oss-fuzz
oss-fuzz copied to clipboard
google
Initial project skeleton invoice2data
invoice2data is a powerful and easy-to-use Python library that saves users time and effort when it comes to extracting data from PDF invoices. By creating a template file that specifies the location of the fields that should be extracted, invoice2data pulls out structured data from invoices and converts it into a format that can be easily analyzed and processed. Invoice2data provides the power of adding custom plugins. This greatly increases the attack surface as plug-ins do not have a central update mechanism and the added functionality becomes an extra target to attackers. In order to minimize risk with this added functionality, it is important that the vulnerabilities in the code-base itself do not go uncovered. There could be detrimental effects as the risk is compounded by not only vulnerabilities that may come with the plug-ins but also the vulnerabilities in the invoice2data code-base itself. Invoice2data has a large user base with 1.6k stars on Github, 450 forked projects off of it and nearly 50 contributors. As evidenced by the many articles and videos online regarding invoice2data, it is a very popular project that, if fuzzed with OSS-Fuzz, would contribute to a more secure open source project ecosystem.
Approval from upstream can be found here: https://github.com/invoice-x/invoice2data/issues/543
ennamarie19 is integrating a new project:
- Main repo: https://github.com/invoice-x/invoice2data.git
- Criticality score: 0.53379
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@oliverchang @jonathanmetzman do you have an estimate for when this will be reviewed?
Hi! sorry for the delay on this. OCA, the Odoo Community Association, uses invoice2data in its repository edi. Additionally, an Odoo related project "docker-odoo-project" relies on invoice2data. 155 other repositories depend on this repository as well.