Add a safe version of CLStaticHttpHandler that disallows path traversal.

[mayankshriv]

Added a safe version of CLStaticHttpHandler that disallows path traversal exploits.
This is now being used for swaggerui-dist.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 31.57895% with 13 lines in your changes are missing coverage. Please review.

Project coverage is 62.16%. Comparing base (59551e4) to head (b5bc7f6).
Report is 432 commits behind head on master.

Files	Patch %	Lines
...che/pinot/common/utils/PinotStaticHttpHandler.java	0.00%	8 Missing ⚠️
...pinot/broker/broker/BrokerAdminApiApplication.java	50.00%	4 Missing ⚠️
...apache/pinot/minion/MinionAdminApiApplication.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #13124      +/-   ##
============================================
+ Coverage     61.75%   62.16%   +0.40%     
+ Complexity      207      198       -9     
============================================
  Files          2436     2515      +79     
  Lines        133233   137862    +4629     
  Branches      20636    21326     +690     
============================================
+ Hits          82274    85696    +3422     
- Misses        44911    45772     +861     
- Partials       6048     6394     +346     

Flag	Coverage Δ
custom-integration1	<0.01% <0.00%> (-0.01%)	⬇️
integration	<0.01% <0.00%> (-0.01%)	⬇️
integration1	<0.01% <0.00%> (-0.01%)	⬇️
integration2	0.00% <0.00%> (ø)
java-11	62.12% <31.57%> (+0.41%)	⬆️
java-21	62.05% <31.57%> (+0.42%)	⬆️
skip-bytebuffers-false	62.14% <31.57%> (+0.39%)	⬆️
skip-bytebuffers-true	62.02% <31.57%> (+34.30%)	⬆️
temurin	62.16% <31.57%> (+0.40%)	⬆️
unittests	62.15% <31.57%> (+0.40%)	⬆️
unittests1	46.80% <0.00%> (-0.09%)	⬇️
unittests2	27.76% <31.57%> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[abhioncbr]

Hi, just to mention, I am working on one of the issues along with the little refactoring around swagger-ui itself. refactoring includes the bean creation part. If this bugfix is not urgent, I can incorporate the change in refactoring itself. Here is the draft PR for reference

[mayankshriv]

Hi, just to mention, I am working on one of the issues along with the little refactoring around swagger-ui itself. refactoring includes the bean creation part. If this bugfix is not urgent, I can incorporate the change in refactoring itself. Here is the draft PR for reference

Hi, thanks for letting me know. This is kind of urgent as it is fixing path traversal issue. But the changes themselves are quite simple so shouldn't cause much issue with your refactor.

[sar12332111]

LGTM!