Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-09-08 17:51:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

(Snyk) Fixed finding: "java/PT"

Browse Source
This commit is contained in:
pixeebotstirling[bot] 2025-07-17 16:02:38 +00:00 committed by GitHub
parent fc9551a332
commit 279600e04c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java
View File

@ -327,6 +327,10 @@ public class PipelineProcessor {
} }
List<Resource> outputFiles = new ArrayList<>(); List<Resource> outputFiles = new ArrayList<>();
for (File file : files) { for (File file : files) {
Path normalizedPath = Paths.get(file.getName()).normalize();
if (normalizedPath.startsWith("..")) {
throw new SecurityException("Potential path traversal attempt in file name: " + file.getName());
}
Path path = Paths.get(file.getAbsolutePath()); Path path = Paths.get(file.getAbsolutePath());
// debug statement // debug statement
log.info("Reading file: " + path); log.info("Reading file: " + path);