2023-08-01 00:03:13 +01:00
|
|
|
package stirling.software.SPDF.utils;
|
|
|
|
|
|
2024-12-24 09:52:53 +00:00
|
|
|
import java.io.*;
|
2024-10-14 22:34:41 +01:00
|
|
|
import java.nio.charset.StandardCharsets;
|
|
|
|
|
import java.nio.file.FileVisitResult;
|
2023-08-01 00:03:13 +01:00
|
|
|
import java.nio.file.Files;
|
|
|
|
|
import java.nio.file.Path;
|
2024-10-14 22:34:41 +01:00
|
|
|
import java.nio.file.SimpleFileVisitor;
|
|
|
|
|
import java.nio.file.attribute.BasicFileAttributes;
|
2023-08-01 00:03:13 +01:00
|
|
|
import java.util.ArrayList;
|
|
|
|
|
import java.util.List;
|
|
|
|
|
import java.util.stream.Collectors;
|
|
|
|
|
import java.util.stream.Stream;
|
|
|
|
|
import java.util.zip.ZipEntry;
|
|
|
|
|
import java.util.zip.ZipInputStream;
|
2024-10-14 22:34:41 +01:00
|
|
|
import java.util.zip.ZipOutputStream;
|
2023-08-01 00:03:13 +01:00
|
|
|
|
2024-02-06 00:00:49 +00:00
|
|
|
import io.github.pixee.security.ZipSecurity;
|
|
|
|
|
|
2024-01-28 17:36:17 +00:00
|
|
|
import stirling.software.SPDF.model.api.converters.HTMLToPdfRequest;
|
2023-08-01 00:03:13 +01:00
|
|
|
import stirling.software.SPDF.utils.ProcessExecutor.ProcessExecutorResult;
|
|
|
|
|
|
|
|
|
|
public class FileToPdf {
|
2024-01-09 22:39:21 +00:00
|
|
|
|
|
|
|
|
public static byte[] convertHtmlToPdf(
|
2025-02-23 13:36:21 +00:00
|
|
|
String weasyprintPath,
|
2024-01-28 17:36:17 +00:00
|
|
|
HTMLToPdfRequest request,
|
|
|
|
|
byte[] fileBytes,
|
|
|
|
|
String fileName,
|
2025-02-04 10:18:02 +00:00
|
|
|
boolean disableSanitize)
|
2023-08-01 00:03:13 +01:00
|
|
|
throws IOException, InterruptedException {
|
|
|
|
|
|
|
|
|
|
Path tempOutputFile = Files.createTempFile("output_", ".pdf");
|
|
|
|
|
Path tempInputFile = null;
|
|
|
|
|
byte[] pdfBytes;
|
|
|
|
|
try {
|
|
|
|
|
if (fileName.endsWith(".html")) {
|
|
|
|
|
tempInputFile = Files.createTempFile("input_", ".html");
|
2025-02-04 10:18:02 +00:00
|
|
|
String sanitizedHtml =
|
|
|
|
|
sanitizeHtmlContent(
|
|
|
|
|
new String(fileBytes, StandardCharsets.UTF_8), disableSanitize);
|
2024-10-14 22:34:41 +01:00
|
|
|
Files.write(tempInputFile, sanitizedHtml.getBytes(StandardCharsets.UTF_8));
|
|
|
|
|
} else if (fileName.endsWith(".zip")) {
|
2024-02-09 23:24:25 +00:00
|
|
|
tempInputFile = Files.createTempFile("input_", ".zip");
|
|
|
|
|
Files.write(tempInputFile, fileBytes);
|
2025-02-01 00:36:50 +01:00
|
|
|
sanitizeHtmlFilesInZip(tempInputFile, disableSanitize);
|
2024-10-14 22:34:41 +01:00
|
|
|
} else {
|
|
|
|
|
throw new IllegalArgumentException("Unsupported file format: " + fileName);
|
2023-08-01 00:03:13 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
List<String> command = new ArrayList<>();
|
2025-02-23 13:36:21 +00:00
|
|
|
command.add(weasyprintPath);
|
|
|
|
|
command.add("-e");
|
|
|
|
|
command.add("utf-8");
|
|
|
|
|
command.add("-v");
|
|
|
|
|
command.add(tempInputFile.toString());
|
|
|
|
|
command.add(tempOutputFile.toString());
|
2024-01-10 00:33:07 +00:00
|
|
|
|
2024-10-14 22:34:41 +01:00
|
|
|
ProcessExecutorResult returnCode =
|
2024-02-09 23:24:25 +00:00
|
|
|
ProcessExecutor.getInstance(ProcessExecutor.Processes.WEASYPRINT)
|
|
|
|
|
.runCommandWithOutputHandling(command);
|
2023-08-01 00:03:13 +01:00
|
|
|
|
|
|
|
|
pdfBytes = Files.readAllBytes(tempOutputFile);
|
2024-01-18 23:28:39 +00:00
|
|
|
} catch (IOException e) {
|
|
|
|
|
pdfBytes = Files.readAllBytes(tempOutputFile);
|
|
|
|
|
if (pdfBytes.length < 1) {
|
|
|
|
|
throw e;
|
|
|
|
|
}
|
2023-08-01 00:03:13 +01:00
|
|
|
} finally {
|
2024-05-27 17:53:18 +01:00
|
|
|
Files.deleteIfExists(tempOutputFile);
|
|
|
|
|
Files.deleteIfExists(tempInputFile);
|
2023-12-30 19:11:27 +00:00
|
|
|
}
|
|
|
|
|
|
2023-08-01 00:03:13 +01:00
|
|
|
return pdfBytes;
|
2023-12-30 19:11:27 +00:00
|
|
|
}
|
|
|
|
|
|
2025-02-01 00:36:50 +01:00
|
|
|
private static String sanitizeHtmlContent(String htmlContent, boolean disableSanitize) {
|
|
|
|
|
return (!disableSanitize) ? CustomHtmlSanitizer.sanitize(htmlContent) : htmlContent;
|
2024-10-14 22:34:41 +01:00
|
|
|
}
|
|
|
|
|
|
2025-02-04 10:18:02 +00:00
|
|
|
private static void sanitizeHtmlFilesInZip(Path zipFilePath, boolean disableSanitize)
|
|
|
|
|
throws IOException {
|
2024-10-14 22:34:41 +01:00
|
|
|
Path tempUnzippedDir = Files.createTempDirectory("unzipped_");
|
|
|
|
|
try (ZipInputStream zipIn =
|
|
|
|
|
ZipSecurity.createHardenedInputStream(
|
|
|
|
|
new ByteArrayInputStream(Files.readAllBytes(zipFilePath)))) {
|
|
|
|
|
ZipEntry entry = zipIn.getNextEntry();
|
|
|
|
|
while (entry != null) {
|
2024-11-27 07:16:03 +00:00
|
|
|
Path filePath = tempUnzippedDir.resolve(sanitizeZipFilename(entry.getName()));
|
2024-10-14 22:34:41 +01:00
|
|
|
if (!entry.isDirectory()) {
|
|
|
|
|
Files.createDirectories(filePath.getParent());
|
|
|
|
|
if (entry.getName().toLowerCase().endsWith(".html")
|
|
|
|
|
|| entry.getName().toLowerCase().endsWith(".htm")) {
|
|
|
|
|
String content = new String(zipIn.readAllBytes(), StandardCharsets.UTF_8);
|
2025-02-01 00:36:50 +01:00
|
|
|
String sanitizedContent = sanitizeHtmlContent(content, disableSanitize);
|
2024-10-14 22:34:41 +01:00
|
|
|
Files.write(filePath, sanitizedContent.getBytes(StandardCharsets.UTF_8));
|
|
|
|
|
} else {
|
|
|
|
|
Files.copy(zipIn, filePath);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
zipIn.closeEntry();
|
|
|
|
|
entry = zipIn.getNextEntry();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Repack the sanitized files
|
|
|
|
|
zipDirectory(tempUnzippedDir, zipFilePath);
|
|
|
|
|
|
|
|
|
|
// Clean up
|
|
|
|
|
deleteDirectory(tempUnzippedDir);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private static void zipDirectory(Path sourceDir, Path zipFilePath) throws IOException {
|
|
|
|
|
try (ZipOutputStream zos =
|
|
|
|
|
new ZipOutputStream(new FileOutputStream(zipFilePath.toFile()))) {
|
|
|
|
|
Files.walk(sourceDir)
|
|
|
|
|
.filter(path -> !Files.isDirectory(path))
|
|
|
|
|
.forEach(
|
|
|
|
|
path -> {
|
|
|
|
|
ZipEntry zipEntry =
|
|
|
|
|
new ZipEntry(sourceDir.relativize(path).toString());
|
|
|
|
|
try {
|
|
|
|
|
zos.putNextEntry(zipEntry);
|
|
|
|
|
Files.copy(path, zos);
|
|
|
|
|
zos.closeEntry();
|
|
|
|
|
} catch (IOException e) {
|
|
|
|
|
throw new UncheckedIOException(e);
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private static void deleteDirectory(Path dir) throws IOException {
|
|
|
|
|
Files.walkFileTree(
|
|
|
|
|
dir,
|
|
|
|
|
new SimpleFileVisitor<Path>() {
|
|
|
|
|
@Override
|
|
|
|
|
public FileVisitResult visitFile(Path file, BasicFileAttributes attrs)
|
|
|
|
|
throws IOException {
|
|
|
|
|
Files.delete(file);
|
|
|
|
|
return FileVisitResult.CONTINUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public FileVisitResult postVisitDirectory(Path dir, IOException exc)
|
|
|
|
|
throws IOException {
|
|
|
|
|
Files.delete(dir);
|
|
|
|
|
return FileVisitResult.CONTINUE;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-01 00:03:13 +01:00
|
|
|
private static Path unzipAndGetMainHtml(byte[] fileBytes) throws IOException {
|
|
|
|
|
Path tempDirectory = Files.createTempDirectory("unzipped_");
|
2024-02-06 00:00:49 +00:00
|
|
|
try (ZipInputStream zipIn =
|
|
|
|
|
ZipSecurity.createHardenedInputStream(new ByteArrayInputStream(fileBytes))) {
|
2023-08-01 00:03:13 +01:00
|
|
|
ZipEntry entry = zipIn.getNextEntry();
|
|
|
|
|
while (entry != null) {
|
2024-11-27 07:16:03 +00:00
|
|
|
Path filePath = tempDirectory.resolve(sanitizeZipFilename(entry.getName()));
|
2023-08-01 00:03:13 +01:00
|
|
|
if (entry.isDirectory()) {
|
|
|
|
|
Files.createDirectories(filePath); // Explicitly create the directory structure
|
2023-12-30 19:11:27 +00:00
|
|
|
} else {
|
2023-08-01 00:03:13 +01:00
|
|
|
Files.createDirectories(
|
|
|
|
|
filePath.getParent()); // Create parent directories if they don't exist
|
|
|
|
|
Files.copy(zipIn, filePath);
|
2023-12-30 19:11:27 +00:00
|
|
|
}
|
2023-08-01 00:03:13 +01:00
|
|
|
zipIn.closeEntry();
|
|
|
|
|
entry = zipIn.getNextEntry();
|
2023-12-30 19:11:27 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-02-26 20:25:35 +01:00
|
|
|
// Search for the main HTML file.
|
2023-08-01 00:03:13 +01:00
|
|
|
try (Stream<Path> walk = Files.walk(tempDirectory)) {
|
|
|
|
|
List<Path> htmlFiles =
|
|
|
|
|
walk.filter(file -> file.toString().endsWith(".html"))
|
|
|
|
|
.collect(Collectors.toList());
|
2023-12-30 19:11:27 +00:00
|
|
|
|
2023-08-01 00:03:13 +01:00
|
|
|
if (htmlFiles.isEmpty()) {
|
|
|
|
|
throw new IOException("No HTML files found in the unzipped directory.");
|
2023-12-30 19:11:27 +00:00
|
|
|
}
|
|
|
|
|
|
2023-08-01 00:03:13 +01:00
|
|
|
// Prioritize 'index.html' if it exists, otherwise use the first .html file
|
|
|
|
|
for (Path htmlFile : htmlFiles) {
|
2024-02-02 00:29:18 +00:00
|
|
|
if ("index.html".equals(htmlFile.getFileName().toString())) {
|
2023-08-01 00:03:13 +01:00
|
|
|
return htmlFile;
|
2023-12-30 19:11:27 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-01 00:03:13 +01:00
|
|
|
return htmlFiles.get(0);
|
|
|
|
|
}
|
2023-12-30 19:11:27 +00:00
|
|
|
}
|
2024-01-09 22:39:21 +00:00
|
|
|
|
2024-11-27 07:16:03 +00:00
|
|
|
static String sanitizeZipFilename(String entryName) {
|
|
|
|
|
if (entryName == null || entryName.trim().isEmpty()) {
|
2025-02-26 20:25:35 +01:00
|
|
|
return "";
|
2024-11-27 07:16:03 +00:00
|
|
|
}
|
2025-02-26 20:25:35 +01:00
|
|
|
// Remove any drive letters (e.g., "C:\") and leading forward/backslashes
|
|
|
|
|
entryName = entryName.replaceAll("^[a-zA-Z]:[\\\\/]+", "");
|
|
|
|
|
entryName = entryName.replaceAll("^[\\\\/]+", "");
|
|
|
|
|
|
|
|
|
|
// Recursively remove path traversal sequences
|
2024-11-27 07:16:03 +00:00
|
|
|
while (entryName.contains("../") || entryName.contains("..\\")) {
|
|
|
|
|
entryName = entryName.replace("../", "").replace("..\\", "");
|
|
|
|
|
}
|
2025-02-26 20:25:35 +01:00
|
|
|
// Normalize all backslashes to forward slashes
|
|
|
|
|
entryName = entryName.replaceAll("\\\\", "/");
|
2024-11-27 07:16:03 +00:00
|
|
|
return entryName;
|
|
|
|
|
}
|
2023-08-01 00:03:13 +01:00
|
|
|
}
|
