Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hardening suggestions for Stirling-PDF / decrypt #1542

Closed
wants to merge 1 commit into from

Conversation

pixeebot[bot]
Copy link
Contributor

@pixeebot pixeebot bot commented Jul 7, 2024

I've reviewed the recently opened PR (1541 - auto decrypt, update discord, fix multi file support for some inputs) and have identified some area(s) that could benefit from additional hardening measures.

These changes should help prevent potential security vulnerabilities and improve overall code quality.

Thank you for your consideration!
🧚🤖 Powered by Pixeebot

Feedback | Community | Docs

@pixeebot pixeebot bot requested a review from Frooodle as a code owner July 7, 2024 21:52
@pixeebot pixeebot bot requested a review from Frooodle July 7, 2024 21:52
@@ -68,6 +68,7 @@ public ResponseEntity<byte[]> addPassword(@ModelAttribute AddPasswordRequest req
boolean canModifyAnnotations = request.isCanModifyAnnotations();
boolean canPrint = request.isCanPrint();
boolean canPrintFaithful = request.isCanPrintFaithful();
System.out.println(Filenames.toSimpleFileName(fileInput.getOriginalFilename()));
PDDocument document = Loader.loadPDF(fileInput.getBytes());
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrapped the file name with a sanitizer call that takes out path escaping characters

@github-actions github-actions bot added the Java Pull requests that update Java code label Jul 7, 2024
@Frooodle Frooodle closed this Jul 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Java Pull requests that update Java code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant