MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Restrict access keys for users and groups to not allow '=' or ',' (#19749)

Browse Source 
* initial commit

* Add UTF check

---------

Co-authored-by: Harshavardhana <harsha@minio.io>
This commit is contained in:
Taran Pelkey
2024-05-28 13:14:16 -04:00
committed by GitHub
parent e5c83535af
commit 2d53854b19
6 changed files with 185 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/auth/credentials.go
View File

@@ -54,6 +54,8 @@ const (
// Total length of the alpha numeric table.
alphaNumericTableLen = byte(len(alphaNumericTable))
reservedChars = "=,"
)
// Common errors generated for access and secret key validation.
@@ -62,11 +64,17 @@ var (
ErrInvalidSecretKeyLength = fmt.Errorf("secret key length should be between %d and %d", secretKeyMinLen, secretKeyMaxLen)
ErrNoAccessKeyWithSecretKey = fmt.Errorf("access key must be specified if secret key is specified")
ErrNoSecretKeyWithAccessKey = fmt.Errorf("secret key must be specified if access key is specified")
ErrContainsReservedChars = fmt.Errorf("access key contains one of reserved characters '=' or ','")
)
// AnonymousCredentials simply points to empty credentials
var AnonymousCredentials = Credentials{}
// ContainsReservedChars - returns whether the input string contains reserved characters.
func ContainsReservedChars(s string) bool {
return strings.ContainsAny(s, reservedChars)
}
// IsAccessKeyValid - validate access key for right length.
func IsAccessKeyValid(accessKey string) bool {
return len(accessKey) >= accessKeyMinLen