0001-cartads_cs-check-CERFA-uploads-are-PDF-with-embedded.patch

Frédéric Péters, 03 septembre 2019 18:48

Voir les différences: en ligne côte à côte

Subject: [PATCH] cartads_cs: check CERFA uploads are PDF with embedded forms
 (#35794)

 passerelle/apps/cartads_cs/models.py |  10 +++
 setup.py                             |   1 +
 tests/data/pdf-form.pdf              | 112 +++++++++++++++++++++++++++
 tests/test_cartads_cs.py             |  19 ++++-
 4 files changed, 138 insertions(+), 4 deletions(-)
 create mode 100644 tests/data/pdf-form.pdf

     from xml.etree import ElementTree as etree
     import zipfile
     import pdfrw
     import pdfrw.findobjs
     from Crypto.Cipher import AES
     from django.conf import settings
-...
                 return []
             signer = Signer(salt='cart@ds_cs')
             tracking_code = signer.unsign(token)
             if id_piece.startswith('cerfa-'):
                 try:
                     pdf = pdfrw.PdfReader(request.FILES['files[]'])
                     if not any(pdfrw.findobjs.find_objects(pdf, valid_subtypes=(pdfrw.PdfName.Form,))):
                         return [{'error': _('The CERFA should not be a scanned document.')}]
                 except pdfrw.PdfParseError:
                     return [{'error': _('The CERFA should be a PDF file.')}]
             file_upload = CartaDSFile(
                     tracking_code=tracking_code,
                     id_piece=id_piece,

setup.py
108	108	'pycrypto',
109	109	'unidecode',
110	110	'paramiko',
	111	'pdfrw',
111	112	],
112	113	cmdclass={
113	114	'build': build,

     %PDF-1.4
     %???? ReportLab Generated PDF document http://www.reportlab.com
 0 obj
     <<
     /F1 2 0 R
     >>
     endobj
 0 obj
     <<
     /BaseFont /Helvetica /Encoding /WinAnsiEncoding /Name /F1 /Subtype /Type1 /Type /Font
     >>
     endobj
 0 obj
     <</Type /Encoding /Differences [24 /breve /caron /circumflex /dotaccent /hungarumlaut /ogonek /ring /tilde 39 /quotesingle 96 /grave 128 /bullet /dagger /daggerdbl /ellipsis /emdash /endash /florin /fraction /guilsinglleft /guilsinglright /minus /perthousand /quotedblbase /quotedblleft /quotedblright /quoteleft /quoteright /quotesinglbase /trademark /fi /fl /Lslash /OE /Scaron /Ydieresis /Zcaron /dotlessi /lslash /oe /scaron /zcaron 160 /Euro 164 /currency 166 /brokenbar 168 /dieresis /copyright /ordfeminine 172 /logicalnot /.notdef /registered /macron /degree /plusminus /twosuperior /threesuperior /acute /mu 183 /periodcentered /cedilla /onesuperior /ordmasculine 188 /onequarter /onehalf /threequarters 192 /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla /Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis /eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis]>>
     endobj
 0 obj
     << /BaseFont /Helvetica /Subtype /Type1 /Name /Helv /Type /Font /Encoding 3 0 R >>
     endobj
 0 obj
     <<
     /BBox [ 0 0 300 36 ] /Filter [ /FlateDecode ] /FormType 1 /Length 171 /Matrix [ 1 0 0 1 0 0 ] /Resources << /ProcSet [/PDF /Text] /Font <</Helv 4 0 R>> >>
       /Subtype /Form /Type /XObject
     >>
     stream
     x?MOK
     ?0??)f??6??6ۖR7](/`???ߗ~??7?f?LR0)2K??EE?dr?nH???YޡE0Z?????Y$?e?wp?Gۢ&?e?'?u?m?)bԜϹ?*q???ȧ?HÏe[?)??????Oi[4(?c??
?&WJf4?v?n??@pB?V??5endstream
     endobj
 0 obj
     <<
     /AP <<
     /N 5 0 R
     >> /BS <<
     /S /I /W 1
     >> /DA (/Helv 12 Tf .1 .1 .1 rg) /DV () /F 4 /FT /Tx
       /Ff 0 /MK <<
     /BC [ .1 .1 .1 ] /BG [ .8 .843 1 ]
     >> /MaxLen 100 /P 7 0 R /Rect [ 110 635 410 671 ] /Subtype /Widget
       /T (fname) /TU (First Name) /Type /Annot /V ()
     >>
     endobj
 0 obj
     <<
     /Annots [ 6 0 R ] /Contents 11 0 R /MediaBox [ 0 0 595.2756 841.8898 ] /Parent 10 0 R /Resources <<
     /Font 1 0 R /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
     >> /Rotate 0
       /Trans <<
     >> /Type /Page
     >>
     endobj
 0 obj
     <<
     /AcroForm 12 0 R /PageMode /UseNone /Pages 10 0 R /Type /Catalog
     >>
     endobj
 0 obj
     <<
     /Author (anonymous) /CreationDate (D:20190903184353+00'00') /Creator (ReportLab PDF Library - www.reportlab.com) /Keywords () /ModDate (D:20190903184353+00'00') /Producer (ReportLab PDF Library - www.reportlab.com)
       /Subject (unspecified) /Title (untitled) /Trapped /False
     >>
     endobj
 0 obj
     <<
     /Count 1 /Kids [ 7 0 R ] /Type /Pages
     >>
     endobj
 0 obj
     <<
     /Filter [ /ASCII85Decode /FlateDecode ] /Length 126
     >>
     stream
     Gaqck0a`Ou'F"A`MQ&2A5'L)8'f:o0@;c^9<<BGqqH78BhIBr$6rTs)+"nHeodnUUT.#"2021%_VSBG#BeHRGDrs4>a&%@t[l74FM(YU@Fr1LA@q2TV2=(]H6Pek~>endstream
     endobj
 0 obj
     <<
     /DA (/Helv 0 Tf 0 g) /DR << /Encoding
     <<
     /RLAFencoding
 0 R
     >>
     /Font << /Helv 4 0 R >>
     >> /Fields [ 6 0 R ]
     >>
     endobj
     xref
 13
     0000000000 65535 f
     0000000073 00000 n
     0000000104 00000 n
     0000000211 00000 n
     0000001533 00000 n
     0000001631 00000 n
     0000002028 00000 n
     0000002307 00000 n
     0000002530 00000 n
     0000002616 00000 n
     0000002912 00000 n
     0000002972 00000 n
     0000003189 00000 n
     trailer
     <<
     /ID
     [<30d7bc8d9857e1dc55dd88e74a04dac2><30d7bc8d9857e1dc55dd88e74a04dac2>]
     % ReportLab generated PDF document -- digest (http://www.reportlab.com)
     /Info 9 0 R
     /Root 8 0 R
     /Size 13
     >>
     startxref
     %%EOF

     # -*- coding: utf-8 -*-
     import datetime
     import os
     import mock
     from httmock import HTTMock
-...
         resp = app.post(data[0]['files'][0]['url'],
                         upload_files=[('files[]', 'test.pdf', '%PDF...')])
         assert resp.json == [{'error': 'The CERFA should be a PDF file.'}]
         pdf_contents = open(os.path.join(os.path.dirname(__file__), 'data', 'minimal.pdf')).read()
         resp = app.post(data[0]['files'][0]['url'],
                         upload_files=[('files[]', 'test.pdf', pdf_contents)])
         assert resp.json == [{'error': 'The CERFA should not be a scanned document.'}]
         pdf_contents = open(os.path.join(os.path.dirname(__file__), 'data', 'pdf-form.pdf')).read()
         resp = app.post(data[0]['files'][0]['url'],
                         upload_files=[('files[]', 'test.pdf', pdf_contents)])
         cerfa_token = resp.json[0]['token']
         resp = app.get('/cartads-cs/test/pieces?type_dossier_id=CU&objet_demande_id=1&tracking_code=BBBBBBBB')
-...
         assert 'name' not in data[0]['files'][0]
         resp = app.post(data[0]['files'][0]['url'],
                         upload_files=[('files[]', 'test.pdf', '%PDF...')])
                         upload_files=[('files[]', 'test.pdf', pdf_contents)])
         resp = app.post(data[1]['files'][0]['url'],
                         upload_files=[('files[]', 'test.pdf', '%PDF...')])
                         upload_files=[('files[]', 'test.pdf', pdf_contents)])
         resp = app.post(data[1]['files'][0]['url'],
                         upload_files=[('files[]', 'test.pdf', '%PDF...')])
                         upload_files=[('files[]', 'test.pdf', pdf_contents)])
         resp = app.get('/cartads-cs/test/pieces?type_dossier_id=CU&objet_demande_id=1&tracking_code=BBBBBBBB')
         data = resp.json['data']
         assert len(data[1]['files']) == 3
-...
         assert resp.json == {'result': False, 'err': 0}
         resp = app.post(data[2]['files'][0]['url'],
                         upload_files=[('files[]', 'test.pdf', '%PDF...')])
                         upload_files=[('files[]', 'test.pdf', pdf_contents)])
         resp = app.get('/cartads-cs/test/check_pieces?type_dossier_id=CU&objet_demande_id=1&tracking_code=BBBBBBBB')
         assert resp.json == {'result': True, 'err': 0}
+    -

Projet

Général

Profil

Produits Entr'ouvert » Passerelle

0001-cartads_cs-check-CERFA-uploads-are-PDF-with-embedded.patch