[#614 ] govulncheck: Use patch release with security fixes

https://go.dev/doc/devel/release#go1.23.minor Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>
[#541 ] Fix setting of tls.enabled flag
2025-01-29 12:07:28 +00:00 · 2025-01-29 12:06:41 +00:00 · 2025-01-27 17:01:50 +03:00
7 changed files with 46 additions and 7 deletions
--- a/.forgejo/workflows/vulncheck.yml
+++ b/.forgejo/workflows/vulncheck.yml
@ -16,7 +16,7 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v3
        with:
-          go-version: '1.23'
+          go-version: '1.23.5'

      - name: Install govulncheck
        run: go install golang.org/x/vuln/cmd/govulncheck@latest
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,11 @@ This document outlines major changes between releases.

 ## [Unreleased]

+## [0.32.2] - 2025-01-27
+
+### Fixed
+- Fix panic when payload discard (#605)
+
 ## [0.32.1] - 2025-01-17

 ### Fixed
@ -400,4 +405,5 @@ To see CHANGELOG for older versions, refer to https://github.com/nspcc-dev/neofs
 [0.31.3]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.31.2...v0.31.3
 [0.32.0]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.31.3...v0.32.0
 [0.32.1]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.32.0...v0.32.1
-[Unreleased]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.32.1...master
+[0.32.2]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.32.1...v0.32.2
+[Unreleased]: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/compare/v0.32.2...master
--- a/api/layer/object.go
+++ b/api/layer/object.go
@ -525,10 +525,7 @@ func (n *Layer) objectPutAndHash(ctx context.Context, prm frostfs.PrmObjectCreat
 	})
 	res, err := n.frostFS.CreateObject(ctx, prm)
 	if err != nil {
-		if _, errDiscard := io.Copy(io.Discard, prm.Payload); errDiscard != nil {
-			n.reqLogger(ctx).Warn(logs.FailedToDiscardPutPayloadProbablyGoroutineLeaks, zap.Error(errDiscard))
-		}
-
+		n.payloadDiscard(ctx, prm.Payload)
 		return nil, err
 	}
 	return &data.CreatedObjectInfo{
@ -540,6 +537,14 @@ func (n *Layer) objectPutAndHash(ctx context.Context, prm frostfs.PrmObjectCreat
 	}, nil
 }

+func (n *Layer) payloadDiscard(ctx context.Context, payload io.Reader) {
+	if payload != nil {
+		if _, errDiscard := io.Copy(io.Discard, payload); errDiscard != nil {
+			n.reqLogger(ctx).Warn(logs.FailedToDiscardPutPayloadProbablyGoroutineLeaks, zap.Error(errDiscard))
+		}
+	}
+}
+
 type logWrapper struct {
 	log *zap.Logger
 }
--- a/api/layer/object_test.go
+++ b/api/layer/object_test.go
@ -49,3 +49,16 @@ func TestGoroutinesDontLeakInPutAndHash(t *testing.T) {
 	require.ErrorIs(t, err, expErr)
 	require.Empty(t, payload.Len(), "body must be read out otherwise goroutines can leak in wrapReader")
 }
+
+func TestNilPayloadPutAndHash(t *testing.T) {
+	tc := prepareContext(t)
+	prm := frostfs.PrmObjectCreate{
+		Filepath: tc.obj,
+		Payload:  nil,
+	}
+
+	expErr := errors.New("some error")
+	tc.testFrostFS.SetObjectPutError(tc.obj, expErr)
+	_, err := tc.layer.objectPutAndHash(tc.ctx, prm, tc.bktInfo)
+	require.ErrorIs(t, err, expErr)
+}
--- a/cmd/s3-gw/app_settings.go
+++ b/cmd/s3-gw/app_settings.go
@ -931,13 +931,17 @@ func newViper(flags *pflag.FlagSet) (*viper.Viper, error) {
 	v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
 	v.AllowEmptyEnv(true)

+	if err := bindFlags(v, flags); err != nil {
+		return nil, err
+	}
+
 	setDefaults(v, flags)

 	if v.IsSet(cfgServer+".0."+cfgTLSKeyFile) && v.IsSet(cfgServer+".0."+cfgTLSCertFile) {
 		v.Set(cfgServer+".0."+cfgTLSEnabled, true)
 	}

-	return v, bindFlags(v, flags)
+	return v, nil
 }

 func newSettings() *appCfg {
--- a/cmd/s3-gw/app_settings_test.go
+++ b/cmd/s3-gw/app_settings_test.go
@ -48,3 +48,12 @@ resolve_order:
 	require.Equal(t, []string{resolver.DNSResolver}, cfg.config().GetStringSlice(cfgResolveOrder))
 	require.Equal(t, 10, cfg.config().GetInt(cfgMaxClientsCount))
 }
+
+func TestSetTLSEnabled(t *testing.T) {
+	cfg := newSettings()
+
+	require.NoError(t, cfg.flags.Parse([]string{"--" + cfgTLSCertFile, "tls.crt", "--" + cfgTLSKeyFile, "tls.key"}))
+	require.NoError(t, cfg.reload())
+
+	require.True(t, cfg.config().GetBool(cfgServer+".0."+cfgTLSEnabled))
+}
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -64,6 +64,8 @@ $ frostfs-s3-gw --listen_address 192.168.130.130:443 \

 Using these flag you can configure only one address. To set multiple addresses use yaml config.

+**Note:** It's not recommended to configure addresses via flags and yaml config at the same time. 
+
 ### RPC endpoint and resolving of bucket names

 To set RPC endpoint specify a value of parameter `-r` or `--rpc_endpoint`. The parameter is **required if** another
Author	SHA1	Message	Date
Vitaliy Potyarkin	510b0a1005	[#614 ] govulncheck: Use patch release with security fixes https://go.dev/doc/devel/release#go1.23.minor Signed-off-by: Vitaliy Potyarkin <v.potyarkin@yadro.com>	2025-01-29 12:07:28 +00:00
Marina Biryukova	da77e426b6	[#541 ] Fix setting of tls.enabled flag Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>	2025-01-29 12:06:41 +00:00
Roman Loginov	e7a8d4bdaf	[#605 ] Fix panic when payload discard Signed-off-by: Roman Loginov <r.loginov@yadro.com>	2025-01-27 17:01:50 +03:00