Prevent extracting zip entries outside of destination path

See gh-25505

Author: trgpa

spring-boot-project/spring-boot-tools/spring-boot-jarmode-layertools/src/main/java/org/springframework/boot/jarmode/layertools/ExtractCommand.java

@@ -88,7 +88,7 @@ protected void run(Map<Option, String> options, List<String> parameters) {
 	private void write(ZipInputStream zip, ZipEntry entry, File destination) throws IOException {
 		String path = StringUtils.cleanPath(entry.getName());
 		File file = new File(destination, path);
-		if (file.getAbsolutePath().startsWith(destination.getAbsolutePath())) {
+		if (file.getCanonicalPath().startsWith(destination.getCanonicalPath() + File.separator)) {
 			mkParentDirs(file);
 			try (OutputStream out = new FileOutputStream(file)) {
 				StreamUtils.copy(zip, out);