Harden document parsing security defaults by PrzemyslawKlys · Pull Request #1934 · EvotecIT/OfficeIMO

PrzemyslawKlys · 2026-06-17T07:14:32Z

Summary

make Markdown-to-PDF local image embedding opt-in by default so untrusted Markdown cannot read local files unless callers explicitly allow it
cap PDF CMap and CID width range expansion to prevent attacker-controlled font metadata from creating unbounded dictionaries
cap recursive PowerPoint group-shape rendering during PDF export and secure Visio XML validation readers against DTD/entity expansion
bound HTML-to-Word table span expansion by default and clamp colgroup width expansion to resolved table columns
add focused regression coverage for Markdown local images, PDF font expansion, PowerPoint group depth, Visio DTD handling, and HTML table span limits

Validation

dotnet test OfficeIMO.Tests\OfficeIMO.Tests.csproj --no-restore --filter "FullyQualifiedName~~MarkdownPdfTests|FullyQualifiedName~~PdfFontSecurityTests|FullyQualifiedName~~PowerPointSaveAsPdfSecurityTests|FullyQualifiedName~~VisioValidation|FullyQualifiedName~~ConversionOptionsTests|FullyQualifiedName~~Html.HtmlToWord_MaxTableCells|FullyQualifiedName~~Html.HtmlToWord_DefaultMaxTableCells|FullyQualifiedName~~Html.HtmlToWord_ColumnGroupSpan"

Notes

This is a broader first hardening pass from the Codex security overview. It does not replace the PNG-specific work already opened in Harden PNG PDF image decoding #1933.

codecov · 2026-06-17T07:51:32Z

Codecov Report

❌ Patch coverage is 63.66366% with 242 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.33%. Comparing base (e41b6e5) to head (e508095).

Files with missing lines	Patch %	Lines
OfficeIMO.Pdf/Rendering/Writer/PdfWriter.Images.cs	51.58%	34 Missing and 27 partials ⚠️
OfficeIMO.Pdf/Reading/Filters/FlateDecoder.cs	44.44%	25 Missing and 5 partials ⚠️
OfficeIMO.Pdf/Reading/Filters/Ascii85Decoder.cs	55.26%	9 Missing and 8 partials ⚠️
OfficeIMO.Pdf/Reading/Filters/StreamDecoder.cs	60.00%	7 Missing and 9 partials ⚠️
...rd.Pdf/WordPdfConverterExtensions.Native.Charts.cs	72.41%	10 Missing and 6 partials ⚠️
...IMO.Pdf/Core/PdfDocument.Blocks.ImageValidation.cs	13.33%	13 Missing ⚠️
...Pdf/Rendering/Writer/PdfWriter.Images.Interlace.cs	45.83%	8 Missing and 5 partials ⚠️
OfficeIMO.Pdf/Reading/Font/ToUnicodeCMap.cs	33.33%	5 Missing and 7 partials ⚠️
...fficeIMO.Html/Rtf/Internal/RtfHtmlReader.Fields.cs	85.89%	2 Missing and 9 partials ⚠️
...rdPdfConverterExtensions.Native.FootnotesImages.cs	21.42%	10 Missing and 1 partial ⚠️
... and 10 more

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1934      +/-   ##
==========================================
- Coverage   73.35%   73.33%   -0.03%     
==========================================
  Files        2521     2521              
  Lines      283393   283933     +540     
  Branches    60640    60803     +163     
==========================================
+ Hits       207882   208221     +339     
- Misses      47871    47986     +115     
- Partials    27640    27726      +86

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 72ed7253ad

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0a635aace7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d10e539e0b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2026-06-17T10:22:14Z

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

chatgpt-codex-connector

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dd0c328874

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

chatgpt-codex-connector · 2026-06-17T10:32:41Z

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

PrzemyslawKlys added 4 commits June 17, 2026 09:14

Harden document parsing security defaults

49ef144

Bound HTML table span expansion

11f51b1

Opt visual fixture into local Markdown images

f0ac5b5

Harden PNG PDF image decoding

70db287

PrzemyslawKlys added 8 commits June 17, 2026 10:10

Repair PNG image decoding hardening

c604ffc

Bound YAML parsing before model load

43e16f2

Apply URL policy to RTF HTML fields

bb8a02a

Bound Word chart cache expansion

dd86ab3

Preflight Visio save validation before file writes

3f27762

Bound Visio package master imports

e7b366d

Harden PDF XMP metadata parsing

8a74902

Use valid PNG for PDF compliance proof

72ed725

chatgpt-codex-connector Bot reviewed Jun 17, 2026

View reviewed changes

Comment thread OfficeIMO.Pdf/Reading/Core/PdfReadDocument.XmpMetadata.cs Outdated

PrzemyslawKlys added 2 commits June 17, 2026 11:20

Disable local HTML image reads by default

9064604

Bound XMP stream decoding before XML parsing

0a635aa

chatgpt-codex-connector Bot reviewed Jun 17, 2026

View reviewed changes

Comment thread OfficeIMO.Pdf/Reading/Filters/StreamDecoder.cs Outdated

Harden bounded metadata and HTML image defaults

d10e539

chatgpt-codex-connector Bot reviewed Jun 17, 2026

View reviewed changes

Comment thread OfficeIMO.Pdf/Rendering/Writer/PdfWriter.Images.cs

Comment thread OfficeIMO.Pdf/Reading/Filters/StreamDecoder.cs

PrzemyslawKlys added 2 commits June 17, 2026 12:14

Fix PNG fixtures in security PDF tests

dd0c328

Bound XMP and PNG pass-through decoding

f82178c

chatgpt-codex-connector Bot reviewed Jun 17, 2026

View reviewed changes

Comment thread OfficeIMO.Word.Pdf/WordPdfConverterExtensions.Native.Charts.cs

Comment thread OfficeIMO.Html/Rtf/Internal/RtfHtmlReader.Fields.cs Outdated

Comment thread OfficeIMO.Pdf/Reading/Font/ToUnicodeCMap.cs Outdated

Address security review bounds checks

e508095

PrzemyslawKlys merged commit 7101ed5 into master Jun 17, 2026
20 checks passed

PrzemyslawKlys deleted the codex/security-posture-hardening branch June 17, 2026 10:55

This was referenced Jun 17, 2026

Harden PNG PDF image decoding #1933

Closed

Harden Excel image downloads #1935

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Harden document parsing security defaults#1934

Harden document parsing security defaults#1934
PrzemyslawKlys merged 18 commits into
masterfrom
codex/security-posture-hardening

PrzemyslawKlys commented Jun 17, 2026 •

edited

Loading

Uh oh!

codecov Bot commented Jun 17, 2026 •

edited

Loading

Uh oh!

chatgpt-codex-connector Bot left a comment

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Uh oh!

Uh oh!

Uh oh!

chatgpt-codex-connector Bot commented Jun 17, 2026

Uh oh!

chatgpt-codex-connector Bot left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chatgpt-codex-connector Bot commented Jun 17, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Uh oh!

Conversation

PrzemyslawKlys commented Jun 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Validation

Notes

Uh oh!

codecov Bot commented Jun 17, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

Uh oh!

chatgpt-codex-connector Bot commented Jun 17, 2026

Uh oh!

chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

💡 Codex Review

Uh oh!

Uh oh!

Uh oh!

Uh oh!

chatgpt-codex-connector Bot commented Jun 17, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

PrzemyslawKlys commented Jun 17, 2026 •

edited

Loading

codecov Bot commented Jun 17, 2026 •

edited

Loading