You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by Al Ho <ah...@linkedin.com.INVALID> on 2016/04/09 00:48:10 UTC
VirtualFileSystem able to mkdir and chdir to non rooted directory
Hi SSHD team,
Not sure if this is a bug or not, but when I instantiate a new FileSystem
using the VirtualFileSystemFactory and RootedFileSystemProvider, as a user
on the box, I am able to mkdir and get/put files in parent (i.e.
non-subpath) paths of the supposed "root" if I do something like
sftp> pwd
Remote working directory: /
$ put ../thisismyfile
It seems like the resolveLocalPath which is supposed to throw an
InvalidPathException if the path is not a proper subpath of the rooted file
system needs to normalize the path in addition to doing it's nullity
checks. I was able to prevent this behavior by doing something like this,
but not sure if this is the best approach.
Any guidance/explanation would be appreciated. Thanks.
public class FixedRootedFileSystemProvider extends RootedFileSystemProvider {
private static final Logger LOG =
LoggerFactory.getLogger(FixedRootedFileSystemProvider.class);
public FixedRootedFileSystemProvider() { super(); }
@Override
protected Path resolveLocalPath(RootedPath path) {
Path resolvedLocalPath = super.resolveLocalPath(path);
return validateParent(path, resolvedLocalPath);
}
private Path validateParent(RootedPath path, Path localPath) throws
InvalidPathException {
RootedFileSystem rfs = path.getFileSystem();
Path root = rfs.getRoot();
if (!localPath.toAbsolutePath().normalize().startsWith(root.toAbsolutePath().normalize()))
{ //i.e. is not a REAL subpath
LOG.info("{} is not a subpath of the root FS path " +
root.toAbsolutePath().normalize(),
localPath.toAbsolutePath().normalize());
throw new InvalidPathException(localPath.toString(), "Invalid path");
}
return localPath;
}
}
Re: VirtualFileSystem able to mkdir and chdir to non rooted directory
Posted by Al Ho <ah...@linkedin.com.INVALID>.
Thanks Elijah, will do and will send an update along.
On Mon, Apr 11, 2016 at 9:50 AM, elijah baley <e_...@outlook.com> wrote:
> Will have to investigate (this will take time). Since you say you have
> unit tests the reproduce the problem, you can debug the code and see
> exactly why it happens. I recommend you do it with the source code for 1.2
> which is the latest one. Once you find the problem, please re-open SSHD-601
> and attache the patch...
>
> > Date: Mon, 11 Apr 2016 09:20:15 -0700
> > Subject: Re: VirtualFileSystem able to mkdir and chdir to non rooted
> directory
> > From: aho1@linkedin.com.INVALID
> > To: dev@mina.apache.org
> >
> > Thanks Elijah, I should have stated that I'm using version 1.1.0 on El
> > Capitan v 10.11.3:
> >
> > $ md5 sshd-core-1.1.0.jar
> > MD5 (sshd-core-1.1.0.jar) = 6e94f5cd80de88ddaaa80bb2ff3fa793
> >
> > I've written some unit tests (that's how I discovered the issue) on our
> end
> > here to check to see that an InvalidPathException is thrown using the
> code
> > above (it can be cleaned up, but is mostly the same).
> >
> > Maybe my version is out of date or there is still an issue?
> >
> > On Sat, Apr 9, 2016 at 12:45 AM, elijah baley <e_...@outlook.com>
> wrote:
> >
> > > This has been fixed in version 1.1 and up via SSHD-605
> > >
> > > > Date: Fri, 8 Apr 2016 15:48:10 -0700
> > > > Subject: VirtualFileSystem able to mkdir and chdir to non rooted
> > > directory
> > > > From: aho1@linkedin.com.INVALID
> > > > To: dev@mina.apache.org
> > > >
> > > > Hi SSHD team,
> > > >
> > > > Not sure if this is a bug or not, but when I instantiate a new
> FileSystem
> > > > using the VirtualFileSystemFactory and RootedFileSystemProvider, as a
> > > user
> > > > on the box, I am able to mkdir and get/put files in parent (i.e.
> > > > non-subpath) paths of the supposed "root" if I do something like
> > > >
> > > > sftp> pwd
> > > > Remote working directory: /
> > > >
> > > > $ put ../thisismyfile
> > > >
> > > > It seems like the resolveLocalPath which is supposed to throw an
> > > > InvalidPathException if the path is not a proper subpath of the
> rooted
> > > file
> > > > system needs to normalize the path in addition to doing it's nullity
> > > > checks. I was able to prevent this behavior by doing something like
> > > this,
> > > > but not sure if this is the best approach.
> > > >
> > > > Any guidance/explanation would be appreciated. Thanks.
> > > >
> > > > public class FixedRootedFileSystemProvider extends
> > > RootedFileSystemProvider {
> > > >
> > > > private static final Logger LOG =
> > > > LoggerFactory.getLogger(FixedRootedFileSystemProvider.class);
> > > >
> > > > public FixedRootedFileSystemProvider() { super(); }
> > > >
> > > > @Override
> > > > protected Path resolveLocalPath(RootedPath path) {
> > > > Path resolvedLocalPath = super.resolveLocalPath(path);
> > > > return validateParent(path, resolvedLocalPath);
> > > > }
> > > >
> > > > private Path validateParent(RootedPath path, Path localPath) throws
> > > > InvalidPathException {
> > > > RootedFileSystem rfs = path.getFileSystem();
> > > > Path root = rfs.getRoot();
> > > >
> > > > if
> > >
> (!localPath.toAbsolutePath().normalize().startsWith(root.toAbsolutePath().normalize()))
> > > > { //i.e. is not a REAL subpath
> > > > LOG.info("{} is not a subpath of the root FS path " +
> > > > root.toAbsolutePath().normalize(),
> > > > localPath.toAbsolutePath().normalize());
> > > > throw new InvalidPathException(localPath.toString(), "Invalid
> > > path");
> > > > }
> > > > return localPath;
> > > > }
> > > > }
> > >
> > >
>
>
RE: VirtualFileSystem able to mkdir and chdir to non rooted
directory
Posted by elijah baley <e_...@outlook.com>.
Will have to investigate (this will take time). Since you say you have unit tests the reproduce the problem, you can debug the code and see exactly why it happens. I recommend you do it with the source code for 1.2 which is the latest one. Once you find the problem, please re-open SSHD-601 and attache the patch...
> Date: Mon, 11 Apr 2016 09:20:15 -0700
> Subject: Re: VirtualFileSystem able to mkdir and chdir to non rooted directory
> From: aho1@linkedin.com.INVALID
> To: dev@mina.apache.org
>
> Thanks Elijah, I should have stated that I'm using version 1.1.0 on El
> Capitan v 10.11.3:
>
> $ md5 sshd-core-1.1.0.jar
> MD5 (sshd-core-1.1.0.jar) = 6e94f5cd80de88ddaaa80bb2ff3fa793
>
> I've written some unit tests (that's how I discovered the issue) on our end
> here to check to see that an InvalidPathException is thrown using the code
> above (it can be cleaned up, but is mostly the same).
>
> Maybe my version is out of date or there is still an issue?
>
> On Sat, Apr 9, 2016 at 12:45 AM, elijah baley <e_...@outlook.com> wrote:
>
> > This has been fixed in version 1.1 and up via SSHD-605
> >
> > > Date: Fri, 8 Apr 2016 15:48:10 -0700
> > > Subject: VirtualFileSystem able to mkdir and chdir to non rooted
> > directory
> > > From: aho1@linkedin.com.INVALID
> > > To: dev@mina.apache.org
> > >
> > > Hi SSHD team,
> > >
> > > Not sure if this is a bug or not, but when I instantiate a new FileSystem
> > > using the VirtualFileSystemFactory and RootedFileSystemProvider, as a
> > user
> > > on the box, I am able to mkdir and get/put files in parent (i.e.
> > > non-subpath) paths of the supposed "root" if I do something like
> > >
> > > sftp> pwd
> > > Remote working directory: /
> > >
> > > $ put ../thisismyfile
> > >
> > > It seems like the resolveLocalPath which is supposed to throw an
> > > InvalidPathException if the path is not a proper subpath of the rooted
> > file
> > > system needs to normalize the path in addition to doing it's nullity
> > > checks. I was able to prevent this behavior by doing something like
> > this,
> > > but not sure if this is the best approach.
> > >
> > > Any guidance/explanation would be appreciated. Thanks.
> > >
> > > public class FixedRootedFileSystemProvider extends
> > RootedFileSystemProvider {
> > >
> > > private static final Logger LOG =
> > > LoggerFactory.getLogger(FixedRootedFileSystemProvider.class);
> > >
> > > public FixedRootedFileSystemProvider() { super(); }
> > >
> > > @Override
> > > protected Path resolveLocalPath(RootedPath path) {
> > > Path resolvedLocalPath = super.resolveLocalPath(path);
> > > return validateParent(path, resolvedLocalPath);
> > > }
> > >
> > > private Path validateParent(RootedPath path, Path localPath) throws
> > > InvalidPathException {
> > > RootedFileSystem rfs = path.getFileSystem();
> > > Path root = rfs.getRoot();
> > >
> > > if
> > (!localPath.toAbsolutePath().normalize().startsWith(root.toAbsolutePath().normalize()))
> > > { //i.e. is not a REAL subpath
> > > LOG.info("{} is not a subpath of the root FS path " +
> > > root.toAbsolutePath().normalize(),
> > > localPath.toAbsolutePath().normalize());
> > > throw new InvalidPathException(localPath.toString(), "Invalid
> > path");
> > > }
> > > return localPath;
> > > }
> > > }
> >
> >
Re: VirtualFileSystem able to mkdir and chdir to non rooted directory
Posted by Al Ho <ah...@linkedin.com.INVALID>.
Thanks Elijah, I should have stated that I'm using version 1.1.0 on El
Capitan v 10.11.3:
$ md5 sshd-core-1.1.0.jar
MD5 (sshd-core-1.1.0.jar) = 6e94f5cd80de88ddaaa80bb2ff3fa793
I've written some unit tests (that's how I discovered the issue) on our end
here to check to see that an InvalidPathException is thrown using the code
above (it can be cleaned up, but is mostly the same).
Maybe my version is out of date or there is still an issue?
On Sat, Apr 9, 2016 at 12:45 AM, elijah baley <e_...@outlook.com> wrote:
> This has been fixed in version 1.1 and up via SSHD-605
>
> > Date: Fri, 8 Apr 2016 15:48:10 -0700
> > Subject: VirtualFileSystem able to mkdir and chdir to non rooted
> directory
> > From: aho1@linkedin.com.INVALID
> > To: dev@mina.apache.org
> >
> > Hi SSHD team,
> >
> > Not sure if this is a bug or not, but when I instantiate a new FileSystem
> > using the VirtualFileSystemFactory and RootedFileSystemProvider, as a
> user
> > on the box, I am able to mkdir and get/put files in parent (i.e.
> > non-subpath) paths of the supposed "root" if I do something like
> >
> > sftp> pwd
> > Remote working directory: /
> >
> > $ put ../thisismyfile
> >
> > It seems like the resolveLocalPath which is supposed to throw an
> > InvalidPathException if the path is not a proper subpath of the rooted
> file
> > system needs to normalize the path in addition to doing it's nullity
> > checks. I was able to prevent this behavior by doing something like
> this,
> > but not sure if this is the best approach.
> >
> > Any guidance/explanation would be appreciated. Thanks.
> >
> > public class FixedRootedFileSystemProvider extends
> RootedFileSystemProvider {
> >
> > private static final Logger LOG =
> > LoggerFactory.getLogger(FixedRootedFileSystemProvider.class);
> >
> > public FixedRootedFileSystemProvider() { super(); }
> >
> > @Override
> > protected Path resolveLocalPath(RootedPath path) {
> > Path resolvedLocalPath = super.resolveLocalPath(path);
> > return validateParent(path, resolvedLocalPath);
> > }
> >
> > private Path validateParent(RootedPath path, Path localPath) throws
> > InvalidPathException {
> > RootedFileSystem rfs = path.getFileSystem();
> > Path root = rfs.getRoot();
> >
> > if
> (!localPath.toAbsolutePath().normalize().startsWith(root.toAbsolutePath().normalize()))
> > { //i.e. is not a REAL subpath
> > LOG.info("{} is not a subpath of the root FS path " +
> > root.toAbsolutePath().normalize(),
> > localPath.toAbsolutePath().normalize());
> > throw new InvalidPathException(localPath.toString(), "Invalid
> path");
> > }
> > return localPath;
> > }
> > }
>
>
RE: VirtualFileSystem able to mkdir and chdir to non rooted
directory
Posted by elijah baley <e_...@outlook.com>.
This has been fixed in version 1.1 and up via SSHD-605
> Date: Fri, 8 Apr 2016 15:48:10 -0700
> Subject: VirtualFileSystem able to mkdir and chdir to non rooted directory
> From: aho1@linkedin.com.INVALID
> To: dev@mina.apache.org
>
> Hi SSHD team,
>
> Not sure if this is a bug or not, but when I instantiate a new FileSystem
> using the VirtualFileSystemFactory and RootedFileSystemProvider, as a user
> on the box, I am able to mkdir and get/put files in parent (i.e.
> non-subpath) paths of the supposed "root" if I do something like
>
> sftp> pwd
> Remote working directory: /
>
> $ put ../thisismyfile
>
> It seems like the resolveLocalPath which is supposed to throw an
> InvalidPathException if the path is not a proper subpath of the rooted file
> system needs to normalize the path in addition to doing it's nullity
> checks. I was able to prevent this behavior by doing something like this,
> but not sure if this is the best approach.
>
> Any guidance/explanation would be appreciated. Thanks.
>
> public class FixedRootedFileSystemProvider extends RootedFileSystemProvider {
>
> private static final Logger LOG =
> LoggerFactory.getLogger(FixedRootedFileSystemProvider.class);
>
> public FixedRootedFileSystemProvider() { super(); }
>
> @Override
> protected Path resolveLocalPath(RootedPath path) {
> Path resolvedLocalPath = super.resolveLocalPath(path);
> return validateParent(path, resolvedLocalPath);
> }
>
> private Path validateParent(RootedPath path, Path localPath) throws
> InvalidPathException {
> RootedFileSystem rfs = path.getFileSystem();
> Path root = rfs.getRoot();
>
> if (!localPath.toAbsolutePath().normalize().startsWith(root.toAbsolutePath().normalize()))
> { //i.e. is not a REAL subpath
> LOG.info("{} is not a subpath of the root FS path " +
> root.toAbsolutePath().normalize(),
> localPath.toAbsolutePath().normalize());
> throw new InvalidPathException(localPath.toString(), "Invalid path");
> }
> return localPath;
> }
> }