Fix CVE-2022-25168

[th555555]

This PR addresses a critical security vulnerability (Command Injection) in the extractTarFileUsingTar method of CompressionUtils.

Modified extractTarFileUsingTar to use a stream-based approach that passes file content through stdin instead of passing file paths to shell commands
This approach eliminates the possibility of command injection via malicious file paths
Maintains the same functionality while improving security

References
https://www.cve.org/CVERecord?id=CVE-2022-25168
apache/hadoop@cae749b

This change is a trivial rework / code cleanup without any test coverage.

[flinkbot]

CI report:

• d10efa9 Azure: FAILURE

Bot commands

The @flinkbot bot supports the following commands:

• @flinkbot run azure re-run the last Azure build

[davidradl]

@th555555 Looking at our process , we need a Jira unless this is a hotfix. I suggest describing in more detail the approach you are taking in resolving this.

[davidradl]

the CI failure appears to be because of running out of space - I guess this is is either due to the fix or infrastructure (disk cleanup). If you think it is due to the disk needing cleating out - I suggest mailing the dev list.

[androidacy-user]

the CI failure appears to be because of running out of space - I guess this is is either due to the fix or infrastructure (disk cleanup). If you think it is due to the disk needing cleating out - I suggest mailing the dev list.

It's a bot. Don't bother.