This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 47d46886d7 Improved: make sure no pdf files containing unwanted
attachments can be uploaded (OFBIZ-12926) (#720)
47d46886d7 is described below
commit 47d46886d7de95d439d417af35d1241be0e020cc
Author: originalnichtskoenner
<143175561+originalnichtskoen...@users.noreply.github.com>
AuthorDate: Mon Mar 4 10:05:35 2024 +0100
Improved: make sure no pdf files containing unwanted attachments can be
uploaded (OFBIZ-12926) (#720)
Rejects any uploaded pdf file with more than one attachment, regardless of
configuration.
---
.../org/apache/ofbiz/security/SecuredUpload.java | 46 ++++++++++++----------
1 file changed, 26 insertions(+), 20 deletions(-)
diff --git
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index da39164661..38a3ce93a3 100644
---
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -467,33 +467,39 @@ public class SecuredUpload {
/**
* @param fileName
* @return true if it's a safe PDF file: is PDF and does not contains
embedded files
- * @throws IOException If there is an error parsing the document
*/
- private static boolean isValidPdfFile(String fileName) throws IOException {
+ private static boolean isValidPdfFile(String fileName) {
File file = new File(fileName);
boolean safeState = false;
boolean canParse = false;
try {
- if ((file != null) && file.exists()) {
- // Load stream in PDF parser
- // If the stream is not a PDF then exception will be thrown
and safe state will be set to FALSE
- PdfReader reader = new PdfReader(file.getAbsolutePath());
- // Check 1: detect if the document contains any JavaScript code
- String jsCode = reader.getJavaScript();
- if (jsCode == null) {
- // OK no JS code, pass to check 2: detect if the document
has any embedded files
- PDEmbeddedFilesNameTreeNode efTree = null;
- try (PDDocument pdDocument = PDDocument.load(file)) {
- PDDocumentNameDictionary names = new
PDDocumentNameDictionary(pdDocument.getDocumentCatalog());
- efTree = names.getEmbeddedFiles();
- }
- if (UtilProperties.getPropertyAsBoolean("security",
"allowZUGFeRDCompliantUpload", false)) {
- ZUGFeRDImporter importer = new
ZUGFeRDImporter(file.getAbsolutePath());
- canParse = importer.canParse();
- }
- safeState = Objects.isNull(efTree) || canParse;
+ if (Objects.isNull(file) || !file.exists()) {
+ return safeState;
+ }
+ // Load stream in PDF parser
+ // If the stream is not a PDF then exception will be thrown and
safe state will be set to FALSE
+ PdfReader reader = new PdfReader(file.getAbsolutePath());
+ // Check 1: detect if the document contains any JavaScript code
+ String jsCode = reader.getJavaScript();
+ if (!Objects.isNull(jsCode)) {
+ return safeState;
+ }
+ // OK no JS code, pass to check 2: detect if the document has any
embedded files
+ PDEmbeddedFilesNameTreeNode efTree = null;
+ try (PDDocument pdDocument = PDDocument.load(file)) {
+ PDDocumentNameDictionary names = new
PDDocumentNameDictionary(pdDocument.getDocumentCatalog());
+ efTree = names.getEmbeddedFiles();
+ }
+ boolean zUGFeRDCompliantUploadAllowed =
UtilProperties.getPropertyAsBoolean(
+ "security", "allowZUGFeRDCompliantUpload", false);
+ if (zUGFeRDCompliantUploadAllowed && !Objects.isNull(efTree)) {
+ Integer numberOfEmbeddedFiles = efTree.getNames().size();
+ if (numberOfEmbeddedFiles.equals(1)) {
+ ZUGFeRDImporter importer = new
ZUGFeRDImporter(file.getAbsolutePath());
+ canParse = importer.canParse();
}
}
+ safeState = Objects.isNull(efTree) || canParse;
} catch (Exception e) {
safeState = false;
Debug.logInfo(e, "The file " + file.getAbsolutePath() + " is not a
valid PDF file. For security reason it's not accepted as a such file",
