mirror
/
s3proxy
kopia lustrzana https://github.com/gaul/s3proxy
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Munge / key to container name 

Filesystems cannot support this path but we can support s3fs's use
case for setting different user metadata.  References
s3fs-fuse/s3fs-fuse#2656.
pull/846/head
Andrew Gaul 2025-08-21 13:38:29 -07:00
rodzic aadba1f438
commit cc4cbfe4cf
1 zmienionych plików z 17 dodań i 2 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

19
src/main/java/org/gaul/s3proxy/nio2blob/AbstractNio2BlobStore.java
Wyświetl plik

@ -352,6 +352,9 @@ public abstract class AbstractNio2BlobStore extends BaseBlobStore {
var containerPath = root.resolve(container); var containerPath = root.resolve(container);
var path = containerPath.resolve(key); var path = containerPath.resolve(key);
if (path.toString().equals("/")) {
path = containerPath;
}
checkValidPath(containerPath, path); checkValidPath(containerPath, path);
logger.debug("Getting blob at: {}", path); logger.debug("Getting blob at: {}", path);
@ -539,7 +542,10 @@ public abstract class AbstractNio2BlobStore extends BaseBlobStore {
} }
var containerPath = root.resolve(container); var containerPath = root.resolve(container);
var path = containerPath.resolve(blob.getMetadata().getName()); var path = containerPath.resolve(blob.getMetadata().getName()).normalize();
if (path.toString().equals("/")) {
path = containerPath;
}
checkValidPath(containerPath, path); checkValidPath(containerPath, path);
// TODO: should we use a known suffix to filter these out during list? // TODO: should we use a known suffix to filter these out during list?
var tmpPath = root.resolve(container).resolve(blob.getMetadata().getName() + "-" + UUID.randomUUID()); var tmpPath = root.resolve(container).resolve(blob.getMetadata().getName() + "-" + UUID.randomUUID());
@ -706,6 +712,9 @@ public abstract class AbstractNio2BlobStore extends BaseBlobStore {
try { try {
var containerPath = root.resolve(container); var containerPath = root.resolve(container);
var path = containerPath.resolve(key).normalize(); var path = containerPath.resolve(key).normalize();
if (path.toString().equals("/")) {
path = containerPath;
}
checkValidPath(containerPath, path); checkValidPath(containerPath, path);
logger.debug("Deleting blob at: {}", path); logger.debug("Deleting blob at: {}", path);
Files.delete(path); Files.delete(path);
@ -793,6 +802,9 @@ public abstract class AbstractNio2BlobStore extends BaseBlobStore {
var containerPath = root.resolve(container); var containerPath = root.resolve(container);
var path = containerPath.resolve(key).normalize(); var path = containerPath.resolve(key).normalize();
if (path.toString().equals("/")) {
path = containerPath;
}
checkValidPath(containerPath, path); checkValidPath(containerPath, path);
Set<PosixFilePermission> permissions; Set<PosixFilePermission> permissions;
@ -819,6 +831,9 @@ public abstract class AbstractNio2BlobStore extends BaseBlobStore {
var containerPath = root.resolve(container); var containerPath = root.resolve(container);
var path = containerPath.resolve(key).normalize(); var path = containerPath.resolve(key).normalize();
if (path.toString().equals("/")) {
path = containerPath;
}
checkValidPath(containerPath, path); checkValidPath(containerPath, path);
Set<PosixFilePermission> permissions; Set<PosixFilePermission> permissions;
@ -1152,7 +1167,7 @@ public abstract class AbstractNio2BlobStore extends BaseBlobStore {
private static void checkValidPath(Path container, Path path) { private static void checkValidPath(Path container, Path path) {
if (!path.normalize().startsWith(container)) { if (!path.normalize().startsWith(container)) {
throw new IllegalArgumentException("Invalid key name: path traversal attempt detected: " + path); throw new IllegalArgumentException("Invalid key name: path traversal attempt detected: " + container + " " + path);
} }
} }
} }