From 158ff0da0aff9d20f45e5cfcfa8fe446f00e5548 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Tue, 23 Jan 2024 14:46:02 +0100
Subject: [PATCH] add a trailing slash to the folder check in the QHelp for
 java/path-injection

---
 .../Security/CWE/CWE-022/examples/TaintedPathGoodFolder.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/Security/CWE/CWE-022/examples/TaintedPathGoodFolder.java b/java/ql/src/Security/CWE/CWE-022/examples/TaintedPathGoodFolder.java
index cd05384b877..2cc844b0c06 100644
--- a/java/ql/src/Security/CWE/CWE-022/examples/TaintedPathGoodFolder.java
+++ b/java/ql/src/Security/CWE/CWE-022/examples/TaintedPathGoodFolder.java
@@ -7,7 +7,7 @@ public void sendUserFileGood(Socket sock, String user) {
 	Path filePath = publicFolder.resolve(filename).normalize().toAbsolutePath();
 
 	// GOOD: ensure that the path stays within the public folder
-	if (!filePath.startsWith(publicFolder)) {
+	if (!filePath.startsWith(publicFolder + File.separator)) {
 		throw new IllegalArgumentException("Invalid filename");
 	}
 	BufferedReader fileReader = new BufferedReader(new FileReader(filePath.toString()));