Hi, The question is related to Java2D API and 2d-dev (cc). ----- timo.vander.sch...@globalrelay.net wrote:
> Hi, > > The front-end generates a base64 encoded image of a graph and send it > to the backend to use it with pdfbox to create a pdf file. > Are there any security concerns with in particular this line > "BufferedImage bufImg = ImageIO.read(new > ByteArrayInputStream(imageByte)); > “? > > @POST > @Consumes(MediaType.APPLICATION_JSON) > @Path("/pdfbox") > public void getChartsPdf(String base64ImageData) throws IOException{ > > PDDocument doc = null; > byte[] imageByte; > String base64Image = base64ImageData.split(",")[1]; > BASE64Decoder decoder = new BASE64Decoder(); > imageByte = decoder.decodeBuffer(base64Image); > try { > doc = new PDDocument(); > PDPage page = new PDPage(); > doc.addPage(page); > PDFont font = PDType1Font.HELVETICA_BOLD; > PDPageContentStream contentStream = new > PDPageContentStream(doc, page); > > BufferedImage bufImg = ImageIO.read(new > ByteArrayInputStream(imageByte)); > PDXObjectImage ximage = new PDPixelMap(doc, bufImg); > > contentStream.beginText(); > contentStream.setFont( font, 12 ); > contentStream.moveTextPositionByAmount( 50, 700 ); > contentStream.drawString("Timeline"); > contentStream.endText(); > contentStream.drawXObject(ximage, 20, 500, > ximage.getWidth()/2, ximage.getHeight()/2); > contentStream.close(); > doc.save("testCharts.pdf"); > } catch (Exception e) { > System.err.println(e.getMessage()); > } finally { > if (doc != null) { > doc.close(); > } > } > } > > Regards, > > Timo