mcp-pdf-tools

MCP/mcp-pdf-tools

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ryan Malloy	75f8548668	🔒 Comprehensive security hardening and vulnerability fixes Some checks failed Security Scan / security-scan (push) Has been cancelled Details Implemented extensive security improvements to prevent attacks and ensure production readiness: Critical Security Fixes: - Fixed path traversal vulnerability in get_pdf_image function - Added file size limits (100MB PDFs, 50MB images) to prevent DoS - Implemented secure output path validation with directory restrictions - Added page count limits (1000 pages max) for resource protection - Secured JSON parameter parsing with 10KB size limits Access Control & Validation: - URL allowlisting with SSRF protection (blocks localhost, internal IPs) - IPv6 security handling for comprehensive host blocking - Input validation framework with length limits and sanitization - Secure file permissions (0o700 dirs, 0o600 files) Error Handling & Privacy: - Sanitized error messages to prevent information disclosure - Automatic removal of sensitive patterns (paths, emails, SSNs) - Generic error responses for failed operations Infrastructure & Monitoring: - Added security scanning tools (safety, pip-audit) - GitHub Actions workflow for continuous vulnerability monitoring - Daily automated security assessments - Fixed pypdf vulnerability (5.9.0 → 6.0.0) Testing & Validation: - 20 comprehensive security tests (all passing) - Integration tests confirming functionality preservation - Zero known vulnerabilities in dependencies - Validated all security functions work correctly All security measures tested and verified. Project now production-ready with enterprise-grade security posture. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-06 15:35:31 -06:00
Ryan Malloy	95596e0236	✨ Add comprehensive PDF form creation and validation tools - Add complete PDF form lifecycle management - Create new forms with text, checkbox, dropdown, signature fields - Fill existing forms with JSON data and optional flattening - Add fields to existing PDFs with flexible positioning - Advanced field types: radio groups, textareas, date fields - Comprehensive validation engine with regex patterns - Email, phone, number, date format validation - Required field checking and length constraints - Visual validation cues with asterisks and format hints - Multi-field error reporting with detailed feedback - International character support and edge case handling - Enterprise-ready for complex business forms	2025-09-03 02:33:01 -06:00
Ryan Malloy	c902e81e4d	Initial commit: Complete MCP PDF Tools server implementation Features: - 8 comprehensive PDF processing tools with intelligent fallbacks - Text extraction (PyMuPDF, pdfplumber, pypdf with auto-selection) - Table extraction (Camelot → pdfplumber → Tabula fallback chain) - OCR processing with Tesseract and preprocessing options - Document analysis (structure, metadata, scanned detection) - Image extraction with filtering capabilities - PDF to markdown conversion with metadata - Built on FastMCP framework with full MCP protocol support - Comprehensive error handling and user-friendly messages - Docker support and cross-platform compatibility - Complete test suite and examples 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-10 16:36:21 -06:00

Author

SHA1

Message

Date

Ryan Malloy

75f8548668

🔒 Comprehensive security hardening and vulnerability fixes

Security Scan / security-scan (push) Has been cancelled

Details

Implemented extensive security improvements to prevent attacks and ensure
production readiness:

**Critical Security Fixes:**
- Fixed path traversal vulnerability in get_pdf_image function
- Added file size limits (100MB PDFs, 50MB images) to prevent DoS
- Implemented secure output path validation with directory restrictions
- Added page count limits (1000 pages max) for resource protection
- Secured JSON parameter parsing with 10KB size limits

**Access Control & Validation:**
- URL allowlisting with SSRF protection (blocks localhost, internal IPs)
- IPv6 security handling for comprehensive host blocking
- Input validation framework with length limits and sanitization
- Secure file permissions (0o700 dirs, 0o600 files)

**Error Handling & Privacy:**
- Sanitized error messages to prevent information disclosure
- Automatic removal of sensitive patterns (paths, emails, SSNs)
- Generic error responses for failed operations

**Infrastructure & Monitoring:**
- Added security scanning tools (safety, pip-audit)
- GitHub Actions workflow for continuous vulnerability monitoring
- Daily automated security assessments
- Fixed pypdf vulnerability (5.9.0 → 6.0.0)

**Testing & Validation:**
- 20 comprehensive security tests (all passing)
- Integration tests confirming functionality preservation
- Zero known vulnerabilities in dependencies
- Validated all security functions work correctly

All security measures tested and verified. Project now production-ready
with enterprise-grade security posture.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-09-06 15:35:31 -06:00

Ryan Malloy

95596e0236

✨ Add comprehensive PDF form creation and validation tools

- Add complete PDF form lifecycle management
- Create new forms with text, checkbox, dropdown, signature fields
- Fill existing forms with JSON data and optional flattening
- Add fields to existing PDFs with flexible positioning
- Advanced field types: radio groups, textareas, date fields
- Comprehensive validation engine with regex patterns
- Email, phone, number, date format validation
- Required field checking and length constraints
- Visual validation cues with asterisks and format hints
- Multi-field error reporting with detailed feedback
- International character support and edge case handling
- Enterprise-ready for complex business forms

2025-09-03 02:33:01 -06:00

Ryan Malloy

c902e81e4d

Initial commit: Complete MCP PDF Tools server implementation

Features:
- 8 comprehensive PDF processing tools with intelligent fallbacks
- Text extraction (PyMuPDF, pdfplumber, pypdf with auto-selection)
- Table extraction (Camelot → pdfplumber → Tabula fallback chain)
- OCR processing with Tesseract and preprocessing options
- Document analysis (structure, metadata, scanned detection)
- Image extraction with filtering capabilities
- PDF to markdown conversion with metadata
- Built on FastMCP framework with full MCP protocol support
- Comprehensive error handling and user-friendly messages
- Docker support and cross-platform compatibility
- Complete test suite and examples

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-08-10 16:36:21 -06:00

3 Commits