From e500a3198987b41970521935291e876fa8bfdca3 Mon Sep 17 00:00:00 2001
From: Ewa Ostrowska <ewa.ostrowska@smartbear.com>
Date: Mon, 29 Sep 2025 10:20:59 +0200
Subject: [PATCH] feat: prevent path traversal attacks (#12611)

---
 .../src/main/java/io/swagger/generator/online/Generator.java    | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/swagger-generator/src/main/java/io/swagger/generator/online/Generator.java b/modules/swagger-generator/src/main/java/io/swagger/generator/online/Generator.java
index 5c1c9fabc2f..8f4b9fefefe 100644
--- a/modules/swagger-generator/src/main/java/io/swagger/generator/online/Generator.java
+++ b/modules/swagger-generator/src/main/java/io/swagger/generator/online/Generator.java
@@ -157,6 +157,7 @@ private static String generate(String language, GeneratorInput opts, Type type)
             }
             for (File file : files) {
                 try {
+                    SecureFileUtils.validatePath(file);
                     file.delete();
                 } catch (Exception e) {
                     LOGGER.error("unable to delete file " + file.getAbsolutePath());
@@ -193,3 +194,4 @@ protected static File getTmpFolder() {
         }
     }
 }
+