Prevent "Zip Slip" (#497)

See
- Snyk: Zip Slip Vulnerability https://snyk.io/research/zip-slip-vulnerability
- OWASP: Path Traversal https://owasp.org/www-community/attacks/Path_Traversal
- Common Weakness Enumeration https://cwe.mitre.org/data/definitions/22.html.

Closes #496

Author: gesellix

api-client/src/test/java/de/gesellix/docker/remote/api/testutil/TarUtil.java

@@ -3,6 +3,7 @@
 import okio.BufferedSink;
 import okio.Okio;
 import okio.Sink;
+
 import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
 import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
 import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
@@ -27,6 +28,9 @@ public File unTar(InputStream tar) throws IOException {
     TarArchiveEntry tarEntry;
     while ((tarEntry = tis.getNextEntry()) != null) {
       File outputFile = new File(destDir, tarEntry.getName());
+      if (!outputFile.toPath().normalize().startsWith(destDir.toPath())) {
+        throw new RuntimeException("Bad zip entry");
+      }
       if (tarEntry.isDirectory()) {
         if (!outputFile.exists()) {
           outputFile.mkdirs();