This has been fixed in version 1.1 and up via SSHD-605
> Date: Fri, 8 Apr 2016 15:48:10 -0700 > Subject: VirtualFileSystem able to mkdir and chdir to non rooted directory > From: a...@linkedin.com.INVALID > To: dev@mina.apache.org > > Hi SSHD team, > > Not sure if this is a bug or not, but when I instantiate a new FileSystem > using the VirtualFileSystemFactory and RootedFileSystemProvider, as a user > on the box, I am able to mkdir and get/put files in parent (i.e. > non-subpath) paths of the supposed "root" if I do something like > > sftp> pwd > Remote working directory: / > > $ put ../thisismyfile > > It seems like the resolveLocalPath which is supposed to throw an > InvalidPathException if the path is not a proper subpath of the rooted file > system needs to normalize the path in addition to doing it's nullity > checks. I was able to prevent this behavior by doing something like this, > but not sure if this is the best approach. > > Any guidance/explanation would be appreciated. Thanks. > > public class FixedRootedFileSystemProvider extends RootedFileSystemProvider { > > private static final Logger LOG = > LoggerFactory.getLogger(FixedRootedFileSystemProvider.class); > > public FixedRootedFileSystemProvider() { super(); } > > @Override > protected Path resolveLocalPath(RootedPath path) { > Path resolvedLocalPath = super.resolveLocalPath(path); > return validateParent(path, resolvedLocalPath); > } > > private Path validateParent(RootedPath path, Path localPath) throws > InvalidPathException { > RootedFileSystem rfs = path.getFileSystem(); > Path root = rfs.getRoot(); > > if > (!localPath.toAbsolutePath().normalize().startsWith(root.toAbsolutePath().normalize())) > { //i.e. is not a REAL subpath > LOG.info("{} is not a subpath of the root FS path " + > root.toAbsolutePath().normalize(), > localPath.toAbsolutePath().normalize()); > throw new InvalidPathException(localPath.toString(), "Invalid path"); > } > return localPath; > } > }