mcp-go-pdf-tools

The project includes a comprehensive security test suite (`test/security`) that identifies potential vulnerabilities like path traversal (CWE-22), command injection (CWE-78), race conditions, dangerous imports, and hardcoded secrets, and also acknowledges known CVEs in the `pdfcpu` dependency. However, critical gaps exist: 1. **Path Traversal (CWE-22):** User-provided file paths (`pdf_path`, `output_dir`, `output_path`) in both the `cmd/mcp-server` and `cmd/server` are passed directly to file system operations (e.g., `os.CreateTemp`, `os.MkdirAll`, `os.Rename`, `pdf.SplitPDFFile`, `pdf.CompressPDFWithDefaults`) without explicit, robust sanitization or validation at the application's entry points. While a simple `isSafePath` function exists in tests, it is not applied in the main server logic, creating a significant risk of arbitrary file access, reading, writing, or deletion outside intended directories. 2. **Denial of Service (DoS) - Malicious PDF input:** The `isValidPDFFile` function, which performs basic PDF header and size validation for DoS prevention, is present only in the test suite (`test/security/cves_test.go`) and is not explicitly applied to user-uploaded PDF files in `cmd/server` or user-specified `pdf_path` in `cmd/mcp-server`. This leaves the system vulnerable to resource exhaustion or crashes when processing malformed or extremely large untrusted PDF files, especially given `pdfcpu` has known DoS-related CVEs. 3. **Temporary File Handling:** Although temporary files are deferred for removal in `cmd/server`, an application crash or forceful termination could leave these files on disk, potentially leading to disk space exhaustion or information leakage. Cleanup of split parts is done in a delayed goroutine, which is not robust against immediate server termination. 4. **Dependency Risk:** The core `pdfcpu` library has known vulnerabilities, including path traversal and DoS. The lack of robust application-level input validation exacerbates these inherent risks.