aleks-ivanov
diff --git a/‎SECURITY.md‎
Lines changed: 40 additions & 0 deletions b/‎SECURITY.md‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎itext.tests/itext.io.tests/itext/io/font/CFFFontSubsetIntegrationTest.cs‎
Lines changed: 1 addition & 1 deletion b/‎itext.tests/itext.io.tests/itext/io/font/CFFFontSubsetIntegrationTest.cs‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎itext.tests/itext.io.tests/itext/io/font/cmap/CMapToUnicodeTest.cs‎
Lines changed: 35 additions & 0 deletions b/‎itext.tests/itext.io.tests/itext/io/font/cmap/CMapToUnicodeTest.cs‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎itext.tests/itext.io.tests/itext/io/font/otf/ActualTextIteratorTest.cs‎
Lines changed: 44 additions & 1 deletion b/‎itext.tests/itext.io.tests/itext/io/font/otf/ActualTextIteratorTest.cs‎
Lines changed: 44 additions & 1 deletion
diff --git a/‎itext.tests/itext.io.tests/itext/io/font/otf/GlyphLinePartTest.cs‎
Lines changed: 39 additions & 0 deletions b/‎itext.tests/itext.io.tests/itext/io/font/otf/GlyphLinePartTest.cs‎
Lines changed: 39 additions & 0 deletions
@@ -0,0 +1,40 @@
+# iText Security Policy
+
+## Reporting a Vulnerability
+
+We are committed to maintaining the security of our software. If you discover a security vulnerability, we encourage you to report it to us as soon as possible.
+
+To report a vulnerability, please visit our [Vulnerability Reporting Page](https://itextpdf.com/report-vulnerability), or email [vulnerability@apryse.com](vulnerability@apryse.com). If you do not receive a response in 2 business days, please follow up as we may not have received your message.
+
+We follow the procedure of Coordinated Vulnerability Disclosure (CVD) and, to protect the ecosystem, we request that those reporting do the same. Please visit the above page for more information, and follow the steps below to ensure that your report is handled promptly and appropriately:
+
+1. **Do not disclose the vulnerability publicly** until we have had a chance to address it.
+2. **Provide a detailed description** of the vulnerability, including steps to reproduce it, if possible.
+3. **Include any relevant information** such as the version of iText Core you are using, your operating system, and any other pertinent details.
+
+## Security Updates and Patches
+
+ When a vulnerability is reported, we will:
+
+1. **Investigate and verify** the vulnerability.
+2. **Develop and test** a fix for the vulnerability.
+3. **Release a patch** as soon as possible.
+
+
+## Known Vulnerabilities
+
+The iText Knowledge Base has a page for known [Common Vulnerabilities and Exposures](https://kb.itextpdf.com/itext/cves) (CVEs), please check it to ensure your vulnerability has not already been disclosed or addressed.
+
+## Supported product lines
+
+See [Compatibility Matrix](https://kb.itextpdf.com/itext/compatibility-matrix)
+
+## Security Best Practices
+
+To help ensure the security of your applications using iText Core, we recommend the following best practices:
+
+1. **Keep iText Core up to date** by regularly checking for and applying updates.
+2. **Review and follow** our security guidelines for secure usage.
+3. **Monitor your applications** for any unusual activity and investigate any anomalies promptly.
+
+Thank you for helping us keep iText secure!
@@ -104,7 +104,7 @@ public virtual void SubsetNonCidCFFFontRangeCheck() {
             CFFFont result = new CFFFont(cffSubsetBytes);
             int expectedCharsetLength = 255;
             // skip over the format ID (1 byte) and the first SID (2 bytes)
-            result.Seek(result.fonts[0].charsetOffset + 3);
+            result.Seek(result.fonts[0].GetCharsetOffset() + 3);
             NUnit.Framework.Assert.AreEqual(expectedCharsetLength - 2, result.GetCard16());
         }
 
 
@@ -0,0 +1,35 @@
+/*
+This file is part of the iText (R) project.
+Copyright (c) 1998-2024 Apryse Group NV
+Authors: Apryse Software.
+
+This program is offered under a commercial and under the AGPL license.
+For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+AGPL licensing:
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+using iText.Test;
+
+namespace iText.IO.Font.Cmap {
+    [NUnit.Framework.Category("UnitTest")]
+    public class CMapToUnicodeTest : ExtendedITextTest {
+        [NUnit.Framework.Test]
+        public virtual void EmptyCmapVarTest() {
+            NUnit.Framework.Assert.IsNotNull(CMapToUnicode.EMPTY_CMAP);
+            NUnit.Framework.Assert.IsFalse(CMapToUnicode.EMPTY_CMAP.HasByteMappings(), "Cmap has no two byte mappings"
+                );
+        }
+    }
+}
@@ -34,7 +34,50 @@ public virtual void TestActualTestParts() {
             ActualTextIterator actualTextIterator = new ActualTextIterator(glyphLine);
             GlyphLine.GlyphLinePart part = actualTextIterator.Next();
             // When actual text is the same as the result by text extraction, we should omit redundant actual text in the content stream
-            NUnit.Framework.Assert.IsNull(part.actualText);
+            NUnit.Framework.Assert.IsNull(part.GetActualText());
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void NextCurrentResNullTest() {
+            Glyph glyph = new Glyph(200, 200, '\u002d');
+            GlyphLine glyphLine = new GlyphLine(JavaUtil.ArraysAsList(glyph, null, glyph));
+            glyphLine.SetActualText(0, 1, "\u002d");
+            ActualTextIterator actualTextIterator = new ActualTextIterator(glyphLine);
+            actualTextIterator.Next();
+            GlyphLine.GlyphLinePart secondNext = actualTextIterator.Next();
+            NUnit.Framework.Assert.IsNull(secondNext);
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void NextIterationTest() {
+            Glyph glyph = new Glyph(200, 200, '\u002d');
+            GlyphLine glyphLine = new GlyphLine(JavaUtil.ArraysAsList(glyph, glyph, glyph));
+            glyphLine.SetActualText(0, 1, "\u002d");
+            ActualTextIterator actualTextIterator = new ActualTextIterator(glyphLine);
+            GlyphLine.GlyphLinePart next = actualTextIterator.Next();
+            NUnit.Framework.Assert.AreEqual(3, next.GetEnd());
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void NextWithNegativeEndTest() {
+            Glyph glyph = new Glyph(200, 200, '\u002d');
+            GlyphLine glyphLine = new GlyphLine(JavaUtil.ArraysAsList(glyph, glyph, glyph));
+            glyphLine.SetActualText(0, 1, "\u002d");
+            glyphLine.SetEnd(-1);
+            ActualTextIterator actualTextIterator = new ActualTextIterator(glyphLine);
+            GlyphLine.GlyphLinePart next = actualTextIterator.Next();
+            NUnit.Framework.Assert.IsNull(next);
+        }
+
+        [NUnit.Framework.Test]
+        public virtual void NextWithInvalidUnicodeTest() {
+            Glyph glyph = new Glyph(200, 200, 0);
+            Glyph glyphinvalid = new Glyph(200, 200, null);
+            GlyphLine glyphLine = new GlyphLine(JavaUtil.ArraysAsList(glyph, glyphinvalid));
+            glyphLine.SetActualText(1, 2, "X");
+            ActualTextIterator actualTextIterator = new ActualTextIterator(glyphLine);
+            GlyphLine.GlyphLinePart next = actualTextIterator.Next();
+            NUnit.Framework.Assert.IsNull(next.GetActualText());
         }
     }
 }
@@ -0,0 +1,39 @@
+/*
+This file is part of the iText (R) project.
+Copyright (c) 1998-2024 Apryse Group NV
+Authors: Apryse Software.
+
+This program is offered under a commercial and under the AGPL license.
+For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+AGPL licensing:
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+using iText.Test;
+
+namespace iText.IO.Font.Otf {
+    [NUnit.Framework.Category("UnitTest")]
+    public class GlyphLinePartTest : ExtendedITextTest {
+        [NUnit.Framework.Test]
+        public virtual void CustomGlyphLinePartTest() {
+            GlyphLine.GlyphLinePart part = new GlyphLine.GlyphLinePart(0, 4);
+            part.SetStart(1);
+            part.SetEnd(5);
+            part.SetReversed(false);
+            NUnit.Framework.Assert.AreEqual(1, part.GetStart());
+            NUnit.Framework.Assert.AreEqual(5, part.GetEnd());
+            NUnit.Framework.Assert.IsFalse(part.IsReversed());
+        }
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,7 @@ public virtual void SubsetNonCidCFFFontRangeCheck() {`
`104`	`104`	`CFFFont result = new CFFFont(cffSubsetBytes);`
`105`	`105`	`int expectedCharsetLength = 255;`
`106`	`106`	`// skip over the format ID (1 byte) and the first SID (2 bytes)`
`107`		`- result.Seek(result.fonts[0].charsetOffset + 3);`
	`107`	`+ result.Seek(result.fonts[0].GetCharsetOffset() + 3);`
`108`	`108`	`NUnit.Framework.Assert.AreEqual(expectedCharsetLength - 2, result.GetCard16());`
`109`	`109`	`}`
`110`	`110`