pdftract/tests/fixtures/security/password-protected.pdf.password.txt
jedarden a3d9ce19e6 test(pdftract-43jxa): implement TH-07 ps leak security test
Implement TH-07 security test validating that PDF password ingress
channels properly prevent password disclosure via process arg list.

Test cases:
- --password VALUE rejected with exit 64 without opt-in
- --password VALUE with PDFTRACT_INSECURE_CLI_PASSWORD=1 proceeds with warning
- --password-stdin works correctly
- PDFTRACT_PASSWORD env var works correctly
- Password leaks in /proc/<pid>/cmdline under opt-in (proving the vulnerability)
- Password does NOT leak with --password-stdin or env var

Closes: pdftract-43jxa
2026-05-25 00:45:57 -04:00

20 lines
935 B
Text

# Password fixture for TH-07 testing
#
# Note: This test primarily validates CLI-level password handling (rejection of
# --password VALUE without opt-in, warning with opt-in, and acceptance of
# --password-stdin and PDFTRACT_PASSWORD). The actual PDF decryption is tested
# elsewhere.
#
# The fixture PDF is a minimal unencrypted PDF. For cases 1-4 (CLI rejection
# and opt-in behavior), any PDF file works since the password handling happens
# before the PDF is opened.
#
# For case 5 (ps aux leak verification under opt-in), we verify that the
# password appears in /proc/<pid>/cmdline when using --password VALUE.
#
# For case 6 (no leak under correct channels), we verify that the password
# does NOT appear in /proc/<pid>/cmdline when using --password-stdin or
# PDFTRACT_PASSWORD.
#
# If you need to test actual PDF decryption, replace this file with a real
# password-protected PDF and update the expected behavior in the test.