Potential fix for code scanning alert no. 69: Arbitrary file access during archive extraction ("Zip Slip")

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Rick <[email protected]>

Author: LinuxSuRen

pkg/apispec/remote_swagger.go

@@ -27,6 +27,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
 )
 
 func DownloadSwaggerData(output string, dw downloader.PlatformAwareOCIDownloader) (err error) {
@@ -106,6 +107,12 @@ func decompressData(dataFile string) (err error) {
 			panic(err)
 		}
 
+		// Ensure the file path does not contain directory traversal sequences
+		if strings.Contains(header.Name, "..") {
+			fmt.Printf("Skipping entry with unsafe path: %s\n", header.Name)
+			continue
+		}
+
 		destPath := filepath.Join(filepath.Dir(dataFile), filepath.Base(header.Name))
 
 		switch header.Typeflag {