From 97c7a0543cc8b3ea9158f49910d2c025212116e3 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Mon, 28 Jul 2025 23:10:12 +0100
Subject: [PATCH] Hardening suggestions for Stirling-PDF / settings (#4042)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I've reviewed the recently opened PR ([4015 - V2 settings api (Added to
V1)](https://github.com/Stirling-Tools/Stirling-PDF/pull/4015)) and have
identified some area(s) that could benefit from additional hardening
measures.

These changes should help prevent potential security vulnerabilities and
improve overall code quality.

Thank you for your consideration!
🧚🤖  Powered by Pixeebot

[Feedback](https://ask.pixee.ai/feedback) |
[Community](https://pixee-community.slack.com/signup#/domain-signup) |
[Docs](https://docs.pixee.ai/)
![](https://d1zaessa2hpsmj.cloudfront.net/pixel/v1/track?writeKey=2PI43jNm7atYvAuK7rJUz3Kcd6A&event=PR_HARDENING%7CStirling-Tools%2FStirling-PDF%7C1d1522bd7a9e9eff4cbadcf868304f8c14a130b4)

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
---
 .../security/controller/api/AdminSettingsController.java        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/proprietary/src/main/java/stirling/software/proprietary/security/controller/api/AdminSettingsController.java b/app/proprietary/src/main/java/stirling/software/proprietary/security/controller/api/AdminSettingsController.java
index 1071bfb20..cf9b1ac55 100644
--- a/app/proprietary/src/main/java/stirling/software/proprietary/security/controller/api/AdminSettingsController.java
+++ b/app/proprietary/src/main/java/stirling/software/proprietary/security/controller/api/AdminSettingsController.java
@@ -557,7 +557,7 @@ public class AdminSettingsController {
         String lowerPath = fullPath.toLowerCase();
         
         // Don't mask premium.key specifically
-        if (lowerField.equals("key") && lowerPath.equals("premium.key")) {
+        if ("key".equals(lowerField) && "premium.key".equals(lowerPath)) {
             return false;
         }