fix zip slip error (#2634)

frontend/archive/src/main/java/org/pytorch/serve/archive/utils/ZipUtils.java

@@ -28,8 +28,15 @@ public static void unzip(InputStream is, File dest) throws IOException {
         try (ZipInputStream zis = new ZipInputStream(is)) {
             ZipEntry entry;
             while ((entry = zis.getNextEntry()) != null) {
-                String name = entry.getName();
-                File file = new File(dest, name);
+                File file = new File(dest, entry.getName());
+                File canonicalDestDir = dest.getCanonicalFile();
+                File canonicalFile = file.getCanonicalFile();
+
+                // Check for Zip Slip vulnerability
+                if (!canonicalFile.getPath().startsWith(canonicalDestDir.getPath())) {
+                    throw new IOException("Detected Zip Slip vulnerability: " + entry.getName());
+                }
+
                 if (entry.isDirectory()) {
                     FileUtils.forceMkdir(file);
                 } else {
@@ -108,6 +115,14 @@ public static void decompressTarGzipFile(InputStream is, File dest) throws IOExc
             while ((entry = tis.getNextEntry()) != null) {
                 String name = entry.getName().substring(entry.getName().indexOf('/') + 1);
                 File file = new File(dest, name);
+                File canonicalDestDir = dest.getCanonicalFile();
+                File canonicalFile = file.getCanonicalFile();
+
+                // Check for Zip Slip vulnerability
+                if (!canonicalFile.getPath().startsWith(canonicalDestDir.getPath())) {
+                    throw new IOException("Detected Zip Slip vulnerability: " + entry.getName());
+                }
+
                 if (entry.isDirectory()) {
                     FileUtils.forceMkdir(file);
                 } else {