From f1a2c64fd8c3a2c7d451c0034f1093355a01e639 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Mathieu?= <loikeseke@gmail.com>
Date: Fri, 3 Jan 2025 11:53:44 +0100
Subject: [PATCH] fix(core): path traversal guard

---
 .../src/main/java/io/kestra/core/storages/StorageInterface.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/src/main/java/io/kestra/core/storages/StorageInterface.java b/core/src/main/java/io/kestra/core/storages/StorageInterface.java
index 6325830b7b6..869091ca916 100644
--- a/core/src/main/java/io/kestra/core/storages/StorageInterface.java
+++ b/core/src/main/java/io/kestra/core/storages/StorageInterface.java
@@ -105,7 +105,7 @@ default URI from(Execution execution, String input, File file) throws IOExceptio
      * Throws an IllegalArgumentException if the URI is not absolute: a.k.a., if it contains <code>".." + File.separator</code>.
      */
     default void parentTraversalGuard(URI uri) {
-        if (uri != null && uri.toString().contains(".." + File.separator)) {
+        if (uri != null && (uri.toString().contains(".." + File.separator) || uri.toString().contains(File.separator + "..") || uri.toString().equals(".."))) {
             throw new IllegalArgumentException("File should be accessed with their full path and not using relative '..' path.");
         }
     }