Update .gitignore, enhance file extraction validation, and upgrade Newtonsoft.Json package

Author: raffaeu

src/Application/.gitignore

@@ -1,6 +1,9 @@
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
 
+# Local configuration file for developers
+ src/Application/src/RazorPagesTestSample/config.json
+ 
 # User-specific files
 *.suo
 *.user

src/Application/src/RazorPagesTestSample/Pages/Index.cshtml.cs

@@ -95,6 +95,13 @@ public async Task<IActionResult> OnPostAnalyzeMessagesAsync()
         public static void WriteToDirectory(ZipArchiveEntry entry, string destDirectory)
         {
             string destFileName = Path.Combine(destDirectory, entry.FullName);
+
+            // Ensure the destination file is within the destination directory
+            if (!destFileName.StartsWith(destDirectory, StringComparison.OrdinalIgnoreCase))
+            {
+                throw new InvalidOperationException("Entry is outside the target dir: " + entry.FullName);
+            }
+
             entry.ExtractToFile(destFileName);
         }
     }

src/Application/tests/RazorPagesTestSample.Tests/RazorPagesTestSample.Tests.csproj

@@ -13,7 +13,7 @@
     <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="8.0.3" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
-    <PackageReference Include="Newtonsoft.Json" Version="11.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="System.Diagnostics.TraceSource" Version="4.3.0" />
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
     <PackageReference Include="xunit" Version="2.7.0" />