Hardening suggestions for Stirling-PDF / allowExternalURLs (#4031)

I've reviewed the recently opened PR ([4013 - url fixes for access issues](https://github.com/Stirling-Tools/Stirling-PDF/pull/4013)) and have identified some area(s) that could benefit from additional hardening measures. These changes should help prevent potential security vulnerabilities and improve overall code quality. Thank you for your consideration! 🧚🤖 Powered by Pixeebot [Feedback](https://ask.pixee.ai/feedback) | [Community](https://pixee-community.slack.com/signup#/domain-signup) | [Docs](https://docs.pixee.ai/) ![](https://d1zaessa2hpsmj.cloudfront.net/pixel/v1/track?writeKey=2PI43jNm7atYvAuK7rJUz3Kcd6A&event=PR_HARDENING%7CStirling-Tools%2FStirling-PDF%7Cd8e1c693dae525e3d4304d5a6116f65fc357fcd9) --------- Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
2025-07-28 13:47:43 +02:00 · 2025-07-24 13:47:20 +01:00 · 2025-07-24 13:47:20 +01:00 · a58bbd0d38
commit a58bbd0d38
parent d8e1c693da
2 changed files with 4 additions and 3 deletions
--- a/app/common/src/test/java/stirling/software/common/util/FileToPdfTest.java
+++ b/app/common/src/test/java/stirling/software/common/util/FileToPdfTest.java
@ -1,5 +1,6 @@
 package stirling.software.common.util;

+import java.nio.file.Files;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
@ -47,8 +48,8 @@ public class FileToPdfTest {
        // Mock the temp file creation to return real temp files
        try {
            when(tempFileManager.createTempFile(anyString()))
-                .thenReturn(File.createTempFile("test", ".pdf"))
-                .thenReturn(File.createTempFile("test", ".html"));
+                .thenReturn(Files.createTempFile("test", ".pdf").toFile())
+                .thenReturn(Files.createTempFile("test", ".html").toFile());
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertOfficeController.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertOfficeController.java
@ -56,7 +56,7 @@ public class ConvertOfficeController {

        // Check if the file is HTML and apply sanitization if needed
        String fileExtension = FilenameUtils.getExtension(originalFilename).toLowerCase();
-        if (fileExtension.equals("html") || fileExtension.equals("htm")) {
+        if ("html".equals(fileExtension) || "htm".equals(fileExtension)) {
            // Read and sanitize HTML content
            String htmlContent = new String(inputFile.getBytes(), StandardCharsets.UTF_8);
            String sanitizedHtml = customHtmlSanitizer.sanitize(htmlContent);