Implement TH-07 security test validating that PDF password ingress channels properly prevent password disclosure via process arg list. Test cases: - --password VALUE rejected with exit 64 without opt-in - --password VALUE with PDFTRACT_INSECURE_CLI_PASSWORD=1 proceeds with warning - --password-stdin works correctly - PDFTRACT_PASSWORD env var works correctly - Password leaks in /proc/<pid>/cmdline under opt-in (proving the vulnerability) - Password does NOT leak with --password-stdin or env var Closes: pdftract-43jxa
20 lines
935 B
Text
20 lines
935 B
Text
# Password fixture for TH-07 testing
|
|
#
|
|
# Note: This test primarily validates CLI-level password handling (rejection of
|
|
# --password VALUE without opt-in, warning with opt-in, and acceptance of
|
|
# --password-stdin and PDFTRACT_PASSWORD). The actual PDF decryption is tested
|
|
# elsewhere.
|
|
#
|
|
# The fixture PDF is a minimal unencrypted PDF. For cases 1-4 (CLI rejection
|
|
# and opt-in behavior), any PDF file works since the password handling happens
|
|
# before the PDF is opened.
|
|
#
|
|
# For case 5 (ps aux leak verification under opt-in), we verify that the
|
|
# password appears in /proc/<pid>/cmdline when using --password VALUE.
|
|
#
|
|
# For case 6 (no leak under correct channels), we verify that the password
|
|
# does NOT appear in /proc/<pid>/cmdline when using --password-stdin or
|
|
# PDFTRACT_PASSWORD.
|
|
#
|
|
# If you need to test actual PDF decryption, replace this file with a real
|
|
# password-protected PDF and update the expected behavior in the test.
|