RubyGems - pdf-reader - Versions diffs - 2.8.0 → 2.9.1 - Mend

pdf-reader 2.8.0 → 2.9.1

Files changed (40) hide show

checksums.yaml +4 -4
data/CHANGELOG +9 -0
data/lib/pdf/reader/aes_v2_security_handler.rb +41 -0
data/lib/pdf/reader/aes_v3_security_handler.rb +38 -0
data/lib/pdf/reader/buffer.rb +36 -34
data/lib/pdf/reader/cmap.rb +64 -51
data/lib/pdf/reader/error.rb +8 -0
data/lib/pdf/reader/filter/ascii85.rb +1 -1
data/lib/pdf/reader/filter/ascii_hex.rb +1 -1
data/lib/pdf/reader/filter/depredict.rb +1 -1
data/lib/pdf/reader/filter/flate.rb +3 -3
data/lib/pdf/reader/filter/lzw.rb +1 -1
data/lib/pdf/reader/filter/null.rb +1 -2
data/lib/pdf/reader/filter/run_length.rb +1 -1
data/lib/pdf/reader/filter.rb +10 -11
data/lib/pdf/reader/font.rb +29 -17
data/lib/pdf/reader/font_descriptor.rb +18 -17
data/lib/pdf/reader/form_xobject.rb +14 -5
data/lib/pdf/reader/key_builder_v5.rb +138 -0
data/lib/pdf/reader/null_security_handler.rb +0 -4
data/lib/pdf/reader/object_hash.rb +247 -42
data/lib/pdf/reader/page.rb +38 -20
data/lib/pdf/reader/page_state.rb +1 -1
data/lib/pdf/reader/page_text_receiver.rb +4 -1
data/lib/pdf/reader/parser.rb +20 -8
data/lib/pdf/reader/point.rb +1 -1
data/lib/pdf/reader/rc4_security_handler.rb +38 -0
data/lib/pdf/reader/rectangle.rb +2 -2
data/lib/pdf/reader/{resource_methods.rb → resources.rb} +15 -13
data/lib/pdf/reader/security_handler_factory.rb +79 -0
data/lib/pdf/reader/{standard_security_handler.rb → standard_key_builder.rb} +23 -95
data/lib/pdf/reader/stream.rb +2 -2
data/lib/pdf/reader/type_check.rb +52 -0
data/lib/pdf/reader/validating_receiver.rb +262 -0
data/lib/pdf/reader/width_calculator/true_type.rb +1 -1
data/lib/pdf/reader/xref.rb +20 -3
data/lib/pdf/reader.rb +17 -9
data/rbi/pdf-reader.rbi +388 -173
metadata +15 -9
data/lib/pdf/reader/standard_security_handler_v5.rb +0 -92

data/lib/pdf/reader/type_check.rb ADDED Viewed

@@ -0,0 +1,52 @@
+# coding: utf-8
+# typed: strict
+# frozen_string_literal: true
+module PDF
+  class Reader
+    # Cast untrusted input (usually parsed out of a PDF file) to a known type
+    #
+    class TypeCheck
+      def self.cast_to_numeric!(obj)
+        if obj.is_a?(Numeric)
+          obj
+        elsif obj.nil?
+          0
+        elsif obj.respond_to?(:to_f)
+          obj.to_f
+        elsif obj.respond_to?(:to_i)
+          obj.to_i
+        else
+          raise MalformedPDFError, "Unable to cast to numeric"
+        end
+      end
+      def self.cast_to_string!(string)
+        if string.is_a?(String)
+          string
+        elsif string.nil?
+          ""
+        elsif string.respond_to?(:to_s)
+          string.to_s
+        else
+          raise MalformedPDFError, "Unable to cast to string"
+        end
+      end
+      def self.cast_to_symbol(obj)
+        if obj.is_a?(Symbol)
+          obj
+        elsif obj.nil?
+          nil
+        elsif obj.respond_to?(:to_sym)
+          obj.to_sym
+        else
+          raise MalformedPDFError, "Unable to cast to symbol"
+        end
+      end
+    end
+  end
+end

data/lib/pdf/reader/validating_receiver.rb ADDED Viewed

@@ -0,0 +1,262 @@
+# coding: utf-8
+# typed: strict
+# frozen_string_literal: true
+module PDF
+  class Reader
+    # Page#walk will execute the content stream of a page, calling methods on a receiver class
+    # provided by the user. Each operator has a specific set of parameters it expects, and we
+    # wrap the users receiver class in this one to verify the PDF uses valid parameters.
+    #
+    # Without these checks, users can't be confident about the number of parameters they'll receive
+    # for an operator, or what the type of those parameters will be. Everyone ends up building their
+    # own type safety guard clauses and it's tedious.
+    #
+    # Not all operators have type safety implemented yet, but we can expand the number over time.
+    class ValidatingReceiver
+      def initialize(wrapped)
+        @wrapped = wrapped
+      end
+      def page=(page)
+        call_wrapped(:page=, page)
+      end
+      #####################################################
+      # Graphics State Operators
+      #####################################################
+      def save_graphics_state(*args)
+        call_wrapped(:save_graphics_state)
+      end
+      def restore_graphics_state(*args)
+        call_wrapped(:restore_graphics_state)
+      end
+      #####################################################
+      # Matrix Operators
+      #####################################################
+      def concatenate_matrix(*args)
+        a, b, c, d, e, f = *args
+        call_wrapped(
+          :concatenate_matrix,
+          TypeCheck.cast_to_numeric!(a),
+          TypeCheck.cast_to_numeric!(b),
+          TypeCheck.cast_to_numeric!(c),
+          TypeCheck.cast_to_numeric!(d),
+          TypeCheck.cast_to_numeric!(e),
+          TypeCheck.cast_to_numeric!(f),
+        )
+      end
+      #####################################################
+      # Text Object Operators
+      #####################################################
+      def begin_text_object(*args)
+        call_wrapped(:begin_text_object)
+      end
+      def end_text_object(*args)
+        call_wrapped(:end_text_object)
+      end
+      #####################################################
+      # Text State Operators
+      #####################################################
+      def set_character_spacing(*args)
+        char_spacing, _ = *args
+        call_wrapped(
+          :set_character_spacing,
+          TypeCheck.cast_to_numeric!(char_spacing)
+        )
+      end
+      def set_horizontal_text_scaling(*args)
+        h_scaling, _ = *args
+        call_wrapped(
+          :set_horizontal_text_scaling,
+          TypeCheck.cast_to_numeric!(h_scaling)
+        )
+      end
+      def set_text_font_and_size(*args)
+        label, size, _ = *args
+        call_wrapped(
+          :set_text_font_and_size,
+          TypeCheck.cast_to_symbol(label),
+          TypeCheck.cast_to_numeric!(size)
+        )
+      end
+      def set_text_leading(*args)
+        leading, _ = *args
+        call_wrapped(
+          :set_text_leading,
+          TypeCheck.cast_to_numeric!(leading)
+        )
+      end
+      def set_text_rendering_mode(*args)
+        mode, _ = *args
+        call_wrapped(
+          :set_text_rendering_mode,
+          TypeCheck.cast_to_numeric!(mode)
+        )
+      end
+      def set_text_rise(*args)
+        rise, _ = *args
+        call_wrapped(
+          :set_text_rise,
+          TypeCheck.cast_to_numeric!(rise)
+        )
+      end
+      def set_word_spacing(*args)
+        word_spacing, _ = *args
+        call_wrapped(
+          :set_word_spacing,
+          TypeCheck.cast_to_numeric!(word_spacing)
+        )
+      end
+      #####################################################
+      # Text Positioning Operators
+      #####################################################
+      def move_text_position(*args) # Td
+        x, y, _ = *args
+        call_wrapped(
+          :move_text_position,
+          TypeCheck.cast_to_numeric!(x),
+          TypeCheck.cast_to_numeric!(y)
+        )
+      end
+      def move_text_position_and_set_leading(*args) # TD
+        x, y, _ = *args
+        call_wrapped(
+          :move_text_position_and_set_leading,
+          TypeCheck.cast_to_numeric!(x),
+          TypeCheck.cast_to_numeric!(y)
+        )
+      end
+      def set_text_matrix_and_text_line_matrix(*args) # Tm
+        a, b, c, d, e, f = *args
+        call_wrapped(
+          :set_text_matrix_and_text_line_matrix,
+          TypeCheck.cast_to_numeric!(a),
+          TypeCheck.cast_to_numeric!(b),
+          TypeCheck.cast_to_numeric!(c),
+          TypeCheck.cast_to_numeric!(d),
+          TypeCheck.cast_to_numeric!(e),
+          TypeCheck.cast_to_numeric!(f),
+        )
+      end
+      def move_to_start_of_next_line(*args) # T*
+        call_wrapped(:move_to_start_of_next_line)
+      end
+      #####################################################
+      # Text Showing Operators
+      #####################################################
+      def show_text(*args) # Tj (AWAY)
+        string, _ = *args
+        call_wrapped(
+          :show_text,
+          TypeCheck.cast_to_string!(string)
+        )
+      end
+      def show_text_with_positioning(*args) # TJ [(A) 120 (WA) 20 (Y)]
+        params, _ = *args
+        unless params.is_a?(Array)
+          raise MalformedPDFError, "TJ operator expects a single Array argument"
+        end
+        call_wrapped(
+          :show_text_with_positioning,
+          params
+        )
+      end
+      def move_to_next_line_and_show_text(*args) # '
+        string, _ = *args
+        call_wrapped(
+          :move_to_next_line_and_show_text,
+          TypeCheck.cast_to_string!(string)
+        )
+      end
+      def set_spacing_next_line_show_text(*args) # "
+        aw, ac, string = *args
+        call_wrapped(
+          :set_spacing_next_line_show_text,
+          TypeCheck.cast_to_numeric!(aw),
+          TypeCheck.cast_to_numeric!(ac),
+          TypeCheck.cast_to_string!(string)
+        )
+      end
+      #####################################################
+      # Form XObject Operators
+      #####################################################
+      def invoke_xobject(*args)
+        label, _ = *args
+        call_wrapped(
+          :invoke_xobject,
+          TypeCheck.cast_to_symbol(label)
+        )
+      end
+      #####################################################
+      # Inline Image Operators
+      #####################################################
+      def begin_inline_image(*args)
+        call_wrapped(:begin_inline_image)
+      end
+      def begin_inline_image_data(*args)
+        # We can't use call_wrapped() here because sorbet won't allow splat args with a dynamic
+        # number of elements
+        @wrapped.begin_inline_image_data(*args) if @wrapped.respond_to?(:begin_inline_image_data)
+      end
+      def end_inline_image(*args)
+        data, _ = *args
+        call_wrapped(
+          :end_inline_image,
+          TypeCheck.cast_to_string!(data)
+        )
+      end
+      #####################################################
+      # Final safety net for any operators that don't have type checking enabled yet
+      #####################################################
+      def respond_to?(meth)
+        @wrapped.respond_to?(meth)
+      end
+      def method_missing(methodname, *args)
+        @wrapped.send(methodname, *args)
+      end
+      private
+      def call_wrapped(methodname, *args)
+        @wrapped.send(methodname, *args) if @wrapped.respond_to?(methodname)
+      end
+    end
+  end
+end

data/lib/pdf/reader/width_calculator/true_type.rb CHANGED Viewed

@@ -30,7 +30,7 @@ class PDF::Reader
         # in ruby a negative index is valid, and will go from the end of the array
         # which is undesireable in this case.
-        if @font.first_char <= code_point
+        if @font.first_char && @font.first_char <= code_point
           @font.widths.fetch(code_point - @font.first_char, @missing_width).to_f
         else
           @missing_width.to_f

data/lib/pdf/reader/xref.rb CHANGED Viewed

@@ -104,13 +104,18 @@ class PDF::Reader
       buf = new_buffer(offset)
       tok_one = buf.token
+      # we have a traditional xref table
       return load_xref_table(buf) if tok_one == "xref" || tok_one == "ref"
       tok_two   = buf.token
       tok_three = buf.token
+      # we have an XRef stream
       if tok_one.to_i >= 0 && tok_two.to_i >= 0 && tok_three == "obj"
         buf = new_buffer(offset)
+        # Maybe we should be parsing the ObjectHash second argument to the Parser here,
+        # to handle the case where an XRef Stream has the Length specified via an
+        # indirect object
         stream = PDF::Reader::Parser.new(buf).object(tok_one.to_i, tok_two.to_i)
         return load_xref_stream(stream)
       end
@@ -126,6 +131,10 @@ class PDF::Reader
       while !params.include?("trailer") && !params.include?(nil)
         if params.size == 2
+          unless params[0].to_s.match(/\A\d+\z/)
+            raise MalformedPDFError, "invalid xref table, expected object ID"
+          end
           objid, count = params[0].to_i, params[1].to_i
           count.times do
             offset = buf.token.to_i
@@ -143,7 +152,7 @@ class PDF::Reader
         params << buf.token
       end
-      trailer = Parser.new(buf, self).parse_token
+      trailer = Parser.new(buf).parse_token
       unless trailer.kind_of?(Hash)
         raise MalformedPDFError, "PDF malformed, trailer should be a dictionary"
@@ -168,8 +177,16 @@ class PDF::Reader
         [:Size, :Prev, :Root, :Encrypt, :Info, :ID].include?(key)
       }]
-      widths       = stream.hash[:W]
-      entry_length = widths.inject(0) { |s, w| s + w }
+      widths = stream.hash[:W]
+      PDF::Reader::Error.validate_type_as_malformed(widths, "xref stream widths", Array)
+      entry_length = widths.inject(0) { |s, w|
+        unless w.is_a?(Integer)
+          w = 0
+        end
+        s + w
+      }
       raw_data     = StringIO.new(stream.unfiltered_data)
       if stream.hash[:Index]
         index = stream.hash[:Index]

data/lib/pdf/reader.rb CHANGED Viewed

@@ -124,7 +124,7 @@ module PDF
     # Return a Hash with some basic information about the PDF file
     #
     def info
-      dict = @objects.deref(@objects.trailer[:Info])
+      dict = @objects.deref_hash(@objects.trailer[:Info]) || {}
       doc_strings_to_utf8(dict)
     end
@@ -132,7 +132,7 @@ module PDF
     # always present.
     #
     def metadata
-      stream = @objects.deref(root[:Metadata])
+      stream = @objects.deref_stream(root[:Metadata])
       if stream.nil?
         nil
       else
@@ -145,11 +145,11 @@ module PDF
     # To number of pages in this PDF
     #
     def page_count
-      pages = @objects.deref(root[:Pages])
+      pages = @objects.deref_hash(root[:Pages])
       unless pages.kind_of?(::Hash)
         raise MalformedPDFError, "Pages structure is missing #{pages.class}"
       end
-      @page_count ||= @objects.deref(pages[:Count])
+      @page_count ||= @objects.deref_integer(pages[:Count]) || 0
     end
     # The PDF version this file uses
@@ -190,6 +190,8 @@ module PDF
     # methods available on each page
     #
     def pages
+      return [] if page_count <= 0
       (1..self.page_count).map do |num|
         begin
           PDF::Reader::Page.new(@objects, num, :cache => @cache)
@@ -240,7 +242,7 @@ module PDF
           pdfdoc_to_utf8(obj)
         end
       else
-        @objects.deref(obj)
+        obj
       end
     end
@@ -271,7 +273,7 @@ module PDF
     def root
       @root ||= begin
-        obj = @objects.deref(@objects.trailer[:Root])
+        obj = @objects.deref_hash(@objects.trailer[:Root]) || {}
         unless obj.kind_of?(::Hash)
           raise MalformedPDFError, "PDF malformed, trailer Root should be a dictionary"
         end
@@ -283,7 +285,7 @@ module PDF
 end
 ################################################################################
-require 'pdf/reader/resource_methods'
+require 'pdf/reader/resources'
 require 'pdf/reader/buffer'
 require 'pdf/reader/bounding_rectangle_runs_filter'
 require 'pdf/reader/cid_widths'
@@ -314,13 +316,19 @@ require 'pdf/reader/rectangle'
 require 'pdf/reader/reference'
 require 'pdf/reader/register_receiver'
 require 'pdf/reader/null_security_handler'
-require 'pdf/reader/standard_security_handler'
-require 'pdf/reader/standard_security_handler_v5'
+require 'pdf/reader/security_handler_factory'
+require 'pdf/reader/standard_key_builder'
+require 'pdf/reader/key_builder_v5'
+require 'pdf/reader/aes_v2_security_handler'
+require 'pdf/reader/aes_v3_security_handler'
+require 'pdf/reader/rc4_security_handler'
 require 'pdf/reader/unimplemented_security_handler'
 require 'pdf/reader/stream'
 require 'pdf/reader/text_run'
+require 'pdf/reader/type_check'
 require 'pdf/reader/page_state'
 require 'pdf/reader/page_text_receiver'
 require 'pdf/reader/token'
 require 'pdf/reader/xref'
 require 'pdf/reader/page'
+require 'pdf/reader/validating_receiver'