ENH: Expose /Perms verification result on Encryption object#3672
Merged
stefan6419846 merged 6 commits intopy-pdf:mainfrom Mar 12, 2026
Merged
ENH: Expose /Perms verification result on Encryption object#3672stefan6419846 merged 6 commits intopy-pdf:mainfrom
stefan6419846 merged 6 commits intopy-pdf:mainfrom
Conversation
stefan6419846
requested changes
Mar 9, 2026
Collaborator
stefan6419846
left a comment
There was a problem hiding this comment.
Thanks for the PR. I have added a small remark where the approach does not look completely suitable.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #3672 +/- ##
==========================================
+ Coverage 97.36% 97.41% +0.04%
==========================================
Files 55 55
Lines 9949 9973 +24
Branches 1825 1831 +6
==========================================
+ Hits 9687 9715 +28
+ Misses 152 150 -2
+ Partials 110 108 -2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
968c59f to
d15c397
Compare
Add `perms_valid` attribute to the `Encryption` class that stores the result of `AlgV5.verify_perms()`. This allows callers to detect when the `/Perms` integrity check fails for AES-256 encrypted documents (R5/R6), indicating that the `/P` permissions field may have been tampered with. Previously, a failed `/Perms` check only logged a warning with no programmatic way to detect it. Closes py-pdf#3657
Expose /Perms verification result through a public property instead of requiring access to the internal reader._encryption.perms_valid. The new permissions_valid property returns None if the document is not encrypted or not yet decrypted, True if permissions are verified (or non-AES-256), and False if the /Perms integrity check failed.
Follow naming convention consistent with is_encrypted, as suggested in review.
a12fec7 to
322665a
Compare
Make the Encryption attribute private (underscore prefix) to prevent direct write access, and align the name with the public are_permissions_valid property on PdfDocCommon. Also rename test functions for consistency: test_perms_valid_* → test_are_permissions_valid_*
stefan6419846
requested changes
Mar 11, 2026
Collaborator
stefan6419846
left a comment
There was a problem hiding this comment.
Please revert all the unnecessary formatting changes.
Revert all line-collapsing formatting changes in _doc_common.py and _encryption.py as requested by maintainer. Only the are_permissions_valid feature additions remain.
stefan6419846
approved these changes
Mar 12, 2026
stefan6419846
added a commit
that referenced
this pull request
Mar 15, 2026
## What's new ### New Features (ENH) - Expose /Perms verification result on Encryption object (#3672) by @costajohnt ### Performance Improvements (PI) - Fix O(n²) performance in NameObject read/write (#3679) by @dmitry-kostin - Batch-parse all objects in ObjStm on first access (#3677) by @dmitry-kostin ### Bug Fixes (BUG) - Avoid sharing array-based content streams between pages (#3681) by @stefan6419846 - Avoid accessing invalid page when inserting blank page under some conditions (#3529) by @j-t-1 [Full Changelog](6.8.0...6.9.0)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a
perms_validattribute to theEncryptionclass that stores the result ofAlgV5.verify_perms(). This allows callers to programmatically detect when the/Permsintegrity check fails for AES-256 encrypted documents (R5/R6), indicating the/Ppermissions field may have been tampered with.Closes #3657
Changes
_encryption.py: Addedself.perms_valid: bool = TruetoEncryption.__init__(). Inverify_v5(), theAlgV5.verify_perms()result is now stored inself.perms_validinstead of only being used in a conditional._doc_common.py: Added a warning to theuser_access_permissionsdocstring noting that returned permissions are only trustworthy ifreader._encryption.perms_validisTrue.tests/test_encryption.py: Added 3 tests:test_perms_valid_true_for_valid_r6— verifiesperms_validisTruefor a valid R6 PDFtest_perms_valid_true_for_v4— verifies defaultTruefor V4 (no/Permsfield)test_perms_valid_false_when_tampered— creates an AES-256 PDF, tampers with/Permsbytes, verifiesperms_validisFalseDesign Notes
perms_validdefaults toTruebecause V4 and below don't use/Permsat all — only V5 (R5/R6) introduced the cryptographic integrity check.