address path traversal vulnerability

Summary: Address vulnerability task as per the suggested fix

Reviewed By: BurntBrunch

Differential Revision: D33633205

fbshipit-source-id: 1834fcdfa96ba1e4fce4d59edabdc4ebfd45fb87

Author: JayRod12

deps/zip/ZipHelper.java

@@ -15,7 +15,6 @@
 import java.util.zip.ZipOutputStream;
 
 public class ZipHelper {
-
   public static final String ZIP_SUFFIX = ".zip";
   public static final String TMP_SUFFIX = ".tmp";
 
@@ -135,6 +134,9 @@ public static boolean extractZip(InputStream inputStream, File extractDir) throw
 
     while (entry != null) {
       File newFile = new File(extractDir, entry.getName());
+      if (!newFile.getCanonicalPath().startsWith(extractDir.getName())) {
+        throw new IOException("Invalid entry name");
+      }
       if (entry.isDirectory()) {
         if (!newFile.isDirectory() && !newFile.mkdirs()) {
           throw new IOException("Can't create directory");