From 605782380a7f3ad880852751e460c572cb965b96 Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com> Date: Mon, 19 May 2025 00:49:12 +0000 Subject: [PATCH] Introduced protections against "zip slip" attacks --- .../java/stirling/software/SPDF/utils/PDFToFileTest.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/test/java/stirling/software/SPDF/utils/PDFToFileTest.java b/src/test/java/stirling/software/SPDF/utils/PDFToFileTest.java index db7fc79b5..bd7f955f4 100644 --- a/src/test/java/stirling/software/SPDF/utils/PDFToFileTest.java +++ b/src/test/java/stirling/software/SPDF/utils/PDFToFileTest.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.utils; +import io.github.pixee.security.ZipSecurity; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -213,7 +214,7 @@ class PDFToFileTest { // Verify the content by unzipping it try (ZipInputStream zipStream = - new ZipInputStream(new java.io.ByteArrayInputStream(response.getBody()))) { + ZipSecurity.createHardenedInputStream(new java.io.ByteArrayInputStream(response.getBody()))) { ZipEntry entry; boolean foundMdFiles = false; boolean foundImage = false; @@ -285,7 +286,7 @@ class PDFToFileTest { // Verify the content by unzipping it try (ZipInputStream zipStream = - new ZipInputStream(new java.io.ByteArrayInputStream(response.getBody()))) { + ZipSecurity.createHardenedInputStream(new java.io.ByteArrayInputStream(response.getBody()))) { ZipEntry entry; boolean foundMainHtml = false; boolean foundIndexHtml = false; @@ -436,7 +437,7 @@ class PDFToFileTest { // Verify the content by unzipping it try (ZipInputStream zipStream = - new ZipInputStream(new java.io.ByteArrayInputStream(response.getBody()))) { + ZipSecurity.createHardenedInputStream(new java.io.ByteArrayInputStream(response.getBody()))) { ZipEntry entry; boolean foundMainFile = false; boolean foundMediaFiles = false;