Security Considerations
In terms of security, FormVu can be separated into three distinct areas:
- How FormVu is developed and tested
- PDF Processing (Java)
- Converted Documents (including hosting)
How IDRsolutions develops and ensures its code is safe
General coding principles
All code is written in-house by IDRsolutions full-time staff and stored on our private repositories. Every code change is peer-reviewed by at least two other developers. Every code change is also tested for performance, regression, security and code security using SonarQube and a barrage of unit tests.
AI usage
We regard AI as a useful tool that can help our developers to write better code (similar to how we might also use Stack Overflow, AI code hints, etc). Just like how we would not simply copy and paste code we found on a website, every piece of code in our codebase is developed by us, reviewed by us, and, most importantly, is fully understood by us.
Handling of vulnerabilities
Our strategy is to
- Produce a patched version ASAP
- Notify all customers privately and advise them to update to latest version
- Publicly acknowledge and confirm fixed in next general release (having confirmed all our customers do not have issues with this). This happened with a potential XXE vulnerability with our JPedal product in 2018 see release note.
PDF Processing
FormVu is a Java application, and all processing occurs within the Java Virtual Machine (JVM). Besides Java there are no other system dependencies required. FormVu also does not make use of any third-party Java dependencies.
The FormVu PDF parser does not run any arbitrary code stored within PDF files, nor does it make any network calls (except for the trial, which tracks trial usage).
The risks at conversion time primarily relate to uptime and stability. Some PDF files could act maliciously by requiring an excessive amount of system resources to be processed.
This threat can be mitigated by setting memory limits and utilizing a maximum conversion duration.
Converted Documents
PDF files may contain arbitrary JavaScript, Interactive forms tend to utilize JavaScript actions more than a static PDF file, as it is typically used to enhance the user experience. By default, JavaScript is disabled for AcroForms, but enabled for XFA files. More information on how to enable/disable this setting can be found on the Enabling PDF JavaScript page. FormVu does not validate the content of the JavaScript, and will not filter any malicious code if it exists. Due to the nature of moving from a PDF into HTML, a file may even contain a script that does nothing in the PDF, but targets a browser environment. We advise that users are careful with enabling JavaScript, a malicious PDF file could use JavaScript as a possible attack vector. In order to be safe, we suggest that you only convert with JavaScript enabled for PDF files that you trust.
Additionally, PDF annotations are an area that bad-actors may try to exploit. The main annotations of concern would be Link annotations and the media annotation types.
Link annotations may be used by bad actors to send users to dangerous third-party websites. You are able to disable these with the disableExternalHyperlinks setting.
Media annotation types are another area where users may attach arbitrary files in PDF files. FormVu does not validate the content of the media files, but will include them in the converted output.
In the event of a security vulnerability being discovered in FormVu we would aim to notify customers privately and provide opportunity for remediation before disclosing the vulnerability publicly.
If you discover a vulnerability in our software then you can disclose this to us by contacting us.