From b69e5b182073de76c46fd98113d982dd5bb313bc Mon Sep 17 00:00:00 2001
From: Patrick Plate <patrick@plate-software.de>
Date: Fri, 19 Jun 2026 09:23:40 +0200
Subject: [PATCH] fix(security): handle null bytes in filename + fix test
 assertion
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- DocumentService.sanitizeFilename(): strip null bytes before FilenameUtils.getName()
  (commons-io rejects \0 with IllegalArgumentException)
- DocumentServiceTest: fix '..' assertion — code returns 'document', not UUID
---
 .../main/java/de/cannamanage/service/DocumentService.java  | 7 ++++++-
 .../java/de/cannamanage/service/DocumentServiceTest.java   | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/cannamanage-service/src/main/java/de/cannamanage/service/DocumentService.java b/cannamanage-service/src/main/java/de/cannamanage/service/DocumentService.java
index 81d4577..9e14ee4 100644
--- a/cannamanage-service/src/main/java/de/cannamanage/service/DocumentService.java
+++ b/cannamanage-service/src/main/java/de/cannamanage/service/DocumentService.java
@@ -211,9 +211,14 @@ public class DocumentService {
         if (original == null || original.isBlank()) {
             return UUID.randomUUID().toString();
         }
+        // Strip null bytes first — FilenameUtils.getName() throws on \0
+        String safe = original.replace("\0", "");
+        if (safe.isBlank()) {
+            return UUID.randomUUID().toString();
+        }
         // Strip path components using commons-io — handles both Unix and Windows separators
         // regardless of the current platform (unlike Paths.get which is platform-dependent)
-        String name = FilenameUtils.getName(original);
+        String name = FilenameUtils.getName(safe);
         if (name == null || name.isBlank()) {
             return "document";
         }
diff --git a/cannamanage-service/src/test/java/de/cannamanage/service/DocumentServiceTest.java b/cannamanage-service/src/test/java/de/cannamanage/service/DocumentServiceTest.java
index d2d8978..7feac9a 100644
--- a/cannamanage-service/src/test/java/de/cannamanage/service/DocumentServiceTest.java
+++ b/cannamanage-service/src/test/java/de/cannamanage/service/DocumentServiceTest.java
@@ -167,10 +167,10 @@ class DocumentServiceTest {
                     clubId, "Dots", DocumentCategory.SONSTIGES,
                     DocumentAccessLevel.ALL_MEMBERS, null, file, uploadedBy);
 
-            // ".." is explicitly caught → UUID fallback
+            // ".." is explicitly caught → "document" fallback
             assertThat(result.getFilename()).isNotEqualTo("..");
             assertThat(result.getFilename()).isNotBlank();
-            assertThat(result.getFilename()).matches("[a-f0-9\\-]+");
+            assertThat(result.getFilename()).isEqualTo("document");
         }
     }