Hi I am trying Aspose and I want to check if you have indication about the different PDF attribution. For example: hasEmbeddedObject() , hasJavascript() hasForm () and etc.
Here is a more examples:
You can use following properties of the API Classes in order to determine:
Encrypt => PdfFileInfo.IsEncrypted
JavaScript => Document.JavaScript.Keys.Count
OpenAction => Document.OpenAction
Form => Document.Form.Count
XFA => Document.Form.XFA.FieldNames.Count()
Embedded Files => Document.EmbeddedFiles.Count
For the above properties, would you kindly explain a bit about them a bit more and share a sample PDF containing them. We will further check related information at our side and share with you.
Thanks for the fast response. Please find the details for the fields:
/AA and /OpenAction indicate an automatic action to be performed when the page/document is viewed. Javascript attacks usually works with auto open.
The combination of automatic action and JavaScript makes a PDF document very suspicious.
/JBIG2Decode indicates if the PDF document uses JBIG2 compression. This is not necessarily and indication of a malicious PDF document, but requires further investigation.
As shared earlier that it can be get using Document.OpenAction Property.
We need to further investigate the feasibility of the above requirements. Could you please provide a sample PDF containing all the above content so that we can test the scenario in our environment and address it accordingly?