From 6bef90f60073050da9045858f58d12919969ad5a Mon Sep 17 00:00:00 2001
From: Brendan Burns <bburns@microsoft.com>
Date: Thu, 10 Dec 2020 00:19:02 +0000
Subject: [PATCH] Add path normalization for archive files.

---
 pom.xml                                           | 6 ++++++
 util/pom.xml                                      | 4 ++++
 util/src/main/java/io/kubernetes/client/Copy.java | 7 ++++++-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index cc43c588e9..840840b3e4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -57,6 +57,7 @@
     <apache.commons.lang3.version>3.11</apache.commons.lang3.version>
     <apache.commons.collections4.version>4.4</apache.commons.collections4.version>
     <apache.commons.compress>1.20</apache.commons.compress>
+    <apache.commons.io>2.8.0</apache.commons.io>
     <common.codec.version>1.15</common.codec.version>
     <spring.boot.version>2.3.5.RELEASE</spring.boot.version>
     <spring.version>5.2.9.RELEASE</spring.version>
@@ -112,6 +113,11 @@
         <artifactId>commons-compress</artifactId>
         <version>${apache.commons.compress}</version>
       </dependency>
+      <dependency>
+        <groupId>commons-io</groupId>
+        <artifactId>commons-io</artifactId>
+        <version>${apache.commons.io}</version>
+      </dependency>
       <dependency>
         <groupId>com.google.guava</groupId>
         <artifactId>guava</artifactId>
diff --git a/util/pom.xml b/util/pom.xml
index 514cb36aa6..af2c13963f 100644
--- a/util/pom.xml
+++ b/util/pom.xml
@@ -46,6 +46,10 @@
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
         </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
diff --git a/util/src/main/java/io/kubernetes/client/Copy.java b/util/src/main/java/io/kubernetes/client/Copy.java
index 11460cbef5..14f9e5ea69 100644
--- a/util/src/main/java/io/kubernetes/client/Copy.java
+++ b/util/src/main/java/io/kubernetes/client/Copy.java
@@ -42,6 +42,7 @@
 import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
 import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
 import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
+import org.apache.commons.io.FilenameUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -188,7 +189,11 @@ public Future<Integer> copyDirectoryFromPodAsync(
           log.error("Can't read: " + entry);
           continue;
         }
-        File f = new File(destination.toFile(), entry.getName());
+        String normalName = FilenameUtils.normalize(entry.getName());
+        if (normalName == null) {
+          throw new IOException("Invalid entry: " + entry.getName());
+        }
+        File f = new File(destination.toFile(), normalName);
         if (entry.isDirectory()) {
           if (!f.isDirectory() && !f.mkdirs()) {
             throw new IOException("create directory failed: " + f);