diff --git a/src/test/java/org/jenkinsci/plugins/pretestedintegration/integration/scm/git/TestUtilsFactory.java b/src/test/java/org/jenkinsci/plugins/pretestedintegration/integration/scm/git/TestUtilsFactory.java
index 5e95dd8..f89eace 100644
--- a/src/test/java/org/jenkinsci/plugins/pretestedintegration/integration/scm/git/TestUtilsFactory.java
+++ b/src/test/java/org/jenkinsci/plugins/pretestedintegration/integration/scm/git/TestUtilsFactory.java
@@ -787,7 +787,10 @@ public static void unzipFunction(String destinationFolder, String zipFile) {
                 Boolean print = true;
                 while (entry != null) {
                     String entryName = entry.getName();
-                    File file = new File(destinationFolder + File.separator + entryName);
+                    File file = new File(destinationFolder, entryName);
+                    if (!file.toPath().normalize().startsWith(destinationFolder)) {
+                        throw new IOException("Bad zip entry");
+                    }
 
                     // only print first entry, the zip-file itself
                     if (print) {