Hardening suggestions for Stirling-PDF / audit2 (#3758)

I've reviewed the recently opened PR ([3739 - Auditing support](https://github.com/Stirling-Tools/Stirling-PDF/pull/3739)) and have identified some area(s) that could benefit from additional hardening measures. These changes should help prevent potential security vulnerabilities and improve overall code quality. Thank you for your consideration! 🧚🤖 Powered by Pixeebot [Feedback](https://ask.pixee.ai/feedback) | [Community](https://pixee-community.slack.com/signup#/domain-signup) | [Docs](https://docs.pixee.ai/) ![](https://d1zaessa2hpsmj.cloudfront.net/pixel/v1/track?writeKey=2PI43jNm7atYvAuK7rJUz3Kcd6A&event=PR_HARDENING%7CStirling-Tools%2FStirling-PDF%7C911c89402362b71e4c59eff8c459d4942aeda6c8) Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
2025-06-22 23:45:02 +00:00 · 2025-06-17 19:43:04 +01:00 · 2025-06-17 19:43:04 +01:00 · fe4cb9058c
commit fe4cb9058c
parent 911c894023
1 changed files with 3 additions and 2 deletions
--- a/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
+++ b/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
@ -1,5 +1,6 @@
 package stirling.software.proprietary.web;

+import io.github.pixee.security.Newlines;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@ -36,11 +37,11 @@ public class CorrelationIdFilter extends OncePerRequestFilter {
            }
            req.setAttribute(MDC_KEY, id);
            MDC.put(MDC_KEY, id);
-            res.setHeader(HEADER, id);
+            res.setHeader(HEADER, Newlines.stripAll(id));

            chain.doFilter(req, res);
        } finally {
            MDC.remove(MDC_KEY);
        }
    }
-}
+}