False positive: Java: Uncontrolled data used in path expression

[JLLeitschuh]

Description of the false positive

This shouldn't be included because there is an adequate guard protecting against a path traversal payload.

Code samples or links to source code

    private Path indexRootPath(final String name) {
        final Path result = rootDir.resolve(name);
        if (result.startsWith(rootDir)) {
            return result;
        }
        throw new WebApplicationException(name + " attempts to escape from index root directory", Status.BAD_REQUEST);
    }

https://github.com/apache/couchdb/blob/43ab37ba6115851297de0804c563c1f0d23bf52a/nouveau/src/main/java/org/apache/couchdb/nouveau/core/IndexManager.java#L267-L273

URL to the alert on GitHub code scanning (optional)

https://github.com/Wolfi-Chainguard-Demo/apache__couchdb/security/code-scanning/6

[ginsbach]

Thank you for filing this issue!
The FP should be removed by #12886, so release 2.16.3 should resolve it.