mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Al Ho <a...@linkedin.com.INVALID>
Subject Re: VirtualFileSystem able to mkdir and chdir to non rooted directory
Date Mon, 11 Apr 2016 16:20:15 GMT
Thanks Elijah, I should have stated that I'm using version 1.1.0 on El
Capitan v 10.11.3:

$ md5 sshd-core-1.1.0.jar
MD5 (sshd-core-1.1.0.jar) = 6e94f5cd80de88ddaaa80bb2ff3fa793

I've written some unit tests (that's how I discovered the issue) on our end
here to check to see that an InvalidPathException is thrown using the code
above (it can be cleaned up, but is mostly the same).

Maybe my version is out of date or there is still an issue?

On Sat, Apr 9, 2016 at 12:45 AM, elijah baley <e_baley@outlook.com> wrote:

> This has been fixed in version 1.1 and up via SSHD-605
>
> > Date: Fri, 8 Apr 2016 15:48:10 -0700
> > Subject: VirtualFileSystem able to mkdir and chdir to non rooted
> directory
> > From: aho1@linkedin.com.INVALID
> > To: dev@mina.apache.org
> >
> > Hi SSHD team,
> >
> > Not sure if this is a bug or not, but when I instantiate a new FileSystem
> > using the VirtualFileSystemFactory and RootedFileSystemProvider, as a
> user
> > on the box, I am able to mkdir and get/put files in parent (i.e.
> > non-subpath) paths of the supposed "root" if I do something like
> >
> > sftp> pwd
> > Remote working directory: /
> >
> > $ put ../thisismyfile
> >
> > It seems like the resolveLocalPath which is supposed to throw an
> > InvalidPathException if the path is not a proper subpath of the rooted
> file
> > system needs to normalize the path in addition to doing it's nullity
> > checks.  I was able to prevent this behavior by doing something like
> this,
> > but not sure if this is the best approach.
> >
> > Any guidance/explanation would be appreciated.  Thanks.
> >
> > public class FixedRootedFileSystemProvider extends
> RootedFileSystemProvider {
> >
> >   private static final Logger LOG =
> > LoggerFactory.getLogger(FixedRootedFileSystemProvider.class);
> >
> >   public FixedRootedFileSystemProvider() { super(); }
> >
> >   @Override
> >   protected Path resolveLocalPath(RootedPath path) {
> >     Path resolvedLocalPath = super.resolveLocalPath(path);
> >     return validateParent(path, resolvedLocalPath);
> >   }
> >
> >   private Path validateParent(RootedPath path, Path localPath) throws
> > InvalidPathException {
> >     RootedFileSystem rfs = path.getFileSystem();
> >     Path root = rfs.getRoot();
> >
> >     if
> (!localPath.toAbsolutePath().normalize().startsWith(root.toAbsolutePath().normalize()))
> > { //i.e. is not a REAL subpath
> >       LOG.info("{} is not a subpath of the root FS path " +
> > root.toAbsolutePath().normalize(),
> > localPath.toAbsolutePath().normalize());
> >       throw new InvalidPathException(localPath.toString(), "Invalid
> path");
> >     }
> >     return localPath;
> >   }
> > }
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message