Hardening suggestions for Stirling-PDF / multiFileAsync (#3923)

I've reviewed the recently opened PR ([3922 - Support multi-file async job results and ZIP extraction](https://github.com/Stirling-Tools/Stirling-PDF/pull/3922)) and have identified some area(s) that could benefit from additional hardening measures. These changes should help prevent potential security vulnerabilities and improve overall code quality. Thank you for your consideration! 🧚🤖 Powered by Pixeebot [Feedback](https://ask.pixee.ai/feedback) | [Community](https://pixee-community.slack.com/signup#/domain-signup) | [Docs](https://docs.pixee.ai/) ![](https://d1zaessa2hpsmj.cloudfront.net/pixel/v1/track?writeKey=2PI43jNm7atYvAuK7rJUz3Kcd6A&event=PR_HARDENING%7CStirling-Tools%2FStirling-PDF%7C624e04a783753f7728d85d32469b6a2b5d4b113f) Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
2025-08-26 22:29:24 +00:00 · 2025-07-10 16:36:19 +01:00 · 2025-07-10 16:36:19 +01:00 · 7f096297af
commit 7f096297af
parent 624e04a783
1 changed files with 2 additions and 1 deletions
--- a/common/src/main/java/stirling/software/common/service/TaskManager.java
+++ b/common/src/main/java/stirling/software/common/service/TaskManager.java
@ -1,5 +1,6 @@
 package stirling.software.common.service;

+import io.github.pixee.security.ZipSecurity;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@ -360,7 +361,7 @@ public class TaskManager {
        MultipartFile zipFile = fileStorage.retrieveFile(zipFileId);

        try (ZipInputStream zipIn =
-                new ZipInputStream(new ByteArrayInputStream(zipFile.getBytes()))) {
+                ZipSecurity.createHardenedInputStream(new ByteArrayInputStream(zipFile.getBytes()))) {
            ZipEntry entry;
            while ((entry = zipIn.getNextEntry()) != null) {
                if (!entry.isDirectory()) {