Skip to content

SEC: Use secrets instead of random#1748

Merged
MartinThoma merged 3 commits intomainfrom
random-secrets
Mar 26, 2023
Merged

SEC: Use secrets instead of random#1748
MartinThoma merged 3 commits intomainfrom
random-secrets

Conversation

@MartinThoma
Copy link
Copy Markdown
Member

@MartinThoma MartinThoma commented Mar 26, 2023
edited
Loading

The implication of this is that PDFs which were encrypted with pypdf before might be less secure than they should be.

It's unclear to me if "less secure" means "insecure" or if it's just a theoretical advantage.

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 26, 2023
edited
Loading

Codecov Report

Patch coverage: 91.66% and no project coverage change.

Comparison is base (b0d92b3) 92.40% compared to head (bbba054) 92.41%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1748   +/-   ##
=======================================
  Coverage   92.40%   92.41%           
=======================================
  Files          34       34           
  Lines        6570     6575    +5     
  Branches     1301     1301           
=======================================
+ Hits         6071     6076    +5     
  Misses        326      326           
  Partials      173      173
Impacted Files Coverage Δ
pypdf/_encryption.py 91.77% <88.88%> (+0.08%) ⬆️
pypdf/_writer.py 86.14% <100.00%> (+0.01%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@MartinThoma MartinThoma merged commit c75bb16 into main Mar 26, 2023
@MartinThoma MartinThoma deleted the random-secrets branch March 26, 2023 13:09
MartinThoma added a commit that referenced this pull request Mar 26, 2023
@MartinThoma
REL: 3.7.0
050bca6 
Security (SEC):
-  Use Python's secrets module instead of random module (#1748)

New Features (ENH):
-  Add AnnotationBuilder.highlight text markup annotation (#1740)
-  Add AnnotationBuilder.popup (#1665)
-  Add AnnotationBuilder.polyline annotation support (#1726)
-  Add clone_from parameter in PdfWriter constructor (#1703)

Bug Fixes (BUG):
-  'DictionaryObject' object has no attribute 'indirect_reference' (#1729)

Robustness (ROB):
-  Handle params NullObject in decode_stream_data (#1738)

Documentation (DOC):
-  Project scope (#1743)

Maintenance (MAINT):
-  Add AnnotationFlag (#1746)
-  Add LazyDict.__str__ (#1727)

[Full Changelog](3.6.0...3.7.0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MartinThoma