Added typed config struct for unmapped glyph names configuration:
- unmapped_glyph_names: Vec<String> - list of glyph names to skip
- description: Option<String> - optional documentation
- version: Option<String> - format version identifier
The struct represents the JSON structure from build/unmapped-glyph-names.json
and is ready for parsing implementation in follow-up beads.
Closes bf-3vo80. Verification: notes/bf-3vo80.md
Remove 5 DELETE-category generator files identified in bf-1iefu:
- tests/fixtures/scanned/generate_scanned_fixtures.rs (Rust stub, use Python version)
- tests/fixtures/security/generate_sensitive_fixture.py (duplicate, Rust version preferred)
- tests/fixtures/encoding/generate_unmapped_glyphs.rs (superseded by Python version)
- tests/fixtures/malformed/gen-bomb-10k-2g.sh (superseded by Python version)
- tests/fixtures/forms/generate_form_fixtures.d (orphaned Makefile dependency)
Verification: No compiled object files (.o, .so, .a, .dylib, .dll) or executable binaries found. The .bin files in fixtures root are test data files, not compiled artifacts.
Implement TH-07 security test validating that PDF password ingress
channels properly prevent password disclosure via process arg list.
Test cases:
- --password VALUE rejected with exit 64 without opt-in
- --password VALUE with PDFTRACT_INSECURE_CLI_PASSWORD=1 proceeds with warning
- --password-stdin works correctly
- PDFTRACT_PASSWORD env var works correctly
- Password leaks in /proc/<pid>/cmdline under opt-in (proving the vulnerability)
- Password does NOT leak with --password-stdin or env var
Closes: pdftract-43jxa