Normalize local path in Kyuubi server

Authored-by: Hiroki Egawa <hiegawa@lycorp.co.jp>
Signed-off-by: Akira Ajisaka <aajisaka@apache.org>

Author: aajisaka

kyuubi-server/src/main/scala/org/apache/kyuubi/engine/KyuubiApplicationManager.scala

@@ -19,7 +19,7 @@ package org.apache.kyuubi.engine
 
 import java.io.File
 import java.net.{URI, URISyntaxException}
-import java.nio.file.{Files, Path}
+import java.nio.file.{Files, Path, Paths}
 import java.util.Locale
 
 import scala.util.control.NonFatal
@@ -163,7 +163,7 @@ object KyuubiApplicationManager {
             s"Relative path ${uri.getPath} is not allowed, please use absolute path.")
         }
 
-        if (!localDirAllowList.exists(uri.getPath.startsWith(_))) {
+        if (!localDirAllowList.exists(Paths.get(uri.getPath).normalize.startsWith(_))) {
           throw new KyuubiException(
             s"The file ${uri.getPath} to access is not in the local dir allow list" +
               s" [${localDirAllowList.mkString(",")}].")

kyuubi-server/src/test/scala/org/apache/kyuubi/engine/KyuubiApplicationManagerSuite.scala

@@ -38,6 +38,13 @@ class KyuubiApplicationManagerSuite extends KyuubiFunSuite {
     assert(e.getMessage.contains("is not in the local dir allow list"))
     KyuubiApplicationManager.checkApplicationAccessPath(path, noLocalDirLimitConf)
 
+    path = "/apache/kyuubi/../a.jar"
+    e = intercept[KyuubiException] {
+      KyuubiApplicationManager.checkApplicationAccessPath(path, localDirLimitConf)
+    }
+    assert(e.getMessage.contains("is not in the local dir allow list"))
+    KyuubiApplicationManager.checkApplicationAccessPath(path, noLocalDirLimitConf)
+
     path = "hdfs:/apache/kyuubijar"
     KyuubiApplicationManager.checkApplicationAccessPath(path, localDirLimitConf)
     KyuubiApplicationManager.checkApplicationAccessPath(path, noLocalDirLimitConf)