From 3342fa2c574b1d12075a950ab06472a68974e0da Mon Sep 17 00:00:00 2001
From: Praveen Kumar <kumarpraveen.nitdgp@gmail.com>
Date: Tue, 10 Sep 2024 13:31:04 +0530
Subject: [PATCH 1/2] Add toos/vendor as part of snyk ignore list

---
 .snyk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.snyk b/.snyk
index ea229954a9..a252168fcc 100644
--- a/.snyk
+++ b/.snyk
@@ -8,3 +8,4 @@ exclude:
     # Ignore vendor/ directory since we're not (yet) concerned with scanning
     # our dependencies on each CI run.
     - 'vendor/**'
+    - 'tools/vendor/**'

From 0959c03b5c0a3d48314e8b45fc0b707440abb652 Mon Sep 17 00:00:00 2001
From: Alberto Fanjul <afanjula@redhat.com>
Date: Tue, 24 Sep 2024 17:51:14 +0200
Subject: [PATCH 2/2] fix path traversal which flagged by snyk scan
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

```
 ✗ [Low] Path Traversal
   ID: 28235865-e32e-466c-a079-e826f744c2a8
   Path: test/extended/util/prepare.go, line 100
   Info: Unsanitized input from file name flows into os.RemoveAll, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to delete arbitrary files.
```
---
 pkg/extract/extract.go        | 2 +-
 test/extended/util/prepare.go | 2 +-
 test/extended/util/util.go    | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkg/extract/extract.go b/pkg/extract/extract.go
index af5f016f47..e7cc65e4ea 100644
--- a/pkg/extract/extract.go
+++ b/pkg/extract/extract.go
@@ -205,7 +205,7 @@ func unzip(archive, target string, fileFilter func(string) bool, showProgress bo
 			continue
 		}
 
-		if err := unzipFile(file, path, showProgress); err != nil {
+		if err := unzipFile(file, filepath.Clean(path), showProgress); err != nil {
 			return nil, err
 		}
 		extractedFiles = append(extractedFiles, path)
diff --git a/test/extended/util/prepare.go b/test/extended/util/prepare.go
index 91c27cd2cd..855a295895 100644
--- a/test/extended/util/prepare.go
+++ b/test/extended/util/prepare.go
@@ -97,7 +97,7 @@ func CleanTestRunDir() error {
 	}
 
 	for _, file := range files {
-		err := os.RemoveAll(filepath.Join(TestRunDir, file.Name()))
+		err := os.RemoveAll(filepath.Clean(filepath.Join(TestRunDir, file.Name())))
 		if err != nil {
 			return err
 		}
diff --git a/test/extended/util/util.go b/test/extended/util/util.go
index f251a7b932..3283fbc939 100644
--- a/test/extended/util/util.go
+++ b/test/extended/util/util.go
@@ -54,7 +54,7 @@ func CopyResourcesFromPath(resourcesPath string) error {
 		sFileName := filepath.Join(resourcesPath, file.Name())
 		fmt.Printf("Copying %s to %s\n", sFileName, destLoc)
 
-		sFile, err := os.Open(sFileName)
+		sFile, err := os.Open(filepath.Clean(sFileName))
 		if err != nil {
 			fmt.Printf("Error occurred opening file: %s", err)
 			return err