From ff42a183925787c1f30555f410b7571184019368 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Mon, 19 May 2025 10:15:46 +0100
Subject: [PATCH] Hardening suggestions for Stirling-PDF / junit (#3538)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I've reviewed the recently opened PR ([3537 - JUnits JUnits JUnits, so
many JUnits](https://github.com/Stirling-Tools/Stirling-PDF/pull/3537))
and have identified some area(s) that could benefit from additional
hardening measures.

These changes should help prevent potential security vulnerabilities and
improve overall code quality.

Thank you for your consideration!
🧚🤖  Powered by Pixeebot

[Feedback](https://ask.pixee.ai/feedback) |
[Community](https://pixee-community.slack.com/signup#/domain-signup) |
[Docs](https://docs.pixee.ai/)
![](https://d1zaessa2hpsmj.cloudfront.net/pixel/v1/track?writeKey=2PI43jNm7atYvAuK7rJUz3Kcd6A&event=PR_HARDENING%7CStirling-Tools%2FStirling-PDF%7C0ea58acaa24a5b4d77853bbce9cc80196a92dda4)

---------

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
---
 .../service/CustomPDFDocumentFactoryTest.java     |  3 ++-
 .../software/SPDF/utils/PDFToFileTest.java        | 15 ++++++++-------
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/test/java/stirling/software/SPDF/service/CustomPDFDocumentFactoryTest.java b/src/test/java/stirling/software/SPDF/service/CustomPDFDocumentFactoryTest.java
index 69e548eba..035011008 100644
--- a/src/test/java/stirling/software/SPDF/service/CustomPDFDocumentFactoryTest.java
+++ b/src/test/java/stirling/software/SPDF/service/CustomPDFDocumentFactoryTest.java
@@ -1,5 +1,6 @@
 package stirling.software.SPDF.service;
 
+import java.nio.file.Files;
 import static org.junit.jupiter.api.Assertions.*;
 import static org.mockito.Mockito.*;
 
@@ -233,7 +234,7 @@ class CustomPDFDocumentFactoryTest {
     }
 
     private File writeTempFile(byte[] content) throws IOException {
-        File file = File.createTempFile("pdf-test-", ".pdf");
+        File file = Files.createTempFile("pdf-test-", ".pdf").toFile();
         Files.write(file.toPath(), content);
         return file;
     }
diff --git a/src/test/java/stirling/software/SPDF/utils/PDFToFileTest.java b/src/test/java/stirling/software/SPDF/utils/PDFToFileTest.java
index db7fc79b5..7960128df 100644
--- a/src/test/java/stirling/software/SPDF/utils/PDFToFileTest.java
+++ b/src/test/java/stirling/software/SPDF/utils/PDFToFileTest.java
@@ -1,5 +1,6 @@
 package stirling.software.SPDF.utils;
 
+import io.github.pixee.security.ZipSecurity;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -213,7 +214,7 @@ class PDFToFileTest {
 
             // Verify the content by unzipping it
             try (ZipInputStream zipStream =
-                    new ZipInputStream(new java.io.ByteArrayInputStream(response.getBody()))) {
+                    ZipSecurity.createHardenedInputStream(new java.io.ByteArrayInputStream(response.getBody()))) {
                 ZipEntry entry;
                 boolean foundMdFiles = false;
                 boolean foundImage = false;
@@ -285,18 +286,18 @@ class PDFToFileTest {
 
             // Verify the content by unzipping it
             try (ZipInputStream zipStream =
-                    new ZipInputStream(new java.io.ByteArrayInputStream(response.getBody()))) {
+                    ZipSecurity.createHardenedInputStream(new java.io.ByteArrayInputStream(response.getBody()))) {
                 ZipEntry entry;
                 boolean foundMainHtml = false;
                 boolean foundIndexHtml = false;
                 boolean foundImage = false;
 
                 while ((entry = zipStream.getNextEntry()) != null) {
-                    if (entry.getName().equals("test.html")) {
+                    if ("test.html".equals(entry.getName())) {
                         foundMainHtml = true;
-                    } else if (entry.getName().equals("test_ind.html")) {
+                    } else if ("test_ind.html".equals(entry.getName())) {
                         foundIndexHtml = true;
-                    } else if (entry.getName().equals("test_img.png")) {
+                    } else if ("test_img.png".equals(entry.getName())) {
                         foundImage = true;
                     }
                     zipStream.closeEntry();
@@ -436,13 +437,13 @@ class PDFToFileTest {
 
             // Verify the content by unzipping it
             try (ZipInputStream zipStream =
-                    new ZipInputStream(new java.io.ByteArrayInputStream(response.getBody()))) {
+                    ZipSecurity.createHardenedInputStream(new java.io.ByteArrayInputStream(response.getBody()))) {
                 ZipEntry entry;
                 boolean foundMainFile = false;
                 boolean foundMediaFiles = false;
 
                 while ((entry = zipStream.getNextEntry()) != null) {
-                    if (entry.getName().equals("document.odp")) {
+                    if ("document.odp".equals(entry.getName())) {
                         foundMainFile = true;
                     } else if (entry.getName().startsWith("document_media")) {
                         foundMediaFiles = true;