mirror
/
s3proxy
kopia lustrzana https://github.com/gaul/s3proxy
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Validate bucket name before processing any request

pull/207/merge
Chaithanya Ganta 2017-05-24 22:59:48 +05:30 zatwierdzone przez Andrew Gaul
rodzic 742820a93d
commit 6b92cc06f4
1 zmienionych plików z 16 dodań i 7 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

23
src/main/java/org/gaul/s3proxy/S3ProxyHandler.java
Wyświetl plik

@ -274,6 +274,18 @@ public class S3ProxyHandler {
return blobStore.getContext().unwrap().getProviderMetadata().getId();
}
private static boolean isValidContainer(String containerName) {
if (containerName == null ||
containerName.length() < 3 || containerName.length() > 255 ||
containerName.startsWith(".") || containerName.endsWith(".") ||
validateIpAddress(containerName) ||
!VALID_BUCKET_FIRST_CHAR.matches(containerName.charAt(0)) ||
!VALID_BUCKET.matchesAllOf(containerName)) {
return false;
}
return true;
}
public final void doHandle(HttpServletRequest baseRequest,
HttpServletRequest request, HttpServletResponse response,
InputStream is) throws IOException, S3Exception {
@ -547,6 +559,10 @@ public class S3ProxyHandler {
}
}
if (!uri.equals("/") && !isValidContainer(path[1])) {
throw new S3Exception(S3ErrorCode.INVALID_BUCKET_NAME);
}
String uploadId = request.getParameter("uploadId");
switch (method) {
case "DELETE":
@ -1096,13 +1112,6 @@ public class S3ProxyHandler {
if (containerName.isEmpty()) {
throw new S3Exception(S3ErrorCode.METHOD_NOT_ALLOWED);
}
if (containerName.length() < 3 || containerName.length() > 255 ||
containerName.startsWith(".") || containerName.endsWith(".") ||
validateIpAddress(containerName) ||
!VALID_BUCKET_FIRST_CHAR.matches(containerName.charAt(0)) ||
!VALID_BUCKET.matchesAllOf(containerName)) {
throw new S3Exception(S3ErrorCode.INVALID_BUCKET_NAME);
}
String contentLengthString = request.getHeader(
HttpHeaders.CONTENT_LENGTH);