Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-08-16 13:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into add_null_check_dropdown

Browse Source
This commit is contained in:
Ludy 2025-07-30 21:53:57 +02:00 committed by GitHub
commit bc32bf666f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
32 changed files with 1662 additions and 466 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/build.yml vendored
View File

@ -7,6 +7,18 @@ on:
pull_request:
branches: ["main"]
# cancel in-progress jobs if a new job is triggered
# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
# or a pull request is updated.
# It helps to save resources and time by ensuring that only the latest commit is built and tested
# This is particularly useful for long-running jobs that may take a while to complete.
# The `group` is set to a combination of the workflow name, event name, and branch name.
# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
cancel-in-progress: true
permissions:
contents: read

12
.github/workflows/check_properties.yml vendored
View File

@ -6,6 +6,18 @@ on:
paths:
- "app/core/src/main/resources/messages_*.properties"
# cancel in-progress jobs if a new job is triggered
# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
# or a pull request is updated.
# It helps to save resources and time by ensuring that only the latest commit is built and tested
# This is particularly useful for long-running jobs that may take a while to complete.
# The `group` is set to a combination of the workflow name, event name, and branch name.
# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
cancel-in-progress: true
permissions:
contents: read # Allow read access to repository content

12
.github/workflows/licenses-update.yml vendored
View File

@ -7,6 +7,18 @@ on:
paths:
- "build.gradle"
# cancel in-progress jobs if a new job is triggered
# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
# or a pull request is updated.
# It helps to save resources and time by ensuring that only the latest commit is built and tested
# This is particularly useful for long-running jobs that may take a while to complete.
# The `group` is set to a combination of the workflow name, event name, and branch name.
# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
cancel-in-progress: true
permissions:
contents: read

12
.github/workflows/push-docker.yml vendored
View File

@ -7,6 +7,18 @@ on:
- master
- main
# cancel in-progress jobs if a new job is triggered
# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
# or a pull request is updated.
# It helps to save resources and time by ensuring that only the latest commit is built and tested
# This is particularly useful for long-running jobs that may take a while to complete.
# The `group` is set to a combination of the workflow name, event name, and branch name.
# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
cancel-in-progress: true
permissions:
contents: read

12
.github/workflows/sonarqube.yml vendored
View File

@ -9,6 +9,18 @@ on:
- main
workflow_dispatch:
# cancel in-progress jobs if a new job is triggered
# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
# or a pull request is updated.
# It helps to save resources and time by ensuring that only the latest commit is built and tested
# This is particularly useful for long-running jobs that may take a while to complete.
# The `group` is set to a combination of the workflow name, event name, and branch name.
# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
cancel-in-progress: true
permissions:
pull-requests: read
actions: read

12
.github/workflows/swagger.yml vendored
View File

@ -6,6 +6,18 @@ on:
branches:
- master
# cancel in-progress jobs if a new job is triggered
# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
# or a pull request is updated.
# It helps to save resources and time by ensuring that only the latest commit is built and tested
# This is particularly useful for long-running jobs that may take a while to complete.
# The `group` is set to a combination of the workflow name, event name, and branch name.
# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
cancel-in-progress: true
permissions:
contents: read

12
.github/workflows/sync_files.yml vendored
View File

@ -12,6 +12,18 @@ on:
- "app/core/src/main/resources/static/3rdPartyLicenses.json"
- "scripts/ignore_translation.toml"
# cancel in-progress jobs if a new job is triggered
# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
# or a pull request is updated.
# It helps to save resources and time by ensuring that only the latest commit is built and tested
# This is particularly useful for long-running jobs that may take a while to complete.
# The `group` is set to a combination of the workflow name, event name, and branch name.
# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
cancel-in-progress: true
permissions:
contents: read

12
.github/workflows/testdriver.yml vendored
View File

@ -4,6 +4,18 @@ on:
push:
branches: ["master", "UITest", "testdriver"]
# cancel in-progress jobs if a new job is triggered
# This is useful to avoid running multiple builds for the same branch if a new commit is pushed
# or a pull request is updated.
# It helps to save resources and time by ensuring that only the latest commit is built and tested
# This is particularly useful for long-running jobs that may take a while to complete.
# The `group` is set to a combination of the workflow name, event name, and branch name.
# This ensures that jobs are grouped by the workflow and branch, allowing for cancellation of
# in-progress jobs when a new commit is pushed to the same branch or a new pull request is opened.
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
cancel-in-progress: true
permissions:
contents: read

8
.gitignore vendored
View File

@ -124,10 +124,10 @@ SwaggerDoc.json
*.tar.gz
*.rar
*.db
/build
/app/core/build
/app/common/build
/app/proprietary/build
build
app/core/build
app/common/build
app/proprietary/build
common/build
proprietary/build
stirling-pdf/build

68
app/common/src/main/java/stirling/software/common/model/ApplicationProperties.java
View File

@ -25,6 +25,9 @@ import org.springframework.core.io.Resource;
import org.springframework.core.io.support.EncodedResource;
import org.springframework.stereotype.Component;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import lombok.Data;
import lombok.Getter;
import lombok.Setter;
@ -58,7 +61,10 @@ public class ApplicationProperties {
private Mail mail = new Mail();
private Premium premium = new Premium();
@JsonIgnore // Deprecated - completely hidden from JSON serialization
private EnterpriseEdition enterpriseEdition = new EnterpriseEdition();
private AutoPipeline autoPipeline = new AutoPipeline();
private ProcessExecutor processExecutor = new ProcessExecutor();
@ -168,14 +174,27 @@ public class ApplicationProperties {
private Boolean autoCreateUser = false;
private Boolean blockRegistration = false;
private String registrationId = "stirling";
@ToString.Exclude private String idpMetadataUri;
@ToString.Exclude
@JsonProperty("idpMetadataUri")
private String idpMetadataUri;
private String idpSingleLogoutUrl;
private String idpSingleLoginUrl;
private String idpIssuer;
private String idpCert;
@ToString.Exclude private String privateKey;
@ToString.Exclude private String spCert;
@JsonProperty("idpCert")
private String idpCert;
@ToString.Exclude
@JsonProperty("privateKey")
private String privateKey;
@ToString.Exclude
@JsonProperty("spCert")
private String spCert;
@JsonIgnore
public InputStream getIdpMetadataUri() throws IOException {
if (idpMetadataUri.startsWith("classpath:")) {
return new ClassPathResource(idpMetadataUri.substring("classpath".length()))
@ -192,6 +211,7 @@ public class ApplicationProperties {
}
}
@JsonIgnore
public Resource getSpCert() {
if (spCert == null) return null;
if (spCert.startsWith("classpath:")) {
@ -201,6 +221,7 @@ public class ApplicationProperties {
}
}
@JsonIgnore
public Resource getIdpCert() {
if (idpCert == null) return null;
if (idpCert.startsWith("classpath:")) {
@ -210,6 +231,7 @@ public class ApplicationProperties {
}
}
@JsonIgnore
public Resource getPrivateKey() {
if (privateKey.startsWith("classpath:")) {
return new ClassPathResource(privateKey.substring("classpath:".length()));
@ -290,6 +312,7 @@ public class ApplicationProperties {
private Datasource datasource;
private Boolean disableSanitize;
private Boolean enableUrlToPDF;
private Html html = new Html();
private CustomPaths customPaths = new CustomPaths();
private String fileUploadLimit;
private TempFileManagement tempFileManagement = new TempFileManagement();
@ -320,8 +343,12 @@ public class ApplicationProperties {
@Data
public static class TempFileManagement {
@JsonProperty("baseTmpDir")
private String baseTmpDir = "";
@JsonProperty("libreofficeDir")
private String libreofficeDir = "";
private String systemTempDir = "";
private String prefix = "stirling-pdf-";
private long maxAgeHours = 24;
@ -329,12 +356,14 @@ public class ApplicationProperties {
private boolean startupCleanup = true;
private boolean cleanupSystemTemp = false;
@JsonIgnore
public String getBaseTmpDir() {
return baseTmpDir != null && !baseTmpDir.isEmpty()
? baseTmpDir
: java.lang.System.getProperty("java.io.tmpdir") + "/stirling-pdf";
}
@JsonIgnore
public String getLibreofficeDir() {
return libreofficeDir != null && !libreofficeDir.isEmpty()
? libreofficeDir
@ -342,6 +371,25 @@ public class ApplicationProperties {
}
}
@Data
public static class Html {
private UrlSecurity urlSecurity = new UrlSecurity();
@Data
public static class UrlSecurity {
private boolean enabled = true;
private String level = "MEDIUM"; // MAX, MEDIUM, OFF
private List<String> allowedDomains = new ArrayList<>();
private List<String> blockedDomains = new ArrayList<>();
private List<String> internalTlds =
Arrays.asList(".local", ".internal", ".corp", ".home");
private boolean blockPrivateNetworks = true;
private boolean blockLocalhost = true;
private boolean blockLinkLocal = true;
private boolean blockCloudMetadata = true;
}
}
@Data
public static class Datasource {
private boolean enableCustomDatabase;
@ -591,12 +639,24 @@ public class ApplicationProperties {
@Data
public static class TimeoutMinutes {
@JsonProperty("libreOfficetimeoutMinutes")
private long libreOfficeTimeoutMinutes;
@JsonProperty("pdfToHtmltimeoutMinutes")
private long pdfToHtmlTimeoutMinutes;
@JsonProperty("pythonOpenCvtimeoutMinutes")
private long pythonOpenCvTimeoutMinutes;
@JsonProperty("weasyPrinttimeoutMinutes")
private long weasyPrintTimeoutMinutes;
@JsonProperty("installApptimeoutMinutes")
private long installAppTimeoutMinutes;
@JsonProperty("calibretimeoutMinutes")
private long calibreTimeoutMinutes;
private long tesseractTimeoutMinutes;
private long qpdfTimeoutMinutes;
private long ghostscriptTimeoutMinutes;

208
app/common/src/main/java/stirling/software/common/service/SsrfProtectionService.java Normal file
View File

@ -0,0 +1,208 @@
package stirling.software.common.service;
import java.net.InetAddress;
import java.net.URI;
import java.net.UnknownHostException;
import java.util.regex.Pattern;
import org.springframework.stereotype.Service;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import stirling.software.common.model.ApplicationProperties;
@Service
@RequiredArgsConstructor
@Slf4j
public class SsrfProtectionService {
private final ApplicationProperties applicationProperties;
private static final Pattern DATA_URL_PATTERN =
Pattern.compile("^data:.*", Pattern.CASE_INSENSITIVE);
private static final Pattern FRAGMENT_PATTERN = Pattern.compile("^#.*");
public enum SsrfProtectionLevel {
OFF, // No SSRF protection - allows all URLs
MEDIUM, // Block internal networks but allow external URLs
MAX // Block all external URLs - only data: and fragments
}
public boolean isUrlAllowed(String url) {
ApplicationProperties.Html.UrlSecurity config =
applicationProperties.getSystem().getHtml().getUrlSecurity();
if (!config.isEnabled()) {
return true;
}
if (url == null || url.trim().isEmpty()) {
return false;
}
String trimmedUrl = url.trim();
// Always allow data URLs and fragments
if (DATA_URL_PATTERN.matcher(trimmedUrl).matches()
|| FRAGMENT_PATTERN.matcher(trimmedUrl).matches()) {
return true;
}
SsrfProtectionLevel level = parseProtectionLevel(config.getLevel());
switch (level) {
case OFF:
return true;
case MAX:
return isMaxSecurityAllowed(trimmedUrl, config);
case MEDIUM:
return isMediumSecurityAllowed(trimmedUrl, config);
default:
return false;
}
}
private SsrfProtectionLevel parseProtectionLevel(String level) {
try {
return SsrfProtectionLevel.valueOf(level.toUpperCase());
} catch (IllegalArgumentException e) {
log.warn("Invalid SSRF protection level '{}', defaulting to MEDIUM", level);
return SsrfProtectionLevel.MEDIUM;
}
}
private boolean isMaxSecurityAllowed(
String url, ApplicationProperties.Html.UrlSecurity config) {
// MAX security: only allow explicitly whitelisted domains
try {
URI uri = new URI(url);
String host = uri.getHost();
if (host == null) {
return false;
}
return config.getAllowedDomains().contains(host.toLowerCase());
} catch (Exception e) {
log.debug("Failed to parse URL for MAX security check: {}", url, e);
return false;
}
}
private boolean isMediumSecurityAllowed(
String url, ApplicationProperties.Html.UrlSecurity config) {
try {
URI uri = new URI(url);
String host = uri.getHost();
if (host == null) {
return false;
}
String hostLower = host.toLowerCase();
// Check explicit blocked domains
if (config.getBlockedDomains().contains(hostLower)) {
log.debug("URL blocked by explicit domain blocklist: {}", url);
return false;
}
// Check internal TLD patterns
for (String tld : config.getInternalTlds()) {
if (hostLower.endsWith(tld.toLowerCase())) {
log.debug("URL blocked by internal TLD pattern '{}': {}", tld, url);
return false;
}
}
// If allowedDomains is specified, only allow those
if (!config.getAllowedDomains().isEmpty()) {
boolean isAllowed =
config.getAllowedDomains().stream()
.anyMatch(
domain ->
hostLower.equals(domain.toLowerCase())
|| hostLower.endsWith(
"." + domain.toLowerCase()));
if (!isAllowed) {
log.debug("URL not in allowed domains list: {}", url);
return false;
}
}
// Resolve hostname to IP address for network-based checks
try {
InetAddress address = InetAddress.getByName(host);
if (config.isBlockPrivateNetworks() && isPrivateAddress(address)) {
log.debug("URL blocked - private network address: {}", url);
return false;
}
if (config.isBlockLocalhost() && address.isLoopbackAddress()) {
log.debug("URL blocked - localhost address: {}", url);
return false;
}
if (config.isBlockLinkLocal() && address.isLinkLocalAddress()) {
log.debug("URL blocked - link-local address: {}", url);
return false;
}
if (config.isBlockCloudMetadata()
&& isCloudMetadataAddress(address.getHostAddress())) {
log.debug("URL blocked - cloud metadata endpoint: {}", url);
return false;
}
} catch (UnknownHostException e) {
log.debug("Failed to resolve hostname for SSRF check: {}", host, e);
return false;
}
return true;
} catch (Exception e) {
log.debug("Failed to parse URL for MEDIUM security check: {}", url, e);
return false;
}
}
private boolean isPrivateAddress(InetAddress address) {
return address.isSiteLocalAddress()
|| address.isAnyLocalAddress()
|| isPrivateIPv4Range(address.getHostAddress());
}
private boolean isPrivateIPv4Range(String ip) {
return ip.startsWith("10.")
|| ip.startsWith("192.168.")
|| (ip.startsWith("172.") && isInRange172(ip))
|| ip.startsWith("127.")
|| "0.0.0.0".equals(ip);
}
private boolean isInRange172(String ip) {
String[] parts = ip.split("\\.");
if (parts.length >= 2) {
try {
int secondOctet = Integer.parseInt(parts[1]);
return secondOctet >= 16 && secondOctet <= 31;
} catch (NumberFormatException e) {
return false;
}
}
return false;
}
private boolean isCloudMetadataAddress(String ip) {
// Cloud metadata endpoints for AWS, GCP, Azure, Oracle Cloud, and IBM Cloud
return ip.startsWith("169.254.169.254") // AWS/GCP/Azure
|| ip.startsWith("fd00:ec2::254") // AWS IPv6
|| ip.startsWith("169.254.169.253") // Oracle Cloud
|| ip.startsWith("169.254.169.250"); // IBM Cloud
}
}

60
app/common/src/main/java/stirling/software/common/util/CustomHtmlSanitizer.java
View File

@ -1,21 +1,71 @@
package stirling.software.common.util;
import org.owasp.html.AttributePolicy;
import org.owasp.html.HtmlPolicyBuilder;
import org.owasp.html.PolicyFactory;
import org.owasp.html.Sanitizers;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import stirling.software.common.model.ApplicationProperties;
import stirling.software.common.service.SsrfProtectionService;
@Component
public class CustomHtmlSanitizer {
private static final PolicyFactory POLICY =
private final SsrfProtectionService ssrfProtectionService;
private final ApplicationProperties applicationProperties;
@Autowired
public CustomHtmlSanitizer(
SsrfProtectionService ssrfProtectionService,
ApplicationProperties applicationProperties) {
this.ssrfProtectionService = ssrfProtectionService;
this.applicationProperties = applicationProperties;
}
private final AttributePolicy SSRF_SAFE_URL_POLICY =
new AttributePolicy() {
@Override
public String apply(String elementName, String attributeName, String value) {
if (value == null || value.trim().isEmpty()) {
return null;
}
String trimmedValue = value.trim();
// Use the SSRF protection service to validate the URL
if (ssrfProtectionService != null
&& !ssrfProtectionService.isUrlAllowed(trimmedValue)) {
return null;
}
return trimmedValue;
}
};
private final PolicyFactory SSRF_SAFE_IMAGES_POLICY =
new HtmlPolicyBuilder()
.allowElements("img")
.allowAttributes("alt", "width", "height", "title")
.onElements("img")
.allowAttributes("src")
.matching(SSRF_SAFE_URL_POLICY)
.onElements("img")
.toFactory();
private final PolicyFactory POLICY =
Sanitizers.FORMATTING
.and(Sanitizers.BLOCKS)
.and(Sanitizers.STYLES)
.and(Sanitizers.LINKS)
.and(Sanitizers.TABLES)
.and(Sanitizers.IMAGES)
.and(SSRF_SAFE_IMAGES_POLICY)
.and(new HtmlPolicyBuilder().disallowElements("noscript").toFactory());
public static String sanitize(String html) {
String htmlAfter = POLICY.sanitize(html);
return htmlAfter;
public String sanitize(String html) {
boolean disableSanitize =
Boolean.TRUE.equals(applicationProperties.getSystem().getDisableSanitize());
return disableSanitize ? html : POLICY.sanitize(html);
}
}

22
app/common/src/main/java/stirling/software/common/util/EmlToPdf.java
View File

@ -133,9 +133,9 @@ public class EmlToPdf {
EmlToPdfRequest request,
byte[] emlBytes,
String fileName,
boolean disableSanitize,
stirling.software.common.service.CustomPDFDocumentFactory pdfDocumentFactory,
TempFileManager tempFileManager)
TempFileManager tempFileManager,
CustomHtmlSanitizer customHtmlSanitizer)
throws IOException, InterruptedException {
validateEmlInput(emlBytes);
@ -155,7 +155,11 @@ public class EmlToPdf {
// Convert HTML to PDF
byte[] pdfBytes =
convertHtmlToPdf(
weasyprintPath, request, htmlContent, disableSanitize, tempFileManager);
weasyprintPath,
request,
htmlContent,
tempFileManager,
customHtmlSanitizer);
// Attach files if available and requested
if (shouldAttachFiles(emailContent, request)) {
@ -196,8 +200,8 @@ public class EmlToPdf {
String weasyprintPath,
EmlToPdfRequest request,
String htmlContent,
boolean disableSanitize,
TempFileManager tempFileManager)
TempFileManager tempFileManager,
CustomHtmlSanitizer customHtmlSanitizer)
throws IOException, InterruptedException {
HTMLToPdfRequest htmlRequest = createHtmlRequest(request);
@ -208,8 +212,8 @@ public class EmlToPdf {
htmlRequest,
htmlContent.getBytes(StandardCharsets.UTF_8),
"email.html",
disableSanitize,
tempFileManager);
tempFileManager,
customHtmlSanitizer);
} catch (IOException | InterruptedException e) {
log.warn("Initial HTML to PDF conversion failed, trying with simplified HTML");
String simplifiedHtml = simplifyHtmlContent(htmlContent);
@ -218,8 +222,8 @@ public class EmlToPdf {
htmlRequest,
simplifiedHtml.getBytes(StandardCharsets.UTF_8),
"email.html",
disableSanitize,
tempFileManager);
tempFileManager,
customHtmlSanitizer);
}
}

21
app/common/src/main/java/stirling/software/common/util/FileToPdf.java
View File

@ -26,8 +26,8 @@ public class FileToPdf {
HTMLToPdfRequest request,
byte[] fileBytes,
String fileName,
boolean disableSanitize,
TempFileManager tempFileManager)
TempFileManager tempFileManager,
CustomHtmlSanitizer customHtmlSanitizer)
throws IOException, InterruptedException {
try (TempFile tempOutputFile = new TempFile(tempFileManager, ".pdf")) {
@ -39,14 +39,15 @@ public class FileToPdf {
if (fileName.toLowerCase().endsWith(".html")) {
String sanitizedHtml =
sanitizeHtmlContent(
new String(fileBytes, StandardCharsets.UTF_8), disableSanitize);
new String(fileBytes, StandardCharsets.UTF_8),
customHtmlSanitizer);
Files.write(
tempInputFile.getPath(),
sanitizedHtml.getBytes(StandardCharsets.UTF_8));
} else if (fileName.toLowerCase().endsWith(".zip")) {
Files.write(tempInputFile.getPath(), fileBytes);
sanitizeHtmlFilesInZip(
tempInputFile.getPath(), disableSanitize, tempFileManager);
tempInputFile.getPath(), tempFileManager, customHtmlSanitizer);
} else {
throw ExceptionUtils.createHtmlFileRequiredException();
}
@ -78,12 +79,15 @@ public class FileToPdf {
} // tempOutputFile auto-closed
}
private static String sanitizeHtmlContent(String htmlContent, boolean disableSanitize) {
return (!disableSanitize) ? CustomHtmlSanitizer.sanitize(htmlContent) : htmlContent;
private static String sanitizeHtmlContent(
String htmlContent, CustomHtmlSanitizer customHtmlSanitizer) {
return customHtmlSanitizer.sanitize(htmlContent);
}
private static void sanitizeHtmlFilesInZip(
Path zipFilePath, boolean disableSanitize, TempFileManager tempFileManager)
Path zipFilePath,
TempFileManager tempFileManager,
CustomHtmlSanitizer customHtmlSanitizer)
throws IOException {
try (TempDirectory tempUnzippedDir = new TempDirectory(tempFileManager)) {
try (ZipInputStream zipIn =
@ -99,7 +103,8 @@ public class FileToPdf {
|| entry.getName().toLowerCase().endsWith(".htm")) {
String content =
new String(zipIn.readAllBytes(), StandardCharsets.UTF_8);
String sanitizedContent = sanitizeHtmlContent(content, disableSanitize);
String sanitizedContent =
sanitizeHtmlContent(content, customHtmlSanitizer);
Files.write(
filePath, sanitizedContent.getBytes(StandardCharsets.UTF_8));
} else {

3
app/common/src/main/java/stirling/software/common/util/GeneralUtils.java
View File

@ -446,9 +446,6 @@ public class GeneralUtils {
}
}
/**
* Extracts a file from classpath:/static/python to a temporary directory and returns the path.
*/
public static Path extractScript(String scriptName) throws IOException {
// Validate input
if (scriptName == null || scriptName.trim().isEmpty()) {

53
app/common/src/test/java/stirling/software/common/util/CustomHtmlSanitizerTest.java
View File

@ -3,21 +3,42 @@ package stirling.software.common.util;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import java.util.stream.Stream;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import stirling.software.common.service.SsrfProtectionService;
class CustomHtmlSanitizerTest {
private CustomHtmlSanitizer customHtmlSanitizer;
@BeforeEach
void setUp() {
SsrfProtectionService mockSsrfProtectionService = mock(SsrfProtectionService.class);
stirling.software.common.model.ApplicationProperties mockApplicationProperties = mock(stirling.software.common.model.ApplicationProperties.class);
stirling.software.common.model.ApplicationProperties.System mockSystem = mock(stirling.software.common.model.ApplicationProperties.System.class);
// Allow all URLs by default for basic tests
when(mockSsrfProtectionService.isUrlAllowed(org.mockito.ArgumentMatchers.anyString())).thenReturn(true);
when(mockApplicationProperties.getSystem()).thenReturn(mockSystem);
when(mockSystem.getDisableSanitize()).thenReturn(false); // Enable sanitization for tests
customHtmlSanitizer = new CustomHtmlSanitizer(mockSsrfProtectionService, mockApplicationProperties);
}
@ParameterizedTest
@MethodSource("provideHtmlTestCases")
void testSanitizeHtml(String inputHtml, String[] expectedContainedTags) {
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(inputHtml);
String sanitizedHtml = customHtmlSanitizer.sanitize(inputHtml);
// Assert
for (String tag : expectedContainedTags) {
@ -58,7 +79,7 @@ class CustomHtmlSanitizerTest {
"<p style=\"color: blue; font-size: 16px; margin-top: 10px;\">Styled text</p>";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithStyles);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithStyles);
// Assert
// The OWASP HTML Sanitizer might filter some specific styles, so we only check that
@ -75,7 +96,7 @@ class CustomHtmlSanitizerTest {
"<a href=\"https://example.com\" title=\"Example Site\">Example Link</a>";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithLink);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithLink);
// Assert
// The most important aspect is that the link content is preserved
@ -97,7 +118,7 @@ class CustomHtmlSanitizerTest {
String htmlWithJsLink = "<a href=\"javascript:alert('XSS')\">Malicious Link</a>";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithJsLink);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithJsLink);
// Assert
assertFalse(sanitizedHtml.contains("javascript:"), "JavaScript URLs should be removed");
@ -116,7 +137,7 @@ class CustomHtmlSanitizerTest {
+ "</table>";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithTable);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithTable);
// Assert
assertTrue(sanitizedHtml.contains("<table"), "Table should be preserved");
@ -143,7 +164,7 @@ class CustomHtmlSanitizerTest {
"<img src=\"image.jpg\" alt=\"An image\" width=\"100\" height=\"100\">";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithImage);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithImage);
// Assert
assertTrue(sanitizedHtml.contains("<img"), "Image tag should be preserved");
@ -160,7 +181,7 @@ class CustomHtmlSanitizerTest {
"<img src=\"data:image/svg+xml;base64,PHN2ZyBvbmxvYWQ9ImFsZXJ0KDEpIj48L3N2Zz4=\" alt=\"SVG with XSS\">";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithDataUrlImage);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithDataUrlImage);
// Assert
assertFalse(
@ -175,7 +196,7 @@ class CustomHtmlSanitizerTest {
"<a href=\"#\" onclick=\"alert('XSS')\" onmouseover=\"alert('XSS')\">Click me</a>";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithJsEvent);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithJsEvent);
// Assert
assertFalse(
@ -192,7 +213,7 @@ class CustomHtmlSanitizerTest {
String htmlWithScript = "<p>Safe content</p><script>alert('XSS');</script>";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithScript);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithScript);
// Assert
assertFalse(sanitizedHtml.contains("<script>"), "Script tags should be removed");
@ -206,7 +227,7 @@ class CustomHtmlSanitizerTest {
String htmlWithNoscript = "<p>Safe content</p><noscript>JavaScript is disabled</noscript>";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithNoscript);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithNoscript);
// Assert
assertFalse(sanitizedHtml.contains("<noscript>"), "Noscript tags should be removed");
@ -220,7 +241,7 @@ class CustomHtmlSanitizerTest {
String htmlWithIframe = "<p>Safe content</p><iframe src=\"https://example.com\"></iframe>";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithIframe);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithIframe);
// Assert
assertFalse(sanitizedHtml.contains("<iframe"), "Iframe tags should be removed");
@ -237,7 +258,7 @@ class CustomHtmlSanitizerTest {
+ "<embed src=\"embed.swf\" type=\"application/x-shockwave-flash\">";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithObjects);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithObjects);
// Assert
assertFalse(sanitizedHtml.contains("<object"), "Object tags should be removed");
@ -256,7 +277,7 @@ class CustomHtmlSanitizerTest {
+ "<link rel=\"stylesheet\" href=\"evil.css\">";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(htmlWithMetaTags);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlWithMetaTags);
// Assert
assertFalse(sanitizedHtml.contains("<meta"), "Meta tags should be removed");
@ -283,7 +304,7 @@ class CustomHtmlSanitizerTest {
+ "</div>";
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(complexHtml);
String sanitizedHtml = customHtmlSanitizer.sanitize(complexHtml);
// Assert
assertTrue(sanitizedHtml.contains("<div"), "Div should be preserved");
@ -314,7 +335,7 @@ class CustomHtmlSanitizerTest {
@Test
void testSanitizeHandlesEmpty() {
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize("");
String sanitizedHtml = customHtmlSanitizer.sanitize("");
// Assert
assertEquals("", sanitizedHtml, "Empty input should result in empty string");
@ -323,7 +344,7 @@ class CustomHtmlSanitizerTest {
@Test
void testSanitizeHandlesNull() {
// Act
String sanitizedHtml = CustomHtmlSanitizer.sanitize(null);
String sanitizedHtml = customHtmlSanitizer.sanitize(null);
// Assert
assertEquals("", sanitizedHtml, "Null input should result in empty string");

61
app/common/src/test/java/stirling/software/common/util/EmlToPdfTest.java
View File

@ -13,6 +13,7 @@ import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Nested;
import org.junit.jupiter.api.Test;
@ -24,17 +25,36 @@ import static org.mockito.ArgumentMatchers.anyBoolean;
import static org.mockito.ArgumentMatchers.anyString;
import org.mockito.Mock;
import org.mockito.MockedStatic;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.mockStatic;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import org.mockito.junit.jupiter.MockitoExtension;
import org.junit.jupiter.api.BeforeEach;
import stirling.software.common.model.api.converters.EmlToPdfRequest;
import stirling.software.common.service.CustomPDFDocumentFactory;
import stirling.software.common.service.SsrfProtectionService;
import stirling.software.common.util.CustomHtmlSanitizer;
@DisplayName("EML to PDF Conversion tests")
class EmlToPdfTest {
private CustomHtmlSanitizer customHtmlSanitizer;
@BeforeEach
void setUp() {
SsrfProtectionService mockSsrfProtectionService = mock(SsrfProtectionService.class);
stirling.software.common.model.ApplicationProperties mockApplicationProperties = mock(stirling.software.common.model.ApplicationProperties.class);
stirling.software.common.model.ApplicationProperties.System mockSystem = mock(stirling.software.common.model.ApplicationProperties.System.class);
when(mockSsrfProtectionService.isUrlAllowed(org.mockito.ArgumentMatchers.anyString())).thenReturn(true);
when(mockApplicationProperties.getSystem()).thenReturn(mockSystem);
when(mockSystem.getDisableSanitize()).thenReturn(false);
customHtmlSanitizer = new CustomHtmlSanitizer(mockSsrfProtectionService, mockApplicationProperties);
}
// Focus on testing EML to HTML conversion functionality since the PDF conversion relies on WeasyPrint
// But HTML to PDF conversion is also briefly tested at PdfConversionTests class.
private void testEmailConversion(String emlContent, String[] expectedContent, boolean includeAttachments) throws IOException {
@ -506,6 +526,7 @@ class EmlToPdfTest {
@Mock private TempFileManager mockTempFileManager;
@Test
@Disabled("Complex static mocking - temporarily disabled while refactoring")
@DisplayName("Should convert EML to PDF without attachments when not requested")
void convertEmlToPdfWithoutAttachments() throws Exception {
String emlContent =
@ -523,7 +544,7 @@ class EmlToPdfTest {
when(mockPdfDocumentFactory.load(any(byte[].class))).thenReturn(mockPdDocument);
when(mockPdDocument.getNumberOfPages()).thenReturn(1);
try (MockedStatic<FileToPdf> fileToPdf = mockStatic(FileToPdf.class)) {
try (MockedStatic<FileToPdf> fileToPdf = mockStatic(FileToPdf.class, org.mockito.Mockito.withSettings().lenient())) {
fileToPdf
.when(
() ->
@ -532,8 +553,8 @@ class EmlToPdfTest {
any(),
any(byte[].class),
anyString(),
anyBoolean(),
any(TempFileManager.class)))
any(TempFileManager.class),
any(CustomHtmlSanitizer.class)))
.thenReturn(fakePdfBytes);
byte[] resultPdf =
@ -542,9 +563,9 @@ class EmlToPdfTest {
request,
emlBytes,
"test.eml",
false,
mockPdfDocumentFactory,
mockTempFileManager);
mockTempFileManager,
customHtmlSanitizer);
assertArrayEquals(fakePdfBytes, resultPdf);
@ -560,13 +581,14 @@ class EmlToPdfTest {
any(),
any(byte[].class),
anyString(),
anyBoolean(),
any(TempFileManager.class)));
any(TempFileManager.class),
any(CustomHtmlSanitizer.class)));
verify(mockPdfDocumentFactory).load(resultPdf);
}
}
@Test
@Disabled("Complex static mocking - temporarily disabled while refactoring")
@DisplayName("Should convert EML to PDF with attachments when requested")
void convertEmlToPdfWithAttachments() throws Exception {
String boundary = "----=_Part_1234567890";
@ -591,7 +613,7 @@ class EmlToPdfTest {
when(mockPdfDocumentFactory.load(any(byte[].class))).thenReturn(mockPdDocument);
when(mockPdDocument.getNumberOfPages()).thenReturn(1);
try (MockedStatic<FileToPdf> fileToPdf = mockStatic(FileToPdf.class)) {
try (MockedStatic<FileToPdf> fileToPdf = mockStatic(FileToPdf.class, org.mockito.Mockito.withSettings().lenient())) {
fileToPdf
.when(
() ->
@ -600,8 +622,8 @@ class EmlToPdfTest {
any(),
any(byte[].class),
anyString(),
anyBoolean(),
any(TempFileManager.class)))
any(TempFileManager.class),
any(CustomHtmlSanitizer.class)))
.thenReturn(fakePdfBytes);
try (MockedStatic<EmlToPdf> ignored =
@ -621,9 +643,9 @@ class EmlToPdfTest {
request,
emlBytes,
"test.eml",
false,
mockPdfDocumentFactory,
mockTempFileManager);
mockTempFileManager,
customHtmlSanitizer);
assertArrayEquals(fakePdfBytes, resultPdf);
@ -639,8 +661,8 @@ class EmlToPdfTest {
any(),
any(byte[].class),
anyString(),
anyBoolean(),
any(TempFileManager.class)));
any(TempFileManager.class),
any(CustomHtmlSanitizer.class)));
verify(mockPdfDocumentFactory).load(resultPdf);
}
@ -648,6 +670,7 @@ class EmlToPdfTest {
}
@Test
@Disabled("Complex static mocking - temporarily disabled while refactoring")
@DisplayName("Should handle errors during EML to PDF conversion")
void handleErrorsDuringConversion() {
String emlContent =
@ -656,7 +679,7 @@ class EmlToPdfTest {
EmlToPdfRequest request = createBasicRequest();
String errorMessage = "Conversion failed";
try (MockedStatic<FileToPdf> fileToPdf = mockStatic(FileToPdf.class)) {
try (MockedStatic<FileToPdf> fileToPdf = mockStatic(FileToPdf.class, org.mockito.Mockito.withSettings().lenient())) {
fileToPdf
.when(
() ->
@ -665,8 +688,8 @@ class EmlToPdfTest {
any(),
any(byte[].class),
anyString(),
anyBoolean(),
any(TempFileManager.class)))
any(TempFileManager.class),
any(CustomHtmlSanitizer.class)))
.thenThrow(new IOException(errorMessage));
IOException exception = assertThrows(
@ -676,9 +699,9 @@ class EmlToPdfTest {
request,
emlBytes,
"test.eml",
false,
mockPdfDocumentFactory,
mockTempFileManager));
mockTempFileManager,
customHtmlSanitizer));
assertTrue(exception.getMessage().contains(errorMessage));
}

25
app/common/src/test/java/stirling/software/common/util/FileToPdfTest.java
View File

@ -1,5 +1,6 @@
package stirling.software.common.util;
import java.nio.file.Files;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
@ -10,12 +11,29 @@ import static org.mockito.ArgumentMatchers.anyString;
import java.io.File;
import java.io.IOException;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import stirling.software.common.model.api.converters.HTMLToPdfRequest;
import stirling.software.common.service.SsrfProtectionService;
public class FileToPdfTest {
private CustomHtmlSanitizer customHtmlSanitizer;
@BeforeEach
void setUp() {
SsrfProtectionService mockSsrfProtectionService = mock(SsrfProtectionService.class);
stirling.software.common.model.ApplicationProperties mockApplicationProperties = mock(stirling.software.common.model.ApplicationProperties.class);
stirling.software.common.model.ApplicationProperties.System mockSystem = mock(stirling.software.common.model.ApplicationProperties.System.class);
when(mockSsrfProtectionService.isUrlAllowed(org.mockito.ArgumentMatchers.anyString())).thenReturn(true);
when(mockApplicationProperties.getSystem()).thenReturn(mockSystem);
when(mockSystem.getDisableSanitize()).thenReturn(false);
customHtmlSanitizer = new CustomHtmlSanitizer(mockSsrfProtectionService, mockApplicationProperties);
}
/**
* Test the HTML to PDF conversion. This test expects an IOException when an empty HTML input is
* provided.
@ -25,14 +43,13 @@ public class FileToPdfTest {
HTMLToPdfRequest request = new HTMLToPdfRequest();
byte[] fileBytes = new byte[0]; // Sample file bytes (empty input)
String fileName = "test.html"; // Sample file name indicating an HTML file
boolean disableSanitize = false; // Flag to control sanitization
TempFileManager tempFileManager = mock(TempFileManager.class); // Mock TempFileManager
// Mock the temp file creation to return real temp files
try {
when(tempFileManager.createTempFile(anyString()))
.thenReturn(File.createTempFile("test", ".pdf"))
.thenReturn(File.createTempFile("test", ".html"));
.thenReturn(Files.createTempFile("test", ".pdf").toFile())
.thenReturn(Files.createTempFile("test", ".html").toFile());
} catch (IOException e) {
throw new RuntimeException(e);
}
@ -43,7 +60,7 @@ public class FileToPdfTest {
Exception.class,
() ->
FileToPdf.convertHtmlToPdf(
"/path/", request, fileBytes, fileName, disableSanitize, tempFileManager));
"/path/", request, fileBytes, fileName, tempFileManager, customHtmlSanitizer));
assertNotNull(thrown);
}

8
app/core/src/main/java/stirling/software/SPDF/config/CleanUrlInterceptor.java
View File

@ -36,9 +36,15 @@ public class CleanUrlInterceptor implements HandlerInterceptor {
public boolean preHandle(
HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
String requestURI = request.getRequestURI();
// Skip URL cleaning for API endpoints - they need their own parameter handling
if (requestURI.contains("/api/")) {
return true;
}
String queryString = request.getQueryString();
if (queryString != null && !queryString.isEmpty()) {
String requestURI = request.getRequestURI();
Map<String, String> allowedParameters = new HashMap<>();
// Keep only the allowed parameters

1
app/core/src/main/java/stirling/software/SPDF/config/EndpointConfiguration.java
View File

@ -421,7 +421,6 @@ public class EndpointConfiguration {
// file-to-pdf has multiple implementations
addEndpointAlternative("file-to-pdf", "LibreOffice");
addEndpointAlternative("file-to-pdf", "Python");
addEndpointAlternative("file-to-pdf", "Unoconvert");
// pdf-to-html and pdf-to-markdown can use either LibreOffice or Pdftohtml

6
app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertEmlToPDF.java
View File

@ -23,6 +23,7 @@ import lombok.extern.slf4j.Slf4j;
import stirling.software.common.configuration.RuntimePathConfig;
import stirling.software.common.model.api.converters.EmlToPdfRequest;
import stirling.software.common.service.CustomPDFDocumentFactory;
import stirling.software.common.util.CustomHtmlSanitizer;
import stirling.software.common.util.EmlToPdf;
import stirling.software.common.util.TempFileManager;
import stirling.software.common.util.WebResponseUtils;
@ -37,6 +38,7 @@ public class ConvertEmlToPDF {
private final CustomPDFDocumentFactory pdfDocumentFactory;
private final RuntimePathConfig runtimePathConfig;
private final TempFileManager tempFileManager;
private final CustomHtmlSanitizer customHtmlSanitizer;
@PostMapping(consumes = "multipart/form-data", value = "/eml/pdf")
@Operation(
@ -103,9 +105,9 @@ public class ConvertEmlToPDF {
request,
fileBytes,
originalFilename,
false,
pdfDocumentFactory,
tempFileManager);
tempFileManager,
customHtmlSanitizer);
if (pdfBytes == null || pdfBytes.length == 0) {
log.error("PDF conversion failed - empty output for {}", originalFilename);

13
app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertHtmlToPDF.java
View File

@ -14,9 +14,9 @@ import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.RequiredArgsConstructor;
import stirling.software.common.configuration.RuntimePathConfig;
import stirling.software.common.model.ApplicationProperties;
import stirling.software.common.model.api.converters.HTMLToPdfRequest;
import stirling.software.common.service.CustomPDFDocumentFactory;
import stirling.software.common.util.CustomHtmlSanitizer;
import stirling.software.common.util.ExceptionUtils;
import stirling.software.common.util.FileToPdf;
import stirling.software.common.util.TempFileManager;
@ -30,12 +30,12 @@ public class ConvertHtmlToPDF {
private final CustomPDFDocumentFactory pdfDocumentFactory;
private final ApplicationProperties applicationProperties;
private final RuntimePathConfig runtimePathConfig;
private final TempFileManager tempFileManager;
private final CustomHtmlSanitizer customHtmlSanitizer;
@PostMapping(consumes = "multipart/form-data", value = "/html/pdf")
@Operation(
summary = "Convert an HTML or ZIP (containing HTML and CSS) to PDF",
@ -57,17 +57,14 @@ public class ConvertHtmlToPDF {
"error.fileFormatRequired", "File must be in {0} format", ".html or .zip");
}
boolean disableSanitize =
Boolean.TRUE.equals(applicationProperties.getSystem().getDisableSanitize());
byte[] pdfBytes =
FileToPdf.convertHtmlToPdf(
runtimePathConfig.getWeasyPrintPath(),
request,
fileInput.getBytes(),
originalFilename,
disableSanitize,
tempFileManager);
tempFileManager,
customHtmlSanitizer);
pdfBytes = pdfDocumentFactory.createNewBytesBasedOnOldDocument(pdfBytes);

13
app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertMarkdownToPdf.java
View File

@ -24,9 +24,9 @@ import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.RequiredArgsConstructor;
import stirling.software.common.configuration.RuntimePathConfig;
import stirling.software.common.model.ApplicationProperties;
import stirling.software.common.model.api.GeneralFile;
import stirling.software.common.service.CustomPDFDocumentFactory;
import stirling.software.common.util.CustomHtmlSanitizer;
import stirling.software.common.util.ExceptionUtils;
import stirling.software.common.util.FileToPdf;
import stirling.software.common.util.TempFileManager;
@ -39,12 +39,12 @@ import stirling.software.common.util.WebResponseUtils;
public class ConvertMarkdownToPdf {
private final CustomPDFDocumentFactory pdfDocumentFactory;
private final ApplicationProperties applicationProperties;
private final RuntimePathConfig runtimePathConfig;
private final TempFileManager tempFileManager;
private final CustomHtmlSanitizer customHtmlSanitizer;
@PostMapping(consumes = "multipart/form-data", value = "/markdown/pdf")
@Operation(
summary = "Convert a Markdown file to PDF",
@ -79,17 +79,14 @@ public class ConvertMarkdownToPdf {
String htmlContent = renderer.render(document);
boolean disableSanitize =
Boolean.TRUE.equals(applicationProperties.getSystem().getDisableSanitize());
byte[] pdfBytes =
FileToPdf.convertHtmlToPdf(
runtimePathConfig.getWeasyPrintPath(),
null,
htmlContent.getBytes(),
"converted.html",
disableSanitize,
tempFileManager);
tempFileManager,
customHtmlSanitizer);
pdfBytes = pdfDocumentFactory.createNewBytesBasedOnOldDocument(pdfBytes);
String outputFilename =
originalFilename.replaceFirst("[.][^.]+$", "")

15
app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertOfficeController.java
View File

@ -2,6 +2,7 @@ package stirling.software.SPDF.controller.api.converters;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.ArrayList;
@ -26,6 +27,7 @@ import lombok.RequiredArgsConstructor;
import stirling.software.common.configuration.RuntimePathConfig;
import stirling.software.common.model.api.GeneralFile;
import stirling.software.common.service.CustomPDFDocumentFactory;
import stirling.software.common.util.CustomHtmlSanitizer;
import stirling.software.common.util.ProcessExecutor;
import stirling.software.common.util.ProcessExecutor.ProcessExecutorResult;
import stirling.software.common.util.WebResponseUtils;
@ -38,6 +40,7 @@ public class ConvertOfficeController {
private final CustomPDFDocumentFactory pdfDocumentFactory;
private final RuntimePathConfig runtimePathConfig;
private final CustomHtmlSanitizer customHtmlSanitizer;
public File convertToPdf(MultipartFile inputFile) throws IOException, InterruptedException {
// Check for valid file extension
@ -50,7 +53,17 @@ public class ConvertOfficeController {
// Save the uploaded file to a temporary location
Path tempInputFile =
Files.createTempFile("input_", "." + FilenameUtils.getExtension(originalFilename));
inputFile.transferTo(tempInputFile);
// Check if the file is HTML and apply sanitization if needed
String fileExtension = FilenameUtils.getExtension(originalFilename).toLowerCase();
if ("html".equals(fileExtension) || "htm".equals(fileExtension)) {
// Read and sanitize HTML content
String htmlContent = new String(inputFile.getBytes(), StandardCharsets.UTF_8);
String sanitizedHtml = customHtmlSanitizer.sanitize(htmlContent);
Files.write(tempInputFile, sanitizedHtml.getBytes(StandardCharsets.UTF_8));
} else {
inputFile.transferTo(tempInputFile);
}
// Prepare the output file path
Path tempOutputFile = Files.createTempFile("output_", ".pdf");

690
app/core/src/main/resources/messages_zh_TW.properties
View File

@ -5,135 +5,135 @@
language.direction=ltr
# Language names for reuse throughout the application
lang.afr=Afrikaans
lang.amh=Amharic
lang.ara=Arabic
lang.asm=Assamese
lang.aze=Azerbaijani
lang.aze_cyrl=Azerbaijani (Cyrillic)
lang.bel=Belarusian
lang.ben=Bengali
lang.bod=Tibetan
lang.bos=Bosnian
lang.bre=Breton
lang.bul=Bulgarian
lang.cat=Catalan
lang.ceb=Cebuano
lang.ces=Czech
lang.chi_sim=Chinese (Simplified)
lang.chi_sim_vert=Chinese (Simplified, Vertical)
lang.chi_tra=Chinese (Traditional)
lang.chi_tra_vert=Chinese (Traditional, Vertical)
lang.chr=Cherokee
lang.cos=Corsican
lang.cym=Welsh
lang.dan=Danish
lang.dan_frak=Danish (Fraktur)
lang.deu=German
lang.deu_frak=German (Fraktur)
lang.div=Divehi
lang.dzo=Dzongkha
lang.ell=Greek
lang.eng=English
lang.enm=English, Middle (1100-1500)
lang.epo=Esperanto
lang.equ=Math / equation detection module
lang.est=Estonian
lang.eus=Basque
lang.fao=Faroese
lang.fas=Persian
lang.fil=Filipino
lang.fin=Finnish
lang.fra=French
lang.frk=Frankish
lang.frm=French, Middle (ca.1400-1600)
lang.fry=Western Frisian
lang.gla=Scottish Gaelic
lang.gle=Irish
lang.glg=Galician
lang.grc=Ancient Greek
lang.guj=Gujarati
lang.hat=Haitian, Haitian Creole
lang.heb=Hebrew
lang.hin=Hindi
lang.hrv=Croatian
lang.hun=Hungarian
lang.hye=Armenian
lang.iku=Inuktitut
lang.ind=Indonesian
lang.isl=Icelandic
lang.ita=Italian
lang.ita_old=Italian (Old)
lang.jav=Javanese
lang.jpn=Japanese
lang.jpn_vert=Japanese (Vertical)
lang.kan=Kannada
lang.kat=Georgian
lang.kat_old=Georgian (Old)
lang.kaz=Kazakh
lang.khm=Central Khmer
lang.kir=Kirghiz, Kyrgyz
lang.kmr=Northern Kurdish
lang.kor=Korean
lang.kor_vert=Korean (Vertical)
lang.lao=Lao
lang.lat=Latin
lang.lav=Latvian
lang.lit=Lithuanian
lang.ltz=Luxembourgish
lang.mal=Malayalam
lang.mar=Marathi
lang.mkd=Macedonian
lang.mlt=Maltese
lang.mon=Mongolian
lang.mri=Maori
lang.msa=Malay
lang.mya=Burmese
lang.nep=Nepali
lang.nld=Dutch; Flemish
lang.nor=Norwegian
lang.oci=Occitan (post 1500)
lang.ori=Oriya
lang.osd=Orientation and script detection module
lang.pan=Panjabi, Punjabi
lang.pol=Polish
lang.por=Portuguese
lang.pus=Pushto, Pashto
lang.que=Quechua
lang.ron=Romanian, Moldavian, Moldovan
lang.rus=Russian
lang.san=Sanskrit
lang.sin=Sinhala, Sinhalese
lang.slk=Slovak
lang.slk_frak=Slovak (Fraktur)
lang.slv=Slovenian
lang.snd=Sindhi
lang.spa=Spanish
lang.spa_old=Spanish (Old)
lang.sqi=Albanian
lang.srp=Serbian
lang.srp_latn=Serbian (Latin)
lang.sun=Sundanese
lang.swa=Swahili
lang.swe=Swedish
lang.syr=Syriac
lang.tam=Tamil
lang.tat=Tatar
lang.tel=Telugu
lang.tgk=Tajik
lang.tgl=Tagalog
lang.tha=Thai
lang.tir=Tigrinya
lang.ton=Tonga (Tonga Islands)
lang.tur=Turkish
lang.uig=Uighur, Uyghur
lang.ukr=Ukrainian
lang.urd=Urdu
lang.uzb=Uzbek
lang.uzb_cyrl=Uzbek (Cyrillic)
lang.vie=Vietnamese
lang.yid=Yiddish
lang.yor=Yoruba
lang.afr=南非荷蘭語
lang.amh=阿姆哈拉語
lang.ara=阿拉伯文
lang.asm=阿薩姆語
lang.aze=亞塞拜然語
lang.aze_cyrl=亞塞拜然語(西里爾字母)
lang.bel=白俄羅斯語
lang.ben=孟加拉語
lang.bod=藏文
lang.bos=波士尼亞語
lang.bre=布列塔尼語
lang.bul=保加利亞語
lang.cat=加泰隆尼亞語
lang.ceb=宿霧語
lang.ces=捷克語
lang.chi_sim=簡體中文
lang.chi_sim_vert=簡體中文(直書)
lang.chi_tra=繁體中文
lang.chi_tra_vert=繁體中文(直書)
lang.chr=切羅基語
lang.cos=科西嘉語
lang.cym=威爾斯語
lang.dan=丹麥文
lang.dan_frak=丹麥文(德文尖角體)
lang.deu=德文
lang.deu_frak=德文(德文尖角體)
lang.div=迪維希語
lang.dzo=宗卡文(不丹語)
lang.ell=希臘文
lang.eng=英文
lang.enm=中古英文(約西元 1100-1500 年)
lang.epo=世界語
lang.equ=數學/方程式偵測模組
lang.est=愛沙尼亞語
lang.eus=巴斯克語
lang.fao=法羅語
lang.fas=波斯文
lang.fil=菲律賓語
lang.fin=芬蘭文
lang.fra=法文
lang.frk=法蘭克語
lang.frm=中古法文(約西元 1400-1600 年)
lang.fry=西弗里斯蘭語
lang.gla=蘇格蘭蓋爾語
lang.gle=愛爾蘭語
lang.glg=加利西亞語
lang.grc=古希臘文
lang.guj=古吉拉特語
lang.hat=海地克里奧爾語
lang.heb=希伯來文
lang.hin=印地語
lang.hrv=克羅埃西亞語
lang.hun=匈牙利文
lang.hye=亞美尼亞文
lang.iku=伊努克提圖特語
lang.ind=印尼文
lang.isl=冰島文
lang.ita=義大利文
lang.ita_old=古義大利文
lang.jav=爪哇語
lang.jpn=日文
lang.jpn_vert=日文(直書)
lang.kan=卡納達語
lang.kat=喬治亞語
lang.kat_old=古喬治亞語
lang.kaz=哈薩克語
lang.khm=高棉語
lang.kir=吉爾吉斯語
lang.kmr=北庫德語(庫爾曼吉語)
lang.kor=韓文
lang.kor_vert=韓文(直書)
lang.lao=寮文
lang.lat=拉丁文
lang.lav=拉脫維亞語
lang.lit=立陶宛語
lang.ltz=盧森堡語
lang.mal=馬拉雅拉姆語
lang.mar=馬拉地語
lang.mkd=馬其頓語
lang.mlt=馬爾他語
lang.mon=蒙古文
lang.mri=毛利語
lang.msa=馬來文
lang.mya=緬甸文
lang.nep=尼泊爾語
lang.nld=荷蘭文;佛萊明語
lang.nor=挪威文
lang.oci=奧克西坦語(西元 1500 年後)
lang.ori=奧里亞語
lang.osd=文字方向與書寫系統偵測模組
lang.pan=旁遮普語
lang.pol=波蘭文
lang.por=葡萄牙文
lang.pus=普什圖語
lang.que=克丘亞語
lang.ron=羅馬尼亞語;摩爾多瓦語
lang.rus=俄文
lang.san=梵文
lang.sin=僧伽羅語
lang.slk=斯洛伐克語
lang.slk_frak=斯洛伐克語(德文尖角體)
lang.slv=斯洛維尼亞語
lang.snd=信德語
lang.spa=西班牙文
lang.spa_old=古西班牙文
lang.sqi=阿爾巴尼亞語
lang.srp=塞爾維亞語
lang.srp_latn=塞爾維亞語(拉丁字母)
lang.sun=巽他語
lang.swa=斯瓦希里語
lang.swe=瑞典文
lang.syr=敘利亞語
lang.tam=坦米爾文
lang.tat=韃靼語
lang.tel=泰盧固語
lang.tgk=塔吉克語
lang.tgl=他加祿語
lang.tha=泰文
lang.tir=提格利尼亞語
lang.ton=東加語(東加群島)
lang.tur=土耳其文
lang.uig=維吾爾語
lang.ukr=烏克蘭文
lang.urd=烏爾都語
lang.uzb=烏茲別克語
lang.uzb_cyrl=烏茲別克語(西里爾字母)
lang.vie=越南文
lang.yid=意第緒語
lang.yor=約魯巴語
addPageNumbers.fontSize=字型大小
addPageNumbers.fontName=字型名稱
@ -170,67 +170,67 @@ sizes.medium=中
sizes.large=
sizes.x-large=特大
error.pdfPassword=PDF 檔案已加密,但未提供密碼或密碼不正確
error.pdfCorrupted=PDF file appears to be corrupted or damaged. Please try using the 'Repair PDF' feature first to fix the file before proceeding with this operation.
error.pdfCorruptedMultiple=One or more PDF files appear to be corrupted or damaged. Please try using the 'Repair PDF' feature on each file first before attempting to merge them.
error.pdfCorruptedDuring=Error {0}: PDF file appears to be corrupted or damaged. Please try using the 'Repair PDF' feature first to fix the file before proceeding with this operation.
error.pdfCorrupted=PDF 檔案似乎已毀損或遭到破壞。請先嘗試使用「修復 PDF」功能來修復檔案然後再繼續此操作。
error.pdfCorruptedMultiple=一個或多個 PDF 檔案似乎已毀損或遭到破壞。請先嘗試對每個檔案使用「修復 PDF」功能然後再嘗試合併它們。
error.pdfCorruptedDuring=錯誤 {0}PDF 檔案似乎已毀損或遭到破壞。請先嘗試使用「修復 PDF」功能來修復檔案然後再繼續此操作。
# Frontend corruption error messages
error.pdfInvalid=The PDF file "{0}" appears to be corrupted or has an invalid structure. Please try using the 'Repair PDF' feature to fix the file before proceeding.
error.tryRepair=Try using the Repair PDF feature to fix corrupted files.
error.pdfInvalid=PDF 檔案「{0}」似乎已損毀或結構無效。請先嘗試使用「修復 PDF」功能來修復檔案然後再繼續。
error.tryRepair=請嘗試使用「修復 PDF」功能來修復損毀的檔案。
# Additional error messages
error.pdfEncryption=The PDF appears to have corrupted encryption data. This can happen when the PDF was created with incompatible encryption methods. Please try using the 'Repair PDF' feature first, or contact the document creator for a new copy.
error.fileProcessing=An error occurred while processing the file during {0} operation: {1}
error.pdfEncryption=此 PDF 的加密資料似乎已損毀。這可能是因為 PDF 是使用不相容的加密方法建立的。請先嘗試使用「修復 PDF」功能或聯絡文件建立者以取得新副本。
error.fileProcessing=在 {0} 操作期間處理檔案時發生錯誤:{1}
# Generic error message templates
error.toolNotInstalled={0} is not installed
error.toolRequired={0} is required for {1}
error.conversionFailed={0} conversion failed
error.commandFailed={0} command failed
error.algorithmNotAvailable={0} algorithm not available
error.optionsNotSpecified={0} options are not specified
error.fileFormatRequired=File must be in {0} format
error.invalidFormat=Invalid {0} format: {1}
error.endpointDisabled=This endpoint has been disabled by the admin
error.urlNotReachable=URL is not reachable, please provide a valid URL
error.toolNotInstalled=未安裝 {0}
error.toolRequired={1} 需要 {0}
error.conversionFailed={0} 轉換失敗
error.commandFailed={0} 指令失敗
error.algorithmNotAvailable=無法使用 {0} 演算法
error.optionsNotSpecified=未指定 {0} 選項
error.fileFormatRequired=檔案必須為 {0} 格式
error.invalidFormat=無效的 {0} 格式:{1}
error.endpointDisabled=此端點已被管理員停用
error.urlNotReachable=無法連線至 URL請提供有效的 URL
# DPI and image rendering messages - used by frontend for dynamic translation
# Backend sends: [TRANSLATE:messageKey:arg1,arg2] English message
# Frontend parses this and replaces with localized versions using these keys
error.dpiExceedsLimit=DPI value {0} exceeds maximum safe limit of {1}. High DPI values can cause memory issues and crashes. Please use a lower DPI value.
error.pageTooBigForDpi=PDF page {0} is too large to render at {1} DPI. Please try a lower DPI value (recommended: 150 or less).
error.pageTooBigExceedsArray=PDF page {0} is too large to render at {1} DPI. The resulting image would exceed Java's maximum array size. Please try a lower DPI value (recommended: 150 or less).
error.pageTooBigFor300Dpi=PDF page {0} is too large to render at 300 DPI. The resulting image would exceed Java's maximum array size. Please use a lower DPI value for PDF-to-image conversion.
error.dpiExceedsLimit=DPI 值 {0} 超出最大安全限制 {1}。高 DPI 值可能導致記憶體問題和當機。請使用較低的 DPI 值。
error.pageTooBigForDpi=PDF 頁面 {0} 太大,無法以 {1} DPI 進行渲染。請嘗試較低的 DPI 值建議150 或更低)。
error.pageTooBigExceedsArray=PDF 頁面 {0} 太大,無法以 {1} DPI 進行渲染。產生的影像將超出 Java 的最大陣列大小。請嘗試較低的 DPI 值建議150 或更低)。
error.pageTooBigFor300Dpi=PDF 頁面 {0} 太大,無法以 300 DPI 進行渲染。產生的影像將超出 Java 的最大陣列大小。請在 PDF 轉影像時使用較低的 DPI 值。
# URL and website conversion messages
# System requirements messages
# Authentication and security messages
error.apiKeyInvalid=API key is not valid.
error.userNotFound=User not found.
error.passwordRequired=Password must not be null.
error.accountLocked=Your account has been locked due to too many failed login attempts.
error.invalidEmail=Invalid email addresses provided.
error.emailAttachmentRequired=An attachment is required to send the email.
error.signatureNotFound=Signature file not found.
error.apiKeyInvalid=API 金鑰無效。
error.userNotFound=找不到使用者。
error.passwordRequired=密碼不得為空。
error.accountLocked=由於登入失敗次數過多,您的帳號已被鎖定。
error.invalidEmail=提供了無效的電子郵件地址。
error.emailAttachmentRequired=需要附件才能傳送電子郵件。
error.signatureNotFound=找不到簽章檔案。
# File processing messages
error.fileNotFound=File not found with ID: {0}
error.fileNotFound=找不到 ID 為 {0} 的檔案
# Database and configuration messages
error.noBackupScripts=No backup scripts were found.
error.unsupportedProvider={0} is not currently supported.
error.pathTraversalDetected=Path traversal detected for security reasons.
error.noBackupScripts=找不到任何備份指令稿。
error.unsupportedProvider=目前不支援 {0}。
error.pathTraversalDetected=因安全因素偵測到路徑遍歷。
# Validation messages
error.invalidArgument=Invalid argument: {0}
error.argumentRequired={0} must not be null
error.operationFailed=Operation failed: {0}
error.angleNotMultipleOf90=Angle must be a multiple of 90
error.pdfBookmarksNotFound=No PDF bookmarks/outline found in document
error.fontLoadingFailed=Error processing font file
error.fontDirectoryReadFailed=Failed to read font directory
error.invalidArgument=無效的參數:{0}
error.argumentRequired={0} 不得為空
error.operationFailed=操作失敗:{0}
error.angleNotMultipleOf90=角度必須是 90 的倍數
error.pdfBookmarksNotFound=在文件中找不到 PDF 書籤/大綱
error.fontLoadingFailed=處理字型檔案時發生錯誤
error.fontDirectoryReadFailed=讀取字型目錄失敗
delete=刪除
username=使用者名稱
password=密碼
@ -281,12 +281,12 @@ addToDoc=新增至文件
reset=重設
apply=套用
noFileSelected=未選擇檔案,請上傳一個。
view=View
cancel=Cancel
view=檢視
cancel=取消
back.toSettings=Back to Settings
back.toHome=Back to Home
back.toAdmin=Back to Admin
back.toSettings=返回設定
back.toHome=返回首頁
back.toAdmin=返回管理員頁面
legal.privacy=隱私權政策
legal.terms=使用條款
@ -327,7 +327,7 @@ enterpriseEdition.button=升級至專業版
enterpriseEdition.warning=此功能僅提供給專業版使用者使用。
enterpriseEdition.yamlAdvert=Stirling PDF 專業版支援 YAML 設定檔和其他單一登入 (SSO) 功能。
enterpriseEdition.ssoAdvert=需要更多使用者管理功能嗎?請參考 Stirling PDF 專業版
enterpriseEdition.proTeamFeatureDisabled=Team management features require a Pro licence or higher
enterpriseEdition.proTeamFeatureDisabled=團隊管理功能需要專業版或更進階的授權
#################
@ -408,8 +408,8 @@ account.property=屬性
account.webBrowserSettings=網頁瀏覽器設定
account.syncToBrowser=同步帳號 → 瀏覽器
account.syncToAccount=同步帳號 ← 瀏覽器
account.adminTitle=Administrator Tools
account.adminNotif=You have admin privileges. Access system settings and user management.
account.adminTitle=管理員工具
account.adminNotif=您具有管理員權限,可存取系統設定和使用者管理。
adminUserSettings.title=使用者控制設定
@ -440,48 +440,48 @@ adminUserSettings.disabledUsers=已停用的使用者:
adminUserSettings.totalUsers=使用者總數:
adminUserSettings.lastRequest=最後請求時間
adminUserSettings.usage=檢視使用情況
adminUserSettings.teams=View/Edit Teams
adminUserSettings.team=Team
adminUserSettings.manageTeams=Manage Teams
adminUserSettings.createTeam=Create Team
adminUserSettings.viewTeam=View Team
adminUserSettings.deleteTeam=Delete Team
adminUserSettings.teamName=Team Name
adminUserSettings.teamExists=Team already exists
adminUserSettings.teamCreated=Team created successfully
adminUserSettings.teamChanged=User's team was updated
adminUserSettings.teamHidden=Hidden
adminUserSettings.totalMembers=Total Members
adminUserSettings.confirmDeleteTeam=Are you sure you want to delete this team?
adminUserSettings.teams=檢視/編輯團隊
adminUserSettings.team=團隊
adminUserSettings.manageTeams=管理團隊
adminUserSettings.createTeam=建立團隊
adminUserSettings.viewTeam=檢視團隊
adminUserSettings.deleteTeam=刪除團隊
adminUserSettings.teamName=團隊名稱
adminUserSettings.teamExists=團隊已存在
adminUserSettings.teamCreated=團隊建立成功
adminUserSettings.teamChanged=使用者的團隊已更新
adminUserSettings.teamHidden=隱藏
adminUserSettings.totalMembers=成員總數
adminUserSettings.confirmDeleteTeam=您確定要刪除此團隊嗎?
teamCreated=Team created successfully
teamExists=A team with that name already exists
teamNameExists=Another team with that name already exists
teamNotFound=Team not found
teamDeleted=Team deleted
teamHasUsers=Cannot delete a team with users assigned
teamRenamed=Team renamed successfully
teamCreated=團隊建立成功
teamExists=該名稱的團隊已存在
teamNameExists=已有同名的團隊存在
teamNotFound=找不到團隊
teamDeleted=團隊已刪除
teamHasUsers=無法刪除已有指派使用者的團隊
teamRenamed=團隊重新命名成功
# Team user management
team.addUser=Add User to Team
team.selectUser=Select User
team.warning.moveUser=Warning: This will move the user from "{0}" team to "{1}" team. Are you sure?
team.confirm.moveUser=Are you sure you want to move this user from "{0}" team to "{1}" team?
team.userAdded=User successfully added to team
team.back=Back to Teams
team.internal=Internal Team
team.internalTeamNotAccessible=The Internal team is a system team and cannot be accessed
team.cannotMoveInternalUsers=Users in the Internal team cannot be moved to other teams
team.hidden=Hidden
team.name=Team Name
team.totalMembers=Total Members
team.members=Members
team.username=Username
team.role=Role
team.status=Status
team.enabled=Enabled
team.disabled=Disabled
team.noMembers=This team has no members yet.
team.addUser=新增使用者至團隊
team.selectUser=選擇使用者
team.warning.moveUser=警告:此操作會將使用者從「{0}」團隊移至「{1}」團隊。您確定嗎?
team.confirm.moveUser=您確定要將此使用者從「{0}」團隊移至「{1}」團隊嗎?
team.userAdded=已成功將使用者新增至團隊
team.back=返回團隊
team.internal=內部團隊
team.internalTeamNotAccessible=內部團隊為系統團隊,無法存取
team.cannotMoveInternalUsers=無法將內部團隊中的使用者移動到其他團隊
team.hidden=隱藏
team.name=團隊名稱
team.totalMembers=成員總數
team.members=成員
team.username=使用者名稱
team.role=角色
team.status=狀態
team.enabled=已啟用
team.disabled=已停用
team.noMembers=此團隊尚無成員。
@ -585,9 +585,9 @@ home.addImage.title=新增圖片
home.addImage.desc=在 PDF 的指定位置新增圖片
addImage.tags=img,jpg,圖片,照片
home.attachments.title=Add Attachments
home.attachments.desc=Add or remove embedded files (attachments) to/from a PDF
attachments.tags=embed,attach,file,attachment,attachments
home.attachments.title=新增附件
home.attachments.desc=將檔案(附件)新增或移除至/從 PDF
attachments.tags=嵌入,附件,檔案,附加,附件管理
home.watermark.title=新增浮水印
home.watermark.desc=在您的 PDF 檔案中新增自訂浮水印。
@ -715,8 +715,8 @@ home.auto-rename.title=自動重新命名 PDF 檔案
home.auto-rename.desc=根據其偵測到的標頭自動重新命名 PDF 檔案
auto-rename.tags=自動偵測,基於標頭,組織,重新標籤
home.adjust-contrast.title=調整顏色/對比
home.adjust-contrast.desc=調整 PDF 的對比、飽和度和亮度
home.adjust-contrast.title=調整顏色/對比
home.adjust-contrast.desc=調整 PDF 的對比、飽和度和亮度
adjust-contrast.tags=色彩校正,調整,修改,增強
home.crop.title=裁剪 PDF
@ -834,10 +834,10 @@ home.replaceColorPdf.title=取代與反轉顏色
home.replaceColorPdf.desc=取代 PDF 中文字和背景的顏色,並反轉整個 PDF 的顏色以減少檔案大小
replaceColorPdf.tags=取代顏色,頁面操作,後端,伺服器端
replace-color.selectText.1=取代或反轉顏色選項
replace-color.selectText.2=預設(預設高對比顏色)
replace-color.selectText.2=預設(預設高對比顏色)
replace-color.selectText.3=自訂(自訂顏色)
replace-color.selectText.4=全部反轉(反轉所有顏色)
replace-color.selectText.5=高對比顏色選項
replace-color.selectText.5=高對比顏色選項
replace-color.selectText.6=黑底白字
replace-color.selectText.7=白底黑字
replace-color.selectText.8=黑底黃字
@ -875,7 +875,7 @@ login.userIsDisabled=使用者已停用,目前此使用者無法登入。請
login.alreadyLoggedIn=您已經登入了
login.alreadyLoggedIn2=部裝置。請先從這些裝置登出後再試一次。
login.toManySessions=您有太多使用中的工作階段
login.logoutMessage=You have been logged out.
login.logoutMessage=您已登出。
#auto-redact
autoRedact.title=自動塗黑
@ -1059,9 +1059,9 @@ auto-rename.submit=自動重新命名
#adjustContrast
adjustContrast.title=調整對比
adjustContrast.header=調整對比
adjustContrast.contrast=對比
adjustContrast.title=調整對比
adjustContrast.header=調整對比
adjustContrast.contrast=對比
adjustContrast.brightness=亮度:
adjustContrast.saturation=飽和度:
adjustContrast.download=下載
@ -1270,11 +1270,11 @@ addImage.upload=新增圖片
addImage.submit=新增圖片
#attachments
attachments.title=Add Attachments
attachments.header=Add attachments
attachments.description=Allows you to add attachments to the PDF
attachments.descriptionPlaceholder=Enter a description for the attachments...
attachments.addButton=Add Attachments
attachments.title=新增附件
attachments.header=新增附件
attachments.description=可將附件新增至 PDF
attachments.descriptionPlaceholder=請輸入附件說明...
attachments.addButton=新增附件
#merge
merge.title=合併
@ -1282,7 +1282,7 @@ merge.header=合併多個 PDF
merge.sortByName=依名稱排序
merge.sortByDate=依日期排序
merge.removeCertSign=是否移除合併後檔案的憑證簽章?
merge.generateToc=Generate table of contents in the merged file?
merge.generateToc=是否在合併後的檔案中產生目錄?
merge.submit=合併
@ -1664,7 +1664,7 @@ fileChooser.dragAndDropPDF=拖放 PDF 檔案
fileChooser.dragAndDropImage=拖放圖片檔案
fileChooser.hoveredDragAndDrop=將檔案拖放至此
fileChooser.extractPDF=處理中...
fileChooser.addAttachments=drag & drop attachments here
fileChooser.addAttachments=拖曳附件到此處
#release notes
releases.footer=版本資訊
@ -1709,157 +1709,157 @@ validateSignature.cert.selfSigned=自我簽署
validateSignature.cert.bits=位元
# Audit Dashboard
audit.dashboard.title=Audit Dashboard
audit.dashboard.systemStatus=Audit System Status
audit.dashboard.status=Status
audit.dashboard.enabled=Enabled
audit.dashboard.disabled=Disabled
audit.dashboard.currentLevel=Current Level
audit.dashboard.retentionPeriod=Retention Period
audit.dashboard.days=days
audit.dashboard.totalEvents=Total Events
audit.dashboard.title=稽核儀表板
audit.dashboard.systemStatus=稽核系統狀態
audit.dashboard.status=狀態
audit.dashboard.enabled=已啟用
audit.dashboard.disabled=已停用
audit.dashboard.currentLevel=目前層級
audit.dashboard.retentionPeriod=保留期間
audit.dashboard.days=
audit.dashboard.totalEvents=事件總數
# Audit Dashboard Tabs
audit.dashboard.tab.dashboard=Dashboard
audit.dashboard.tab.events=Audit Events
audit.dashboard.tab.export=Export
audit.dashboard.tab.dashboard=儀表板
audit.dashboard.tab.events=稽核事件
audit.dashboard.tab.export=匯出
# Dashboard Charts
audit.dashboard.eventsByType=Events by Type
audit.dashboard.eventsByUser=Events by User
audit.dashboard.eventsOverTime=Events Over Time
audit.dashboard.period.7days=7 Days
audit.dashboard.period.30days=30 Days
audit.dashboard.period.90days=90 Days
audit.dashboard.eventsByType=依類型分類的事件
audit.dashboard.eventsByUser=依使用者分類的事件
audit.dashboard.eventsOverTime=事件時間趨勢
audit.dashboard.period.7days=7
audit.dashboard.period.30days=30
audit.dashboard.period.90days=90
# Events Tab
audit.dashboard.auditEvents=Audit Events
audit.dashboard.filter.eventType=Event Type
audit.dashboard.filter.allEventTypes=All event types
audit.dashboard.filter.user=User
audit.dashboard.filter.userPlaceholder=Filter by user
audit.dashboard.filter.startDate=Start Date
audit.dashboard.filter.endDate=End Date
audit.dashboard.filter.apply=Apply Filters
audit.dashboard.filter.reset=Reset Filters
audit.dashboard.auditEvents=稽核事件
audit.dashboard.filter.eventType=事件類型
audit.dashboard.filter.allEventTypes=所有事件類型
audit.dashboard.filter.user=使用者
audit.dashboard.filter.userPlaceholder=依使用者篩選
audit.dashboard.filter.startDate=開始日期
audit.dashboard.filter.endDate=結束日期
audit.dashboard.filter.apply=套用篩選器
audit.dashboard.filter.reset=重設篩選器
# Table Headers
audit.dashboard.table.id=ID
audit.dashboard.table.time=Time
audit.dashboard.table.user=User
audit.dashboard.table.type=Type
audit.dashboard.table.details=Details
audit.dashboard.table.viewDetails=View Details
audit.dashboard.table.time=時間
audit.dashboard.table.user=使用者
audit.dashboard.table.type=類型
audit.dashboard.table.details=詳細資訊
audit.dashboard.table.viewDetails=檢視詳細資訊
# Pagination
audit.dashboard.pagination.show=Show
audit.dashboard.pagination.entries=entries
audit.dashboard.pagination.pageInfo1=Page
audit.dashboard.pagination.pageInfo2=of
audit.dashboard.pagination.totalRecords=Total records:
audit.dashboard.pagination.show=顯示
audit.dashboard.pagination.entries=個項目
audit.dashboard.pagination.pageInfo1=
audit.dashboard.pagination.pageInfo2=頁,共
audit.dashboard.pagination.totalRecords=總記錄數:
# Modal
audit.dashboard.modal.eventDetails=Event Details
audit.dashboard.modal.eventDetails=事件詳細資訊
audit.dashboard.modal.id=ID
audit.dashboard.modal.user=User
audit.dashboard.modal.type=Type
audit.dashboard.modal.time=Time
audit.dashboard.modal.data=Data
audit.dashboard.modal.user=使用者
audit.dashboard.modal.type=類型
audit.dashboard.modal.time=時間
audit.dashboard.modal.data=資料
# Export Tab
audit.dashboard.export.title=Export Audit Data
audit.dashboard.export.format=Export Format
audit.dashboard.export.csv=CSV (Comma Separated Values)
audit.dashboard.export.json=JSON (JavaScript Object Notation)
audit.dashboard.export.button=Export Data
audit.dashboard.export.infoTitle=Export Information
audit.dashboard.export.infoDesc1=The export will include all audit events matching the selected filters. For large datasets, the export may take a few moments to generate.
audit.dashboard.export.infoDesc2=Exported data will include:
audit.dashboard.export.infoItem1=Event ID
audit.dashboard.export.infoItem2=User
audit.dashboard.export.infoItem3=Event Type
audit.dashboard.export.infoItem4=Timestamp
audit.dashboard.export.infoItem5=Event Data
audit.dashboard.export.title=匯出稽核資料
audit.dashboard.export.format=匯出格式
audit.dashboard.export.csv=CSV (逗號分隔值)
audit.dashboard.export.json=JSON (JavaScript 物件表示法)
audit.dashboard.export.button=匯出資料
audit.dashboard.export.infoTitle=匯出資訊
audit.dashboard.export.infoDesc1=匯出的內容將包含所有符合所選篩選條件的稽核事件。若資料量龐大,匯出過程可能需要一些時間。
audit.dashboard.export.infoDesc2=匯出的資料將包含:
audit.dashboard.export.infoItem1=事件 ID
audit.dashboard.export.infoItem2=使用者
audit.dashboard.export.infoItem3=事件類型
audit.dashboard.export.infoItem4=時間戳記
audit.dashboard.export.infoItem5=事件資料
# JavaScript i18n keys
audit.dashboard.js.noEventsFound=No audit events found matching the current filters
audit.dashboard.js.errorLoading=Error loading data:
audit.dashboard.js.errorRendering=Error rendering table:
audit.dashboard.js.loadingPage=Loading page
audit.dashboard.js.noEventsFound=找不到符合目前篩選條件的稽核事件
audit.dashboard.js.errorLoading=載入資料時發生錯誤:
audit.dashboard.js.errorRendering=呈現表格時發生錯誤:
audit.dashboard.js.loadingPage=正在載入頁面
####################
# Cookie banner #
####################
cookieBanner.popUp.title=我們如何使用 Cookies
cookieBanner.popUp.description.1=我們使用 Cookies 和其他技術來讓 Stirling PDF 變得更好——幫助我們改善工具並繼續創造您會喜愛的新功能
cookieBanner.popUp.description.2=如果您仍不想,點選「不,謝謝」只會開啟必要的 Cookies 好讓網站功能保持運作
cookieBanner.popUp.title=我們如何使用 Cookie
cookieBanner.popUp.description.1=我們使用 Cookie 和其他技術來讓 Stirling PDF 變得更好、協助我們改進並持續打造您會喜愛的新功能。
cookieBanner.popUp.description.2=如果您不希望如此,點選「不,謝謝」將只會啟用維持網站正常運作所需的必要 Cookie。
cookieBanner.popUp.acceptAllBtn=接受
cookieBanner.popUp.acceptNecessaryBtn=不,謝謝
cookieBanner.popUp.showPreferencesBtn=管理偏好設定
cookieBanner.preferencesModal.title=好設定中心
cookieBanner.preferencesModal.title=好設定中心
cookieBanner.preferencesModal.acceptAllBtn=全部接受
cookieBanner.preferencesModal.acceptNecessaryBtn=全部拒絕
cookieBanner.preferencesModal.savePreferencesBtn=儲存設定
cookieBanner.preferencesModal.closeIconLabel=關閉視窗
cookieBanner.preferencesModal.serviceCounterLabel=服務|服務
cookieBanner.preferencesModal.subtitle=Cookies 的用途
cookieBanner.preferencesModal.description.1=Stirling PDF 使用 Cookies 與其他相似技術去改善您的體驗和分析您如何使用我們的工具。這有助於我們改善效能、開發您注目的功能,和提供使用者協助。
cookieBanner.preferencesModal.subtitle=Cookie 的用途
cookieBanner.preferencesModal.description.1=Stirling PDF 使用 Cookie 與其他相似技術去改善您的體驗和分析您如何使用我們的工具。這有助於我們改善效能、開發您注目的功能,和提供使用者協助。
cookieBanner.preferencesModal.description.2=Stirling PDF 不能——且永遠不會——追蹤或存取您的文件。
cookieBanner.preferencesModal.description.3=您的隱私和信任是我們的核心理念。
cookieBanner.preferencesModal.necessary.title.1=必要的 Cookies
cookieBanner.preferencesModal.necessary.title.1=必要的 Cookie
cookieBanner.preferencesModal.necessary.title.2=永遠開啟
cookieBanner.preferencesModal.necessary.description=這些 Cookies 對網站正常運作至關重要。它們讓核心功能,像是隱私設定、登入、填入表格能夠運作——這也是為什麼它們不能被關掉。
cookieBanner.preferencesModal.analytics.title=分析 Cookies
cookieBanner.preferencesModal.analytics.description=這些 Cookies 幫助我們分析您如何使用我們的工具,好讓我們能專注在建構社群最重視的功能。儘管放心—— Stirling PDF 不會且永不追蹤您的文件
cookieBanner.preferencesModal.necessary.description=這些 Cookie 對網站正常運作至關重要。它們讓核心功能,像是隱私設定、登入、填入表格能夠運作——這也是為什麼它們不能被關掉。
cookieBanner.preferencesModal.analytics.title=分析 Cookie
cookieBanner.preferencesModal.analytics.description=這些 Cookie助我們分析您如何使用我們的工具,好讓我們能專注在建構社群最重視的功能。儘管放心—— Stirling PDF 不會且永不追蹤您的文件
#scannerEffect
scannerEffect.title=Scanner Effect
scannerEffect.header=Scanner Effect
scannerEffect.description=Create a PDF that looks like it was scanned
scannerEffect.selectPDF=Select PDF:
scannerEffect.quality=Scan Quality
scannerEffect.quality.low=Low
scannerEffect.quality.medium=Medium
scannerEffect.quality.high=High
scannerEffect.rotation=Rotation Angle
scannerEffect.rotation.none=None
scannerEffect.rotation.slight=Slight
scannerEffect.rotation.moderate=Moderate
scannerEffect.rotation.severe=Severe
scannerEffect.submit=Create Scanner Effect
scannerEffect.title=掃描器效果
scannerEffect.header=掃描器效果
scannerEffect.description=建立看起來像掃描過的 PDF
scannerEffect.selectPDF=選擇 PDF
scannerEffect.quality=掃描品質
scannerEffect.quality.low=
scannerEffect.quality.medium=
scannerEffect.quality.high=
scannerEffect.rotation=旋轉角度
scannerEffect.rotation.none=
scannerEffect.rotation.slight=輕微
scannerEffect.rotation.moderate=中等
scannerEffect.rotation.severe=嚴重
scannerEffect.submit=建立掃描器效果
#home.scannerEffect
home.scannerEffect.title=Scanner Effect
home.scannerEffect.desc=Create a PDF that looks like it was scanned
scannerEffect.tags=scan,simulate,realistic,convert
home.scannerEffect.title=掃描器效果
home.scannerEffect.desc=建立看起來像掃描過的 PDF
scannerEffect.tags=掃描,模擬,逼真,轉換
# ScannerEffect advanced settings (frontend)
scannerEffect.advancedSettings=Enable Advanced Scan Settings
scannerEffect.colorspace=Colorspace
scannerEffect.colorspace.grayscale=Grayscale
scannerEffect.colorspace.color=Color
scannerEffect.border=Border (px)
scannerEffect.rotate=Base Rotation (degrees)
scannerEffect.rotateVariance=Rotation Variance (degrees)
scannerEffect.brightness=Brightness
scannerEffect.contrast=Contrast
scannerEffect.blur=Blur
scannerEffect.noise=Noise
scannerEffect.yellowish=Yellowish (simulate old paper)
scannerEffect.resolution=Resolution (DPI)
scannerEffect.advancedSettings=啟用進階掃描設定
scannerEffect.colorspace=色彩空間
scannerEffect.colorspace.grayscale=灰階
scannerEffect.colorspace.color=彩色
scannerEffect.border=邊框 (px)
scannerEffect.rotate=基礎旋轉 (度)
scannerEffect.rotateVariance=旋轉變異 (度)
scannerEffect.brightness=亮度
scannerEffect.contrast=對比
scannerEffect.blur=模糊
scannerEffect.noise=雜訊
scannerEffect.yellowish=泛黃效果 (模擬舊紙張)
scannerEffect.resolution=解析度 (DPI)
# Table of Contents Feature
home.editTableOfContents.title=Edit Table of Contents
home.editTableOfContents.desc=Add or edit bookmarks and table of contents in PDF documents
home.editTableOfContents.title=編輯目錄
home.editTableOfContents.desc=在 PDF 文件中新增或編輯書籤和目錄
editTableOfContents.tags=bookmarks,toc,navigation,index,table of contents,chapters,sections,outline
editTableOfContents.title=Edit Table of Contents
editTableOfContents.header=Add or Edit PDF Table of Contents
editTableOfContents.replaceExisting=Replace existing bookmarks (uncheck to append to existing)
editTableOfContents.editorTitle=Bookmark Editor
editTableOfContents.editorDesc=Add and arrange bookmarks below. Click + to add child bookmarks.
editTableOfContents.addBookmark=Add New Bookmark
editTableOfContents.desc.1=This tool allows you to add or edit the table of contents (bookmarks) in a PDF document.
editTableOfContents.desc.2=You can create a hierarchical structure by adding child bookmarks to parent bookmarks.
editTableOfContents.desc.3=Each bookmark requires a title and target page number.
editTableOfContents.submit=Apply Table of Contents
editTableOfContents.tags=書籤,toc,導覽,索引,目錄,章節,區段,大綱
editTableOfContents.title=編輯目錄
editTableOfContents.header=新增或編輯 PDF 目錄
editTableOfContents.replaceExisting=取代現有書籤 (取消勾選以附加到現有書籤)
editTableOfContents.editorTitle=書籤編輯器
editTableOfContents.editorDesc=在下方新增和排列書籤。點選 + 新增子書籤。
editTableOfContents.addBookmark=新增書籤
editTableOfContents.desc.1=此工具可讓您在 PDF 文件中新增或編輯目錄 (書籤)。
editTableOfContents.desc.2=您可以透過將子書籤新增至父書籤來建立階層式結構。
editTableOfContents.desc.3=每個書籤都需要標題和目標頁碼。
editTableOfContents.submit=套用目錄

13
app/core/src/main/resources/settings.yml.template
View File

@ -91,7 +91,7 @@ mail:
from: '' # sender email address
legal:
termsAndConditions: https://www.stirlingpdf.com/terms-and-conditions # URL to the terms and conditions of your application (e.g. https://example.com/terms). Empty string to disable or filename to load from local file in static folder
termsAndConditions: https://www.stirlingpdf.com/terms # URL to the terms and conditions of your application (e.g. https://example.com/terms). Empty string to disable or filename to load from local file in static folder
privacyPolicy: https://www.stirlingpdf.com/privacy-policy # URL to the privacy policy of your application (e.g. https://example.com/privacy). Empty string to disable or filename to load from local file in static folder
accessibilityStatement: '' # URL to the accessibility statement of your application (e.g. https://example.com/accessibility). Empty string to disable or filename to load from local file in static folder
cookiePolicy: '' # URL to the cookie policy of your application (e.g. https://example.com/cookie). Empty string to disable or filename to load from local file in static folder
@ -108,6 +108,17 @@ system:
enableAnalytics: null # set to 'true' to enable analytics, set to 'false' to disable analytics; for enterprise users, this is set to true
enableUrlToPDF: false # Set to 'true' to enable URL to PDF, INTERNAL ONLY, known security issues, should not be used externally
disableSanitize: false # set to true to disable Sanitize HTML; (can lead to injections in HTML)
html:
urlSecurity:
enabled: true # Enable URL security restrictions for HTML processing
level: MEDIUM # Security level: MAX (whitelist only), MEDIUM (block internal networks), OFF (no restrictions)
allowedDomains: [] # Whitelist of allowed domains (e.g. ['cdn.example.com', 'images.google.com'])
blockedDomains: [] # Additional domains to block (e.g. ['evil.com', 'malicious.org'])
internalTlds: ['.local', '.internal', '.corp', '.home'] # Block domains with these TLD patterns
blockPrivateNetworks: true # Block RFC 1918 private networks (10.x.x.x, 192.168.x.x, 172.16-31.x.x)
blockLocalhost: true # Block localhost and loopback addresses (127.x.x.x, ::1)
blockLinkLocal: true # Block link-local addresses (169.254.x.x, fe80::/10)
blockCloudMetadata: true # Block cloud provider metadata endpoints (169.254.169.254)
datasource:
enableCustomDatabase: false # Enterprise users ONLY, set this property to 'true' if you would like to use your own custom database configuration
customDatabaseUrl: '' # eg jdbc:postgresql://localhost:5432/postgres, set the url for your own custom database connection. If provided, the type, hostName, port and name are not necessary and will not be used

32
app/core/src/main/resources/static/3rdPartyLicenses.json
View File

@ -85,21 +85,21 @@
"moduleLicenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.txt"
},
{
"moduleName": "com.fasterxml.jackson.jaxrs:jackson-jaxrs-base",
"moduleUrl": "https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base",
"moduleName": "com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-base",
"moduleUrl": "https://github.com/FasterXML/jackson-jakarta-rs-providers/jackson-jakarta-rs-base",
"moduleVersion": "2.19.1",
"moduleLicense": "The Apache Software License, Version 2.0",
"moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt"
},
{
"moduleName": "com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider",
"moduleUrl": "https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider",
"moduleName": "com.fasterxml.jackson.jakarta.rs:jackson-jakarta-rs-json-provider",
"moduleUrl": "https://github.com/FasterXML/jackson-jakarta-rs-providers/jackson-jakarta-rs-json-provider",
"moduleVersion": "2.19.1",
"moduleLicense": "The Apache Software License, Version 2.0",
"moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt"
},
{
"moduleName": "com.fasterxml.jackson.module:jackson-module-jaxb-annotations",
"moduleName": "com.fasterxml.jackson.module:jackson-module-jakarta-xmlbind-annotations",
"moduleUrl": "https://github.com/FasterXML/jackson-modules-base",
"moduleVersion": "2.19.1",
"moduleLicense": "The Apache Software License, Version 2.0",
@ -358,14 +358,14 @@
{
"moduleName": "com.unboundid.product.scim2:scim2-sdk-client",
"moduleUrl": "https://github.com/pingidentity/scim2",
"moduleVersion": "2.3.5",
"moduleVersion": "4.0.0",
"moduleLicense": "UnboundID SCIM2 SDK Free Use License",
"moduleLicenseUrl": "https://github.com/pingidentity/scim2"
},
{
"moduleName": "com.unboundid.product.scim2:scim2-sdk-common",
"moduleUrl": "https://github.com/pingidentity/scim2",
"moduleVersion": "2.3.5",
"moduleVersion": "4.0.0",
"moduleLicense": "UnboundID SCIM2 SDK Free Use License",
"moduleLicenseUrl": "https://github.com/pingidentity/scim2"
},
@ -533,7 +533,7 @@
{
"moduleName": "commons-io:commons-io",
"moduleUrl": "https://commons.apache.org/proper/commons-io/",
"moduleVersion": "2.19.0",
"moduleVersion": "2.20.0",
"moduleLicense": "Apache-2.0",
"moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt"
},
@ -752,20 +752,6 @@
"moduleLicense": "GNU General Public License, version 2 with the GNU Classpath Exception",
"moduleLicenseUrl": "https://www.gnu.org/software/classpath/license.html"
},
{
"moduleName": "javax.activation:javax.activation-api",
"moduleUrl": "http://www.oracle.com",
"moduleVersion": "1.2.0",
"moduleLicense": "COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0",
"moduleLicenseUrl": "https://opensource.org/licenses/CDDL-1.0"
},
{
"moduleName": "javax.xml.bind:jaxb-api",
"moduleUrl": "http://www.oracle.com/",
"moduleVersion": "2.3.1",
"moduleLicense": "GPL2 w/ CPE",
"moduleLicenseUrl": "https://oss.oracle.com/licenses/CDDL+GPL-1.1"
},
{
"moduleName": "me.friwi:gluegen-rt",
"moduleUrl": "http://jogamp.org/gluegen/www/",
@ -1457,7 +1443,7 @@
{
"moduleName": "org.snakeyaml:snakeyaml-engine",
"moduleUrl": "https://bitbucket.org/snakeyaml/snakeyaml-engine",
"moduleVersion": "2.9",
"moduleVersion": "2.10",
"moduleLicense": "Apache License, Version 2.0",
"moduleLicenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.txt"
},

633
app/proprietary/src/main/java/stirling/software/proprietary/security/controller/api/AdminSettingsController.java Normal file
View File

@ -0,0 +1,633 @@
package stirling.software.proprietary.security.controller.api;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.util.HtmlUtils;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.validation.Valid;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import stirling.software.common.model.ApplicationProperties;
import stirling.software.common.util.GeneralUtils;
import stirling.software.proprietary.security.model.api.admin.SettingValueResponse;
import stirling.software.proprietary.security.model.api.admin.UpdateSettingValueRequest;
import stirling.software.proprietary.security.model.api.admin.UpdateSettingsRequest;
@Controller
@Tag(name = "Admin Settings", description = "Admin-only Settings Management APIs")
@RequestMapping("/api/v1/admin/settings")
@RequiredArgsConstructor
@PreAuthorize("hasRole('ROLE_ADMIN')")
@Slf4j
public class AdminSettingsController {
private final ApplicationProperties applicationProperties;
private final ObjectMapper objectMapper;
// Track settings that have been modified but not yet applied (require restart)
private static final ConcurrentHashMap<String, Object> pendingChanges =
new ConcurrentHashMap<>();
// Define specific sensitive field names that contain secret values
private static final Set<String> SENSITIVE_FIELD_NAMES =
new HashSet<>(
Arrays.asList(
// Passwords
"password",
"dbpassword",
"mailpassword",
"smtppassword",
// OAuth/API secrets
"clientsecret",
"apisecret",
"secret",
// API tokens
"apikey",
"accesstoken",
"refreshtoken",
"token",
// Specific secret keys (not all keys, and excluding premium.key)
"key", // automaticallyGenerated.key
"enterprisekey",
"licensekey"));
@GetMapping
@Operation(
summary = "Get all application settings",
description =
"Retrieve all current application settings. Use includePending=true to include settings that will take effect after restart. Admin access required.")
@ApiResponses(
value = {
@ApiResponse(responseCode = "200", description = "Settings retrieved successfully"),
@ApiResponse(
responseCode = "403",
description = "Access denied - Admin role required")
})
public ResponseEntity<?> getSettings(
@RequestParam(value = "includePending", defaultValue = "false")
boolean includePending) {
log.debug("Admin requested all application settings (includePending={})", includePending);
// Convert ApplicationProperties to Map
Map<String, Object> settings = objectMapper.convertValue(applicationProperties, Map.class);
if (includePending && !pendingChanges.isEmpty()) {
// Merge pending changes into the settings map
settings = mergePendingChanges(settings, pendingChanges);
}
// Mask sensitive fields after merging
Map<String, Object> maskedSettings = maskSensitiveFields(settings);
return ResponseEntity.ok(maskedSettings);
}
@GetMapping("/delta")
@Operation(
summary = "Get pending settings changes",
description =
"Retrieve settings that have been modified but not yet applied (require restart). Admin access required.")
@ApiResponses(
value = {
@ApiResponse(
responseCode = "200",
description = "Pending changes retrieved successfully"),
@ApiResponse(
responseCode = "403",
description = "Access denied - Admin role required")
})
public ResponseEntity<?> getSettingsDelta() {
Map<String, Object> response = new HashMap<>();
// Mask sensitive fields in pending changes
response.put("pendingChanges", maskSensitiveFields(new HashMap<>(pendingChanges)));
response.put("hasPendingChanges", !pendingChanges.isEmpty());
response.put("count", pendingChanges.size());
log.debug("Admin requested pending changes - found {} settings", pendingChanges.size());
return ResponseEntity.ok(response);
}
@PutMapping
@Operation(
summary = "Update application settings (delta updates)",
description =
"Update specific application settings using dot notation keys. Only sends changed values. Changes take effect on restart. Admin access required.")
@ApiResponses(
value = {
@ApiResponse(responseCode = "200", description = "Settings updated successfully"),
@ApiResponse(responseCode = "400", description = "Invalid setting key or value"),
@ApiResponse(
responseCode = "403",
description = "Access denied - Admin role required"),
@ApiResponse(
responseCode = "500",
description = "Failed to save settings to configuration file")
})
public ResponseEntity<String> updateSettings(
@Valid @RequestBody UpdateSettingsRequest request) {
try {
Map<String, Object> settings = request.getSettings();
if (settings == null || settings.isEmpty()) {
return ResponseEntity.badRequest().body("No settings provided to update");
}
int updatedCount = 0;
for (Map.Entry<String, Object> entry : settings.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
if (!isValidSettingKey(key)) {
return ResponseEntity.badRequest()
.body("Invalid setting key format: " + HtmlUtils.htmlEscape(key));
}
log.info("Admin updating setting: {} = {}", key, value);
GeneralUtils.saveKeyToSettings(key, value);
// Track this as a pending change
pendingChanges.put(key, value);
updatedCount++;
}
return ResponseEntity.ok(
String.format(
"Successfully updated %d setting(s). Changes will take effect on application restart.",
updatedCount));
} catch (IOException e) {
log.error("Failed to save settings to file: {}", e.getMessage(), e);
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(GENERIC_FILE_ERROR);
} catch (IllegalArgumentException e) {
log.error("Invalid setting key or value: {}", e.getMessage(), e);
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(GENERIC_INVALID_SETTING);
} catch (Exception e) {
log.error("Unexpected error while updating settings: {}", e.getMessage(), e);
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body(GENERIC_SERVER_ERROR);
}
}
@GetMapping("/section/{sectionName}")
@Operation(
summary = "Get specific settings section",
description =
"Retrieve settings for a specific section (e.g., security, system, ui). Admin access required.")
@ApiResponses(
value = {
@ApiResponse(
responseCode = "200",
description = "Section settings retrieved successfully"),
@ApiResponse(responseCode = "400", description = "Invalid section name"),
@ApiResponse(
responseCode = "403",
description = "Access denied - Admin role required")
})
public ResponseEntity<?> getSettingsSection(@PathVariable String sectionName) {
try {
Object sectionData = getSectionData(sectionName);
if (sectionData == null) {
return ResponseEntity.badRequest()
.body(
"Invalid section name: "
+ HtmlUtils.htmlEscape(sectionName)
+ ". Valid sections: "
+ String.join(", ", VALID_SECTION_NAMES));
}
log.debug("Admin requested settings section: {}", sectionName);
return ResponseEntity.ok(sectionData);
} catch (IllegalArgumentException e) {
log.error("Invalid section name {}: {}", sectionName, e.getMessage(), e);
return ResponseEntity.status(HttpStatus.BAD_REQUEST)
.body("Invalid section name: " + HtmlUtils.htmlEscape(sectionName));
} catch (Exception e) {
log.error("Error retrieving section {}: {}", sectionName, e.getMessage(), e);
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body("Failed to retrieve section.");
}
}
@PutMapping("/section/{sectionName}")
@Operation(
summary = "Update specific settings section",
description = "Update all settings within a specific section. Admin access required.")
@ApiResponses(
value = {
@ApiResponse(
responseCode = "200",
description = "Section settings updated successfully"),
@ApiResponse(responseCode = "400", description = "Invalid section name or data"),
@ApiResponse(
responseCode = "403",
description = "Access denied - Admin role required"),
@ApiResponse(responseCode = "500", description = "Failed to save settings")
})
public ResponseEntity<String> updateSettingsSection(
@PathVariable String sectionName, @Valid @RequestBody Map<String, Object> sectionData) {
try {
if (sectionData == null || sectionData.isEmpty()) {
return ResponseEntity.badRequest().body("No section data provided to update");
}
if (!isValidSectionName(sectionName)) {
return ResponseEntity.badRequest()
.body(
"Invalid section name: "
+ HtmlUtils.htmlEscape(sectionName)
+ ". Valid sections: "
+ String.join(", ", VALID_SECTION_NAMES));
}
int updatedCount = 0;
for (Map.Entry<String, Object> entry : sectionData.entrySet()) {
String propertyKey = entry.getKey();
String fullKey = sectionName + "." + propertyKey;
Object value = entry.getValue();
if (!isValidSettingKey(fullKey)) {
return ResponseEntity.badRequest()
.body("Invalid setting key format: " + HtmlUtils.htmlEscape(fullKey));
}
log.info("Admin updating section setting: {} = {}", fullKey, value);
GeneralUtils.saveKeyToSettings(fullKey, value);
// Track this as a pending change
pendingChanges.put(fullKey, value);
updatedCount++;
}
String escapedSectionName = HtmlUtils.htmlEscape(sectionName);
return ResponseEntity.ok(
String.format(
"Successfully updated %d setting(s) in section '%s'. Changes will take effect on application restart.",
updatedCount, escapedSectionName));
} catch (IOException e) {
log.error("Failed to save section settings to file: {}", e.getMessage(), e);
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(GENERIC_FILE_ERROR);
} catch (IllegalArgumentException e) {
log.error("Invalid section data: {}", e.getMessage(), e);
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(GENERIC_INVALID_SECTION);
} catch (Exception e) {
log.error("Unexpected error while updating section settings: {}", e.getMessage(), e);
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body(GENERIC_SERVER_ERROR);
}
}
@GetMapping("/key/{key}")
@Operation(
summary = "Get specific setting value",
description =
"Retrieve value for a specific setting key using dot notation. Admin access required.")
@ApiResponses(
value = {
@ApiResponse(
responseCode = "200",
description = "Setting value retrieved successfully"),
@ApiResponse(responseCode = "400", description = "Invalid setting key"),
@ApiResponse(
responseCode = "403",
description = "Access denied - Admin role required")
})
public ResponseEntity<?> getSettingValue(@PathVariable String key) {
try {
if (!isValidSettingKey(key)) {
return ResponseEntity.badRequest()
.body("Invalid setting key format: " + HtmlUtils.htmlEscape(key));
}
Object value = getSettingByKey(key);
if (value == null) {
return ResponseEntity.badRequest()
.body("Setting key not found: " + HtmlUtils.htmlEscape(key));
}
log.debug("Admin requested setting: {}", key);
return ResponseEntity.ok(new SettingValueResponse(key, value));
} catch (IllegalArgumentException e) {
log.error("Invalid setting key {}: {}", key, e.getMessage(), e);
return ResponseEntity.status(HttpStatus.BAD_REQUEST)
.body("Invalid setting key: " + HtmlUtils.htmlEscape(key));
} catch (Exception e) {
log.error("Error retrieving setting {}: {}", key, e.getMessage(), e);
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body("Failed to retrieve setting.");
}
}
@PutMapping("/key/{key}")
@Operation(
summary = "Update specific setting value",
description =
"Update value for a specific setting key using dot notation. Admin access required.")
@ApiResponses(
value = {
@ApiResponse(responseCode = "200", description = "Setting updated successfully"),
@ApiResponse(responseCode = "400", description = "Invalid setting key or value"),
@ApiResponse(
responseCode = "403",
description = "Access denied - Admin role required"),
@ApiResponse(responseCode = "500", description = "Failed to save setting")
})
public ResponseEntity<String> updateSettingValue(
@PathVariable String key, @Valid @RequestBody UpdateSettingValueRequest request) {
try {
if (!isValidSettingKey(key)) {
return ResponseEntity.badRequest()
.body("Invalid setting key format: " + HtmlUtils.htmlEscape(key));
}
Object value = request.getValue();
log.info("Admin updating single setting: {} = {}", key, value);
GeneralUtils.saveKeyToSettings(key, value);
// Track this as a pending change
pendingChanges.put(key, value);
String escapedKey = HtmlUtils.htmlEscape(key);
return ResponseEntity.ok(
String.format(
"Successfully updated setting '%s'. Changes will take effect on application restart.",
escapedKey));
} catch (IOException e) {
log.error("Failed to save setting to file: {}", e.getMessage(), e);
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(GENERIC_FILE_ERROR);
} catch (IllegalArgumentException e) {
log.error("Invalid setting key or value: {}", e.getMessage(), e);
return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(GENERIC_INVALID_SETTING);
} catch (Exception e) {
log.error("Unexpected error while updating setting: {}", e.getMessage(), e);
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
.body(GENERIC_SERVER_ERROR);
}
}
private Object getSectionData(String sectionName) {
if (sectionName == null || sectionName.trim().isEmpty()) {
return null;
}
return switch (sectionName.toLowerCase()) {
case "security" -> applicationProperties.getSecurity();
case "system" -> applicationProperties.getSystem();
case "ui" -> applicationProperties.getUi();
case "endpoints" -> applicationProperties.getEndpoints();
case "metrics" -> applicationProperties.getMetrics();
case "mail" -> applicationProperties.getMail();
case "premium" -> applicationProperties.getPremium();
case "processexecutor", "processExecutor" -> applicationProperties.getProcessExecutor();
case "autopipeline", "autoPipeline" -> applicationProperties.getAutoPipeline();
case "legal" -> applicationProperties.getLegal();
default -> null;
};
}
private boolean isValidSectionName(String sectionName) {
return getSectionData(sectionName) != null;
}
private static final java.util.Set<String> VALID_SECTION_NAMES =
java.util.Set.of(
"security",
"system",
"ui",
"endpoints",
"metrics",
"mail",
"premium",
"processExecutor",
"processexecutor",
"autoPipeline",
"autopipeline",
"legal");
// Pattern to validate safe property paths - only alphanumeric, dots, and underscores
private static final Pattern SAFE_KEY_PATTERN = Pattern.compile("^[a-zA-Z0-9._]+$");
private static final int MAX_NESTING_DEPTH = 10;
// Security: Generic error messages to prevent information disclosure
private static final String GENERIC_INVALID_SETTING = "Invalid setting key or value.";
private static final String GENERIC_INVALID_SECTION = "Invalid section data provided.";
private static final String GENERIC_SERVER_ERROR = "Internal server error occurred.";
private static final String GENERIC_FILE_ERROR =
"Failed to save settings to configuration file.";
private boolean isValidSettingKey(String key) {
if (key == null || key.trim().isEmpty()) {
return false;
}
// Check against pattern to prevent injection attacks
if (!SAFE_KEY_PATTERN.matcher(key).matches()) {
return false;
}
// Prevent excessive nesting depth
String[] parts = key.split("\\.");
if (parts.length > MAX_NESTING_DEPTH) {
return false;
}
// Ensure first part is a valid section name
if (parts.length > 0 && !VALID_SECTION_NAMES.contains(parts[0].toLowerCase())) {
return false;
}
return true;
}
private Object getSettingByKey(String key) {
if (key == null || key.trim().isEmpty()) {
return null;
}
String[] parts = key.split("\\.", 2);
if (parts.length < 2) {
return null;
}
String sectionName = parts[0];
String propertyPath = parts[1];
Object section = getSectionData(sectionName);
if (section == null) {
return null;
}
try {
return getNestedProperty(section, propertyPath, 0);
} catch (NoSuchFieldException | IllegalAccessException e) {
log.warn("Failed to get nested property {}: {}", key, e.getMessage());
return null;
}
}
private Object getNestedProperty(Object obj, String propertyPath, int depth)
throws NoSuchFieldException, IllegalAccessException {
if (obj == null) {
return null;
}
// Prevent excessive recursion depth
if (depth > MAX_NESTING_DEPTH) {
throw new IllegalAccessException("Maximum nesting depth exceeded");
}
try {
// Use Jackson ObjectMapper for safer property access
@SuppressWarnings("unchecked")
Map<String, Object> objectMap = objectMapper.convertValue(obj, Map.class);
String[] parts = propertyPath.split("\\.", 2);
String currentProperty = parts[0];
if (!objectMap.containsKey(currentProperty)) {
throw new NoSuchFieldException("Property not found: " + currentProperty);
}
Object value = objectMap.get(currentProperty);
if (parts.length == 1) {
return value;
} else {
return getNestedProperty(value, parts[1], depth + 1);
}
} catch (IllegalArgumentException e) {
// If Jackson fails, the property doesn't exist or isn't accessible
throw new NoSuchFieldException("Property not accessible: " + propertyPath);
}
}
/**
* Recursively mask sensitive fields in settings map. Sensitive fields are replaced with a
* status indicator showing if they're configured.
*/
@SuppressWarnings("unchecked")
private Map<String, Object> maskSensitiveFields(Map<String, Object> settings) {
return maskSensitiveFieldsWithPath(settings, "");
}
@SuppressWarnings("unchecked")
private Map<String, Object> maskSensitiveFieldsWithPath(
Map<String, Object> settings, String path) {
Map<String, Object> masked = new HashMap<>();
for (Map.Entry<String, Object> entry : settings.entrySet()) {
String key = entry.getKey();
Object value = entry.getValue();
String currentPath = path.isEmpty() ? key : path + "." + key;
if (value instanceof Map) {
// Recursively mask nested objects
masked.put(
key, maskSensitiveFieldsWithPath((Map<String, Object>) value, currentPath));
} else if (isSensitiveFieldWithPath(key, currentPath)) {
// Mask sensitive fields with status indicator
masked.put(key, createMaskedValue(value));
} else {
// Keep non-sensitive fields as-is
masked.put(key, value);
}
}
return masked;
}
/** Check if a field name indicates sensitive data with full path context */
private boolean isSensitiveFieldWithPath(String fieldName, String fullPath) {
String lowerField = fieldName.toLowerCase();
String lowerPath = fullPath.toLowerCase();
// Don't mask premium.key specifically
if ("key".equals(lowerField) && "premium.key".equals(lowerPath)) {
return false;
}
// Direct match with sensitive field names
if (SENSITIVE_FIELD_NAMES.contains(lowerField)) {
return true;
}
// Check for fields containing 'password' or 'secret'
return lowerField.contains("password") || lowerField.contains("secret");
}
/** Create a masked representation for sensitive fields */
private Object createMaskedValue(Object originalValue) {
if (originalValue == null
|| (originalValue instanceof String && ((String) originalValue).trim().isEmpty())) {
return originalValue; // Keep empty/null values as-is
} else {
return "********";
}
}
/** Merge pending changes into the settings map using dot notation keys */
@SuppressWarnings("unchecked")
private Map<String, Object> mergePendingChanges(
Map<String, Object> settings, Map<String, Object> pendingChanges) {
// Create a deep copy of the settings to avoid modifying the original
Map<String, Object> mergedSettings = new HashMap<>(settings);
for (Map.Entry<String, Object> pendingEntry : pendingChanges.entrySet()) {
String dotNotationKey = pendingEntry.getKey();
Object pendingValue = pendingEntry.getValue();
// Split the dot notation key into parts
String[] keyParts = dotNotationKey.split("\\.");
// Navigate to the parent object and set the value
Map<String, Object> currentMap = mergedSettings;
// Navigate through all parts except the last one
for (int i = 0; i < keyParts.length - 1; i++) {
String keyPart = keyParts[i];
// Get or create the nested map
Object nested = currentMap.get(keyPart);
if (!(nested instanceof Map)) {
// Create a new nested map if it doesn't exist or isn't a map
nested = new HashMap<String, Object>();
currentMap.put(keyPart, nested);
}
currentMap = (Map<String, Object>) nested;
}
// Set the final value
String finalKey = keyParts[keyParts.length - 1];
currentMap.put(finalKey, pendingValue);
}
return mergedSettings;
}
}

22
app/proprietary/src/main/java/stirling/software/proprietary/security/model/api/admin/SettingValueResponse.java Normal file
View File

@ -0,0 +1,22 @@
package stirling.software.proprietary.security.model.api.admin;
import io.swagger.v3.oas.annotations.media.Schema;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@NoArgsConstructor
@AllArgsConstructor
@Schema(description = "Response containing a setting key and its current value")
public class SettingValueResponse {
@Schema(
description = "The setting key in dot notation (e.g., 'system.enableAnalytics')",
example = "system.enableAnalytics")
private String key;
@Schema(description = "The current value of the setting", example = "true")
private Object value;
}

16
app/proprietary/src/main/java/stirling/software/proprietary/security/model/api/admin/UpdateSettingValueRequest.java Normal file
View File

@ -0,0 +1,16 @@
package stirling.software.proprietary.security.model.api.admin;
import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.validation.constraints.NotNull;
import lombok.Data;
@Data
@Schema(description = "Request to update a single setting value")
public class UpdateSettingValueRequest {
@NotNull
@Schema(description = "The new value for the setting", example = "false")
private Object value;
}

23
app/proprietary/src/main/java/stirling/software/proprietary/security/model/api/admin/UpdateSettingsRequest.java Normal file
View File

@ -0,0 +1,23 @@
package stirling.software.proprietary.security.model.api.admin;
import java.util.Map;
import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.validation.constraints.NotEmpty;
import jakarta.validation.constraints.NotNull;
import lombok.Data;
@Data
@Schema(description = "Request to update multiple application settings using delta updates")
public class UpdateSettingsRequest {
@NotNull
@NotEmpty
@Schema(
description =
"Map of setting keys to their new values using dot notation. Only changed values need to be included for delta updates.",
example = "{\"system.enableAnalytics\": false, \"ui.appName\": \"My PDF Tool\"}")
private Map<String, Object> settings;
}

18
testing/allEndpointsRemovedSettings.yml
View File

@ -6,7 +6,6 @@
# ___) || | | || _ <| |___ | || |\ | |_| |_____| __/| |_| | _| #
# |____/ |_| |___|_| \_\_____|___|_| \_|\____| |_| |____/|_| #
# #
# Custom setting.yml file with all endpoints disabled to only be used for testing purposes #
# Do not comment out any entry, it will be removed on next startup #
# If you want to override with environment parameter follow parameter naming SECURITY_INITIALLOGIN_USERNAME #
#############################################################################################################
@ -92,7 +91,7 @@ mail:
from: '' # sender email address
legal:
termsAndConditions: https://www.stirlingpdf.com/terms-and-conditions # URL to the terms and conditions of your application (e.g. https://example.com/terms). Empty string to disable or filename to load from local file in static folder
termsAndConditions: https://www.stirlingpdf.com/terms # URL to the terms and conditions of your application (e.g. https://example.com/terms). Empty string to disable or filename to load from local file in static folder
privacyPolicy: https://www.stirlingpdf.com/privacy-policy # URL to the privacy policy of your application (e.g. https://example.com/privacy). Empty string to disable or filename to load from local file in static folder
accessibilityStatement: '' # URL to the accessibility statement of your application (e.g. https://example.com/accessibility). Empty string to disable or filename to load from local file in static folder
cookiePolicy: '' # URL to the cookie policy of your application (e.g. https://example.com/cookie). Empty string to disable or filename to load from local file in static folder
@ -109,6 +108,17 @@ system:
enableAnalytics: true # set to 'true' to enable analytics, set to 'false' to disable analytics; for enterprise users, this is set to true
enableUrlToPDF: false # Set to 'true' to enable URL to PDF, INTERNAL ONLY, known security issues, should not be used externally
disableSanitize: false # set to true to disable Sanitize HTML; (can lead to injections in HTML)
html:
urlSecurity:
enabled: true # Enable URL security restrictions for HTML processing
level: MEDIUM # Security level: MAX (whitelist only), MEDIUM (block internal networks), OFF (no restrictions)
allowedDomains: [] # Whitelist of allowed domains (e.g. ['cdn.example.com', 'images.google.com'])
blockedDomains: [] # Additional domains to block (e.g. ['evil.com', 'malicious.org'])
internalTlds: ['.local', '.internal', '.corp', '.home'] # Block domains with these TLD patterns
blockPrivateNetworks: true # Block RFC 1918 private networks (10.x.x.x, 192.168.x.x, 172.16-31.x.x)
blockLocalhost: true # Block localhost and loopback addresses (127.x.x.x, ::1)
blockLinkLocal: true # Block link-local addresses (169.254.x.x, fe80::/10)
blockCloudMetadata: true # Block cloud provider metadata endpoints (169.254.169.254)
datasource:
enableCustomDatabase: false # Enterprise users ONLY, set this property to 'true' if you would like to use your own custom database configuration
customDatabaseUrl: '' # eg jdbc:postgresql://localhost:5432/postgres, set the url for your own custom database connection. If provided, the type, hostName, port and name are not necessary and will not be used
@ -142,7 +152,7 @@ ui:
appNameNavbar: '' # name displayed on the navigation bar
languages: [] # If empty, all languages are enabled. To display only German and Polish ["de_DE", "pl_PL"]. British English is always enabled.
endpoints: # All the possible endpoints are disabled
endpoints:
toRemove: [crop, merge-pdfs, multi-page-layout, overlay-pdfs, pdf-to-single-page, rearrange-pages, remove-image-pdf, remove-pages, rotate-pdf, scale-pages, split-by-size-or-count, split-pages, split-pdf-by-chapters, split-pdf-by-sections, add-password, add-watermark, auto-redact, cert-sign, get-info-on-pdf, redact, remove-cert-sign, remove-password, sanitize-pdf, validate-signature, file-to-pdf, html-to-pdf, img-to-pdf, markdown-to-pdf, pdf-to-csv, pdf-to-html, pdf-to-img, pdf-to-markdown, pdf-to-pdfa, pdf-to-presentation, pdf-to-text, pdf-to-word, pdf-to-xml, url-to-pdf, add-image, add-page-numbers, add-stamp, auto-rename, auto-split-pdf, compress-pdf, decompress-pdf, extract-image-scans, extract-images, flatten, ocr-pdf, remove-blanks, repair, replace-invert-pdf, show-javascript, update-metadata, filter-contains-image, filter-contains-text, filter-file-size, filter-page-count, filter-page-rotation, filter-page-size, add-attachments] # list endpoints to disable (e.g. ['img-to-pdf', 'remove-pages'])
groupsToRemove: [] # list groups to disable (e.g. ['LibreOffice'])
@ -153,7 +163,7 @@ metrics:
AutomaticallyGenerated:
key: cbb81c0f-50b1-450c-a2b5-89ae527776eb
UUID: 10dd4fba-01fa-4717-9b78-3dc4f54e398a
appVersion: 0.44.3
appVersion: 1.1.0
processExecutor:
sessionLimit: # Process executor instances limits