pdftract

History

jedarden a3d9ce19e6 test(pdftract-43jxa): implement TH-07 ps leak security test Implement TH-07 security test validating that PDF password ingress channels properly prevent password disclosure via process arg list. Test cases: - --password VALUE rejected with exit 64 without opt-in - --password VALUE with PDFTRACT_INSECURE_CLI_PASSWORD=1 proceeds with warning - --password-stdin works correctly - PDFTRACT_PASSWORD env var works correctly - Password leaks in /proc/<pid>/cmdline under opt-in (proving the vulnerability) - Password does NOT leak with --password-stdin or env var Closes: pdftract-43jxa	2026-05-25 00:45:57 -04:00
..
password-protected.pdf	test(pdftract-43jxa): implement TH-07 ps leak security test	2026-05-25 00:45:57 -04:00
password-protected.pdf.password.txt	test(pdftract-43jxa): implement TH-07 ps leak security test	2026-05-25 00:45:57 -04:00

jedarden a3d9ce19e6 test(pdftract-43jxa): implement TH-07 ps leak security test

Implement TH-07 security test validating that PDF password ingress
channels properly prevent password disclosure via process arg list.

Test cases:
- --password VALUE rejected with exit 64 without opt-in
- --password VALUE with PDFTRACT_INSECURE_CLI_PASSWORD=1 proceeds with warning
- --password-stdin works correctly
- PDFTRACT_PASSWORD env var works correctly
- Password leaks in /proc/<pid>/cmdline under opt-in (proving the vulnerability)
- Password does NOT leak with --password-stdin or env var

Closes: pdftract-43jxa

2026-05-25 00:45:57 -04:00

password-protected.pdf

test(pdftract-43jxa): implement TH-07 ps leak security test

2026-05-25 00:45:57 -04:00

password-protected.pdf.password.txt

test(pdftract-43jxa): implement TH-07 ps leak security test

2026-05-25 00:45:57 -04:00