Bugfix: fix code ql alert (kotlin) (#666)

<!-- Please provide brief information about the PR, what it contains &
its purpose, new behaviors after the change. And let us know here if you
need any help: https://github.com/microsoft/HydraLab/issues/new -->

## Description

<!-- A few words to explain your changes -->

### Linked GitHub issue ID: #  

## Pull Request Checklist
<!-- Put an x in the boxes that apply. This is simply a reminder of what
we are going to look for before merging your code. -->

- [ ] Tests for the changes have been added (for bug fixes / features)
- [x] Code compiles correctly with all tests are passed.
- [x] I've read the [contributing
guide](https://github.com/microsoft/HydraLab/blob/main/CONTRIBUTING.md#making-changes-to-the-code)
and followed the recommended practices.
- [ ] [Wikis](https://github.com/microsoft/HydraLab/wiki) or
[README](https://github.com/microsoft/HydraLab/blob/main/README.md) have
been reviewed and added / updated if needed (for bug fixes / features)

### Does this introduce a breaking change?
*If this introduces a breaking change for Hydra Lab users, please
describe the impact and migration path.*

- [ ] Yes
- [x] No

## How you tested it
*Please make sure the change is tested, you can test it by adding UTs,
do local test and share the screenshots, etc.*


Please check the type of change your PR introduces:
- [x] Bugfix
- [ ] Feature
- [ ] Technical design
- [ ] Build related changes
- [ ] Refactoring (no functional changes, no api changes)
- [ ] Code style update (formatting, renaming) or Documentation content
changes
- [ ] Other (please describe): 

### Feature UI screenshots or Technical design diagrams
*If this is a relatively large or complex change, kick it off by drawing
the tech design with PlantUML and explaining why you chose the solution
you did and what alternatives you considered, etc...*

Author: zhou9584

.github/workflows/codeql.yml

@@ -32,7 +32,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'java', 'javascript', 'python' ]
+        language: [ 'java', 'javascript', 'python', 'kotlin' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 

android_client/app/src/main/java/com/microsoft/hydralab/android/client/vpn/HydraLabVpnLogger.kt

@@ -8,6 +8,7 @@ import kotlinx.coroutines.launch
 import java.io.File
 import java.io.FileWriter
 import java.io.IOException
+import kotlin.io.path.Path
 
 class HydraLabVpnLogger(private var filePath: String?) {
     private var lines = mutableListOf<String>()
@@ -16,6 +17,13 @@ class HydraLabVpnLogger(private var filePath: String?) {
     init {
         if (filePath != null) {
             filePath = Environment.getExternalStorageDirectory().toString() + filePath
+
+            val publicFolder = Path(Environment.getExternalStorageDirectory().toString()).toString()
+            val fileUrl = Path(filePath.toString()).toString()
+            if (!fileUrl.startsWith(publicFolder + File.separator)) {
+                throw IllegalArgumentException("Invalid file path")
+            }
+
             val file = File(filePath ?: "")
             if (file.exists()) {
                 file.writeText("")