From c8dfe10a7c7cdc4a361565c8c566b7cf0159eae0 Mon Sep 17 00:00:00 2001 From: "pixeebot[bot]" <23113631+pixeebot@users.noreply.github.com> Date: Thu, 1 Feb 2024 23:48:27 +0000 Subject: [PATCH] Sanitized user-provided file names in HTTP multipart uploads --- .../SPDF/controller/api/MultiPageLayoutController.java | 3 ++- .../software/SPDF/controller/api/PdfOverlayController.java | 3 ++- .../SPDF/controller/api/RearrangePagesPDFController.java | 5 +++-- .../software/SPDF/controller/api/RotationController.java | 3 ++- .../software/SPDF/controller/api/ScalePagesController.java | 3 ++- .../software/SPDF/controller/api/SplitPDFController.java | 3 ++- .../SPDF/controller/api/SplitPdfBySectionsController.java | 3 ++- .../SPDF/controller/api/SplitPdfBySizeController.java | 3 ++- .../api/converters/ConvertBookToPDFController.java | 3 ++- .../SPDF/controller/api/converters/ConvertHtmlToPDF.java | 3 ++- .../controller/api/converters/ConvertImgPDFController.java | 3 ++- .../controller/api/converters/ConvertMarkdownToPdf.java | 3 ++- .../controller/api/converters/ConvertOfficeController.java | 5 +++-- .../api/converters/ConvertPDFToBookController.java | 3 ++- .../SPDF/controller/api/converters/ConvertPDFToPDFA.java | 3 ++- .../SPDF/controller/api/filters/FilterController.java | 5 +++-- .../SPDF/controller/api/misc/AutoRenameController.java | 3 ++- .../SPDF/controller/api/misc/AutoSplitPdfController.java | 3 ++- .../SPDF/controller/api/misc/BlankPageController.java | 3 ++- .../SPDF/controller/api/misc/CompressController.java | 3 ++- .../SPDF/controller/api/misc/ExtractImagesController.java | 3 ++- .../SPDF/controller/api/misc/FakeScanControllerWIP.java | 3 ++- .../SPDF/controller/api/misc/MetadataController.java | 3 ++- .../software/SPDF/controller/api/misc/OCRController.java | 5 +++-- .../SPDF/controller/api/misc/OverlayImageController.java | 3 ++- .../SPDF/controller/api/misc/PageNumbersController.java | 5 +++-- .../SPDF/controller/api/misc/RepairController.java | 3 ++- .../software/SPDF/controller/api/misc/ShowJavascript.java | 3 ++- .../software/SPDF/controller/api/misc/StampController.java | 3 ++- .../SPDF/controller/api/pipeline/PipelineProcessor.java | 3 ++- .../SPDF/controller/api/security/CertSignController.java | 3 ++- .../SPDF/controller/api/security/PasswordController.java | 7 ++++--- .../SPDF/controller/api/security/RedactController.java | 3 ++- .../SPDF/controller/api/security/SanitizeController.java | 3 ++- .../SPDF/controller/api/security/WatermarkController.java | 3 ++- src/main/java/stirling/software/SPDF/utils/PDFToFile.java | 3 ++- src/main/java/stirling/software/SPDF/utils/PdfUtils.java | 3 ++- .../stirling/software/SPDF/utils/WebResponseUtils.java | 3 ++- 38 files changed, 83 insertions(+), 45 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/controller/api/MultiPageLayoutController.java b/src/main/java/stirling/software/SPDF/controller/api/MultiPageLayoutController.java index ee6c2789..b4949a58 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/MultiPageLayoutController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/MultiPageLayoutController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api; +import io.github.pixee.security.Filenames; import java.awt.Color; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -136,6 +137,6 @@ public class MultiPageLayoutController { byte[] result = baos.toByteArray(); return WebResponseUtils.bytesToWebResponse( result, - file.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_layoutChanged.pdf"); + Filenames.toSimpleFileName(file.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_layoutChanged.pdf"); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/PdfOverlayController.java b/src/main/java/stirling/software/SPDF/controller/api/PdfOverlayController.java index 05cf1263..ab96d01e 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/PdfOverlayController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/PdfOverlayController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api; +import io.github.pixee.security.Filenames; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; @@ -75,7 +76,7 @@ public class PdfOverlayController { overlay.overlay(overlayGuide).save(outputStream); byte[] data = outputStream.toByteArray(); String outputFilename = - baseFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + Filenames.toSimpleFileName(baseFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_overlayed.pdf"; // Remove file extension and append .pdf return WebResponseUtils.bytesToWebResponse( diff --git a/src/main/java/stirling/software/SPDF/controller/api/RearrangePagesPDFController.java b/src/main/java/stirling/software/SPDF/controller/api/RearrangePagesPDFController.java index 1737d543..3074f9f8 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/RearrangePagesPDFController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/RearrangePagesPDFController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api; +import io.github.pixee.security.Filenames; import java.io.IOException; import java.util.ArrayList; import java.util.List; @@ -57,7 +58,7 @@ public class RearrangePagesPDFController { } return WebResponseUtils.pdfDocToWebResponse( document, - pdfFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_removed_pages.pdf"); + Filenames.toSimpleFileName(pdfFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_removed_pages.pdf"); } private List removeFirst(int totalPages) { @@ -211,7 +212,7 @@ public class RearrangePagesPDFController { return WebResponseUtils.pdfDocToWebResponse( document, - pdfFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + Filenames.toSimpleFileName(pdfFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_rearranged.pdf"); } catch (IOException e) { logger.error("Failed rearranging documents", e); diff --git a/src/main/java/stirling/software/SPDF/controller/api/RotationController.java b/src/main/java/stirling/software/SPDF/controller/api/RotationController.java index 6f8613f8..609e20f8 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/RotationController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/RotationController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api; +import io.github.pixee.security.Filenames; import java.io.IOException; import org.apache.pdfbox.Loader; @@ -49,6 +50,6 @@ public class RotationController { return WebResponseUtils.pdfDocToWebResponse( document, - pdfFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_rotated.pdf"); + Filenames.toSimpleFileName(pdfFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_rotated.pdf"); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/ScalePagesController.java b/src/main/java/stirling/software/SPDF/controller/api/ScalePagesController.java index da55bad5..03994321 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/ScalePagesController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/ScalePagesController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api; +import io.github.pixee.security.Filenames; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.HashMap; @@ -112,6 +113,6 @@ public class ScalePagesController { return WebResponseUtils.bytesToWebResponse( baos.toByteArray(), - file.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_scaled.pdf"); + Filenames.toSimpleFileName(file.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_scaled.pdf"); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/SplitPDFController.java b/src/main/java/stirling/software/SPDF/controller/api/SplitPDFController.java index 3dbb9335..c218788a 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/SplitPDFController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/SplitPDFController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api; +import io.github.pixee.security.Filenames; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.file.Files; @@ -83,7 +84,7 @@ public class SplitPDFController { Path zipFile = Files.createTempFile("split_documents", ".zip"); - String filename = file.getOriginalFilename().replaceFirst("[.][^.]+$", ""); + String filename = Filenames.toSimpleFileName(file.getOriginalFilename()).replaceFirst("[.][^.]+$", ""); try (ZipOutputStream zipOut = new ZipOutputStream(Files.newOutputStream(zipFile))) { // loop through the split documents and write them to the zip file for (int i = 0; i < splitDocumentsBoas.size(); i++) { diff --git a/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySectionsController.java b/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySectionsController.java index 90418169..2951a73e 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySectionsController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySectionsController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api; +import io.github.pixee.security.Filenames; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.file.Files; @@ -64,7 +65,7 @@ public class SplitPdfBySectionsController { sourceDocument.close(); Path zipFile = Files.createTempFile("split_documents", ".zip"); - String filename = file.getOriginalFilename().replaceFirst("[.][^.]+$", ""); + String filename = Filenames.toSimpleFileName(file.getOriginalFilename()).replaceFirst("[.][^.]+$", ""); byte[] data; try (ZipOutputStream zipOut = new ZipOutputStream(Files.newOutputStream(zipFile))) { diff --git a/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySizeController.java b/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySizeController.java index 4bfde843..eb2cfa28 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySizeController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/SplitPdfBySizeController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api; +import io.github.pixee.security.Filenames; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.file.Files; @@ -120,7 +121,7 @@ public class SplitPdfBySizeController { sourceDocument.close(); Path zipFile = Files.createTempFile("split_documents", ".zip"); - String filename = file.getOriginalFilename().replaceFirst("[.][^.]+$", ""); + String filename = Filenames.toSimpleFileName(file.getOriginalFilename()).replaceFirst("[.][^.]+$", ""); byte[] data; try (ZipOutputStream zipOut = new ZipOutputStream(Files.newOutputStream(zipFile))) { diff --git a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertBookToPDFController.java b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertBookToPDFController.java index 453f8e6e..a266e871 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertBookToPDFController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertBookToPDFController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.converters; +import io.github.pixee.security.Filenames; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.ResponseEntity; @@ -43,7 +44,7 @@ public class ConvertBookToPDFController { throw new IllegalArgumentException("Please provide a file for conversion."); } - String originalFilename = fileInput.getOriginalFilename(); + String originalFilename = Filenames.toSimpleFileName(fileInput.getOriginalFilename()); if (originalFilename != null) { String originalFilenameLower = originalFilename.toLowerCase(); diff --git a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertHtmlToPDF.java b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertHtmlToPDF.java index 9e1d4fb9..2cf79992 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertHtmlToPDF.java +++ b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertHtmlToPDF.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.converters; +import io.github.pixee.security.Filenames; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.ResponseEntity; @@ -39,7 +40,7 @@ public class ConvertHtmlToPDF { "Please provide an HTML or ZIP file for conversion."); } - String originalFilename = fileInput.getOriginalFilename(); + String originalFilename = Filenames.toSimpleFileName(fileInput.getOriginalFilename()); if (originalFilename == null || (!originalFilename.endsWith(".html") && !originalFilename.endsWith(".zip"))) { throw new IllegalArgumentException("File must be either .html or .zip format."); diff --git a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java index a4f8a98d..548e4937 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertImgPDFController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.converters; +import io.github.pixee.security.Filenames; import java.io.IOException; import java.net.URLConnection; @@ -56,7 +57,7 @@ public class ConvertImgPDFController { // returns bytes for image boolean singleImage = singleOrMultiple.equals("single"); byte[] result = null; - String filename = file.getOriginalFilename().replaceFirst("[.][^.]+$", ""); + String filename = Filenames.toSimpleFileName(file.getOriginalFilename()).replaceFirst("[.][^.]+$", ""); try { result = PdfUtils.convertFromPdf( diff --git a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertMarkdownToPdf.java b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertMarkdownToPdf.java index 12fc9097..39710ea0 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertMarkdownToPdf.java +++ b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertMarkdownToPdf.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.converters; +import io.github.pixee.security.Filenames; import java.util.List; import java.util.Map; @@ -48,7 +49,7 @@ public class ConvertMarkdownToPdf { throw new IllegalArgumentException("Please provide a Markdown file for conversion."); } - String originalFilename = fileInput.getOriginalFilename(); + String originalFilename = Filenames.toSimpleFileName(fileInput.getOriginalFilename()); if (originalFilename == null || !originalFilename.endsWith(".md")) { throw new IllegalArgumentException("File must be in .md format."); } diff --git a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertOfficeController.java b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertOfficeController.java index ebc9f4f5..ce3d9fe9 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertOfficeController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertOfficeController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.converters; +import io.github.pixee.security.Filenames; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; @@ -31,7 +32,7 @@ public class ConvertOfficeController { public byte[] convertToPdf(MultipartFile inputFile) throws IOException, InterruptedException { // Check for valid file extension - String originalFilename = inputFile.getOriginalFilename(); + String originalFilename = Filenames.toSimpleFileName(inputFile.getOriginalFilename()); if (originalFilename == null || !isValidFileExtension(FilenameUtils.getExtension(originalFilename))) { throw new IllegalArgumentException("Invalid file extension"); @@ -89,7 +90,7 @@ public class ConvertOfficeController { byte[] pdfByteArray = convertToPdf(inputFile); return WebResponseUtils.bytesToWebResponse( pdfByteArray, - inputFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + Filenames.toSimpleFileName(inputFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_convertedToPDF.pdf"); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertPDFToBookController.java b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertPDFToBookController.java index 1ee09d9e..9711fc5e 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertPDFToBookController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertPDFToBookController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.converters; +import io.github.pixee.security.Filenames; import java.nio.file.Files; import java.nio.file.Path; import java.util.ArrayList; @@ -92,7 +93,7 @@ public class ConvertPDFToBookController { } String outputFilename = - fileInput.getOriginalFilename().replaceFirst("[.][^.]+$", "") + Filenames.toSimpleFileName(fileInput.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "." + outputFormat; // Remove file extension and append .pdf diff --git a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertPDFToPDFA.java b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertPDFToPDFA.java index ac8ce031..5de8ee9a 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertPDFToPDFA.java +++ b/src/main/java/stirling/software/SPDF/controller/api/converters/ConvertPDFToPDFA.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.converters; +import io.github.pixee.security.Filenames; import java.nio.file.Files; import java.nio.file.Path; import java.util.ArrayList; @@ -63,7 +64,7 @@ public class ConvertPDFToPDFA { // Return the optimized PDF as a response String outputFilename = - inputFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_PDFA.pdf"; + Filenames.toSimpleFileName(inputFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_PDFA.pdf"; return WebResponseUtils.bytesToWebResponse(pdfBytes, outputFilename); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/filters/FilterController.java b/src/main/java/stirling/software/SPDF/controller/api/filters/FilterController.java index 370aa6d7..6326cf19 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/filters/FilterController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/filters/FilterController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.filters; +import io.github.pixee.security.Filenames; import java.io.IOException; import org.apache.pdfbox.Loader; @@ -43,7 +44,7 @@ public class FilterController { PDDocument pdfDocument = Loader.loadPDF(inputFile.getBytes()); if (PdfUtils.hasText(pdfDocument, pageNumber, text)) return WebResponseUtils.pdfDocToWebResponse( - pdfDocument, inputFile.getOriginalFilename()); + pdfDocument, Filenames.toSimpleFileName(inputFile.getOriginalFilename())); return null; } @@ -60,7 +61,7 @@ public class FilterController { PDDocument pdfDocument = Loader.loadPDF(inputFile.getBytes()); if (PdfUtils.hasImages(pdfDocument, pageNumber)) return WebResponseUtils.pdfDocToWebResponse( - pdfDocument, inputFile.getOriginalFilename()); + pdfDocument, Filenames.toSimpleFileName(inputFile.getOriginalFilename())); return null; } diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/AutoRenameController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/AutoRenameController.java index 9a78e4d1..9000658c 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/AutoRenameController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/AutoRenameController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.io.IOException; import java.util.ArrayList; import java.util.Comparator; @@ -133,7 +134,7 @@ public class AutoRenameController { return WebResponseUtils.pdfDocToWebResponse(document, header + ".pdf"); } else { logger.info("File has no good title to be found"); - return WebResponseUtils.pdfDocToWebResponse(document, file.getOriginalFilename()); + return WebResponseUtils.pdfDocToWebResponse(document, Filenames.toSimpleFileName(file.getOriginalFilename())); } } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/AutoSplitPdfController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/AutoSplitPdfController.java index 8b095358..da162d85 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/AutoSplitPdfController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/AutoSplitPdfController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.awt.image.BufferedImage; import java.awt.image.DataBufferByte; import java.awt.image.DataBufferInt; @@ -97,7 +98,7 @@ public class AutoSplitPdfController { document.close(); Path zipFile = Files.createTempFile("split_documents", ".zip"); - String filename = file.getOriginalFilename().replaceFirst("[.][^.]+$", ""); + String filename = Filenames.toSimpleFileName(file.getOriginalFilename()).replaceFirst("[.][^.]+$", ""); byte[] data; try (ZipOutputStream zipOut = new ZipOutputStream(Files.newOutputStream(zipFile))) { diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/BlankPageController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/BlankPageController.java index 21e5987b..34664a3b 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/BlankPageController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/BlankPageController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.awt.image.BufferedImage; import java.io.IOException; import java.nio.file.Files; @@ -131,7 +132,7 @@ public class BlankPageController { return WebResponseUtils.pdfDocToWebResponse( document, - inputFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + Filenames.toSimpleFileName(inputFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_blanksRemoved.pdf"); } catch (IOException e) { e.printStackTrace(); diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/CompressController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/CompressController.java index 2b8a1541..c1b4a996 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/CompressController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/CompressController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.awt.Image; import java.awt.image.BufferedImage; import java.io.ByteArrayInputStream; @@ -264,7 +265,7 @@ public class CompressController { // Return the optimized PDF as a response String outputFilename = - inputFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_Optimized.pdf"; + Filenames.toSimpleFileName(inputFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_Optimized.pdf"; return WebResponseUtils.bytesToWebResponse(pdfBytes, outputFilename); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/ExtractImagesController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/ExtractImagesController.java index 2ebc8f6c..24e7262c 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/ExtractImagesController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/ExtractImagesController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.awt.Graphics2D; import java.awt.Image; import java.awt.image.BufferedImage; @@ -66,7 +67,7 @@ public class ExtractImagesController { zos.setLevel(Deflater.BEST_COMPRESSION); int imageIndex = 1; - String filename = file.getOriginalFilename().replaceFirst("[.][^.]+$", ""); + String filename = Filenames.toSimpleFileName(file.getOriginalFilename()).replaceFirst("[.][^.]+$", ""); int pageNum = 0; Set processedImages = new HashSet<>(); // Iterate over each page diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/FakeScanControllerWIP.java b/src/main/java/stirling/software/SPDF/controller/api/misc/FakeScanControllerWIP.java index cf719f56..8fb4af43 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/FakeScanControllerWIP.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/FakeScanControllerWIP.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.awt.Color; import java.awt.geom.AffineTransform; import java.awt.image.AffineTransformOp; @@ -141,7 +142,7 @@ public class FakeScanControllerWIP { // Return the optimized PDF as a response String outputFilename = - inputFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_scanned.pdf"; + Filenames.toSimpleFileName(inputFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_scanned.pdf"; return WebResponseUtils.boasToWebResponse(baos, outputFilename); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/MetadataController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/MetadataController.java index a5eb95ca..97119404 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/MetadataController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/MetadataController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.io.IOException; import java.text.ParseException; import java.text.SimpleDateFormat; @@ -164,6 +165,6 @@ public class MetadataController { document.setDocumentInformation(info); return WebResponseUtils.pdfDocToWebResponse( document, - pdfFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_metadata.pdf"); + Filenames.toSimpleFileName(pdfFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_metadata.pdf"); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java index 21cf2b1c..685a6526 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/OCRController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -182,12 +183,12 @@ public class OCRController { // Return the OCR processed PDF as a response String outputFilename = - inputFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_OCR.pdf"; + Filenames.toSimpleFileName(inputFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_OCR.pdf"; if (sidecar != null && sidecar) { // Create a zip file containing both the PDF and the text file String outputZipFilename = - inputFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_OCR.zip"; + Filenames.toSimpleFileName(inputFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_OCR.zip"; Path tempZipFile = Files.createTempFile("output_", ".zip"); try (ZipOutputStream zipOut = diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/OverlayImageController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/OverlayImageController.java index caf2efaf..01da177d 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/OverlayImageController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/OverlayImageController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.io.IOException; import org.slf4j.Logger; @@ -44,7 +45,7 @@ public class OverlayImageController { return WebResponseUtils.bytesToWebResponse( result, - pdfFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_overlayed.pdf"); + Filenames.toSimpleFileName(pdfFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_overlayed.pdf"); } catch (IOException e) { logger.error("Failed to add image to PDF", e); return new ResponseEntity<>(HttpStatus.BAD_REQUEST); diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/PageNumbersController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/PageNumbersController.java index 79f62c5a..cd99e9d0 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/PageNumbersController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/PageNumbersController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.util.List; @@ -93,7 +94,7 @@ public class PageNumbersController { .replace("{total}", String.valueOf(document.getNumberOfPages())) .replace( "{filename}", - file.getOriginalFilename() + Filenames.toSimpleFileName(file.getOriginalFilename()) .replaceFirst("[.][^.]+$", "")) : String.valueOf(pageNumber); @@ -145,7 +146,7 @@ public class PageNumbersController { return WebResponseUtils.bytesToWebResponse( baos.toByteArray(), - file.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_numbersAdded.pdf", + Filenames.toSimpleFileName(file.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_numbersAdded.pdf", MediaType.APPLICATION_PDF); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/RepairController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/RepairController.java index 112985a3..caaaed5c 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/RepairController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/RepairController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; @@ -65,7 +66,7 @@ public class RepairController { // Return the optimized PDF as a response String outputFilename = - inputFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_repaired.pdf"; + Filenames.toSimpleFileName(inputFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_repaired.pdf"; return WebResponseUtils.bytesToWebResponse(pdfBytes, outputFilename); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/ShowJavascript.java b/src/main/java/stirling/software/SPDF/controller/api/misc/ShowJavascript.java index 47a13d0c..0903a6e1 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/ShowJavascript.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/ShowJavascript.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.nio.charset.StandardCharsets; import java.util.Map; @@ -54,7 +55,7 @@ public class ShowJavascript { script += "// File: " - + inputFile.getOriginalFilename() + + Filenames.toSimpleFileName(inputFile.getOriginalFilename()) + ", Script: " + name + "\n" diff --git a/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java b/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java index 0dd4200c..83519094 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/misc/StampController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.misc; +import io.github.pixee.security.Filenames; import java.awt.Color; import java.awt.image.BufferedImage; import java.io.File; @@ -127,7 +128,7 @@ public class StampController { return WebResponseUtils.pdfDocToWebResponse( document, - pdfFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_watermarked.pdf"); + Filenames.toSimpleFileName(pdfFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_watermarked.pdf"); } private void addTextStamp( diff --git a/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java b/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java index d84ea3c5..4fbc2aa9 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java +++ b/src/main/java/stirling/software/SPDF/controller/api/pipeline/PipelineProcessor.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.pipeline; +import io.github.pixee.security.Filenames; import io.github.pixee.security.ZipSecurity; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -334,7 +335,7 @@ public class PipelineProcessor { new ByteArrayResource(file.getBytes()) { @Override public String getFilename() { - return file.getOriginalFilename(); + return Filenames.toSimpleFileName(file.getOriginalFilename()); } }; outputFiles.add(fileResource); diff --git a/src/main/java/stirling/software/SPDF/controller/api/security/CertSignController.java b/src/main/java/stirling/software/SPDF/controller/api/security/CertSignController.java index e7cccb44..658f68f3 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/security/CertSignController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/security/CertSignController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.security; +import io.github.pixee.security.Filenames; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -123,7 +124,7 @@ public class CertSignController { ByteArrayOutputStream baos = new ByteArrayOutputStream(); sign(pdf.getBytes(), baos, createSignature, name, location, reason); return WebResponseUtils.boasToWebResponse( - baos, pdf.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_signed.pdf"); + baos, Filenames.toSimpleFileName(pdf.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_signed.pdf"); } private static void sign( diff --git a/src/main/java/stirling/software/SPDF/controller/api/security/PasswordController.java b/src/main/java/stirling/software/SPDF/controller/api/security/PasswordController.java index 8d7c8072..328b753c 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/security/PasswordController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/security/PasswordController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.security; +import io.github.pixee.security.Filenames; import java.io.IOException; import org.apache.pdfbox.Loader; @@ -43,7 +44,7 @@ public class PasswordController { document.setAllSecurityToBeRemoved(true); return WebResponseUtils.pdfDocToWebResponse( document, - fileInput.getOriginalFilename().replaceFirst("[.][^.]+$", "") + Filenames.toSimpleFileName(fileInput.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_password_removed.pdf"); } @@ -88,10 +89,10 @@ public class PasswordController { if ("".equals(ownerPassword) && "".equals(password)) return WebResponseUtils.pdfDocToWebResponse( document, - fileInput.getOriginalFilename().replaceFirst("[.][^.]+$", "") + Filenames.toSimpleFileName(fileInput.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_permissions.pdf"); return WebResponseUtils.pdfDocToWebResponse( document, - fileInput.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_passworded.pdf"); + Filenames.toSimpleFileName(fileInput.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_passworded.pdf"); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/security/RedactController.java b/src/main/java/stirling/software/SPDF/controller/api/security/RedactController.java index 3d4653c5..82ff54dd 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/security/RedactController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/security/RedactController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.security; +import io.github.pixee.security.Filenames; import java.awt.Color; import java.awt.image.BufferedImage; import java.io.ByteArrayOutputStream; @@ -104,7 +105,7 @@ public class RedactController { byte[] pdfContent = baos.toByteArray(); return WebResponseUtils.bytesToWebResponse( pdfContent, - file.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_redacted.pdf"); + Filenames.toSimpleFileName(file.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_redacted.pdf"); } private void redactFoundText( diff --git a/src/main/java/stirling/software/SPDF/controller/api/security/SanitizeController.java b/src/main/java/stirling/software/SPDF/controller/api/security/SanitizeController.java index 8c46e0cf..bbcfeeaa 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/security/SanitizeController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/security/SanitizeController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.security; +import io.github.pixee.security.Filenames; import java.io.IOException; import org.apache.pdfbox.Loader; @@ -76,7 +77,7 @@ public class SanitizeController { return WebResponseUtils.pdfDocToWebResponse( document, - inputFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + Filenames.toSimpleFileName(inputFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_sanitized.pdf"); } } diff --git a/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java b/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java index 6630a200..f1d984fa 100644 --- a/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java +++ b/src/main/java/stirling/software/SPDF/controller/api/security/WatermarkController.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.controller.api.security; +import io.github.pixee.security.Filenames; import java.awt.Color; import java.awt.image.BufferedImage; import java.io.File; @@ -104,7 +105,7 @@ public class WatermarkController { return WebResponseUtils.pdfDocToWebResponse( document, - pdfFile.getOriginalFilename().replaceFirst("[.][^.]+$", "") + "_watermarked.pdf"); + Filenames.toSimpleFileName(pdfFile.getOriginalFilename()).replaceFirst("[.][^.]+$", "") + "_watermarked.pdf"); } private void addTextWatermark( diff --git a/src/main/java/stirling/software/SPDF/utils/PDFToFile.java b/src/main/java/stirling/software/SPDF/utils/PDFToFile.java index a7f751af..e210d8a9 100644 --- a/src/main/java/stirling/software/SPDF/utils/PDFToFile.java +++ b/src/main/java/stirling/software/SPDF/utils/PDFToFile.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.utils; +import io.github.pixee.security.Filenames; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; @@ -32,7 +33,7 @@ public class PDFToFile { } // Get the original PDF file name without the extension - String originalPdfFileName = inputFile.getOriginalFilename(); + String originalPdfFileName = Filenames.toSimpleFileName(inputFile.getOriginalFilename()); String pdfBaseName = originalPdfFileName.substring(0, originalPdfFileName.lastIndexOf('.')); // Validate output format diff --git a/src/main/java/stirling/software/SPDF/utils/PdfUtils.java b/src/main/java/stirling/software/SPDF/utils/PdfUtils.java index 1676ce85..03e03671 100644 --- a/src/main/java/stirling/software/SPDF/utils/PdfUtils.java +++ b/src/main/java/stirling/software/SPDF/utils/PdfUtils.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.utils; +import io.github.pixee.security.Filenames; import java.awt.Graphics; import java.awt.image.BufferedImage; import java.awt.image.RenderedImage; @@ -299,7 +300,7 @@ public class PdfUtils { try (PDDocument doc = new PDDocument()) { for (MultipartFile file : files) { String contentType = file.getContentType(); - String originalFilename = file.getOriginalFilename(); + String originalFilename = Filenames.toSimpleFileName(file.getOriginalFilename()); if (originalFilename != null && (originalFilename.toLowerCase().endsWith(".tiff") || originalFilename.toLowerCase().endsWith(".tif"))) { diff --git a/src/main/java/stirling/software/SPDF/utils/WebResponseUtils.java b/src/main/java/stirling/software/SPDF/utils/WebResponseUtils.java index 1114de64..a85720e7 100644 --- a/src/main/java/stirling/software/SPDF/utils/WebResponseUtils.java +++ b/src/main/java/stirling/software/SPDF/utils/WebResponseUtils.java @@ -1,5 +1,6 @@ package stirling.software.SPDF.utils; +import io.github.pixee.security.Filenames; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.net.URLEncoder; @@ -26,7 +27,7 @@ public class WebResponseUtils { public static ResponseEntity multiPartFileToWebResponse(MultipartFile file) throws IOException { - String fileName = file.getOriginalFilename(); + String fileName = Filenames.toSimpleFileName(file.getOriginalFilename()); MediaType mediaType = MediaType.parseMediaType(file.getContentType()); byte[] bytes = file.getBytes();