lgoldstein commented on code in PR #362:
URL: https://github.com/apache/mina-sshd/pull/362#discussion_r1174607919
##########
sshd-common/src/main/java/org/apache/sshd/common/util/io/IoUtils.java:
##########
@@ -637,4 +677,75 @@ public static List<String> readAllLines(BufferedReader
reader, int lineCountHint
}
return result;
}
+
+ /**
+ * Chroot a path under the new root
+ *
+ * @param newRoot the new root
+ * @param toSanitize the path to sanitize and chroot
+ * @return the chrooted path under the newRoot filesystem
+ */
+ public static Path chroot(Path newRoot, Path toSanitize) {
+ Objects.requireNonNull(newRoot);
+ Objects.requireNonNull(toSanitize);
+ List<String> sanitized = removeExtraCdUps(toSanitize);
+ return buildPath(newRoot, newRoot.getFileSystem(), sanitized);
+ }
+
+ /**
+ * Remove any extra directory ups from the Path
+ *
+ * @param toSanitize the path to sanitize
+ * @return the sanitized path
+ */
+ public static Path removeCdUpAboveRoot(Path toSanitize) {
+ List<String> sanitized = removeExtraCdUps(toSanitize);
+ return buildPath(toSanitize.getRoot(), toSanitize.getFileSystem(),
sanitized);
+ }
+
+ private static List<String> removeExtraCdUps(Path toResolve) {
+ List<String> newNames = new ArrayList<>(toResolve.getNameCount());
+
+ int numCdUps = 0;
+ int numDirParts = 0;
+ for (int i = 0; i < toResolve.getNameCount(); i++) {
+ String name = toResolve.getName(i).toString();
+ if ("..".equals(name)) {
+ // If we have more cdups than dir parts, so we ignore the ".."
to avoid jail escapes
+ if (numDirParts > numCdUps) {
+ ++numCdUps;
+ newNames.add(name);
+ }
+ } else {
+ // if the current directory is a part of the name, don't
increment number of dir parts, as it doesn't
+ // add to the number of ".."s that can be present before the
root
+ if (!".".equals(name)) {
+ ++numDirParts;
+ }
+ newNames.add(name);
+ }
+ }
+ return newNames;
+ }
+
+ private static Path buildPath(Path root, FileSystem fs, List<String>
namesList) {
Review Comment:
It is a matter of style - I believe in total user responsibility - that is
why I allow a *Collection* - I see it the **user**'s responsibility to enforce
order. If the user wants to use a *Set* then it is his/her responsibility. You
seem to adopt a more paternalistic approach that feels that one should protect
users from themselves. It is a valid approach, but one that I do not subscribe
to as (IMO) it inevitably leads to rigid code. My approach is simple: use the
"weakest" parameter that you need to achieve your goal - the user is
responsible for correct invocation.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
