Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEC: Use secrets instead of random #1748

Merged
merged 3 commits into from
Mar 26, 2023
Merged

SEC: Use secrets instead of random #1748

merged 3 commits into from
Mar 26, 2023

Conversation

MartinThoma
Copy link
Member

@MartinThoma MartinThoma commented Mar 26, 2023
edited
Loading

The implication of this is that PDFs which were encrypted with pypdf before might be less secure than they should be.

It's unclear to me if "less secure" means "insecure" or if it's just a theoretical advantage.

@codecov
Copy link

codecov bot commented Mar 26, 2023
edited
Loading

Codecov Report

Patch coverage: 91.66% and no project coverage change.

Comparison is base (b0d92b3) 92.40% compared to head (bbba054) 92.41%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1748   +/-   ##
=======================================
  Coverage   92.40%   92.41%           
=======================================
  Files          34       34           
  Lines        6570     6575    +5     
  Branches     1301     1301           
=======================================
+ Hits         6071     6076    +5     
  Misses        326      326           
  Partials      173      173
Impacted Files Coverage Δ
pypdf/_encryption.py 91.77% <88.88%> (+0.08%) ⬆️
pypdf/_writer.py 86.14% <100.00%> (+0.01%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@MartinThoma MartinThoma merged commit c75bb16 into main Mar 26, 2023
@MartinThoma MartinThoma deleted the random-secrets branch March 26, 2023 13:09
MartinThoma added a commit that referenced this pull request Mar 26, 2023
@MartinThoma
REL: 3.7.0
050bca6 
Security (SEC):
-  Use Python's secrets module instead of random module (#1748)

New Features (ENH):
-  Add AnnotationBuilder.highlight text markup annotation (#1740)
-  Add AnnotationBuilder.popup (#1665)
-  Add AnnotationBuilder.polyline annotation support (#1726)
-  Add clone_from parameter in PdfWriter constructor (#1703)

Bug Fixes (BUG):
-  'DictionaryObject' object has no attribute 'indirect_reference' (#1729)

Robustness (ROB):
-  Handle params NullObject in decode_stream_data (#1738)

Documentation (DOC):
-  Project scope (#1743)

Maintenance (MAINT):
-  Add AnnotationFlag (#1746)
-  Add LazyDict.__str__ (#1727)

[Full Changelog](3.6.0...3.7.0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MartinThoma