Guard against JarURLConnection with wrong JAR

Update `JarURLConnection.get()` to guard against the wrong nested JAR
being used as context.

Closes gh-11367

Author: philwebb

spring-boot-tools/spring-boot-loader/src/main/java/org/springframework/boot/loader/jar/JarURLConnection.java

@@ -255,6 +255,10 @@ static void setUseFastExceptions(boolean useFastExceptions) {
 
 	static JarURLConnection get(URL url, JarFile jarFile) throws IOException {
 		String spec = extractFullSpec(url, jarFile.getPathFromRoot());
+		if (spec == null) {
+			return (Boolean.TRUE.equals(useFastExceptions.get()) ? NOT_FOUND_CONNECTION
+					: new JarURLConnection(url, null, EMPTY_JAR_ENTRY_NAME));
+		}
 		int separator;
 		int index = 0;
 		while ((separator = spec.indexOf(SEPARATOR, index)) > 0) {
@@ -264,7 +268,7 @@ static JarURLConnection get(URL url, JarFile jarFile) throws IOException {
 				return JarURLConnection.notFound(jarFile, entryName);
 			}
 			jarFile = jarFile.getNestedJarFile(jarEntry);
-			index += separator + SEPARATOR.length();
+			index = separator + SEPARATOR.length();
 		}
 		JarEntryName jarEntryName = JarEntryName.get(spec, index);
 		if (Boolean.TRUE.equals(useFastExceptions.get())) {
@@ -279,8 +283,8 @@ static JarURLConnection get(URL url, JarFile jarFile) throws IOException {
 	private static String extractFullSpec(URL url, String pathFromRoot) {
 		String file = url.getFile();
 		int separatorIndex = file.indexOf(SEPARATOR);
-		if (separatorIndex < 0) {
-			return "";
+		if (separatorIndex < 0 || !file.startsWith(pathFromRoot, separatorIndex)) {
+			return null;
 		}
 		int specIndex = separatorIndex + SEPARATOR.length() + pathFromRoot.length();
 		return file.substring(specIndex);

spring-boot-tools/spring-boot-loader/src/test/java/org/springframework/boot/loader/jar/JarURLConnectionTests.java

@@ -18,6 +18,7 @@
 
 import java.io.ByteArrayInputStream;
 import java.io.File;
+import java.io.FileNotFoundException;
 import java.net.URL;
 
 import org.junit.Before;
@@ -152,6 +153,15 @@ public void connectionToEntryWithEncodedSpaceNestedEntry() throws Exception {
 				.hasSameContentAs(new ByteArrayInputStream(new byte[] { 3 }));
 	}
 
+	@Test(expected = FileNotFoundException.class)
+	public void connectionToEntryUsingWrongAbsoluteUrlForEntryFromNestedJarFile()
+			throws Exception {
+		URL url = new URL("jar:file:" + getAbsolutePath() + "!/w.jar!/3.dat");
+		JarFile nested = this.jarFile
+				.getNestedJarFile(this.jarFile.getEntry("nested.jar"));
+		JarURLConnection.get(url, nested).getInputStream();
+	}
+
 	@Test
 	public void getContentLengthReturnsLengthOfUnderlyingEntry() throws Exception {
 		URL url = new URL(new URL("jar", null, -1,