From 45b4588a42af25be0af03dd7214577c110a9053c Mon Sep 17 00:00:00 2001
From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com>
Date: Tue, 17 Jun 2025 17:40:50 +0100
Subject: [PATCH 1/2] PR Deploy to deploy pro/enterprise for testing (#3756)

# Description of Changes

TODO integrate SSO and GDrive

Please provide a summary of the changes, including:

- What was changed
- Why the change was made
- Any challenges encountered

Closes #(issue_number)

---

## Checklist

### General

- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing)
for more details.

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .../workflows/PR-Demo-Comment-with-react.yml  | 40 ++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/PR-Demo-Comment-with-react.yml b/.github/workflows/PR-Demo-Comment-with-react.yml
index 8bb7475e3..8850981bb 100644
--- a/.github/workflows/PR-Demo-Comment-with-react.yml
+++ b/.github/workflows/PR-Demo-Comment-with-react.yml
@@ -38,7 +38,8 @@ jobs:
       pr_ref: ${{ steps.get-pr-info.outputs.ref }}
       comment_id: ${{ github.event.comment.id }}
       disable_security: ${{ steps.check-security-flag.outputs.disable_security }}
-
+      enable_pro: ${{ steps.check-pro-flag.outputs.enable_pro }}
+      enable_enterprise: ${{ steps.check-pro-flag.outputs.enable_enterprise }}
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
@@ -98,6 +99,25 @@ jobs:
             echo "disable_security=true" >> $GITHUB_OUTPUT
           fi
 
+      - name: Check for pro flag
+        id: check-pro-flag
+        env:
+          COMMENT_BODY: ${{ github.event.comment.body }}
+        run: |
+          if [[ "$COMMENT_BODY" == *"pro"* ]] || [[ "$COMMENT_BODY" == *"premium"* ]]; then
+            echo "pro flags detected in comment"
+            echo "enable_pro=true" >> $GITHUB_OUTPUT
+            echo "enable_enterprise=false" >> $GITHUB_OUTPUT
+          elif [[ "$COMMENT_BODY" == *"enterprise"* ]]; then
+            echo "enterprise flags detected in comment"
+            echo "enable_enterprise=true" >> $GITHUB_OUTPUT
+            echo "enable_pro=false" >> $GITHUB_OUTPUT
+          else
+            echo "No pro or enterprise flags detected in comment"
+            echo "enable_pro=false" >> $GITHUB_OUTPUT
+            echo "enable_enterprise=false" >> $GITHUB_OUTPUT
+          fi
+
       - name: Add 'in_progress' reaction to comment
         id: add-eyes-reaction
         uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
@@ -209,6 +229,21 @@ jobs:
             SECURITY_STATUS="Security Disabled"
           fi
 
+          # Set pro/enterprise settings (enterprise implies pro)
+          if [ "${{ needs.check-comment.outputs.enable_enterprise }}" == "true" ]; then
+            PREMIUM_ENABLED="true"
+            PREMIUM_KEY="${{ secrets.ENTERPRISE_KEY }}"
+            PREMIUM_PROFEATURES_AUDIT_ENABLED="true"
+          elif [ "${{ needs.check-comment.outputs.enable_pro }}" == "true" ]; then
+            PREMIUM_ENABLED="true"
+            PREMIUM_KEY="${{ secrets.PREMIUM_KEY }}"
+            PREMIUM_PROFEATURES_AUDIT_ENABLED="true"
+          else
+            PREMIUM_ENABLED="false"
+            PREMIUM_KEY=""
+            PREMIUM_PROFEATURES_AUDIT_ENABLED="false"
+          fi
+
           # First create the docker-compose content locally
           cat > docker-compose.yml << EOF
           version: '3.3'
@@ -232,6 +267,9 @@ jobs:
                 SYSTEM_MAXFILESIZE: "100"
                 METRICS_ENABLED: "true"
                 SYSTEM_GOOGLEVISIBILITY: "false"
+                PREMIUM_KEY:                         "${PREMIUM_KEY}"
+                PREMIUM_ENABLED:                     "${PREMIUM_ENABLED}"
+                PREMIUM_PROFEATURES_AUDIT_ENABLED:   "${PREMIUM_PROFEATURES_AUDIT_ENABLED}"
               restart: on-failure:5
           EOF
 

From fe4cb9058c8661a2f5296daa51574f81bb756341 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Tue, 17 Jun 2025 19:43:04 +0100
Subject: [PATCH 2/2] Hardening suggestions for Stirling-PDF / audit2 (#3758)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I've reviewed the recently opened PR ([3739 - Auditing
support](https://github.com/Stirling-Tools/Stirling-PDF/pull/3739)) and
have identified some area(s) that could benefit from additional
hardening measures.

These changes should help prevent potential security vulnerabilities and
improve overall code quality.

Thank you for your consideration!
🧚🤖  Powered by Pixeebot

[Feedback](https://ask.pixee.ai/feedback) |
[Community](https://pixee-community.slack.com/signup#/domain-signup) |
[Docs](https://docs.pixee.ai/)
![](https://d1zaessa2hpsmj.cloudfront.net/pixel/v1/track?writeKey=2PI43jNm7atYvAuK7rJUz3Kcd6A&event=PR_HARDENING%7CStirling-Tools%2FStirling-PDF%7C911c89402362b71e4c59eff8c459d4942aeda6c8)

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
---
 .../software/proprietary/web/CorrelationIdFilter.java        | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java b/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
index 9dc032dfe..6357990a0 100644
--- a/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
+++ b/proprietary/src/main/java/stirling/software/proprietary/web/CorrelationIdFilter.java
@@ -1,5 +1,6 @@
 package stirling.software.proprietary.web;
 
+import io.github.pixee.security.Newlines;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -36,11 +37,11 @@ public class CorrelationIdFilter extends OncePerRequestFilter {
             }
             req.setAttribute(MDC_KEY, id);
             MDC.put(MDC_KEY, id);
-            res.setHeader(HEADER, id);
+            res.setHeader(HEADER, Newlines.stripAll(id));
 
             chain.doFilter(req, res);
         } finally {
             MDC.remove(MDC_KEY);
         }
     }
-}
\ No newline at end of file
+}