This has been fixed in version 1.1 and up via SSHD-605
> Date: Fri, 8 Apr 2016 15:48:10 -0700
> Subject: VirtualFileSystem able to mkdir and chdir to non rooted directory
> From: a...@linkedin.com.INVALID
> To: dev@mina.apache.org
>
> Hi SSHD team,
>
> Not sure if this is a bug or not, but when I instantiate a new FileSystem
> using the VirtualFileSystemFactory and RootedFileSystemProvider, as a user
> on the box, I am able to mkdir and get/put files in parent (i.e.
> non-subpath) paths of the supposed "root" if I do something like
>
> sftp> pwd
> Remote working directory: /
>
> $ put ../thisismyfile
>
> It seems like the resolveLocalPath which is supposed to throw an
> InvalidPathException if the path is not a proper subpath of the rooted file
> system needs to normalize the path in addition to doing it's nullity
> checks. I was able to prevent this behavior by doing something like this,
> but not sure if this is the best approach.
>
> Any guidance/explanation would be appreciated. Thanks.
>
> public class FixedRootedFileSystemProvider extends RootedFileSystemProvider {
>
> private static final Logger LOG =
> LoggerFactory.getLogger(FixedRootedFileSystemProvider.class);
>
> public FixedRootedFileSystemProvider() { super(); }
>
> @Override
> protected Path resolveLocalPath(RootedPath path) {
> Path resolvedLocalPath = super.resolveLocalPath(path);
> return validateParent(path, resolvedLocalPath);
> }
>
> private Path validateParent(RootedPath path, Path localPath) throws
> InvalidPathException {
> RootedFileSystem rfs = path.getFileSystem();
> Path root = rfs.getRoot();
>
> if
> (!localPath.toAbsolutePath().normalize().startsWith(root.toAbsolutePath().normalize()))
> { //i.e. is not a REAL subpath
> LOG.info("{} is not a subpath of the root FS path " +
> root.toAbsolutePath().normalize(),
> localPath.toAbsolutePath().normalize());
> throw new InvalidPathException(localPath.toString(), "Invalid path");
> }
> return localPath;
> }
> }
