[highsource#514] Additional zip slip fixes

maven-plugin/plugin-core/src/main/java/org/jvnet/jaxb/maven/util/JarScanner.java

@@ -53,22 +53,22 @@ public void scan() {
             final Enumeration<JarEntry> jarFileEntries = jarFile.entries();
             while (jarFileEntries.hasMoreElements()) {
                 JarEntry entry = jarFileEntries.nextElement();
-                String name = entry.getName();
                 File file = new File(destinationDir, entry.getName());
-                if (!file.toPath().normalize().startsWith(destinationDir.toPath())) {
+                if (!file.toPath().normalize().startsWith(destinationDir.toPath()) || 
+                		file.getName().contains("..")) {
                     throw new IOException("Bad zip entry for " + entry.getName());
                 }
-                char[][] tokenizedName = tokenizePathToCharArray(name, File.separator);
-                if (name.endsWith("/")) {
+                char[][] tokenizedName = tokenizePathToCharArray(entry.getName(), File.separator);
+                if (file.getName().endsWith("/")) {
                     // entry is a directory -> skip
-                } else if (isIncluded(name, tokenizedName)) {
-                    if (!isExcluded(name, tokenizedName)) {
-                        filesIncluded.add(name);
+                } else if (isIncluded(entry.getName(), tokenizedName)) {
+                    if (!isExcluded(entry.getName(), tokenizedName)) {
+                        filesIncluded.add(entry.getName());
                     } else {
-                        filesExcluded.add(name);
+                        filesExcluded.add(entry.getName());
                     }
                 } else {
-                    filesExcluded.add(name);
+                    filesExcluded.add(entry.getName());
                 }
             }
         } catch (IOException ioex) {