✨ (Snyk) Fixed finding: "java/PT"

2025-09-08 17:51:20 +02:00 · 2025-07-17 16:04:15 +00:00 · 2025-07-17 16:04:15 +00:00 · 8013e28b80
commit 8013e28b80
parent fc9551a332
1 changed files with 10 additions and 0 deletions
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
@ -74,9 +74,19 @@ public class WatermarkController {
    public ResponseEntity<byte[]> addWatermark(@ModelAttribute AddWatermarkRequest request)
            throws IOException, Exception {
        MultipartFile pdfFile = request.getFileInput();
+        String pdfFileName = pdfFile.getOriginalFilename();
+        if (pdfFileName != null && (pdfFileName.contains("..") || pdfFileName.startsWith("/"))) {
+            throw new SecurityException("Invalid file path in pdfFile");
+        }
        String watermarkType = request.getWatermarkType();
        String watermarkText = request.getWatermarkText();
        MultipartFile watermarkImage = request.getWatermarkImage();
+        if (watermarkImage != null) {
+            String watermarkImageFileName = watermarkImage.getOriginalFilename();
+            if (watermarkImageFileName != null && (watermarkImageFileName.contains("..") || watermarkImageFileName.startsWith("/"))) {
+                throw new SecurityException("Invalid file path in watermarkImage");
+            }
+        }
        String alphabet = request.getAlphabet();
        float fontSize = request.getFontSize();
        float rotation = request.getRotation();