From a0d67b75593878b1b6e39e2acc1773b3effedb2a Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Sun, 17 Apr 2022 00:32:15 -0400
Subject: [PATCH] Fix for GHSL-2022-008 vulnerability.

---
 src/main/java/org/owasp/esapi/reference/DefaultValidator.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
index 530e2efa8..0699a5287 100644
--- a/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
+++ b/src/main/java/org/owasp/esapi/reference/DefaultValidator.java
@@ -466,7 +466,7 @@ public String getValidDirectoryPath(String context, String input, File parent, b
 			if ( !parent.isDirectory() ) {
 				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, specified parent is not a directory: context=" + context + ", input=" + input + ", parent=" + parent );
 			}
-			if ( !dir.getCanonicalPath().startsWith(parent.getCanonicalPath() ) ) {
+			if ( !dir.getCanonicalFile().toPath().startsWith( parent.getCanonicalFile().toPath() ) ) { // Fixes GHSL-2022-008
 				throw new ValidationException( context + ": Invalid directory name", "Invalid directory, not inside specified parent: context=" + context + ", input=" + input + ", parent=" + parent );
 			}