Cage it

Author: cstamas

shared/src/main/java/eu/maveniverse/maven/toolbox/shared/DirectorySink.java

@@ -101,7 +101,10 @@ private void accept(Artifact artifact) throws IOException {
             output.verbose("  matched");
             String name = artifactNameMapper.map(artifactMapper.map(artifact));
             output.verbose("  mapped to name {}", name);
-            Path target = directory.resolve(name);
+            Path target = directory.resolve(name).toAbsolutePath();
+            if (!target.startsWith(directory)) {
+                throw new IOException("Path escape prevented; check mappings");
+            }
             if (!writtenPaths.add(target) && !allowOverwrite) {
                 throw new IOException("Overwrite prevented; check mappings");
             }