Initial project skeleton xhtml2pdf #12266
Conversation
|
ennamarie19 is integrating a new project: |
|
Received approval from upstream project maintainers here: xhtml2pdf/xhtml2pdf#762 @DonggeLiu Is this a repo you guys would support? |
Thanks, @ennamarie19! Let me send this to the panel.
Just a minor note: I am unsure if fuzzing is designed for or can easily detect malicious code directly. If the package uses C/C++ extensions, fuzzing can detect memory corruption, which may be exploited to do so. Otherwise, fuzzing can check if the project crashes on certain inputs. |
|
Thank you!! Oh thank you! That makes perfect sense! On Sep 2, 2024, at 8:12 PM, Dongge Liu ***@***.***> wrote:
@DonggeLiu Is this a repo you guys would support?
Thanks, @ennamarie19! Let me send this to the panel.
For example, a bad actor could insert malicious code into the codebase that inserts macros into every generated pdf file.
Just a minor note: I am unsure if fuzzing is designed for or can easily detect malicious code directly. If the package uses C/C++ extensions, fuzzing can detect memory corruption, which may be exploited to do so. Otherwise, fuzzing can check if the project crashes on certain inputs.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>
|
xhtml2pdf is a HTML to PDF converter using Python, the ReportLab Toolkit, html5lib and pypdf. The main benefit of this tool is that a user with web skills like HTML and CSS is able to generate PDF templates very quickly without learning new technologies. 15,713 repositories depend on xhtml2pdf, most notably maigret (9.9k+ stars), rst2pdf, aequitas, tendenci and django-easy-pdf. This is a security critical repository because people use this repository to convert html to pdf. For example, a bad actor could insert malicious code into the codebase that inserts macros into every generated pdf file. Further, this repo should be continuously fuzzed for bugs and vulnerabilities so that these dependent 15k repositories are put at less of a risk.