Potential fix for code scanning alert no. 1: Arbitrary file access during archive extraction ("Zip Slip")

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: hazendaz

src/main/java/org/apache/ibatis/migration/io/DefaultVFS.java

@@ -80,7 +80,16 @@ public List<String> list(URL url, String path) throws IOException {
                 if (log.isLoggable(Level.FINER)) {
                   log.log(Level.FINER, "Jar entry: " + entry.getName());
                 }
-                children.add(entry.getName());
+                String entryName = entry.getName();
+                File entryFile = new File(path, entryName).getCanonicalFile();
+                File baseDir = new File(path).getCanonicalFile();
+                if (!entryFile.toPath().startsWith(baseDir.toPath())) {
+                  if (log.isLoggable(Level.WARNING)) {
+                    log.log(Level.WARNING, "Skipping potentially unsafe entry: " + entryName);
+                  }
+                  continue;
+                }
+                children.add(entryName);
               }
             }
           } else {