),
             (title, status) =>
             {
@@ -91,9 +69,9 @@ public Property ChatSessionDto_RoundTrip_PreservesAllFields()
     public Property ChatMessageDto_RoundTrip_PreservesAllFields()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(FuzzTestGenerators.AdversarialStringGen()),
             Arb.From(RoleGen()),
-            Arb.From(NullableStringGen()),
+            Arb.From(FuzzTestGenerators.NullableStringGen()),
             (content, role, degradedReason) =>
             {
                 var dto = new ChatMessageDto(
@@ -125,7 +103,7 @@ public Property ChatMessageDto_RoundTrip_PreservesAllFields()
     public Property CreateChatSessionDto_RoundTrip_Identity()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(FuzzTestGenerators.AdversarialStringGen()),
             title =>
             {
                 var dto = new CreateChatSessionDto(title, Guid.NewGuid());
@@ -145,7 +123,7 @@ public Property CreateChatSessionDto_RoundTrip_Identity()
     public Property SendChatMessageDto_RoundTrip_Identity()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(FuzzTestGenerators.AdversarialStringGen()),
             ArbMap.Default.ArbFor<bool>(),
             (content, requestProposal) =>
             {
@@ -166,8 +144,8 @@ public Property SendChatMessageDto_RoundTrip_Identity()
     public Property ChatSessionDto_WithMessages_RoundTrip()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
-            Arb.From(AdversarialStringGen()),
+            Arb.From(FuzzTestGenerators.AdversarialStringGen()),
+            Arb.From(FuzzTestGenerators.AdversarialStringGen()),
             (title, msgContent) =>
             {
                 var messages = new List<ChatMessageDto>

backend/tests/Taskdeck.Application.Tests/Fuzz/FuzzTestGenerators.cs

@@ -0,0 +1,63 @@
+using FsCheck;
+using FsCheck.Fluent;
+
+namespace Taskdeck.Application.Tests.Fuzz;
+
+/// <summary>
+/// Shared FsCheck generators for DTO serialization fuzz tests.
+/// Centralises adversarial string generation so all fuzz tests
+/// exercise the same comprehensive input space.
+/// </summary>
+internal static class FuzzTestGenerators
+{
+    /// <summary>
+    /// Generates adversarial strings covering: Unicode edge cases (null byte, BOM,
+    /// replacement char, surrogates, zero-width, combining, CJK, Arabic, emoji),
+    /// control characters (bell, backspace, ANSI escape, CRLF), XSS/injection payloads,
+    /// JSON-sensitive characters (quotes, backslashes), length boundaries (empty,
+    /// whitespace), explicit null, and FsCheck random strings.
+    /// </summary>
+    public static Gen<string> AdversarialStringGen() => Gen.OneOf(
+        // Unicode edge cases
+        Gen.Constant("\u0000"),                        // null byte
+        Gen.Constant("\uFEFF"),                        // BOM
+        Gen.Constant("\uFFFD"),                        // replacement character
+        Gen.Constant("\u200B"),                        // zero-width space
+        Gen.Constant("\u202E"),                        // right-to-left override
+        Gen.Constant("\u0301"),                        // combining accent
+        Gen.Constant("\U0001F468\u200D\U0001F469\u200D\U0001F467\u200D\U0001F466"), // family emoji
+        Gen.Constant("\u7530\u4E2D\u592A\u90CE"),      // CJK
+        Gen.Constant("\u0645\u0631\u062D\u0628\u0627"), // Arabic RTL
+
+        // JSON-sensitive characters
+        Gen.Constant("\"quoted\"string\""),
+        Gen.Constant("back\\slash"),
+        Gen.Constant("new\nline\ttab"),
+        Gen.Constant("null\x00byte"),
+
+        // XSS/injection payloads
+        Gen.Constant("<script>alert('xss')</script>"),
+        Gen.Constant("'; DROP TABLE boards; --"),
+        Gen.Constant("{\"nested\": true}"),
+        Gen.Constant("{{constructor.constructor('return this')()}}"),
+        Gen.Constant("${7*7}"),
+
+        // Length boundary strings
+        Gen.Constant(""),
+        Gen.Constant(" "),
+
+        // Explicit null
+        Gen.Constant((string)null!),
+
+        // Arbitrary from FsCheck
+        ArbMap.Default.ArbFor<string>().Generator.Where(s => s != null)
+    );
+
+    /// <summary>
+    /// Wraps <see cref="AdversarialStringGen"/> as nullable for optional-field testing.
+    /// </summary>
+    public static Gen<string?> NullableStringGen() => Gen.OneOf(
+        Gen.Constant((string?)null),
+        AdversarialStringGen().Select(s => (string?)s)
+    );
+}

backend/tests/Taskdeck.Application.Tests/Fuzz/NotificationDtoSerializationFuzzTests.cs

@@ -24,27 +24,6 @@ public class NotificationDtoSerializationFuzzTests
         WriteIndented = false
     };
 
-    private static Gen<string> AdversarialStringGen() => Gen.OneOf(
-        Gen.Constant("\u0000"),
-        Gen.Constant("\uFEFF"),
-        Gen.Constant("\u200B"),
-        Gen.Constant("<script>alert('xss')</script>"),
-        Gen.Constant("'; DROP TABLE notifications; --"),
-        Gen.Constant("\"quoted\""),
-        Gen.Constant("back\\slash"),
-        Gen.Constant("new\nline"),
-        Gen.Constant("emoji 👨‍👩‍👧‍👦"),
-        Gen.Constant("田中太郎"),
-        Gen.Constant("{\"nested\": true}"),
-        Gen.Constant(""),
-        ArbMap.Default.ArbFor<string>().Generator.Where(s => s != null)
-    );
-
-    private static Gen<string?> NullableStringGen() => Gen.OneOf(
-        Gen.Constant((string?)null),
-        AdversarialStringGen().Select(s => (string?)s)
-    );
-
     private static Gen<NotificationType> TypeGen() =>
         Gen.Elements(
             NotificationType.Mention,
@@ -62,7 +41,7 @@ private static Gen<NotificationCadence> CadenceGen() =>
     public Property NotificationDto_RoundTrip_PreservesTitle()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(FuzzTestGenerators.AdversarialStringGen()),
             Arb.From(TypeGen()),
             Arb.From(CadenceGen()),
             (title, type, cadence) =>
@@ -98,7 +77,7 @@ public Property NotificationDto_RoundTrip_PreservesTitle()
     public Property NotificationDto_RoundTrip_PreservesMessage()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(FuzzTestGenerators.AdversarialStringGen()),
             message =>
             {
                 var dto = new NotificationDto(
@@ -131,9 +110,9 @@ public Property NotificationDto_RoundTrip_PreservesMessage()
     public Property CreateNotificationRequestDto_RoundTrip_Identity()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
-            Arb.From(AdversarialStringGen()),
-            Arb.From(NullableStringGen()),
+            Arb.From(FuzzTestGenerators.AdversarialStringGen()),
+            Arb.From(FuzzTestGenerators.AdversarialStringGen()),
+            Arb.From(FuzzTestGenerators.NullableStringGen()),
             (title, message, sourceEntityType) =>
             {
                 var dto = new CreateNotificationRequestDto(
@@ -163,7 +142,7 @@ public Property CreateNotificationRequestDto_RoundTrip_Identity()
     public Property NotificationDto_WithNullableFields_RoundTrips()
     {
         return Prop.ForAll(
-            Arb.From(NullableStringGen()),
+            Arb.From(FuzzTestGenerators.NullableStringGen()),
             ArbMap.Default.ArbFor<bool>(),
             (sourceEntityType, isRead) =>
             {

backend/tests/Taskdeck.Domain.Tests/PropertyBased/ChatMessagePropertyTests.cs

@@ -24,23 +24,6 @@ public class ChatMessagePropertyTests
 
     // ─────────────────────── Generators ───────────────────────
 
-    private static Gen<string> AdversarialStringGen() => Gen.OneOf(
-        Gen.Constant("\u0000"),
-        Gen.Constant("\uFEFF"),
-        Gen.Constant("\u200B"),
-        Gen.Constant("\u202E"),
-        Gen.Constant("<script>alert('xss')</script>"),
-        Gen.Constant("'; DROP TABLE messages; --"),
-        Gen.Constant("👨‍👩‍👧‍👦"),
-        Gen.Constant("田中太郎"),
-        Gen.Constant("{\"nested\": true}"),
-        Gen.Constant("\x01\x02\x03"),
-        Gen.Constant(""),
-        Gen.Constant(" "),
-        Gen.Constant((string)null!),
-        ArbMap.Default.ArbFor<string>().Generator.Where(s => s != null)
-    );
-
     private static Gen<string> ValidContentGen() =>
         Gen.Choose(1, 500)
             .SelectMany(len =>
@@ -108,7 +91,7 @@ public Property EmptySessionId_AlwaysThrows()
     public Property Constructor_NeverThrowsUnhandled_OnAdversarialContent()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(TestGenerators.AdversarialStringGen()),
             content =>
             {
                 try
@@ -221,7 +204,7 @@ public Property SetProposalId_NonEmptyGuid_Succeeds()
     public Property Constructor_WithAdversarialDegradedReason_NeverThrowsUnhandled()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(TestGenerators.AdversarialStringGen()),
             reason =>
             {
                 try

backend/tests/Taskdeck.Domain.Tests/PropertyBased/ChatSessionPropertyTests.cs

@@ -19,25 +19,6 @@ public class ChatSessionPropertyTests
 
     // ─────────────────────── Generators ───────────────────────
 
-    private static Gen<string> AdversarialStringGen() => Gen.OneOf(
-        Gen.Constant("\u0000"),
-        Gen.Constant("\uFEFF"),
-        Gen.Constant("\u200B"),
-        Gen.Constant("\u202E"),
-        Gen.Constant("<script>alert('xss')</script>"),
-        Gen.Constant("'; DROP TABLE sessions; --"),
-        Gen.Constant("👨‍👩‍👧‍👦"),
-        Gen.Constant("田中太郎"),
-        Gen.Constant("\x01\x02\x03"),
-        Gen.Constant("\x1B[31m"),
-        Gen.Constant("{\"nested\": true}"),
-        Gen.Constant(""),
-        Gen.Constant(" "),
-        Gen.Constant("\t"),
-        Gen.Constant((string)null!),
-        ArbMap.Default.ArbFor<string>().Generator.Where(s => s != null)
-    );
-
     private static Arbitrary<string> ValidTitleArb()
     {
         var gen = Gen.Choose(1, 200)
@@ -111,7 +92,7 @@ public Property EmptyGuidUserId_AlwaysThrows()
     public Property Constructor_NeverThrowsUnhandled_OnAdversarialTitle()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(TestGenerators.AdversarialStringGen()),
             title =>
             {
                 try
@@ -137,7 +118,7 @@ public Property Constructor_NeverThrowsUnhandled_OnAdversarialTitle()
     public Property UpdateTitle_NeverThrowsUnhandled_OnAdversarialTitle()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(TestGenerators.AdversarialStringGen()),
             newTitle =>
             {
                 var session = new ChatSession(Guid.NewGuid(), "OriginalTitle");

backend/tests/Taskdeck.Domain.Tests/PropertyBased/KnowledgeDocumentPropertyTests.cs

@@ -19,21 +19,6 @@ public class KnowledgeDocumentPropertyTests
 
     // ─────────────────────── Generators ───────────────────────
 
-    private static Gen<string> AdversarialStringGen() => Gen.OneOf(
-        Gen.Constant("\u0000"),
-        Gen.Constant("\uFEFF"),
-        Gen.Constant("\u200B"),
-        Gen.Constant("<script>alert('xss')</script>"),
-        Gen.Constant("'; DROP TABLE knowledge; --"),
-        Gen.Constant("👨‍👩‍👧‍👦"),
-        Gen.Constant("田中太郎"),
-        Gen.Constant("{\"nested\": true}"),
-        Gen.Constant(""),
-        Gen.Constant(" "),
-        Gen.Constant((string)null!),
-        ArbMap.Default.ArbFor<string>().Generator.Where(s => s != null)
-    );
-
     private static Gen<string> ValidTitleGen() =>
         Gen.Choose(1, 200)
             .SelectMany(len =>
@@ -69,14 +54,13 @@ public Property ValidParams_AlwaysCreatesDocument()
             });
     }
 
-    [Property(MaxTest = MaxTests)]
-    public Property EmptyGuidUserId_AlwaysThrows()
+    [Fact]
+    public void EmptyGuidUserId_AlwaysThrows()
     {
         var act = () => new KnowledgeDocument(
             Guid.Empty, "Title", "Content", KnowledgeSourceType.Manual);
         act.Should().Throw<DomainException>()
             .Where(e => e.ErrorCode == ErrorCodes.ValidationError);
-        return true.ToProperty();
     }
 
     // ─────────────────────── Title boundary values ───────────────────────
@@ -178,7 +162,7 @@ public void Tags_ExceedingLimit_Throws(int length)
     public Property Constructor_NeverThrowsUnhandled_OnAdversarialTitle()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(TestGenerators.AdversarialStringGen()),
             title =>
             {
                 try
@@ -203,7 +187,7 @@ public Property Constructor_NeverThrowsUnhandled_OnAdversarialTitle()
     public Property Constructor_NeverThrowsUnhandled_OnAdversarialContent()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
+            Arb.From(TestGenerators.AdversarialStringGen()),
             content =>
             {
                 try
@@ -264,8 +248,8 @@ public void Update_WhenArchived_Throws()
     public Property Update_WithAdversarialInputs_NeverThrowsUnhandled()
     {
         return Prop.ForAll(
-            Arb.From(AdversarialStringGen()),
-            Arb.From(AdversarialStringGen()),
+            Arb.From(TestGenerators.AdversarialStringGen()),
+            Arb.From(TestGenerators.AdversarialStringGen()),
             (title, content) =>
             {
                 var doc = new KnowledgeDocument(