Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-08-02 13:48:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into add_reviewer_bot

Browse Source
This commit is contained in:
Ludy 2025-07-20 16:37:49 +02:00 committed by GitHub
commit f9271eb3a3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 38 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/CODEOWNERS vendored
View File

@ -1,2 +1,2 @@
# All PRs to V1 must be approved by Frooodle # All PRs to V1 must be approved by Frooodle
* @Frooodle @reecebrowne @Ludy87 @DarioGii @ConnorYoh * @Frooodle @reecebrowne @Ludy87 @DarioGii @ConnorYoh @EthanHealy01

3
.github/config/repo_devs.json vendored
View File

@ -7,7 +7,8 @@
"sbplat", "sbplat",
"reecebrowne", "reecebrowne",
"DarioGii", "DarioGii",
"ConnorYoh" "ConnorYoh",
"EthanHealy01"
], ],
"repo_devs_reviewers": [ "repo_devs_reviewers": [
"Frooodle" "Frooodle"

5
app/core/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java
View File

@ -1,6 +1,7 @@
package stirling.software.SPDF.controller.api.converters; package stirling.software.SPDF.controller.api.converters;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.net.URLConnection; import java.net.URLConnection;
@ -87,7 +88,7 @@ public class ConvertImgPDFController {
// returns bytes for image // returns bytes for image
boolean singleImage = "single".equals(singleOrMultiple); boolean singleImage = "single".equals(singleOrMultiple);
String filename = String filename =
Filenames.toSimpleFileName(file.getOriginalFilename()) Filenames.toSimpleFileName(new File(file.getOriginalFilename()).getName())
.replaceFirst("[.][^.]+$", ""); .replaceFirst("[.][^.]+$", "");
result = result =
@ -231,7 +232,7 @@ public class ConvertImgPDFController {
PdfUtils.imageToPdf(file, fitOption, autoRotate, colorType, pdfDocumentFactory); PdfUtils.imageToPdf(file, fitOption, autoRotate, colorType, pdfDocumentFactory);
return WebResponseUtils.bytesToWebResponse( return WebResponseUtils.bytesToWebResponse(
bytes, bytes,
file[0].getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_converted.pdf"); new File(file[0].getOriginalFilename()).getName().replaceFirst("[.][^.]+$", "") + "_converted.pdf");
} }
private String getMediaType(String imageFormat) { private String getMediaType(String imageFormat) {

5
app/core/src/main/java/stirling/software/SPDF/controller/api/misc/PrintFileController.java
View File

@ -7,6 +7,7 @@ import java.awt.print.Printable;
import java.awt.print.PrinterException; import java.awt.print.PrinterException;
import java.awt.print.PrinterJob; import java.awt.print.PrinterJob;
import java.io.IOException; import java.io.IOException;
import java.nio.file.Paths;
import java.util.Arrays; import java.util.Arrays;
import javax.imageio.ImageIO; import javax.imageio.ImageIO;
@ -45,6 +46,10 @@ public class PrintFileController {
public ResponseEntity<String> printFile(@ModelAttribute PrintFileRequest request) public ResponseEntity<String> printFile(@ModelAttribute PrintFileRequest request)
throws IOException { throws IOException {
MultipartFile file = request.getFileInput(); MultipartFile file = request.getFileInput();
String originalFilename = file.getOriginalFilename();
if (originalFilename != null && (originalFilename.contains("..") || Paths.get(originalFilename).isAbsolute())) {
throw new IOException("Invalid file path detected: " + originalFilename);
}
String printerName = request.getPrinterName(); String printerName = request.getPrinterName();
String contentType = file.getContentType(); String contentType = file.getContentType();
try { try {

10
app/core/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java
View File

@ -42,6 +42,7 @@ import stirling.software.common.service.CustomPDFDocumentFactory;
import stirling.software.common.util.TempFile; import stirling.software.common.util.TempFile;
import stirling.software.common.util.TempFileManager; import stirling.software.common.util.TempFileManager;
import stirling.software.common.util.WebResponseUtils; import stirling.software.common.util.WebResponseUtils;
import java.lang.IllegalArgumentException;
@RestController @RestController
@RequestMapping("/api/v1/misc") @RequestMapping("/api/v1/misc")
@ -62,9 +63,18 @@ public class StampController {
public ResponseEntity<byte[]> addStamp(@ModelAttribute AddStampRequest request) public ResponseEntity<byte[]> addStamp(@ModelAttribute AddStampRequest request)
throws IOException, Exception { throws IOException, Exception {
MultipartFile pdfFile = request.getFileInput(); MultipartFile pdfFile = request.getFileInput();
String pdfFileName = pdfFile.getOriginalFilename();
if (pdfFileName.contains("..") || pdfFileName.startsWith("/")) {
throw new IllegalArgumentException("Invalid PDF file path");
}
String stampType = request.getStampType(); String stampType = request.getStampType();
String stampText = request.getStampText(); String stampText = request.getStampText();
MultipartFile stampImage = request.getStampImage(); MultipartFile stampImage = request.getStampImage();
String stampImageName = stampImage.getOriginalFilename();
if (stampImageName.contains("..") || stampImageName.startsWith("/")) {
throw new IllegalArgumentException("Invalid stamp image file path");
}
String alphabet = request.getAlphabet(); String alphabet = request.getAlphabet();
float fontSize = request.getFontSize(); float fontSize = request.getFontSize();
float rotation = request.getRotation(); float rotation = request.getRotation();

8
app/core/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java
View File

@ -108,7 +108,9 @@ public class PipelineProcessor {
if (inputFileTypes == null) { if (inputFileTypes == null) {
inputFileTypes = new ArrayList<String>(Arrays.asList("ALL")); inputFileTypes = new ArrayList<String>(Arrays.asList("ALL"));
} }
// List outputFileTypes = apiDocService.getExtensionTypes(true, operation); if (!operation.matches("^[a-zA-Z0-9_-]+$")) {
throw new IllegalArgumentException("Invalid operation value received.");
}
String url = getBaseUrl() + operation; String url = getBaseUrl() + operation;
List<Resource> newOutputFiles = new ArrayList<>(); List<Resource> newOutputFiles = new ArrayList<>();
if (!isMultiInputOperation) { if (!isMultiInputOperation) {
@ -327,6 +329,10 @@ public class PipelineProcessor {
} }
List<Resource> outputFiles = new ArrayList<>(); List<Resource> outputFiles = new ArrayList<>();
for (File file : files) { for (File file : files) {
Path normalizedPath = Paths.get(file.getName()).normalize();
if (normalizedPath.startsWith("..")) {
throw new SecurityException("Potential path traversal attempt in file name: " + file.getName());
}
Path path = Paths.get(file.getAbsolutePath()); Path path = Paths.get(file.getAbsolutePath());
// debug statement // debug statement
log.info("Reading file: " + path); log.info("Reading file: " + path);

10
app/core/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java
View File

@ -74,9 +74,19 @@ public class WatermarkController {
public ResponseEntity<byte[]> addWatermark(@ModelAttribute AddWatermarkRequest request) public ResponseEntity<byte[]> addWatermark(@ModelAttribute AddWatermarkRequest request)
throws IOException, Exception { throws IOException, Exception {
MultipartFile pdfFile = request.getFileInput(); MultipartFile pdfFile = request.getFileInput();
String pdfFileName = pdfFile.getOriginalFilename();
if (pdfFileName != null && (pdfFileName.contains("..") || pdfFileName.startsWith("/"))) {
throw new SecurityException("Invalid file path in pdfFile");
}
String watermarkType = request.getWatermarkType(); String watermarkType = request.getWatermarkType();
String watermarkText = request.getWatermarkText(); String watermarkText = request.getWatermarkText();
MultipartFile watermarkImage = request.getWatermarkImage(); MultipartFile watermarkImage = request.getWatermarkImage();
if (watermarkImage != null) {
String watermarkImageFileName = watermarkImage.getOriginalFilename();
if (watermarkImageFileName != null && (watermarkImageFileName.contains("..") || watermarkImageFileName.startsWith("/"))) {
throw new SecurityException("Invalid file path in watermarkImage");
}
}
String alphabet = request.getAlphabet(); String alphabet = request.getAlphabet();
float fontSize = request.getFontSize(); float fontSize = request.getFontSize();
float rotation = request.getRotation(); float rotation = request.getRotation();