mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
Check for value > 7 days in X-Amz-Expires header. (#5163)
Add a check to see if the X-Amz-Expires header in the presigned URL is less than 7 days. Fixes #5162
This commit is contained in:
parent
d10679866c
commit
f460eceb6d
@ -120,6 +120,7 @@ const (
|
||||
ErrBucketAlreadyExists
|
||||
ErrMetadataTooLarge
|
||||
ErrUnsupportedMetadata
|
||||
ErrMaximumExpires
|
||||
// Add new error codes here.
|
||||
|
||||
// Server-Side-Encryption (with Customer provided key) related API errors.
|
||||
@ -725,6 +726,11 @@ var errorCodeResponse = map[APIErrorCode]APIError{
|
||||
Description: errObjectTampered.Error(),
|
||||
HTTPStatusCode: http.StatusPartialContent,
|
||||
},
|
||||
ErrMaximumExpires: {
|
||||
Code: "AuthorizationQueryParametersError",
|
||||
Description: "X-Amz-Expires must be less than a week (in seconds); that is, the given X-Amz-Expires must be less than 604800 seconds",
|
||||
HTTPStatusCode: http.StatusBadRequest,
|
||||
},
|
||||
// Add your error structure here.
|
||||
}
|
||||
|
||||
|
@ -188,6 +188,11 @@ func parsePreSignV4(query url.Values) (psv preSignValues, aec APIErrorCode) {
|
||||
if preSignV4Values.Expires < 0 {
|
||||
return psv, ErrNegativeExpires
|
||||
}
|
||||
|
||||
// Check if Expiry time is less than 7 days (value in seconds).
|
||||
if preSignV4Values.Expires.Seconds() > 604800 {
|
||||
return psv, ErrMaximumExpires
|
||||
}
|
||||
// Save signed headers.
|
||||
preSignV4Values.SignedHeaders, err = parseSignedHeader("SignedHeaders=" + query.Get("X-Amz-SignedHeaders"))
|
||||
if err != ErrNone {
|
||||
|
@ -750,6 +750,30 @@ func TestParsePreSignV4(t *testing.T) {
|
||||
},
|
||||
expectedErrCode: ErrNone,
|
||||
},
|
||||
|
||||
// Test case - 9.
|
||||
// Test case with value greater than 604800 in X-Amz-Expires header.
|
||||
{
|
||||
inputQueryKeyVals: []string{
|
||||
// valid "X-Amz-Algorithm" header.
|
||||
"X-Amz-Algorithm", signV4Algorithm,
|
||||
// valid "X-Amz-Credential" header.
|
||||
"X-Amz-Credential", joinWithSlash(
|
||||
"Z7IXGOO6BZ0REAN1Q26I",
|
||||
sampleTimeStr,
|
||||
"us-west-1",
|
||||
"s3",
|
||||
"aws4_request"),
|
||||
// valid "X-Amz-Date" query.
|
||||
"X-Amz-Date", queryTime.UTC().Format(iso8601Format),
|
||||
// Invalid Expiry time greater than 7 days (604800 in seconds).
|
||||
"X-Amz-Expires", getDurationStr(605000),
|
||||
"X-Amz-Signature", "abcd",
|
||||
"X-Amz-SignedHeaders", "host;x-amz-content-sha256;x-amz-date",
|
||||
},
|
||||
expectedPreSignValues: preSignValues{},
|
||||
expectedErrCode: ErrMaximumExpires,
|
||||
},
|
||||
}
|
||||
|
||||
for i, testCase := range testCases {
|
||||
|
Loading…
Reference in New Issue
Block a user