Fix policy bugs Null conditions and canonical names (#7021)

This PR fixes two different issues - Null condition implementation - HTTP Canonical request value names This PR fixes handling of null conditions and handle HTTP canonical names in request values. This PR was tested with policies mentioned in the following blog https://aws.amazon.com/blogs/security/how-to-prevent-uploads-of-unencrypted-objects-to-amazon-s3/ Fixes #6955
2025-11-25 20:16:10 -05:00 · 2018-12-26 02:03:28 -08:00
parent fb8d0d7cf7
commit 2db22deb93
6 changed files with 47 additions and 25 deletions
--- a/pkg/policy/condition/func_test.go
+++ b/pkg/policy/condition/func_test.go
@@ -53,12 +53,12 @@ func TestFunctionsEvaluate(t *testing.T) {
 		{case1Function, map[string][]string{
 			"x-amz-copy-source": {"mybucket/myobject"},
 			"SourceIp":          {"192.168.1.10"},
-		}, true},
+		}, false},
 		{case1Function, map[string][]string{
 			"x-amz-copy-source": {"mybucket/myobject"},
 			"SourceIp":          {"192.168.1.10"},
 			"Refer":             {"http://example.org/"},
-		}, true},
+		}, false},
 		{case1Function, map[string][]string{"x-amz-copy-source": {"mybucket/myobject"}}, false},
 		{case1Function, map[string][]string{"SourceIp": {"192.168.1.10"}}, false},
 		{case1Function, map[string][]string{
@@ -79,7 +79,7 @@ func TestFunctionsEvaluate(t *testing.T) {
 		result := testCase.functions.Evaluate(testCase.values)

 		if result != testCase.expectedResult {
-			t.Fatalf("case %v: expected: %v, got: %v\n", i+1, testCase.expectedResult, result)
+			t.Errorf("case %v: expected: %v, got: %v\n", i+1, testCase.expectedResult, result)
 		}
 	}
 }