Added SECURITY.md and CODE_OF_CONDUCT.md for improved project governance #11
Open
Vibhasha-5 wants to merge 2 commits into
Open
Added SECURITY.md and CODE_OF_CONDUCT.md for improved project governance #11Vibhasha-5 wants to merge 2 commits into
Vibhasha-5 wants to merge 2 commits into
Conversation
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds Docker support, GitHub Actions workflow, and community documentation (Code of Conduct and Security Policy) to the pdf-xss-checker project. It also introduces a sample PDF generation script to facilitate testing and demonstration.
- Adds Docker support with a Dockerfile and comprehensive README instructions
- Creates a GitHub Actions workflow for automated scanning of sample PDFs
- Adds SECURITY.md and CODE_OF_CONDUCT.md for community guidelines
- Introduces a script to generate sample PDFs with and without XSS payloads
Reviewed Changes
Copilot reviewed 7 out of 10 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Added pdfkit dependency and generate-samples script, alphabetized dependencies |
| package-lock.json | Updated lockfile with pdfkit and its transitive dependencies |
| examples/generate_samples.js | New script to generate sample PDFs for testing purposes |
| examples/sample1.pdf | Generated clean sample PDF for testing |
| examples/sample2.pdf | Generated sample PDF containing XSS payload for testing |
| docker/Dockerfile | New Dockerfile for containerized scanner execution |
| README.md | Added Docker setup and usage instructions with platform-specific examples |
| SECURITY.md | New security policy document for vulnerability reporting |
| CODE_OF_CONDUCT.md | New code of conduct for community participation |
| .github/workflows/example-scan.yml | New CI workflow to automate PDF scanning with Docker |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| If you discover a security vulnerability in **pdf-xss-checker**, please help us by reporting it responsibly. | ||
|
|
||
| - **Contact:** [moderator in the issues section](https://github.com/DhanushNehru/pdf-xss-checker/issues) | ||
| - **Response Time:** We aim to respond within **5 working days**. Please allow flexiblity as per moderator's time bracket. |
There was a problem hiding this comment.
Corrected spelling of 'flexiblity' to 'flexibility'.
Suggested change
| - **Response Time:** We aim to respond within **5 working days**. Please allow flexiblity as per moderator's time bracket. | |
| - **Response Time:** We aim to respond within **5 working days**. Please allow flexibility as per moderator's time bracket. |
Comment on lines
+164
to
+165
| 1️⃣ Build the Docker image | ||
| docker build -t pdf-xss-checker-example -f docker/Dockerfile . |
There was a problem hiding this comment.
Missing markdown formatting for code blocks. The Docker command on line 165 should be wrapped in code fences (```) for proper rendering and clarity.
Suggested change
| 1️⃣ Build the Docker image | |
| docker build -t pdf-xss-checker-example -f docker/Dockerfile . | |
| 1️⃣ Build the Docker image | |
| ```bash | |
| docker build -t pdf-xss-checker-example -f docker/Dockerfile . |
Comment on lines
+180
to
+194
| For Linux / macOS | ||
|
|
||
| Use $(pwd) to mount the current folder: | ||
|
|
||
| docker run --rm -v "$(pwd)/examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample1.pdf | ||
| docker run --rm -v "$(pwd)/examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample2.pdf | ||
|
|
||
| 🪟 Windows PowerShell | ||
|
|
||
| Use ${PWD} for the current directory: | ||
|
|
||
| docker run --rm -v "${PWD}\examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample1.pdf | ||
| docker run --rm -v "${PWD}\examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample2.pdf | ||
|
|
||
| 🪟 Windows CMD |
There was a problem hiding this comment.
Section headings should use proper markdown formatting (e.g., #### For Linux / macOS) for better structure and accessibility.
Suggested change
| For Linux / macOS | |
| Use $(pwd) to mount the current folder: | |
| docker run --rm -v "$(pwd)/examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample1.pdf | |
| docker run --rm -v "$(pwd)/examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample2.pdf | |
| 🪟 Windows PowerShell | |
| Use ${PWD} for the current directory: | |
| docker run --rm -v "${PWD}\examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample1.pdf | |
| docker run --rm -v "${PWD}\examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample2.pdf | |
| 🪟 Windows CMD | |
| #### For Linux / macOS | |
| Use $(pwd) to mount the current folder: | |
| docker run --rm -v "$(pwd)/examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample1.pdf | |
| docker run --rm -v "$(pwd)/examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample2.pdf | |
| #### 🪟 Windows PowerShell | |
| Use ${PWD} for the current directory: | |
| docker run --rm -v "${PWD}\examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample1.pdf | |
| docker run --rm -v "${PWD}\examples:/examples" pdf-xss-checker-example node src/index.js /examples/sample2.pdf | |
| #### 🪟 Windows CMD |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As a security-focused open-source project, this repository should include clear guidelines for vulnerability disclosure and community behavior.
Adding these files improves transparency, trust, and compliance with GitHub best practices.
Proposed Changes:
Benefits:
Fixes Issue: