Potential fix for code scanning alert no. 1: Arbitrary file access during archive extraction ("Zip Slip")

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: Ushcode

stack-clients/src/main/java/com/cmclinnovations/stack/clients/docker/DockerClient.java

@@ -493,7 +493,11 @@ public Map<String, byte[]> retrieveFiles(String containerId, String remoteDirPat
             TarArchiveEntry tarArchiveEntry;
             while (null != (tarArchiveEntry = tarArchiveInputStream.getNextTarEntry())) {
                 if (!tarArchiveEntry.isDirectory()) {
-                    files.put(remoteDirPath + tarArchiveEntry.getName().replaceFirst("^[^/]*/", ""),
+                    Path entryPath = Path.of(remoteDirPath, tarArchiveEntry.getName().replaceFirst("^[^/]*/", "")).normalize();
+                    if (!entryPath.startsWith(Path.of(remoteDirPath).normalize())) {
+                        throw new IOException("Invalid tar entry: " + tarArchiveEntry.getName());
+                    }
+                    files.put(entryPath.toString(),
                             tarArchiveInputStream.readAllBytes());
                 }
             }