Fix code scanning alert no. 103: Partial path traversal vulnerability from remote (#216)

fugerit79 · github-advanced-security[bot] · web-flow · commit 06993efb2bc3 · 2024-10-12T19:38:27.000+02:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/fj-doc-playground-quarkus/src/main/java/org/fugerit/java/doc/playground/init/ProjectRest.java b/fj-doc-playground-quarkus/src/main/java/org/fugerit/java/doc/playground/init/ProjectRest.java
@@ -107,7 +107,7 @@ public static String ensureEndWithSlash( String name ) {
     }
     public static void checkIfInTempFolder( File file ) throws IOException {
         File tempDir = new File( System.getProperty("java.io.tmpdir") );
-        if ( !file.getCanonicalPath().startsWith( tempDir.getCanonicalPath() ) ) {
+        if ( !file.toPath().normalize().startsWith(tempDir.toPath().normalize()) ) {
             throw new IOException( file.getCanonicalPath() + " is not in temp folder" );
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,7 @@ public static String ensureEndWithSlash( String name ) {`
`107`	`107`	`}`
`108`	`108`	`public static void checkIfInTempFolder( File file ) throws IOException {`
`109`	`109`	`File tempDir = new File( System.getProperty("java.io.tmpdir") );`
`110`		`- if ( !file.getCanonicalPath().startsWith( tempDir.getCanonicalPath() ) ) {`
	`110`	`+ if ( !file.toPath().normalize().startsWith(tempDir.toPath().normalize()) ) {`
`111`	`111`	`throw new IOException( file.getCanonicalPath() + " is not in temp folder" );`
`112`	`112`	`}`
`113`	`113`	`}`