Add openpdf-renderer #1357
Add openpdf-renderer #1357
Conversation
|
| } | ||
|
|
||
| if (rgb[i] < 0.003928) { | ||
| rgb[i] *= 12.92; |
Check failure
Code scanning / CodeQL
Implicit narrowing conversion in compound assignment High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the issue, we need to ensure that the multiplication operation in rgb[i] *= 12.92 is performed entirely in the float domain. This can be achieved by explicitly casting the constant 12.92 to float. This avoids the implicit cast from double to float and ensures that the operation is consistent with the type of rgb[i]. The change should be made on line 185 in the ciexyzToSRGB method.
| @@ -184,3 +184,3 @@ | ||
| if (rgb[i] < 0.003928) { | ||
| rgb[i] *= 12.92; | ||
| rgb[i] *= 12.92f; | ||
| } else { |
|
|
||
| final Cipher cipher; | ||
| if (this.encryptionAlgorithm.isRC4()) { | ||
| cipher = Cipher.getInstance(CIPHER_RC4); |
Check failure
Code scanning / CodeQL
Use of a broken or risky cryptographic algorithm High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To address the issue, we will replace the use of the RC4 algorithm with AES. Specifically:
- Update the
CIPHER_RC4constant to use a secure AES configuration (e.g.,AES/CBC/PKCS5Padding). - Modify the
createAndInitialiseContentCiphermethod to handle AES decryption in place of RC4. - Ensure that the decryption key and initialization vector are properly handled for AES.
This change will require updating the CIPHER_RC4 constant, replacing the RC4-specific logic in the createAndInitialiseContentCipher method, and ensuring that the decryption key and initialization vector are compatible with AES.
| @@ -87,9 +87,10 @@ | ||
| /** | ||
| * The specification of the RC4 cipher for JCE interactions | ||
| */ | ||
| private static final String CIPHER_RC4 = "RC4"; | ||
| /** | ||
| * The key type for RC4 keys | ||
| */ | ||
| private static final String KEY_RC4 = "RC4"; | ||
| * The specification of the AES cipher for JCE interactions. As per the | ||
| * spec, cipher-block chaining (CBC) mode and PKCS5 padding are used | ||
| */ | ||
| private static final String CIPHER_AES = "AES/CBC/PKCS5Padding"; | ||
| /** | ||
| * The key type for AES keys | ||
| */ | ||
| private static final String KEY_AES = "AES"; | ||
|
|
||
| @@ -402,22 +403,20 @@ | ||
| final Cipher cipher; | ||
| if (this.encryptionAlgorithm.isRC4()) { | ||
| cipher = Cipher.getInstance(CIPHER_RC4); | ||
| cipher.init(Cipher.DECRYPT_MODE, createRC4Key(decryptionKeyBytes)); | ||
| } else if (this.encryptionAlgorithm.isAES()) { | ||
| cipher = createAESCipher(); | ||
| final byte[] initialisationVector = new byte[16]; | ||
| if (encrypted.remaining() >= initialisationVector.length) { | ||
| encrypted.get(initialisationVector); | ||
| } else { | ||
| throw new PDFParseException( | ||
| "AES encrypted stream too short - " + | ||
| "no room for initialisation vector"); | ||
| } | ||
|
|
||
| final SecretKeySpec aesKey = | ||
| new SecretKeySpec(decryptionKeyBytes, KEY_AES); | ||
| final IvParameterSpec aesIv = | ||
| new IvParameterSpec(initialisationVector); | ||
| cipher.init(Cipher.DECRYPT_MODE, aesKey, aesIv); | ||
| } else { | ||
| if (this.encryptionAlgorithm.isAES()) { | ||
| cipher = createAESCipher(); | ||
| final byte[] initialisationVector = new byte[16]; | ||
| if (encrypted.remaining() >= initialisationVector.length) { | ||
| encrypted.get(initialisationVector); | ||
| } else { | ||
| throw new PDFParseException( | ||
| "AES encrypted stream too short - " + | ||
| "no room for initialisation vector"); | ||
| } | ||
|
|
||
| final SecretKeySpec aesKey = | ||
| new SecretKeySpec(decryptionKeyBytes, KEY_AES); | ||
| final IvParameterSpec aesIv = | ||
| new IvParameterSpec(initialisationVector); | ||
| cipher.init(Cipher.DECRYPT_MODE, aesKey, aesIv); | ||
| } else { | ||
| throw new PDFParseException("Unsupported encryption algorithm"); | ||
| throw new PDFParseException( |
| */ | ||
| private Cipher createRC4Cipher() | ||
| throws NoSuchAlgorithmException, NoSuchPaddingException { | ||
| return Cipher.getInstance(CIPHER_RC4); |
Check failure
Code scanning / CodeQL
Use of a broken or risky cryptographic algorithm High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the issue, we will replace the use of the RC4 algorithm with AES, which is a secure and modern cryptographic algorithm. Specifically:
- Replace the
CIPHER_RC4constant with a secure AES configuration, such asAES/CBC/PKCS5Padding. - Update the
createRC4Ciphermethod to create an AES cipher instead. - Ensure that the key and initialization vector (IV) are properly handled for AES encryption/decryption.
The changes will involve modifying the CIPHER_RC4 constant, the createRC4Cipher method, and potentially other parts of the code that depend on RC4-specific behavior.
| @@ -89,7 +89,7 @@ | ||
| */ | ||
| private static final String CIPHER_RC4 = "RC4"; | ||
| /** | ||
| * The key type for RC4 keys | ||
| */ | ||
| private static final String KEY_RC4 = "RC4"; | ||
| private static final String CIPHER_AES = "AES/CBC/PKCS5Padding"; | ||
| /** | ||
| * The key type for AES keys | ||
| */ | ||
| private static final String KEY_AES = "AES"; | ||
|
|
||
| @@ -1085,6 +1085,6 @@ | ||
| */ | ||
| private Cipher createRC4Cipher() | ||
| throws NoSuchAlgorithmException, NoSuchPaddingException { | ||
| return Cipher.getInstance(CIPHER_RC4); | ||
| } | ||
| private Cipher createAESCipher() | ||
| throws NoSuchAlgorithmException, NoSuchPaddingException { | ||
| return Cipher.getInstance(CIPHER_AES); | ||
| } | ||
|
|
| */ | ||
| private Cipher createAESCipher() | ||
| throws NoSuchAlgorithmException, NoSuchPaddingException { | ||
| return Cipher.getInstance(CIPHER_AES); |
Check failure
Code scanning / CodeQL
Use of a broken or risky cryptographic algorithm High
| * @return the key | ||
| */ | ||
| private SecretKeySpec createRC4Key(byte[] keyBytes) { | ||
| return new SecretKeySpec(keyBytes, KEY_RC4); |
Check failure
Code scanning / CodeQL
Use of a broken or risky cryptographic algorithm High
| // the xIsSame bit controls the sign | ||
| val = -val; | ||
| } | ||
| yCoords[i] += val; |
Check failure
Code scanning / CodeQL
Implicit narrowing conversion in compound assignment High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the issue, we need to avoid the implicit narrowing conversion in the compound assignment yCoords[i] += val. This can be achieved by explicitly casting the result of the addition to short after ensuring that the value is within the valid range of a short. Alternatively, we can use a temporary variable of type int to hold the intermediate result and then safely cast it to short. This ensures that the code is explicit about the narrowing conversion and avoids unintended data loss or overflow.
The best approach is to replace the compound assignment with an explicit addition and cast the result to short. This makes the code more readable and avoids the implicit narrowing conversion.
| @@ -129,3 +129,3 @@ | ||
| } | ||
| yCoords[i] += val; | ||
| yCoords[i] = (short) (yCoords[i] + val); | ||
| } else if (!yIsSame(i)) { |
| short length = super.getLength(); | ||
|
|
||
| // add the length of the end points | ||
| length += getNumContours() * 2; |
Check failure
Code scanning / CodeQL
Implicit narrowing conversion in compound assignment High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the issue, we need to ensure that the type of the left-hand side of the compound assignment (length) is at least as wide as the type of the right-hand side expression (getNumContours() * 2). The best way to address this is to change the type of length from short to int. This ensures that no implicit narrowing conversion occurs, and the calculation can safely handle larger values without overflow.
The changes involve:
- Updating the declaration of
lengthon line 202 fromshorttoint. - Ensuring that the return type of the
getLength()method remainsshortby explicitly casting the final result oflengthtoshortbefore returning it.
| length += getNumContours() * 2; | ||
|
|
||
| // add the length of the instructions | ||
| length += 2 + getNumInstructions(); |
Check failure
Code scanning / CodeQL
Implicit narrowing conversion in compound assignment High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the issue, we need to ensure that the type of the left-hand side of the compound assignment (length) is at least as wide as the type of the right-hand side (2 + getNumInstructions()). The best way to achieve this is to change the type of length from short to int. This ensures that no implicit narrowing conversion occurs during the compound assignment, and it avoids potential overflow or information loss.
Steps to implement the fix:
- Change the type of the
lengthvariable fromshorttointin thegetLength()method. - Ensure that the return type of the
getLength()method remainsshortby explicitly casting the final result toshortbefore returning it. This preserves the existing functionality while preventing implicit narrowing conversions during intermediate calculations.
| if (xIsByte(i)) { | ||
| length++; | ||
| } else if (!xIsSame(i)) { | ||
| length += 2; |
Check failure
Code scanning / CodeQL
Implicit narrowing conversion in compound assignment High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the issue, the type of the length variable should be changed from short to int. This ensures that all additions to length are performed without implicit narrowing conversions, and the risk of overflow is mitigated. The change involves updating the declaration of length on line 202 and ensuring that the return type of the getLength() method remains compatible with its usage elsewhere in the codebase.
| if (yIsByte(i)) { | ||
| length++; | ||
| } else if (!yIsSame(i)) { | ||
| length += 2; |
Check failure
Code scanning / CodeQL
Implicit narrowing conversion in compound assignment High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix the issue, we need to ensure that the type of the left-hand side of the compound assignment (length) is at least as wide as the type of the right-hand side (int). The best way to achieve this is to change the type of length from short to int. This avoids the implicit narrowing conversion and ensures that the variable can safely hold larger values if needed. The change should be made at the declaration of length on line 202.
| @@ -201,3 +201,3 @@ | ||
| // start with the length of the superclass | ||
| short length = super.getLength(); | ||
| int length = super.getLength(); | ||
|
|
Description of the new Feature/Bugfix
Add openpdf-renderer
Your real name
Andreas Røsdal