MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2024-12-25 22:55:54 -05:00
Code Issues Packages Projects Releases Wiki Activity

Return error when attempting to create a policy with commas in name (#20724)

Browse Source
This commit is contained in:
Taran Pelkey 2024-12-04 06:51:26 -05:00 committed by GitHub
parent eddbe6bca2
commit aff2a76d80
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 218 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/admin-handlers-users.go
View File

@ -1719,6 +1719,12 @@ func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request
} }
setReqInfoPolicyName(ctx, policyName) setReqInfoPolicyName(ctx, policyName)
// Reject policy names with commas.
if strings.Contains(policyName, ",") {
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrPolicyInvalidName), r.URL)
return
}
// Error out if Content-Length is missing. // Error out if Content-Length is missing.
if r.ContentLength <= 0 { if r.ContentLength <= 0 {
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrMissingContentLength), r.URL) writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrMissingContentLength), r.URL)

6
cmd/admin-handlers-users_test.go
View File

@ -716,6 +716,12 @@ func (s *TestSuiteIAM) TestCannedPolicies(c *check) {
c.Fatalf("policy info err: %v", err) c.Fatalf("policy info err: %v", err)
} }
// Check that policy with comma is rejected.
err = s.adm.AddCannedPolicy(ctx, "invalid,policy", policyBytes)
if err == nil {
c.Fatalf("invalid policy created successfully")
}
infoStr := string(info) infoStr := string(info)
if !strings.Contains(infoStr, `"s3:PutObject"`) || !strings.Contains(infoStr, ":"+bucket+"/") { if !strings.Contains(infoStr, `"s3:PutObject"`) || !strings.Contains(infoStr, ":"+bucket+"/") {
c.Fatalf("policy contains unexpected content!") c.Fatalf("policy contains unexpected content!")

6
cmd/api-errors.go
View File

@ -213,6 +213,7 @@ const (
ErrPolicyAlreadyAttached ErrPolicyAlreadyAttached
ErrPolicyNotAttached ErrPolicyNotAttached
ErrExcessData ErrExcessData
ErrPolicyInvalidName
// Add new error codes here. // Add new error codes here.
// SSE-S3/SSE-KMS related API errors // SSE-S3/SSE-KMS related API errors
@ -561,6 +562,11 @@ var errorCodes = errorCodeMap{
Description: "More data provided than indicated content length", Description: "More data provided than indicated content length",
HTTPStatusCode: http.StatusBadRequest, HTTPStatusCode: http.StatusBadRequest,
}, },
ErrPolicyInvalidName: {
Code: "PolicyInvalidName",
Description: "Policy name may not contain comma",
HTTPStatusCode: http.StatusBadRequest,
},
ErrPolicyTooLarge: { ErrPolicyTooLarge: {
Code: "PolicyTooLarge", Code: "PolicyTooLarge",
Description: "Policy exceeds the maximum allowed document size.", Description: "Policy exceeds the maximum allowed document size.",

399
cmd/apierrorcode_string.go
View File

File diff suppressed because one or more lines are too long