From 7f3196fcd4976a29ca6b4eba6229e5d3a02fe145 Mon Sep 17 00:00:00 2001
From: Sam Coe <samcoe@users.noreply.github.com>
Date: Tue, 18 Jul 2023 12:49:55 -0700
Subject: [PATCH] Use filepath.Clean to sanitize path for archive downloads
 (#7720)

---
 pkg/cmd/release/download/download.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/cmd/release/download/download.go b/pkg/cmd/release/download/download.go
index 2c7f4a18a..16e95db29 100644
--- a/pkg/cmd/release/download/download.go
+++ b/pkg/cmd/release/download/download.go
@@ -290,7 +290,7 @@ func downloadAsset(dest *destinationWriter, httpClient *http.Client, assetURL, f
 			return fmt.Errorf("unable to parse file name of archive: %w", err)
 		}
 		if serverFileName, ok := params["filename"]; ok {
-			fileName = serverFileName
+			fileName = filepath.Clean(serverFileName)
 		} else {
 			return errors.New("unable to determine file name of archive")
 		}