add testing for complex path sanitizer in ZipSlip

Author: erik-krogh

javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlipGood.js

@@ -15,3 +15,17 @@ fs.createReadStream('archive.zip')
 
     fs.createWriteStream(path.join(cwd, path.join('/', fileName)));
   });
+
+fs.createReadStream('archive.zip')
+  .pipe(unzip.Parse())
+  .on('entry', entry => {
+    const fileName = path.normalize(entry.path);
+
+    if (path.isAbsolute(fileName)) {
+      return;
+    }
+
+    if (!fileName.startsWith(".")) {
+      entry.pipe(fs.createWriteStream(fileName)); // OK.
+    }
+  });