PDF is one of the most common formats for sharing documents. PDF files are portable and universally supported, but you may be unaware that PDF files can contain hidden content and functionality which may pose security or privacy risks.
Malicious actors can use PDF files to deliver malware through embedded JavaScript or file attachments, and private information may be present in document metadata even after the visible content has been removed. To ensure your PDF is safe to share, or that a third-party PDF is safe to process, you should sanitize it.
In this post, we will cover three aspects of PDF sanitization and how you can achieve these using our Java PDF toolkit JPedal.
Setup
For all of these examples, we will be using JPedal’s PDF Manipulator API.
You can get started with the following code snippet:
final PdfManipulator pdf = new PdfManipulator();
pdf.loadDocument(new File("inputFile.pdf"));
// Add each sanitization operation before calling apply
pdf.apply();
pdf.writeDocument(new File("outputFile.pdf"));
pdf.closeDocument();
pdf.reset();
Removing Embedded JavaScript
JavaScript (also known as ECMAScript) is often used in PDF files for form validation or for dynamic behavior, however it can also be used maliciously. Searching the web for PDF JavaScript vulnerabilities produces many examples of this happening in the past.
Removing JavaScript with JPedal can be achieved by calling the remove JavaScript method.
pdf.removeJavaScript();
Removing Embedded Files and Attachments
A PDF file can carry other files inside it, like images, ZIP archives, or executables. While often legitimate, these attachments can be used to hide malware.
Removing files with JPedal can be achieved by calling the remove embedded files method.
pdf.removeEmbeddedFiles();
Removing Metadata
PDF metadata often contains hidden sensitive information such as author names, software versions, or even GPS location data if the document came from a camera or mobile device.
Removing metadata with JPedal can be achieved by calling the remove metadata method.
pdf.removeMetadata();
Learn more about the PDF Manipulator API.
We can help you better understand the PDF format as developers who have been working with the format for more than 2 decades!
The JPedal PDF library allows you to solve these problems in Java
//Convenience static method (see class for additional options)
ExtractClippedImages.writeAllClippedImagesToDir("inputFileOrDirectory", "outputDir", "outputImageFormat", new String[] {"imageHeightAsFloat", "subDirectoryForHeight"});
final PdfManipulator pdf = new PdfManipulator();
pdf.loadDocument(new File("inputFile.pdf"));
pdf.addPage(1, PaperSize.A4_LANDSCAPE);
pdf.addText(1, "Hello World", 10, 10, BaseFont.HelveticaBold, 12, 1, 0.3f, 0.2f);
pdf.addImage(1, new BufferedImage(), new float[] {0, 0, 100, 100});
pdf.rotatePage(1, 90);
pdf.apply();
pdf.writeDocument(new File("outputFile.pdf"));Viewer viewer = new Viewer();
viewer.setupViewer();
viewer.executeCommand(ViewerCommands.OPENFILE, "pdfFile.pdf");
//Convenience static method (see class for additional options)
ExtractTextAsWordList.writeAllWordlistsToDir("inputFileOrDirectory", "outputDir", -1);
PdfMerge.mergeFiles(new File("inputFile1.pdf"), new File("inputFile2.pdf"), new File("outputFile.pdf"));
PdfManipulator.splitInHalf(new File("inputFile.pdf"), new File("outputFolder"), pageToSplitAt);PrintPdfPages print = new PrintPdfPages("C:/pdfs/mypdf.pdf");
if (print.openPDFFile()) {
print.printAllPages("Printer Name");
}//Convenience static method (see class for additional options)
ExtractClippedImages.writeAllClippedImagesToDir("inputFileOrDirectory", "outputDir", "outputImageFormat", new String[] {"imageHeightAsFloat", "subDirectoryForHeight"});
//Convenience static method (see class for additional options)
ArrayList resultsForPages = FindTextInRectangle.findTextOnAllPages("/path/to/file.pdf", "textToFind");
java -jar jpedal.jar --inspect "inputFile.pdf"PdfSigner.signPdf(
"inputFile.pdf",
"outputFile.pdf",
"keystorePassword",
"keystoreFile.p12",
"signerName",
"signerLocation",
"signingReason",
ACCESS_PERMISSION.P1
);What is JPedal?
JPedal is a commercial Java PDF Library that makes it easy for Java developers to work with PDF Documents in Java.
Why use JPedal?
JPedal makes it much easier to work with PDF files from Java. Because we have been actively developing our Java PDF Toolkit for over 20 years, it works with all those problem PDF files out there.
What licenses are available?
We have 2 licenses available:
'Server' for on premises and cloud servers and 'OEM' for use in a named end user applications. Both are one time fees with options support renewal after 12 months.
How to use JPedal?
Want to learn more about JPedal and how to use it, we have plenty of tutorials and guides to help you.
