update code

tests/integration-tests-utils/src/main/java/org/apache/bookkeeper/tests/integration/utils/DockerUtils.java

@@ -135,7 +135,11 @@ public static void dumpContainerLogDirToTarget(DockerClient docker, String conta
             TarArchiveEntry entry = stream.getNextTarEntry();
             while (entry != null) {
                 if (entry.isFile()) {
-                    File output = new File(getTargetDirectory(containerId), entry.getName().replace("/", "-"));
+                    File targetDir = getTargetDirectory(containerId);
+                    File output = new File(targetDir, entry.getName().replace("/", "-"));
+                    if (!output.toPath().normalize().startsWith(targetDir.toPath())) {
+                        throw new IOException("Bad zip entry");
+                    }
                     try (FileOutputStream os = new FileOutputStream(output)) {
                         byte[] block = new byte[readBlockSize];
                         int read = stream.read(block, 0, readBlockSize);

tests/integration-tests-utils/src/main/java/org/apache/bookkeeper/tests/integration/utils/MavenClassLoader.java

@@ -368,7 +368,7 @@ private static void unTar(final File inputFile, final File outputDir) throws Exc
             while ((entry = (TarArchiveEntry) debInputStream.getNextEntry()) != null) {
                 final File outputFile = new File(outputDir, entry.getName());
                 if (!outputFile.toPath().normalize().startsWith(outputDir.toPath())) {
-                    throw new Exception("Bad zip entry");
+                    throw new IOException("Bad zip entry");
                 }
 
                 if (!outputFile.getParentFile().exists()) {