fix: add path traversal check in xrar function

Author: cyberchen1995

opensca/walk/rar.go

@@ -5,6 +5,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs"
 
@@ -47,6 +48,12 @@ func xrar(ctx context.Context, filter ExtractFileFilter, input, output string) b
 			continue
 		}
 
+		// avoid path traversal
+		if !strings.HasPrefix(fp, filepath.Clean(output)+string(os.PathSeparator)) {
+			logs.Warn("Invalid file path: %s", fp)
+			continue
+		}
+
 		if filter != nil && !filter(fp) {
 			continue
 		}