javier/Stirling-PDF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Introduced protections against "zip slip" attacks

Browse Source
This commit is contained in:
pixeebot[bot]
2024-02-01 22:41:49 +00:00
parent 68d390e633
commit e20f4fe31a
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java
View File

@@ -1,5 +1,6 @@
package stirling.software.SPDF.controller.api.pipeline;
import io.github.pixee.security.ZipSecurity;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
@@ -356,7 +357,7 @@ public class PipelineProcessor {
List<Resource> unzippedFiles = new ArrayList<>();
try (ByteArrayInputStream bais = new ByteArrayInputStream(data);
ZipInputStream zis = new ZipInputStream(bais)) {
ZipInputStream zis = ZipSecurity.createHardenedInputStream(bais)) {
ZipEntry entry;
while ((entry = zis.getNextEntry()) != null) {