jedarden/pdftract

Fork 0

Commit graph

Author	SHA1	Message	Date
jedarden	a3d9ce19e6	test(pdftract-43jxa): implement TH-07 ps leak security test Implement TH-07 security test validating that PDF password ingress channels properly prevent password disclosure via process arg list. Test cases: - --password VALUE rejected with exit 64 without opt-in - --password VALUE with PDFTRACT_INSECURE_CLI_PASSWORD=1 proceeds with warning - --password-stdin works correctly - PDFTRACT_PASSWORD env var works correctly - Password leaks in /proc/<pid>/cmdline under opt-in (proving the vulnerability) - Password does NOT leak with --password-stdin or env var Closes: pdftract-43jxa	2026-05-25 00:45:57 -04:00

Author

SHA1

Message

Date

jedarden

a3d9ce19e6

test(pdftract-43jxa): implement TH-07 ps leak security test

Implement TH-07 security test validating that PDF password ingress
channels properly prevent password disclosure via process arg list.

Test cases:
- --password VALUE rejected with exit 64 without opt-in
- --password VALUE with PDFTRACT_INSECURE_CLI_PASSWORD=1 proceeds with warning
- --password-stdin works correctly
- PDFTRACT_PASSWORD env var works correctly
- Password leaks in /proc/<pid>/cmdline under opt-in (proving the vulnerability)
- Password does NOT leak with --password-stdin or env var

Closes: pdftract-43jxa

2026-05-25 00:45:57 -04:00

1 commit