Fix security warnings

Author: khanton

Dockerfile

@@ -4,7 +4,14 @@ COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
 
 WORKDIR /app
 
-COPY . .
+RUN groupadd --system --gid 1001 appgroup && \
+    useradd --system --uid 1001 --gid appgroup appuser
+
+RUN chown -R appuser:appgroup /app
+
+COPY --chown=appuser:appgroup . .
+
+USER appuser
 
 RUN uv sync --frozen --no-cache
 

pdf.py

@@ -35,12 +35,13 @@ async def page_requests(headers, url, file):
             pdf_writer = PdfWriter()
             pdf_writer.add_page(pdf.pages[page])
 
-            out_file_name = os.path.join(temp_dir, f"page-{page:05d}.pdf")
+            out_file_name = os.path.abspath(os.path.join(temp_dir, f"page-{page:05d}.pdf"))
 
-            with open(out_file_name, 'wb') as out:
-                pdf_writer.write(out)
+            if out_file_name.startswith(temp_dir):
+                with open(out_file_name, 'wb') as out:
+                    pdf_writer.write(out)
 
-            pdf_pages.append(out_file_name)
+                pdf_pages.append(out_file_name)
 
         pages = len(pdf_pages)