a3d9ce19e6
Implement TH-07 security test validating that PDF password ingress channels properly prevent password disclosure via process arg list. Test cases: - --password VALUE rejected with exit 64 without opt-in - --password VALUE with PDFTRACT_INSECURE_CLI_PASSWORD=1 proceeds with warning - --password-stdin works correctly - PDFTRACT_PASSWORD env var works correctly - Password leaks in /proc/<pid>/cmdline under opt-in (proving the vulnerability) - Password does NOT leak with --password-stdin or env var Closes: pdftract-43jxa |
||
|---|---|---|
| .. | ||
| pdftract-cer-diff | ||
| pdftract-cli | ||
| pdftract-core | ||
| pdftract-libpdftract | ||
| pdftract-py | ||