jedarden/pdftract
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pdftract/crates/pdftract-core
History
jedarden c3f549f2fe feat(pdftract-2okbq): implement TH-10 cache poisoning protection 
Add HMAC-SHA-256 integrity verification to cache entries to mitigate
TH-10 (local-FS attacker cache poisoning). Each cache entry is now signed
with an 8-byte HMAC signature computed over the fingerprint,
extraction options hash, and compressed blob.

- Add CacheIntegrityFail diagnostic code (Warning severity)
- Add cache/integrity.rs module with key generation and HMAC verification
- Update cache Writer to prepend HMAC signature to entries
- Update cache Reader to verify HMAC before decompression
- Add comprehensive security tests in tests/security/TH-10-cache-poison.rs
- Add hmac = "0.12" dependency

Acceptance criteria PASS:
- All 10 TH-10 tests pass (forgery detection, key compromise, HMAC input format)
- Cache init produces 0600 key file
- Forgery with wrong HMAC triggers integrity failure and cache miss
- Key compromise scenario documented

Note: Pre-existing cache multi_process tests fail due to format change;
this is expected and will be addressed in follow-up.

Closes: pdftract-2okbq

Co-Authored-By: Claude Code <noreply@anthropic.com>
2026-05-26 21:09:54 -04:00
..
benches fix: resolve compilation errors across codebase 2026-05-25 08:38:04 -04:00
build feat(pdftract-1xf4d): implement TH-06 supply-chain gate 2026-05-26 17:31:13 -04:00
examples feat(pdftract-4li3d): implement security constraints for serve mode 2026-05-26 18:47:51 -04:00
proptest-regressions/parser/lexer feat(pdftract-1jjn): implement PDF numeric literal lexer with full edge case support 2026-05-23 23:17:04 -04:00
src feat(pdftract-2okbq): implement TH-10 cache poisoning protection 2026-05-26 21:09:54 -04:00
tests feat(pdftract-2okbq): implement TH-10 cache poisoning protection 2026-05-26 21:09:54 -04:00
__test__.pdf feat(pdftract-15pz8): implement multi-process safe cache operations 2026-05-23 05:31:11 -04:00
build.rs feat(pdftract-4li3d): implement security constraints for serve mode 2026-05-26 18:47:51 -04:00
Cargo.toml feat(pdftract-2okbq): implement TH-10 cache poisoning protection 2026-05-26 21:09:54 -04:00
pdftract-core.cdx.json feat(pdftract-67tm8): implement MCP stdio transport with integration tests 2026-05-23 00:16:42 -04:00
README.md docs(pdftract-49f8): establish Cargo.lock policy and documentation 2026-05-20 18:13:14 -04:00

README.md

pdftract-core

The core Rust library for PDF text extraction. This crate provides the parsing, layout analysis, font encoding recovery, and text extraction primitives used by the CLI (pdftract-cli) and Python bindings (pdftract-py).

Cargo.lock Policy

This workspace checks in Cargo.lock at the repository root. This is unconventional for library crates—the Cargo Book historically suggested that only binary crates should check in lockfiles, allowing library consumers to resolve their own dependency versions.

pdftract departs from this convention for release reproducibility:

  1. SLSA Level 3 provenance requires that every milestone tag produces byte-identical artifacts across builds. Without a checked-in lockfile, two runs of cargo build on the same commit can resolve different transitive dependency versions, producing different binary hashes.

  2. Multi-output artifacts—this workspace produces Rust crates (pdftract-core, pdftract-cli), Python wheels (pdftract-py), and Docker images. All must be built from the same dependency tree.

  3. Supply-chain security—the lockfile pins checksums for all transitive dependencies, enabling cargo audit to detect yanked or compromised crates.

  4. Downstream consumers can still ignore the lockfile if needed. Cargo allows cargo build --frozen with a local lockfile override, or consumers can vendor the crate with their own dependency resolution.

The tradeoff—occasional merge conflicts when PRs update overlapping dependencies—is worth the guarantee of reproducible releases. See CONTRIBUTING.md for the lockfile-update workflow.

Modules

  • parser: PDF spec parsing (xref, trailer, object streams, indirect references)
  • font: Font encoding recovery, glyph name lookup, fingerprinting
  • layout: Page layout analysis, region segmentation, reading order
  • extract: Text extraction with provenance (bounding boxes, confidence scores)
  • ocr: Tesseract integration for raster pages

Usage

use pdftract_core::{extract_text, ExtractOptions};

let options = ExtractOptions::default();
let result = extract_text("document.pdf", &options)?;
println!("{}", result.text);