Merge pull request from GHSA-fvf5-grm7-538p

CureKit-GHSA-fvf5-grm7-538p adding trailing separator to base dir if …

Author: shukiavraham

.idea/libraries/Maven__org_owasp_encoder_encoder_1_2_3.xml

@@ -22,7 +22,7 @@ public static boolean isFileOutsideDir(
           @NonNull final String filePath, @NonNull final String baseDirPath) throws IOException {
     File file = new File(filePath);
     File baseDir = new File(baseDirPath);
-    return !file.getCanonicalPath().startsWith(baseDir.getCanonicalPath());
+    return !file.getCanonicalFile().toPath().startsWith(baseDir.getCanonicalFile().toPath());
   }
 
   /**

src/main/java/io/whitesource/cure/FileSecurityUtils.java

@@ -50,6 +50,13 @@ void normalize_validInput_successfullyWithResult() {
     Assertions.assertEquals(expectedResult, actualResult);
   }
 
+  @Test
+  void isFileOutsideDirStartsWithTest() throws IOException {
+    String taintedInput = "/usr/foo/../foo-bar/bar";
+    String baseDir = "/usr/foo";
+    Assertions.assertTrue(FileSecurityUtils.isFileOutsideDir(taintedInput, baseDir));
+  }
+
   @Test
   void normalize_null_successfully() {
     Assertions.assertNull(FileSecurityUtils.normalize(null));