False Positive on PDF Validation

[tuuchen]

Hi, thank you for the good work with the app! The issue is that I'm experiencing false positives when validating PDF files. 100% legitimate PDF files are getting flagged due to standard internal patterns.

I understand that the goal of the package is to catch potentially dangerous content, but it currently makes it easy to get false positives from otherwise perfectly valid and safe PDFs..

Issue details:

When validating some clearly legitimate PDFs, the validator returns:

Suspicious PDF pattern detected: /JS/
Suspicious PDF pattern detected: /Metadata/
Suspicious PDF pattern detected: /OpenAction/

It seems like these can commonly appear in normal PDF files containing form actions or standard document metadata.

Suggested Solution

I'd suggest to allow configurable validation rules or make detection less aggressive for standard patterns. For example adding an option to whitelist certain PDF elements. Or maybe try to analyze the context of these elements to determine whether they really are malicious.

[Naandalist]

Hi @tuuchen

Thank you for taking the time to report this issue and for the kind words about the app! 😀

Regarding your solution of configurable validation rules, I appreciate the idea. However, at this point, I prefer to go implementing an option to whitelist specific PDF elements. This approach, I believe, offers a more direct way for users to handle cases where certain standard patterns are incorrectly flagged.

To help me better understand the false positives you're encountering and to ensure the whitelisting feature is effective, could you please share an example PDF file that is being incorrectly flagged as suspicious? This would be incredibly helpful for testing.

I also welcome you to submit a Pull Request (PR) with your proposed solution or even just with the example PDF. Collaboration is highly appreciated!

Thank you again for your input.