boazsegev
commented
2 years ago Hi Jens and thank you for opening this issue.
Disclaimer: I cannot and do not guarantee safety - ever. I do not even guarantee that the code does what it says it does. Even many cryptographic implementations have bugs and issues that make them unsafe or expose them to side-chain attacks.
However, I wrote the library in order to use it in production, attempting to make it safe enough to use with potentially malicious PDF files.
CombinePDF should not run any JavaScript or other code embedded in the PDF and it should be safe against buffer overflow attacks in the PDF.
In fact, originally I wrote CombinePDF so it would strip scripts from the PDF file (I was worried about opening PDF files that users sent me)... I think this still holds true for when copying PDF pages from one file to another, but I might have eventually changed that behavior at some point.
Having said that, you are free to review the code and see if there are any potential risks I did not consider, such as possible decompression related attacks (which I am not aware of).
Cheers! Bo.
JensDebergh
Hi!
I recently stumbled on your gem and really love using it for personal use cases.
My question now is: How save is it to use in production?
Imagine a user uploading a malware embedded PDF would this malware be exposed to the server while processing the merge? I had a quick glance at the code but can't seem to find any code that would allow for arbitrary code to be executed.
As the gem author do you have any ideas / tips that you would apply to running this on a server with secrets that should not be leaked?
Would you advise running this as a separate service? Or is it ok to run this on your main application.
Kind regards Jens