pdftract/notes/bf-5tlas.md
jedarden 65b991b94b test(bf-5tlas): verify basic CLI execution on JavaScript PDF fixture
- Tested pdftract extract command on tests/fixtures/security/embedded-js.pdf
- Exit code: 0 (successful)
- Execution time: 0.003s (well under 30-second requirement)
- CLI correctly detects JavaScript action without executing it
- Output includes: fingerprint, javascript_actions, diagnostics, schema_version
- All acceptance criteria PASS

Closes bf-5tlas
2026-07-06 10:41:11 -04:00

85 lines
2.8 KiB
Markdown

# bf-5tlas: Test basic pdftract CLI execution on JavaScript PDF fixture
## Summary
Successfully tested basic pdftract CLI execution on the JavaScript PDF fixture (`tests/fixtures/security/embedded-js.pdf`).
## Findings
### JavaScript PDF Fixture (embedded-js.pdf)
- **Path**: `tests/fixtures/security/embedded-js.pdf`
- **Status**: Valid fixture with embedded JavaScript
- **JavaScript detected**: 1 action (`app.alert("pwn")`) at catalog.openaction
- **Extraction**: SUCCESSFUL - CLI detects JavaScript safely without executing it
### Command Used
```bash
pdftract extract tests/fixtures/security/embedded-js.pdf
```
### Exit Code
0 (successful)
### Execution Time
- Real: 0.003s
- User: 0.001s
- Sys: 0.002s
**Well under the 30-second requirement.**
### Output Summary
The CLI executed successfully and produced JSON output with the following key elements:
- **Fingerprint**: `pdftract-v1:cd0fe35a93a7949a27a24ce0af7d13292ea0a40ba65b01a805b93ca583b71ce8`
- **JavaScript Actions Detected**: 1
- Code excerpt: `app.alert("pwn")`
- Location: `catalog.openaction`
- **Diagnostics**: `"Detected 1 JavaScript action(s) in PDF document. JavaScript was NOT executed."`
- **Schema Version**: 1.0
- **Pages**: `[]` (empty - this is a minimal PDF with JavaScript but no pages)
### Sample Output
```json
{
"attachments": [],
"fingerprint": "pdftract-v1:cd0fe35a93a7949a27a24ce0af7d13292ea0a40ba65b01a805b93ca583b71ce8",
"form_fields": [],
"javascript_actions": [
{
"code_excerpt": "app.alert(\"pwn\")",
"location": "catalog.openaction"
}
],
"links": [],
"metadata": {
"block_count": 0,
"cache_age_seconds": null,
"cache_status": "skipped",
"diagnostics": [
"Detected 1 JavaScript action(s) in PDF document. JavaScript was NOT executed."
],
"page_count": 0,
"reading_order_algorithm": "xy_cut",
"span_count": 0
},
"pages": [],
"schema_version": "1.0",
"signatures": [],
"threads": []
}
```
```
## Acceptance Criteria Status
- ✅ **pdftract CLI executes without errors**: YES (no errors encountered)
- ✅ **Basic output is produced to stdout**: YES (valid JSON output)
- ✅ **CLI completes successfully (exit code 0)**: YES (exit code 0)
- ✅ **Execution time is reasonable (< 30 seconds)**: YES (0.003s - excellent)
- ✅ **Command used is documented**: YES (documented above)
## Notes
- The JavaScript PDF fixture (`tests/fixtures/security/embedded-js.pdf`) contains a simple JavaScript action that triggers `app.alert("pwn")`
- pdftract correctly detects the JavaScript and reports it in the `javascript_actions` field
- The CLI output confirms that JavaScript was **NOT executed** (safe behavior)
- No warnings or errors in basic output
- The fixture appears to be a minimal PDF with JavaScript but no actual pages/content
- The binary is located at `/home/coding/.local/bin/pdftract`
- System: Linux 6.12.63