[#68] Check basic ACL size

Signed-off-by: Denis Kirillov <denis@nspcc.ru>
2022-09-20 16:37:54 +03:00 · 2022-09-20 16:37:54 +03:00 · 09e8196ed4
commit 09e8196ed4
parent 47691727d4
2 changed files with 41 additions and 2 deletions
--- a/handlers/containers.go
+++ b/handlers/containers.go
@ -355,8 +355,8 @@ func createContainer(ctx context.Context, p *pool.Pool, stoken session.Container
 		request.BasicACL = defaultBasicACL
 	}

-	var basicACL acl.Basic
-	if err = basicACL.DecodeString(request.BasicACL); err != nil {
+	basicACL, err := decodeBasicACL(request.BasicACL)
+	if err != nil {
 		return cid.ID{}, fmt.Errorf("couldn't parse basic acl: %w", err)
 	}

--- a/handlers/util.go
+++ b/handlers/util.go
@ -6,11 +6,13 @@ import (
 	"fmt"
 	"math"
 	"strconv"
+	"strings"
 	"time"

 	objectv2 "github.com/nspcc-dev/neofs-api-go/v2/object"
 	sessionv2 "github.com/nspcc-dev/neofs-api-go/v2/session"
 	"github.com/nspcc-dev/neofs-rest-gw/gen/models"
+	"github.com/nspcc-dev/neofs-sdk-go/container/acl"
 	"github.com/nspcc-dev/neofs-sdk-go/object"
 	"github.com/nspcc-dev/neofs-sdk-go/pool"
 )
@ -219,3 +221,40 @@ func formSessionTokenFromHeaders(principal *models.Principal, signature, key *st
 		Verb: verb,
 	}, nil
 }
+
+// decodeBasicACL is the same as DecodeString on acl.Basic but
+// it also checks length for hex formatted acl.
+func decodeBasicACL(input string) (acl.Basic, error) {
+	switch input {
+	case acl.NamePrivate:
+		return acl.Private, nil
+	case acl.NamePrivateExtended:
+		return acl.PrivateExtended, nil
+	case acl.NamePublicRO:
+		return acl.PublicRO, nil
+	case acl.NamePublicROExtended:
+		return acl.PublicROExtended, nil
+	case acl.NamePublicRW:
+		return acl.PublicRW, nil
+	case acl.NamePublicRWExtended:
+		return acl.PublicRWExtended, nil
+	case acl.NamePublicAppend:
+		return acl.PublicAppend, nil
+	case acl.NamePublicAppendExtended:
+		return acl.PublicAppendExtended, nil
+	default:
+		trimmedInput := strings.TrimPrefix(strings.ToLower(input), "0x")
+		if len(trimmedInput) != 8 {
+			return 0, fmt.Errorf("invalid basic ACL size: %s", input)
+		}
+
+		v, err := strconv.ParseUint(trimmedInput, 16, 32)
+		if err != nil {
+			return 0, fmt.Errorf("parse hex: %w", err)
+		}
+
+		var res acl.Basic
+		res.FromBits(uint32(v))
+		return res, nil
+	}
+}