From 9b1ff76c80df4d60f0b540162f751e022071f1cd Mon Sep 17 00:00:00 2001
From: Hannah DeFazio <h2defazio@gmail.com>
Date: Thu, 23 Jan 2025 10:11:20 -0500
Subject: [PATCH] Cleanup the filepath in createNewFile to avoid path traversal
 issue

---
 pkg/agent/storage/https.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkg/agent/storage/https.go b/pkg/agent/storage/https.go
index 694137255ed..cac1f583e8b 100644
--- a/pkg/agent/storage/https.go
+++ b/pkg/agent/storage/https.go
@@ -142,6 +142,7 @@ func (h *HTTPSDownloader) extractHeaders() (headers map[string]string, err error
 }
 
 func createNewFile(fileFullName string) (*os.File, error) {
+	fileFullName = filepath.Clean(fileFullName)
 	if FileExists(fileFullName) {
 		if err := os.Remove(fileFullName); err != nil {
 			return nil, fmt.Errorf("file is unable to be deleted: %w", err)