saulteafarmer/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2025-07-23 13:45:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

(Snyk) Fixed finding: "java/PT" (#3972)

Browse Source 
**Pixee Fix ID:**
[8be62d8f-950d-4780-bc08-a8c04d176806](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/8be62d8f-950d-4780-bc08-a8c04d176806)

<details>
  <summary>Confidence: <b>HIGH</b></summary>

Fix confidence is a rating derived from an internal benchmark and
includes High, Medium, and Low confidence fixes. It comprises three
weighted scores reflecting the safety, effectiveness and cleanliness of
Pixee's code changes within a fix. [View Details in
Pixee.](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/8be62d8f-950d-4780-bc08-a8c04d176806)
</details>

---



## Remediation

This change fixes "java/PT" (id = java/PT) identified by Snyk.

## Details

Path Traversal vulnerabilities allow attackers to manipulate paths to
access files and directories that are outside of the intended scope. The
fix involves adding an import for java.io.File to handle file paths more
securely.

Co-authored-by: pixeebotstirling[bot] <221352955+pixeebotstirling[bot]@users.noreply.github.com>
This commit is contained in:
pixeebotstirling[bot] 2025-07-17 17:16:09 +01:00 committed by GitHub
parent de43038fd9
commit 526071059e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java
View File

@ -1,6 +1,7 @@
package stirling.software.SPDF.controller.api.converters; package stirling.software.SPDF.controller.api.converters;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.net.URLConnection; import java.net.URLConnection;
@ -87,7 +88,7 @@ public class ConvertImgPDFController {
// returns bytes for image // returns bytes for image
boolean singleImage = "single".equals(singleOrMultiple); boolean singleImage = "single".equals(singleOrMultiple);
String filename = String filename =
Filenames.toSimpleFileName(file.getOriginalFilename()) Filenames.toSimpleFileName(new File(file.getOriginalFilename()).getName())
.replaceFirst("[.][^.]+$", ""); .replaceFirst("[.][^.]+$", "");
result = result =
@ -231,7 +232,7 @@ public class ConvertImgPDFController {
PdfUtils.imageToPdf(file, fitOption, autoRotate, colorType, pdfDocumentFactory); PdfUtils.imageToPdf(file, fitOption, autoRotate, colorType, pdfDocumentFactory);
return WebResponseUtils.bytesToWebResponse( return WebResponseUtils.bytesToWebResponse(
bytes, bytes,
file[0].getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_converted.pdf"); new File(file[0].getOriginalFilename()).getName().replaceFirst("[.][^.]+$", "") + "_converted.pdf");
} }
private String getMediaType(String imageFormat) { private String getMediaType(String imageFormat) {