From fd9d77118457dbf27c893a7fc9341a993abc8171 Mon Sep 17 00:00:00 2001
From: Laurent SCHOELENS <61973605+laurentschoelens@users.noreply.github.com>
Date: Tue, 9 Apr 2024 18:03:58 +0200
Subject: [PATCH] [#514] third try to fix security alert

---
 .../src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/maven-plugin/plugin-core/src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java b/maven-plugin/plugin-core/src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java
index 3ca8655c3..81e55439d 100644
--- a/maven-plugin/plugin-core/src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java
+++ b/maven-plugin/plugin-core/src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java
@@ -54,8 +54,8 @@ public void scan() {
             while (jarFileEntries.hasMoreElements()) {
                 JarEntry entry = jarFileEntries.nextElement();
                 String name = entry.getName();
-                File file = new File(destinationDir, entry.getName());
-                if (!file.toPath().normalize().startsWith(destinationDir.toPath())) {
+                File file = new File(destinationDir, name);
+                if ((name != null && name.startsWith("..")) || !file.toPath().normalize().startsWith(destinationDir.toPath())) {
                     throw new IOException("Bad zip entry for " + entry.getName());
                 }
                 char[][] tokenizedName = tokenizePathToCharArray(name, File.separator);