diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java index 2466a0007..82dcc2bc5 100644 --- a/app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java +++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java @@ -1,6 +1,7 @@ package stirling.software.SPDF.controller.api.converters; import java.io.ByteArrayOutputStream; +import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.net.URLConnection; @@ -87,7 +88,7 @@ public class ConvertImgPDFController { // returns bytes for image boolean singleImage = "single".equals(singleOrMultiple); String filename = - Filenames.toSimpleFileName(file.getOriginalFilename()) + Filenames.toSimpleFileName(new File(file.getOriginalFilename()).getName()) .replaceFirst("[.][^.]+$", ""); result = @@ -231,7 +232,7 @@ public class ConvertImgPDFController { PdfUtils.imageToPdf(file, fitOption, autoRotate, colorType, pdfDocumentFactory); return WebResponseUtils.bytesToWebResponse( bytes, - file[0].getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_converted.pdf"); + new File(file[0].getOriginalFilename()).getName().replaceFirst("[.][^.]+$", "") + "_converted.pdf"); } private String getMediaType(String imageFormat) { diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/PrintFileController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/PrintFileController.java index 79140c571..e572432df 100644 --- a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/PrintFileController.java +++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/PrintFileController.java @@ -7,6 +7,7 @@ import java.awt.print.Printable; import java.awt.print.PrinterException; import java.awt.print.PrinterJob; import java.io.IOException; +import java.nio.file.Paths; import java.util.Arrays; import javax.imageio.ImageIO; @@ -45,6 +46,10 @@ public class PrintFileController { public ResponseEntity printFile(@ModelAttribute PrintFileRequest request) throws IOException { MultipartFile file = request.getFileInput(); + String originalFilename = file.getOriginalFilename(); + if (originalFilename != null && (originalFilename.contains("..") || Paths.get(originalFilename).isAbsolute())) { + throw new IOException("Invalid file path detected: " + originalFilename); + } String printerName = request.getPrinterName(); String contentType = file.getContentType(); try { diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java index bdf27c519..a784b0f39 100644 --- a/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java +++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java @@ -42,6 +42,7 @@ import stirling.software.common.service.CustomPDFDocumentFactory; import stirling.software.common.util.TempFile; import stirling.software.common.util.TempFileManager; import stirling.software.common.util.WebResponseUtils; +import java.lang.IllegalArgumentException; @RestController @RequestMapping("/api/v1/misc") @@ -62,9 +63,18 @@ public class StampController { public ResponseEntity addStamp(@ModelAttribute AddStampRequest request) throws IOException, Exception { MultipartFile pdfFile = request.getFileInput(); + String pdfFileName = pdfFile.getOriginalFilename(); + if (pdfFileName.contains("..") || pdfFileName.startsWith("/")) { + throw new IllegalArgumentException("Invalid PDF file path"); + } + String stampType = request.getStampType(); String stampText = request.getStampText(); MultipartFile stampImage = request.getStampImage(); + String stampImageName = stampImage.getOriginalFilename(); + if (stampImageName.contains("..") || stampImageName.startsWith("/")) { + throw new IllegalArgumentException("Invalid stamp image file path"); + } String alphabet = request.getAlphabet(); float fontSize = request.getFontSize(); float rotation = request.getRotation(); diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java index 5c1fd5f4a..d79105c26 100644 --- a/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java +++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java @@ -108,7 +108,9 @@ public class PipelineProcessor { if (inputFileTypes == null) { inputFileTypes = new ArrayList(Arrays.asList("ALL")); } - // List outputFileTypes = apiDocService.getExtensionTypes(true, operation); + if (!operation.matches("^[a-zA-Z0-9_-]+$")) { + throw new IllegalArgumentException("Invalid operation value received."); + } String url = getBaseUrl() + operation; List newOutputFiles = new ArrayList<>(); if (!isMultiInputOperation) { @@ -327,6 +329,10 @@ public class PipelineProcessor { } List outputFiles = new ArrayList<>(); for (File file : files) { + Path normalizedPath = Paths.get(file.getName()).normalize(); + if (normalizedPath.startsWith("..")) { + throw new SecurityException("Potential path traversal attempt in file name: " + file.getName()); + } Path path = Paths.get(file.getAbsolutePath()); // debug statement log.info("Reading file: " + path); diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java index 47a53a4f9..fd5a9b288 100644 --- a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java +++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java @@ -74,9 +74,19 @@ public class WatermarkController { public ResponseEntity addWatermark(@ModelAttribute AddWatermarkRequest request) throws IOException, Exception { MultipartFile pdfFile = request.getFileInput(); + String pdfFileName = pdfFile.getOriginalFilename(); + if (pdfFileName != null && (pdfFileName.contains("..") || pdfFileName.startsWith("/"))) { + throw new SecurityException("Invalid file path in pdfFile"); + } String watermarkType = request.getWatermarkType(); String watermarkText = request.getWatermarkText(); MultipartFile watermarkImage = request.getWatermarkImage(); + if (watermarkImage != null) { + String watermarkImageFileName = watermarkImage.getOriginalFilename(); + if (watermarkImageFileName != null && (watermarkImageFileName.contains("..") || watermarkImageFileName.startsWith("/"))) { + throw new SecurityException("Invalid file path in watermarkImage"); + } + } String alphabet = request.getAlphabet(); float fontSize = request.getFontSize(); float rotation = request.getRotation();