Replace String::startsWith with Path::startsWith in isFileOutsideDir + unit test

Author: shukiavraham

src/main/java/io/whitesource/cure/FileSecurityUtils.java

@@ -22,14 +22,7 @@ public static boolean isFileOutsideDir(
           @NonNull final String filePath, @NonNull final String baseDirPath) throws IOException {
     File file = new File(filePath);
     File baseDir = new File(baseDirPath);
-    return !file.getCanonicalPath().startsWith(addTrailingSeparator(baseDir.getCanonicalPath()));
-  }
-
-  private static String addTrailingSeparator(String path) {
-    if (!path.endsWith(File.separator)) {
-      return path + File.separator;
-    }
-    return path;
+    return !file.getCanonicalFile().toPath().startsWith(baseDir.getCanonicalFile().toPath());
   }
 
   /**

src/test/java/io/whitesource/cure/FileSecurityUtilsTests.java

@@ -50,6 +50,13 @@ void normalize_validInput_successfullyWithResult() {
     Assertions.assertEquals(expectedResult, actualResult);
   }
 
+  @Test
+  void isFileOutsideDirStartsWithTest() throws IOException {
+    String taintedInput = "/usr/foo/../foo-bar/bar";
+    String baseDir = "/usr/foo";
+    Assertions.assertTrue(FileSecurityUtils.isFileOutsideDir(taintedInput, baseDir));
+  }
+
   @Test
   void normalize_null_successfully() {
     Assertions.assertNull(FileSecurityUtils.normalize(null));