Skip to content

Commit

Permalink
server: Validate path for bad components in a handler. (minio#4170)
Browse files Browse the repository at this point in the history
  • Loading branch information
harshavardhana authored Apr 25, 2017
1 parent 0d1e2ab commit 48aa2ac
Show file tree
Hide file tree
Showing 9 changed files with 135 additions and 10 deletions.
8 changes: 7 additions & 1 deletion cmd/api-errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,7 @@ const (
ErrObjectExistsAsDirectory
ErrPolicyNesting
ErrInvalidObjectName
ErrInvalidResourceName
ErrServerNotInitialized
// Add new extended error codes here.
// Please open a https://github.com/minio/minio/issues before adding
Expand Down Expand Up @@ -588,7 +589,12 @@ var errorCodeResponse = map[APIErrorCode]APIError{
},
ErrInvalidObjectName: {
Code: "XMinioInvalidObjectName",
Description: "Object name contains unsupported characters. Unsupported characters are `^*|\\\"",
Description: "Object name contains unsupported characters.",
HTTPStatusCode: http.StatusBadRequest,
},
ErrInvalidResourceName: {
Code: "XMinioInvalidResourceName",
Description: "Resource name contains bad components such as \"..\" or \".\".",
HTTPStatusCode: http.StatusBadRequest,
},
ErrServerNotInitialized: {
Expand Down
49 changes: 49 additions & 0 deletions cmd/generic-handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -419,3 +419,52 @@ func (h httpStatsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Update http statistics
globalHTTPStats.updateStats(r, ww, durationSecs)
}

// pathValidityHandler validates all the incoming paths for
// any bad components and rejects them.
type pathValidityHandler struct {
handler http.Handler
}

func setPathValidityHandler(h http.Handler) http.Handler {
return pathValidityHandler{handler: h}
}

// Bad path components to be rejected by the path validity handler.
const (
dotdotComponent = ".."
dotComponent = "."
)

// Check if the incoming path has bad path components,
// such as ".." and "."
func hasBadPathComponent(path string) bool {
path = strings.TrimSpace(path)
for _, p := range strings.Split(path, slashSeparator) {
switch strings.TrimSpace(p) {
case dotdotComponent:
return true
case dotComponent:
return true
}
}
return false
}

func (h pathValidityHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// Check for bad components in URL path.
if hasBadPathComponent(r.URL.Path) {
writeErrorResponse(w, ErrInvalidResourceName, r.URL)
return
}
// Check for bad components in URL query values.
for _, vv := range r.URL.Query() {
for _, v := range vv {
if hasBadPathComponent(v) {
writeErrorResponse(w, ErrInvalidResourceName, r.URL)
return
}
}
}
h.handler.ServeHTTP(w, r)
}
3 changes: 3 additions & 0 deletions cmd/object-api-utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,9 @@ func IsValidObjectName(object string) bool {
// IsValidObjectPrefix verifies whether the prefix is a valid object name.
// Its valid to have a empty prefix.
func IsValidObjectPrefix(object string) bool {
if hasBadPathComponent(object) {
return false
}
if len(object) > 1024 {
return false
}
Expand Down
10 changes: 10 additions & 0 deletions cmd/object-api-utils_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,12 +100,22 @@ func TestIsValidObjectName(t *testing.T) {
{"contains-|-pipe", true},
{"contains-\"-quote", true},
{"contains-`-tick", true},
{"..test", true},
{".. test", true},
{". test", true},
{".test", true},
{"There are far too many object names, and far too few bucket names!", true},
// cases for which test should fail.
// passing invalid object names.
{"", false},
{"a/b/c/", false},
{"/a/b/c", false},
{"../../etc", false},
{"../../", false},
{"/../../etc", false},
{" ../etc", false},
{"./././", false},
{"./etc", false},
{"contains-\\-backslash", false},
{string([]byte{0xff, 0xfe, 0xfd}), false},
}
Expand Down
54 changes: 53 additions & 1 deletion cmd/object-handlers_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -316,6 +316,58 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidAccessKeyID), getGetObjectURL("", bucketName, objectName))),
expectedRespStatus: http.StatusForbidden,
},
// Test case - 7.
// Case with bad components in object name.
{
bucketName: bucketName,
objectName: "../../etc",
byteRange: "",
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,

expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidObjectName),
getGetObjectURL("", bucketName, "../../etc"))),
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 8.
// Case with strange components but returning error as not found.
{
bucketName: bucketName,
objectName: ". ./. ./etc",
byteRange: "",
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,

expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrNoSuchKey),
"/"+bucketName+"/"+". ./. ./etc")),
expectedRespStatus: http.StatusNotFound,
},
// Test case - 9.
// Case with bad components in object name.
{
bucketName: bucketName,
objectName: ". ./../etc",
byteRange: "",
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,

expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrInvalidObjectName),
"/"+bucketName+"/"+". ./../etc")),
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 10.
// Case with proper components
{
bucketName: bucketName,
objectName: "etc/path/proper/.../etc",
byteRange: "",
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,

expectedContent: encodeResponse(getAPIErrorResponse(getAPIError(ErrNoSuchKey),
getGetObjectURL("", bucketName, "etc/path/proper/.../etc"))),
expectedRespStatus: http.StatusNotFound,
},
}

// Iterating over the cases, fetching the object validating the response.
Expand Down Expand Up @@ -346,7 +398,7 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
}
// Verify whether the bucket obtained object is same as the one created.
if !bytes.Equal(testCase.expectedContent, actualContent) {
t.Errorf("Test %d: %s: Object content differs from expected value.: %s", i+1, instanceType, string(actualContent))
t.Errorf("Test %d: %s: Object content differs from expected value %s, got %s", i+1, instanceType, testCase.expectedContent, string(actualContent))
}

// Verify response of the V2 signed HTTP request.
Expand Down
2 changes: 2 additions & 0 deletions cmd/routers.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,8 @@ func configureServerHandler(endpoints EndpointList) (http.Handler, error) {

// List of some generic handlers which are applied for all incoming requests.
var handlerFns = []HandlerFunc{
// Validate all the incoming paths.
setPathValidityHandler,
// Network statistics
setHTTPStatsHandler,
// Limits all requests size to a maximum fixed limit
Expand Down
4 changes: 2 additions & 2 deletions cmd/server_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ func (s *TestSuiteCommon) TestObjectDir(c *C) {
response, err = client.Do(request)

c.Assert(err, IsNil)
verifyError(c, response, "XMinioInvalidObjectName", "Object name contains unsupported characters. Unsupported characters are `^*|\\\"", http.StatusBadRequest)
verifyError(c, response, "XMinioInvalidObjectName", "Object name contains unsupported characters.", http.StatusBadRequest)
}

func (s *TestSuiteCommon) TestBucketSQSNotificationAMQP(c *C) {
Expand Down Expand Up @@ -1245,7 +1245,7 @@ func (s *TestSuiteCommon) TestPutObjectLongName(c *C) {

response, err = client.Do(request)
c.Assert(err, IsNil)
verifyError(c, response, "XMinioInvalidObjectName", "Object name contains unsupported characters. Unsupported characters are `^*|\\\"", http.StatusBadRequest)
verifyError(c, response, "XMinioInvalidObjectName", "Object name contains unsupported characters.", http.StatusBadRequest)
}

// TestNotBeAbleToCreateObjectInNonexistentBucket - Validates the error response
Expand Down
3 changes: 3 additions & 0 deletions cmd/storage-errors.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ var errFileNotFound = errors.New("file not found")
// errFileNameTooLong - given file name is too long than supported length.
var errFileNameTooLong = errors.New("file name too long")

// errFileComponentInvalid - given file name has invalid components.
var errFileComponentInvalid = errors.New("file name has invalid components")

// errVolumeExists - cannot create same volume again.
var errVolumeExists = errors.New("volume already exists")

Expand Down
12 changes: 6 additions & 6 deletions cmd/test-utils_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,7 @@ func StartTestServer(t TestErrHandler, instanceType string) TestServer {
// The object Layer will be a temp back used for testing purpose.
func initTestStorageRPCEndPoint(endpoints EndpointList) http.Handler {
// Initialize router.
muxRouter := router.NewRouter()
muxRouter := router.NewRouter().SkipClean(true)
registerStorageRPCRouters(muxRouter, endpoints)
return muxRouter
}
Expand Down Expand Up @@ -389,7 +389,7 @@ func StartTestPeersRPCServer(t TestErrHandler, instanceType string) TestServer {
testRPCServer.Obj = objLayer
globalObjLayerMutex.Unlock()

mux := router.NewRouter()
mux := router.NewRouter().SkipClean(true)
// need storage layer for bucket config storage.
registerStorageRPCRouters(mux, endpoints)
// need API layer to send requests, etc.
Expand Down Expand Up @@ -2154,7 +2154,7 @@ func registerAPIFunctions(muxRouter *router.Router, objLayer ObjectLayer, apiFun
func initTestAPIEndPoints(objLayer ObjectLayer, apiFunctions []string) http.Handler {
// initialize a new mux router.
// goriilla/mux is the library used to register all the routes and handle them.
muxRouter := router.NewRouter()
muxRouter := router.NewRouter().SkipClean(true)
if len(apiFunctions) > 0 {
// Iterate the list of API functions requested for and register them in mux HTTP handler.
registerAPIFunctions(muxRouter, objLayer, apiFunctions...)
Expand All @@ -2171,15 +2171,15 @@ func initTestWebRPCEndPoint(objLayer ObjectLayer) http.Handler {
globalObjLayerMutex.Unlock()

// Initialize router.
muxRouter := router.NewRouter()
muxRouter := router.NewRouter().SkipClean(true)
registerWebRouter(muxRouter)
return muxRouter
}

// Initialize browser RPC endpoint.
func initTestBrowserPeerRPCEndPoint() http.Handler {
// Initialize router.
muxRouter := router.NewRouter()
muxRouter := router.NewRouter().SkipClean(true)
registerBrowserPeerRPCRouter(muxRouter)
return muxRouter
}
Expand Down Expand Up @@ -2233,7 +2233,7 @@ func StartTestS3PeerRPCServer(t TestErrHandler) (TestServer, []string) {
globalObjLayerMutex.Unlock()

// Register router on a new mux
muxRouter := router.NewRouter()
muxRouter := router.NewRouter().SkipClean(true)
err = registerS3PeerRPCRouter(muxRouter)
if err != nil {
t.Fatalf("%s", err)
Expand Down

0 comments on commit 48aa2ac

Please sign in to comment.