MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-08 13:45:37 -04:00
Code Issues Packages Projects Releases Wiki Activity

s3: Return invalid bucket name the first thing in all S3 calls (#17742)

Browse Source
This commit is contained in:
Anis Eleuch 2023-07-28 18:49:20 +01:00 committed by GitHub
parent 114fab4c70
commit 7057d00a28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/bucket-handlers_test.go
View File

@ -355,7 +355,7 @@ func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName s
maxUploads: "0", maxUploads: "0",
accessKey: credentials.AccessKey, accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusBadRequest,
shouldPass: false, shouldPass: false,
}, },
// Test case - 2. // Test case - 2.

6
cmd/bucket-policy-handlers_test.go
View File

@ -289,7 +289,7 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)), policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
accessKey: credentials.AccessKey, accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusBadRequest,
}, },
// Test case - 10. // Test case - 10.
// Existent bucket with policy with Version field empty. // Existent bucket with policy with Version field empty.
@ -463,7 +463,7 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
accessKey: credentials.AccessKey, accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey, secretKey: credentials.SecretKey,
expectedBucketPolicy: "", expectedBucketPolicy: "",
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusBadRequest,
}, },
} }
// Iterating over the cases, fetching the policy and validating the response. // Iterating over the cases, fetching the policy and validating the response.
@ -686,7 +686,7 @@ func testDeleteBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName str
bucketName: ".invalid-bucket-name", bucketName: ".invalid-bucket-name",
accessKey: credentials.AccessKey, accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey, secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusNotFound, expectedRespStatus: http.StatusBadRequest,
}, },
} }
// Iterating over the cases and deleting the bucket policy and then asserting response. // Iterating over the cases and deleting the bucket policy and then asserting response.

12
cmd/generic-handlers.go
View File

@ -29,6 +29,7 @@ import (
"time" "time"
"github.com/dustin/go-humanize" "github.com/dustin/go-humanize"
"github.com/minio/minio-go/v7/pkg/s3utils"
"github.com/minio/minio-go/v7/pkg/set" "github.com/minio/minio-go/v7/pkg/set"
xnet "github.com/minio/pkg/net" xnet "github.com/minio/pkg/net"
@ -400,6 +401,17 @@ func setRequestValidityMiddleware(h http.Handler) http.Handler {
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrAllAccessDisabled), r.URL) writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrAllAccessDisabled), r.URL)
return return
} }
} else {
// Validate bucket names if it is not empty
if bucketName != "" && s3utils.CheckValidBucketNameStrict(bucketName) != nil {
if ok {
tc.FuncName = "handler.ValidRequest"
tc.ResponseRecorder.LogErrBody = true
}
defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrInvalidBucketName), r.URL)
return
}
} }
// Deny SSE-C requests if not made over TLS // Deny SSE-C requests if not made over TLS
if !globalIsTLS && (crypto.SSEC.IsRequested(r.Header) || crypto.SSECopy.IsRequested(r.Header)) { if !globalIsTLS && (crypto.SSEC.IsRequested(r.Header) || crypto.SSECopy.IsRequested(r.Header)) {