javier/Stirling-PDF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Introduced protections against "zip slip" attacks

Browse Source
This commit is contained in:
pixeebot[bot]
2024-02-01 22:41:49 +00:00
parent 68d390e633
commit e20f4fe31a
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/stirling/software/SPDF/utils/FileToPdf.java
View File

@@ -1,5 +1,6 @@
package stirling.software.SPDF.utils;
import io.github.pixee.security.ZipSecurity;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
@@ -144,7 +145,7 @@ public class FileToPdf {
private static Path unzipAndGetMainHtml(byte[] fileBytes) throws IOException {
Path tempDirectory = Files.createTempDirectory("unzipped_");
try (ZipInputStream zipIn = new ZipInputStream(new ByteArrayInputStream(fileBytes))) {
try (ZipInputStream zipIn = ZipSecurity.createHardenedInputStream(new ByteArrayInputStream(fileBytes))) {
ZipEntry entry = zipIn.getNextEntry();
while (entry != null) {
Path filePath = tempDirectory.resolve(entry.getName());