From 3a923c29d17985afa8cca3c3c066c8bb02e91d27 Mon Sep 17 00:00:00 2001
From: Colm O hEigeartaigh <coheigea@apache.org>
Date: Thu, 2 Jan 2025 11:25:58 +0000
Subject: [PATCH] chore(QTDI-1086) Improve path manipulation detection

---
 .../main/java/org/talend/sdk/component/tools/exec/CarMain.java  | 2 +-
 .../talend/sdk/component/intellij/module/ProjectDownloader.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/component-tools/src/main/java/org/talend/sdk/component/tools/exec/CarMain.java b/component-tools/src/main/java/org/talend/sdk/component/tools/exec/CarMain.java
index 4367d1c6b4d69..a32382590de84 100644
--- a/component-tools/src/main/java/org/talend/sdk/component/tools/exec/CarMain.java
+++ b/component-tools/src/main/java/org/talend/sdk/component/tools/exec/CarMain.java
@@ -310,7 +310,7 @@ private static Properties installJars(final File m2Root, final boolean forceOver
                 if (entry.getName().startsWith("MAVEN-INF/repository/")) {
                     final String path = entry.getName().substring("MAVEN-INF/repository/".length());
                     final File output = new File(m2Root, path);
-                    if (!output.getCanonicalPath().startsWith(m2Root.getCanonicalPath())) {
+                    if (!output.getCanonicalPath().startsWith(m2Root.getCanonicalPath() + File.separator)) {
                         throw new IOException("The output file is not contained in the destination directory");
                     }
                     if (!output.exists() || forceOverwrite) {
diff --git a/talend-component-kit-intellij-plugin/src/main/java/org/talend/sdk/component/intellij/module/ProjectDownloader.java b/talend-component-kit-intellij-plugin/src/main/java/org/talend/sdk/component/intellij/module/ProjectDownloader.java
index 5d1bd88797ebe..2cba532c9b337 100644
--- a/talend-component-kit-intellij-plugin/src/main/java/org/talend/sdk/component/intellij/module/ProjectDownloader.java
+++ b/talend-component-kit-intellij-plugin/src/main/java/org/talend/sdk/component/intellij/module/ProjectDownloader.java
@@ -117,7 +117,7 @@ private static void unzip(final InputStream read, final File destination, final
                     path = path.replaceFirst("^[^/]+/", "");
                 }
                 final File file = new File(destination, path);
-                if (!file.getCanonicalPath().startsWith(destination.getCanonicalPath())) {
+                if (!file.getCanonicalPath().startsWith(destination.getCanonicalPath() + File.separator)) {
                     throw new IOException("The output file is not contained in the destination directory");
                 }