From 7f096297afa7945cf28e04defd3265eb41d50e11 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Thu, 10 Jul 2025 16:36:19 +0100
Subject: [PATCH] Hardening suggestions for Stirling-PDF / multiFileAsync
 (#3923)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I've reviewed the recently opened PR ([3922 - Support multi-file async
job results and ZIP
extraction](https://github.com/Stirling-Tools/Stirling-PDF/pull/3922))
and have identified some area(s) that could benefit from additional
hardening measures.

These changes should help prevent potential security vulnerabilities and
improve overall code quality.

Thank you for your consideration!
🧚🤖  Powered by Pixeebot

[Feedback](https://ask.pixee.ai/feedback) |
[Community](https://pixee-community.slack.com/signup#/domain-signup) |
[Docs](https://docs.pixee.ai/)
![](https://d1zaessa2hpsmj.cloudfront.net/pixel/v1/track?writeKey=2PI43jNm7atYvAuK7rJUz3Kcd6A&event=PR_HARDENING%7CStirling-Tools%2FStirling-PDF%7C624e04a783753f7728d85d32469b6a2b5d4b113f)

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
---
 .../java/stirling/software/common/service/TaskManager.java     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/common/src/main/java/stirling/software/common/service/TaskManager.java b/common/src/main/java/stirling/software/common/service/TaskManager.java
index 69eca5828..219ae4ac4 100644
--- a/common/src/main/java/stirling/software/common/service/TaskManager.java
+++ b/common/src/main/java/stirling/software/common/service/TaskManager.java
@@ -1,5 +1,6 @@
 package stirling.software.common.service;
 
+import io.github.pixee.security.ZipSecurity;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -360,7 +361,7 @@ public class TaskManager {
         MultipartFile zipFile = fileStorage.retrieveFile(zipFileId);
 
         try (ZipInputStream zipIn =
-                new ZipInputStream(new ByteArrayInputStream(zipFile.getBytes()))) {
+                ZipSecurity.createHardenedInputStream(new ByteArrayInputStream(zipFile.getBytes()))) {
             ZipEntry entry;
             while ((entry = zipIn.getNextEntry()) != null) {
                 if (!entry.isDirectory()) {