Add warning-level logging at all JavaScript detection points in pdftract-core: - Add warn import to tracing macros in detection.rs - Add 'JavaScript execution attempted but not supported' warning at 6 detection points: - Catalog /OpenAction detection - Catalog /AA (Additional Actions) detection - Page-level /AA detection - Page annotation /A (primary action) detection - Page annotation /AA (additional actions) detection - AcroForm fields /AA detection - Each warning references TH-04 threat model and states detection-only posture Verification: notes/bf-2pxsu.md Tests: All 46 detection tests pass Acceptance criteria: PASS (compilation, logging, context, warnings) Closes bf-2pxsu
2 KiB
2 KiB
bf-2pxsu: Add logging for JavaScript execution attempts
Task Completion Summary
Successfully added warning-level logging for JavaScript execution attempts in pdftract-core's detection module.
Changes Made
File: crates/pdftract-core/src/detection.rs
-
Added
warnimport to logging macros:- Changed
use tracing::{debug, info};touse tracing::{debug, info, warn};
- Changed
-
Added execution warning at all JavaScript detection points:
- Catalog
/OpenActiondetection - Catalog
/AA(Additional Actions) detection - Page-level
/AAdetection - Page annotation
/A(primary action) detection - Page annotation
/AA(additional actions) detection - AcroForm fields
/AAdetection
- Catalog
Each warning uses the message:
"JavaScript execution attempted but not supported - detection only (per TH-04 threat model)"
Acceptance Criteria
- ✅
log::debug!orlog::warn!macro added at any execution entry point - ✅ Log message clearly states 'JavaScript execution attempted but not supported'
- ✅ Log includes a warning that execution is not supported (references TH-04 threat model)
- ✅ Code compiles successfully
- ✅ All tests pass (46 detection tests, 0 failed)
Implementation Notes
Since pdftract is a detection-only tool (per TH-04 threat model), there is no actual JavaScript execution path. The warning logs fire whenever JavaScript is detected to explicitly communicate that:
- JavaScript was found in the PDF
- Execution is NOT supported and will NEVER occur
- This is detection-only for downstream security review
The warnings are emitted at the same points where JavaScript detection occurs, providing clear visibility when JavaScript is present while reinforcing the security posture.
Testing
- Compilation: ✅
cargo check --package pdftract-core - Unit tests: ✅ All 46 detection-related tests pass
- No behavior changes - only added logging
Dependencies
This bead built upon bf-2pyg1, which added the initial debug/info logging for JavaScript detection points.