From 7d2d3b53d17044c922d3b46ec5d834b083b1cb1d Mon Sep 17 00:00:00 2001
From: "pixeebotstirling[bot]"
 <221352955+pixeebotstirling[bot]@users.noreply.github.com>
Date: Thu, 17 Jul 2025 15:58:14 +0000
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20(Snyk)=20Fixed=20finding:=20"java/S?=
 =?UTF-8?q?srf"?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../SPDF/controller/api/pipeline/PipelineProcessor.java       | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java
index 5c1fd5f4a..9d919c12a 100644
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java
@@ -108,7 +108,9 @@ public class PipelineProcessor {
             if (inputFileTypes == null) {
                 inputFileTypes = new ArrayList<String>(Arrays.asList("ALL"));
             }
-            // List outputFileTypes = apiDocService.getExtensionTypes(true, operation);
+            if (!operation.matches("^[a-zA-Z0-9_-]+$")) {
+                throw new IllegalArgumentException("Invalid operation value received.");
+            }
             String url = getBaseUrl() + operation;
             List<Resource> newOutputFiles = new ArrayList<>();
             if (!isMultiInputOperation) {