Security Considerations
In terms of security, BuildVu can be separated into three distinct areas:
- How BuildVu is developed and tested
- PDF Processing (Java)
- Converted Documents (including hosting)
How IDRsolutions develops and ensures its code is safe
General coding principles
All code is written in-house by IDRsolutions full-time staff and stored on our private repositories. Every code change is peer-reviewed by at least two other developers. Every code change is also tested for performance, regression, security and code security using SonarQube and a barrage of unit tests.
AI usage
We regard AI as a useful tool that can help our developers to write better code (similar to how we might also use Stack Overflow, AI code hints, etc). Just like how we would not simply copy and paste code we found on a website, every piece of code in our codebase is developed by us, reviewed by us, and, most importantly, is fully understood by us.
Handling of vulnerabilities
Our strategy is to
- Produce a patched version ASAP
- Notify all customers privately and advise them to update to latest version
- Publicly acknowledge and confirm fixed in next general release (having confirmed all our customers do not have issues with this). This happened with a potential XXE vulnerability with our JPedal product in 2018 see release note.
PDF Processing
BuildVu is a Java application, and all processing occurs within the Java Virtual Machine (JVM). Besides Java there are no other system dependencies required. BuildVu also does not make use of any third-party Java dependencies.
The BuildVu PDF parser does not run any arbitrary code stored within PDF files, nor does it make any network calls (except for the trial, which tracks trial usage).
The risks at conversion time primarily relate to uptime and stability. Some PDF files could act maliciously by requiring an excessive amount of system resources to be processed.
This threat can be mitigated by setting memory limits and utilizing a maximum conversion duration.
Converted Documents
PDF files may contain arbitrary JavaScript, however this is not included in the output that BuildVu produces.
PDF annotations are an area that bad-actors may try to exploit. The main annotations of concern would be Link annotations, FileAttachment annotations, and the media annotation types.
Link annotations may be used by bad actors to send users to dangerous third-party websites.
FileAttachment annotations may be used to attach arbitrary files in PDF files. BuildVu does not execute file attachments, but it does include them in the output of the conversion. Care should be taken when serving converted documents to ensure the web server does not execute the attachment files. BuildVu writes out attachments without file extensions for this reason.
Media annotation types are another area where users may attach arbitrary files in PDF files. BuildVu only writes out media annotations with certain file extensions (documented here), however BuildVu will not validate the content of the media files.
In the event of a security vulnerability being discovered in BuildVu we would aim to notify customers privately and provide opportunity for remediation before disclosing the vulnerability publicly.
If you discover a vulnerability in our software then you can disclose this to us by contacting us.