✨ (Snyk) Fixed finding: "java/PT" (#3976)

**Pixee Fix ID:** [fb5fe72b-5b22-4654-a733-20930cb4f96a](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/fb5fe72b-5b22-4654-a733-20930cb4f96a) <details> <summary>Confidence: <b>HIGH</b></summary> Fix confidence is a rating derived from an internal benchmark and includes High, Medium, and Low confidence fixes. It comprises three weighted scores reflecting the safety, effectiveness and cleanliness of Pixee's code changes within a fix. [View Details in Pixee.](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/fb5fe72b-5b22-4654-a733-20930cb4f96a) </details> --- ✨✨✨ ## Remediation This change fixes "java/PT" (id = java/PT) identified by Snyk. ## Details Path traversal is a security vulnerability that occurs when an attacker is able to access directories and files stored outside the intended directory. It bypasses security mechanisms by manipulating variables that reference files with `../` sequences. The fix involved adding validation for `pdfFile` and `watermarkImage` to check for directory traversal sequences, thereby preventing SecurityException occurrences. Co-authored-by: pixeebotstirling[bot] <221352955+pixeebotstirling[bot]@users.noreply.github.com>
2025-07-23 05:35:23 +00:00 · 2025-07-17 17:18:27 +01:00 · 2025-07-17 17:18:27 +01:00 · d79d179d80
commit d79d179d80
parent d15a275406
1 changed files with 10 additions and 0 deletions
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
@ -74,9 +74,19 @@ public class WatermarkController {
    public ResponseEntity<byte[]> addWatermark(@ModelAttribute AddWatermarkRequest request)
            throws IOException, Exception {
        MultipartFile pdfFile = request.getFileInput();
+        String pdfFileName = pdfFile.getOriginalFilename();
+        if (pdfFileName != null && (pdfFileName.contains("..") || pdfFileName.startsWith("/"))) {
+            throw new SecurityException("Invalid file path in pdfFile");
+        }
        String watermarkType = request.getWatermarkType();
        String watermarkText = request.getWatermarkText();
        MultipartFile watermarkImage = request.getWatermarkImage();
+        if (watermarkImage != null) {
+            String watermarkImageFileName = watermarkImage.getOriginalFilename();
+            if (watermarkImageFileName != null && (watermarkImageFileName.contains("..") || watermarkImageFileName.startsWith("/"))) {
+                throw new SecurityException("Invalid file path in watermarkImage");
+            }
+        }
        String alphabet = request.getAlphabet();
        float fontSize = request.getFontSize();
        float rotation = request.getRotation();