Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-09-08 17:51:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Introduced protections against "zip slip" attacks

Browse Source
This commit is contained in:
pixeebot[bot] 2025-07-10 15:32:14 +00:00 committed by GitHub
parent 624e04a783
commit d7d44ea06b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
common/src/main/java/stirling/software/common/service/TaskManager.java
View File

@ -1,5 +1,6 @@
package stirling.software.common.service; package stirling.software.common.service;
import io.github.pixee.security.ZipSecurity;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
@ -360,7 +361,7 @@ public class TaskManager {
MultipartFile zipFile = fileStorage.retrieveFile(zipFileId); MultipartFile zipFile = fileStorage.retrieveFile(zipFileId);
try (ZipInputStream zipIn = try (ZipInputStream zipIn =
new ZipInputStream(new ByteArrayInputStream(zipFile.getBytes()))) { ZipSecurity.createHardenedInputStream(new ByteArrayInputStream(zipFile.getBytes()))) {
ZipEntry entry; ZipEntry entry;
while ((entry = zipIn.getNextEntry()) != null) { while ((entry = zipIn.getNextEntry()) != null) {
if (!entry.isDirectory()) { if (!entry.isDirectory()) {