From d79d179d80a8b39264f91928a06ff2b6b6b0855a Mon Sep 17 00:00:00 2001
From: "pixeebotstirling[bot]"
 <221352955+pixeebotstirling[bot]@users.noreply.github.com>
Date: Thu, 17 Jul 2025 17:18:27 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20(Snyk)=20Fixed=20finding:=20"java/P?=
 =?UTF-8?q?T"=20(#3976)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

**Pixee Fix ID:**
[fb5fe72b-5b22-4654-a733-20930cb4f96a](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/fb5fe72b-5b22-4654-a733-20930cb4f96a)

<details>
  <summary>Confidence: <b>HIGH</b></summary>

Fix confidence is a rating derived from an internal benchmark and
includes High, Medium, and Low confidence fixes. It comprises three
weighted scores reflecting the safety, effectiveness and cleanliness of
Pixee's code changes within a fix. [View Details in
Pixee.](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/fb5fe72b-5b22-4654-a733-20930cb4f96a)
</details>

---

✨✨✨

## Remediation

This change fixes "java/PT" (id = java/PT) identified by Snyk.

## Details

Path traversal is a security vulnerability that occurs when an attacker
is able to access directories and files stored outside the intended
directory. It bypasses security mechanisms by manipulating variables
that reference files with `../` sequences. The fix involved adding
validation for `pdfFile` and `watermarkImage` to check for directory
traversal sequences, thereby preventing SecurityException occurrences.

Co-authored-by: pixeebotstirling[bot] <221352955+pixeebotstirling[bot]@users.noreply.github.com>
---
 .../controller/api/security/WatermarkController.java   | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
index 47a53a4f9..fd5a9b288 100644
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
@@ -74,9 +74,19 @@ public class WatermarkController {
     public ResponseEntity<byte[]> addWatermark(@ModelAttribute AddWatermarkRequest request)
             throws IOException, Exception {
         MultipartFile pdfFile = request.getFileInput();
+        String pdfFileName = pdfFile.getOriginalFilename();
+        if (pdfFileName != null && (pdfFileName.contains("..") || pdfFileName.startsWith("/"))) {
+            throw new SecurityException("Invalid file path in pdfFile");
+        }
         String watermarkType = request.getWatermarkType();
         String watermarkText = request.getWatermarkText();
         MultipartFile watermarkImage = request.getWatermarkImage();
+        if (watermarkImage != null) {
+            String watermarkImageFileName = watermarkImage.getOriginalFilename();
+            if (watermarkImageFileName != null && (watermarkImageFileName.contains("..") || watermarkImageFileName.startsWith("/"))) {
+                throw new SecurityException("Invalid file path in watermarkImage");
+            }
+        }
         String alphabet = request.getAlphabet();
         float fontSize = request.getFontSize();
         float rotation = request.getRotation();