From de43038fd957fbb770c06aa6af9c9a5d3d28b5d6 Mon Sep 17 00:00:00 2001
From: "pixeebotstirling[bot]"
<221352955+pixeebotstirling[bot]@users.noreply.github.com>
Date: Thu, 17 Jul 2025 17:15:39 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20(Snyk)=20Fixed=20finding:=20"java/P?=
=?UTF-8?q?T"=20(#3971)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
**Pixee Fix ID:**
[baa2e86a-2e2f-4c8e-99e0-bc99ce846b94](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/baa2e86a-2e2f-4c8e-99e0-bc99ce846b94)
Confidence: HIGH
Fix confidence is a rating derived from an internal benchmark and
includes High, Medium, and Low confidence fixes. It comprises three
weighted scores reflecting the safety, effectiveness and cleanliness of
Pixee's code changes within a fix. [View Details in
Pixee.](https://stirlingpdf.getpixee.com/analysis/3c9d2b94-57c2-4525-9776-c5cd149902c4/fix/baa2e86a-2e2f-4c8e-99e0-bc99ce846b94)
---
✨✨✨
## Remediation
This change fixes "java/PT" (id = java/PT) identified by Snyk.
## Details
Path Traversal is a security vulnerability that enables attackers to
gain unauthorized access to files and directories stored outside the web
root folder. To address this, a fix was made by adding
java.nio.file.Paths import for path validation, ensuring that paths are
properly sanitized and validated.
Co-authored-by: pixeebotstirling[bot] <221352955+pixeebotstirling[bot]@users.noreply.github.com>
---
.../SPDF/controller/api/misc/PrintFileController.java | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/PrintFileController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/PrintFileController.java
index 79140c571..e572432df 100644
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/PrintFileController.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/PrintFileController.java
@@ -7,6 +7,7 @@ import java.awt.print.Printable;
import java.awt.print.PrinterException;
import java.awt.print.PrinterJob;
import java.io.IOException;
+import java.nio.file.Paths;
import java.util.Arrays;
import javax.imageio.ImageIO;
@@ -45,6 +46,10 @@ public class PrintFileController {
public ResponseEntity printFile(@ModelAttribute PrintFileRequest request)
throws IOException {
MultipartFile file = request.getFileInput();
+ String originalFilename = file.getOriginalFilename();
+ if (originalFilename != null && (originalFilename.contains("..") || Paths.get(originalFilename).isAbsolute())) {
+ throw new IOException("Invalid file path detected: " + originalFilename);
+ }
String printerName = request.getPrinterName();
String contentType = file.getContentType();
try {