From 47854ec757b763b7419a92e27ab1459512578582 Mon Sep 17 00:00:00 2001
From: Connor Tumbleson <connor@sourcetoad.com>
Date: Tue, 7 May 2019 18:05:51 -0400
Subject: [PATCH] fix: experimental fix to prevent path traversal with copied
 folders

---
 brut.j.dir/src/main/java/brut/directory/DirUtil.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/brut.j.dir/src/main/java/brut/directory/DirUtil.java b/brut.j.dir/src/main/java/brut/directory/DirUtil.java
index bf4758d7..f06cb2c5 100644
--- a/brut.j.dir/src/main/java/brut/directory/DirUtil.java
+++ b/brut.j.dir/src/main/java/brut/directory/DirUtil.java
@@ -81,7 +81,8 @@ public class DirUtil {
                 if (fileName.equals("res") && !in.containsFile(fileName)) {
                     return;
                 }
-                File outFile = new File(out, fileName);
+                String cleanedFilename = BrutIO.sanitizeUnknownFile(out, fileName);
+                File outFile = new File(out, cleanedFilename);
                 outFile.getParentFile().mkdirs();
                 BrutIO.copyAndClose(in.getFileInput(fileName),
                     new FileOutputStream(outFile));