Verified that the repository already contains PDF test fixtures with JavaScript actions: - tests/fixtures/security/embedded-js.pdf (working, contains app.alert actions) - tests/document_model/fixtures/js_in_openaction.pdf (parsing error) Documented extraction results and fixture locations for reference. No new fixture creation needed - existing fixtures serve the purpose.
79 lines
2.8 KiB
Markdown
79 lines
2.8 KiB
Markdown
# PDF Test Fixtures with JavaScript Actions
|
|
|
|
## Finding Summary
|
|
|
|
The repository already contains PDF test fixtures with JavaScript actions. No new fixture creation was needed.
|
|
|
|
## Existing Fixtures
|
|
|
|
### 1. `/home/coding/pdftract/tests/fixtures/security/embedded-js.pdf`
|
|
|
|
**Status**: ✅ Working - Successfully parsed by pdftract
|
|
|
|
**Location**: `tests/fixtures/security/embedded-js.pdf`
|
|
|
|
**Generator Script**: `tests/fixtures/security/generate_embedded_js.py`
|
|
|
|
**Documented JavaScript Actions** (from generator script):
|
|
1. **Catalog /OpenAction**: `app.alert("pwn")`
|
|
2. **Page 0 /AA /O** (open action): `app.alert('page_open')`
|
|
3. **Page 1 annotation /A**: `app.alert('annot_action')`
|
|
|
|
**Actual Extraction Results** (via `pdftract extract`):
|
|
```json
|
|
{
|
|
"javascript_actions": [
|
|
{
|
|
"code_excerpt": "app.alert(\"pwn\")",
|
|
"location": "catalog.openaction"
|
|
}
|
|
],
|
|
"metadata": {
|
|
"diagnostics": [
|
|
"Detected 1 JavaScript action(s) in PDF document. JavaScript was NOT executed."
|
|
]
|
|
}
|
|
}
|
|
```
|
|
|
|
**Note**: The PDF structure shows 3 JavaScript actions in the source code, but extraction only reports 1. This may indicate that the additional JavaScript actions (Page 0 /AA /O and Page 1 annotation) are not being extracted, or the PDF structure differs from documentation.
|
|
|
|
### 2. `/home/coding/pdftract/tests/document_model/fixtures/js_in_openaction.pdf`
|
|
|
|
**Status**: ⚠️ Parsing Error
|
|
|
|
**Location**: `tests/document_model/fixtures/js_in_openaction.pdf`
|
|
|
|
**Issue**: Expected JSON shows parsing failure:
|
|
```json
|
|
{
|
|
"error": "Failed to parse PDF: No /Root reference in trailer",
|
|
"contains_javascript": false
|
|
}
|
|
```
|
|
|
|
**Hexdump Analysis**: The PDF appears structurally valid with:
|
|
- `%PDF-1.4` header
|
|
- JavaScript action: `app.alert('Hello')` at object 3
|
|
- Catalog `/OpenAction` pointing to JavaScript object 3
|
|
- Trailer with `/Root 6 0 R`
|
|
|
|
This fixture may need investigation for why it's not parsing correctly despite appearing structurally valid.
|
|
|
|
## JavaScript Detection Implementation
|
|
|
|
Confirmed that pdftract-core has JavaScript detection implemented in `crates/pdftract-core/src/detection.rs`:
|
|
- Function: `detect_javascript()`
|
|
- Checks catalog `/OpenAction` and `/AA` (Additional Actions)
|
|
- JavaScript is NEVER executed; only presence is flagged
|
|
- Threat model compliance: TH-04 (JavaScript detection without execution)
|
|
|
|
## Recommendations
|
|
|
|
1. Use `tests/fixtures/security/embedded-js.pdf` for JavaScript detection testing
|
|
2. Investigate why `js_in_openaction.pdf` fails to parse despite appearing structurally valid
|
|
3. Verify that all 3 documented JavaScript actions in `embedded-js.pdf` are properly extracted (current extraction shows only 1)
|
|
|
|
## Commit Information
|
|
|
|
This finding is documented as bead `bf-36gzd` - PDF test fixture with JavaScript actions already exists in the repository.
|