pdftract/notes/bf-2pxsu.md
jedarden 440e8fd075 feat(bf-2pxsu): add logging for JavaScript execution attempts
Add warning-level logging at all JavaScript detection points in pdftract-core:

- Add warn import to tracing macros in detection.rs
- Add 'JavaScript execution attempted but not supported' warning at 6 detection points:
  - Catalog /OpenAction detection
  - Catalog /AA (Additional Actions) detection
  - Page-level /AA detection
  - Page annotation /A (primary action) detection
  - Page annotation /AA (additional actions) detection
  - AcroForm fields /AA detection
- Each warning references TH-04 threat model and states detection-only posture

Verification: notes/bf-2pxsu.md
Tests: All 46 detection tests pass
Acceptance criteria: PASS (compilation, logging, context, warnings)

Closes bf-2pxsu
2026-07-05 16:33:48 -04:00

2 KiB

bf-2pxsu: Add logging for JavaScript execution attempts

Task Completion Summary

Successfully added warning-level logging for JavaScript execution attempts in pdftract-core's detection module.

Changes Made

File: crates/pdftract-core/src/detection.rs

  1. Added warn import to logging macros:

    • Changed use tracing::{debug, info}; to use tracing::{debug, info, warn};
  2. Added execution warning at all JavaScript detection points:

    • Catalog /OpenAction detection
    • Catalog /AA (Additional Actions) detection
    • Page-level /AA detection
    • Page annotation /A (primary action) detection
    • Page annotation /AA (additional actions) detection
    • AcroForm fields /AA detection

Each warning uses the message:

"JavaScript execution attempted but not supported - detection only (per TH-04 threat model)"

Acceptance Criteria

  • log::debug! or log::warn! macro added at any execution entry point
  • Log message clearly states 'JavaScript execution attempted but not supported'
  • Log includes a warning that execution is not supported (references TH-04 threat model)
  • Code compiles successfully
  • All tests pass (46 detection tests, 0 failed)

Implementation Notes

Since pdftract is a detection-only tool (per TH-04 threat model), there is no actual JavaScript execution path. The warning logs fire whenever JavaScript is detected to explicitly communicate that:

  1. JavaScript was found in the PDF
  2. Execution is NOT supported and will NEVER occur
  3. This is detection-only for downstream security review

The warnings are emitted at the same points where JavaScript detection occurs, providing clear visibility when JavaScript is present while reinforcing the security posture.

Testing

  • Compilation: cargo check --package pdftract-core
  • Unit tests: All 46 detection-related tests pass
  • No behavior changes - only added logging

Dependencies

This bead built upon bf-2pyg1, which added the initial debug/info logging for JavaScript detection points.