mirror of
https://github.com/ceph/s3-tests.git
synced 2025-01-11 11:20:39 +00:00
d0a42a7a89
Add objects to the fuzzer's attack surface description
491 lines
15 KiB
YAML
491 lines
15 KiB
YAML
start:
|
|
set:
|
|
garbage:
|
|
- '{random 10-3000 printable}'
|
|
- '{random 10-1000 binary}'
|
|
garbage_no_whitespace:
|
|
- '{random 10-3000 printable_no_whitespace}'
|
|
- '{random 10-1000 binary_no_whitespace}'
|
|
acl_header:
|
|
- 'private'
|
|
- 'public-read'
|
|
- 'public-read-write'
|
|
- 'authenticated-read'
|
|
- 'bucket-owner-read'
|
|
- 'bucket-owner-full-control'
|
|
- '{random 3000 letters}'
|
|
- '{random 100-1000 binary_no_whitespace}'
|
|
choices:
|
|
- bucket
|
|
- object
|
|
|
|
bucket:
|
|
set:
|
|
urlpath: '/{bucket}'
|
|
choices:
|
|
- 13 bucket_get
|
|
- 8 bucket_put
|
|
- 5 bucket_delete
|
|
- bucket_garbage_method
|
|
|
|
bucket_garbage_method:
|
|
set:
|
|
method:
|
|
- '{random 1-100 printable}'
|
|
- '{random 10-100 binary}'
|
|
bucket:
|
|
- '{bucket_readable}'
|
|
- '{bucket_not_readable}'
|
|
- '{bucket_writable}'
|
|
- '{bucket_not_writable}'
|
|
- '2 {garbage_no_whitespace}'
|
|
choices:
|
|
- bucket_get_simple
|
|
- bucket_get_filtered
|
|
- bucket_get_uploads
|
|
- bucket_put_create
|
|
- bucket_put_versioning
|
|
- bucket_put_simple
|
|
|
|
bucket_delete:
|
|
set:
|
|
method: DELETE
|
|
bucket:
|
|
- '{bucket_writable}'
|
|
- '{bucket_not_writable}'
|
|
- '2 {garbage_no_whitespace}'
|
|
query:
|
|
- null
|
|
- policy
|
|
- website
|
|
- '2 {garbage_no_whitespace}'
|
|
choices: []
|
|
|
|
bucket_get:
|
|
set:
|
|
method: GET
|
|
bucket:
|
|
- '{bucket_readable}'
|
|
- '{bucket_not_readable}'
|
|
- '2 {garbage_no_whitespace}'
|
|
choices:
|
|
- 11 bucket_get_simple
|
|
- bucket_get_filtered
|
|
- bucket_get_uploads
|
|
|
|
bucket_get_simple:
|
|
set:
|
|
query:
|
|
- acl
|
|
- policy
|
|
- location
|
|
- logging
|
|
- notification
|
|
- versions
|
|
- requestPayment
|
|
- versioning
|
|
- website
|
|
- '2 {garbage_no_whitespace}'
|
|
choices: []
|
|
|
|
bucket_get_uploads:
|
|
set:
|
|
delimiter:
|
|
- null
|
|
- '3 delimiter={garbage_no_whitespace}'
|
|
prefix:
|
|
- null
|
|
- '3 prefix={garbage_no_whitespace}'
|
|
key_marker:
|
|
- null
|
|
- 'key-marker={object_readable}'
|
|
- 'key-marker={object_not_readable}'
|
|
- 'key-marker={invalid_key}'
|
|
- 'key-marker={random 100-1000 printable_no_whitespace}'
|
|
max_uploads:
|
|
- null
|
|
- 'max-uploads={random 1-5 binary_no_whitespace}'
|
|
- 'max-uploads={random 1-1000 digits}'
|
|
upload_id_marker:
|
|
- null
|
|
- '3 upload-id-marker={random 0-1000 printable_no_whitespace}'
|
|
query:
|
|
- 'uploads'
|
|
- 'uploads&{delimiter}&{prefix}'
|
|
- 'uploads&{max_uploads}&{key_marker}&{upload_id_marker}'
|
|
- '2 {garbage_no_whitespace}'
|
|
choices: []
|
|
|
|
bucket_get_filtered:
|
|
set:
|
|
delimiter:
|
|
- 'delimiter={garbage_no_whitespace}'
|
|
prefix:
|
|
- 'prefix={garbage_no_whitespace}'
|
|
marker:
|
|
- 'marker={object_readable}'
|
|
- 'marker={object_not_readable}'
|
|
- 'marker={invalid_key}'
|
|
- 'marker={random 100-1000 printable_no_whitespace}'
|
|
max_keys:
|
|
- 'max-keys={random 1-5 binary_no_whitespace}'
|
|
- 'max-keys={random 1-1000 digits}'
|
|
query:
|
|
- null
|
|
- '{delimiter}&{prefix}'
|
|
- '{max-keys}&{marker}'
|
|
- '2 {garbage_no_whitespace}'
|
|
choices: []
|
|
|
|
bucket_put:
|
|
set:
|
|
bucket:
|
|
- '{bucket_writable}'
|
|
- '{bucket_not_writable}'
|
|
- '2 {garbage_no_whitespace}'
|
|
method: PUT
|
|
choices:
|
|
- bucket_put_simple
|
|
- bucket_put_create
|
|
- bucket_put_versioning
|
|
|
|
bucket_put_create:
|
|
set:
|
|
body:
|
|
- '2 {garbage}'
|
|
- '<CreateBucketConfiguration><LocationConstraint>{random 2-10 binary}</LocationConstraint></CreateBucketConfiguration>'
|
|
headers:
|
|
- ['0-5', 'x-amz-acl', '{acl_header}']
|
|
choices: []
|
|
|
|
bucket_put_versioning:
|
|
set:
|
|
body:
|
|
- '{garbage}'
|
|
- '4 <VersioningConfiguration>{versioning_status}{mfa_delete_body}</VersioningConfiguration>'
|
|
mfa_delete_body:
|
|
- null
|
|
- '<Status>{random 2-10 binary}</Status>'
|
|
- '<Status>{random 2000-3000 printable}</Status>'
|
|
versioning_status:
|
|
- null
|
|
- '<MfaDelete>{random 2-10 binary}</MfaDelete>'
|
|
- '<MfaDelete>{random 2000-3000 printable}</MfaDelete>'
|
|
mfa_header:
|
|
- '{random 10-1000 printable_no_whitespace} {random 10-1000 printable_no_whitespace}'
|
|
headers:
|
|
- ['0-1', 'x-amz-mfa', '{mfa_header}']
|
|
choices: []
|
|
|
|
bucket_put_simple:
|
|
set:
|
|
body:
|
|
- '{acl_body}'
|
|
- '{policy_body}'
|
|
- '{logging_body}'
|
|
- '{notification_body}'
|
|
- '{request_payment_body}'
|
|
- '{website_body}'
|
|
acl_body:
|
|
- null
|
|
- '<AccessControlPolicy>{owner}{acl}</AccessControlPolicy>'
|
|
owner:
|
|
- null
|
|
- '7 <Owner>{id}{display_name}</Owner>'
|
|
id:
|
|
- null
|
|
- '<ID>{random 10-200 binary}</ID>'
|
|
- '<ID>{random 1000-3000 printable}</ID>'
|
|
display_name:
|
|
- null
|
|
- '2 <DisplayName>{random 10-200 binary}</DisplayName>'
|
|
- '2 <DisplayName>{random 1000-3000 printable}</DisplayName>'
|
|
- '2 <DisplayName>{random 10-300 letters}@{random 10-300 letters}.{random 2-4 letters}</DisplayName>'
|
|
acl:
|
|
- null
|
|
- '10 <AccessControlList><Grant>{grantee}{permission}</Grant></AccessControlList>'
|
|
grantee:
|
|
- null
|
|
- '7 <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">{id}{display_name}</Grantee>'
|
|
permission:
|
|
- null
|
|
- '7 <Permission>{permission_value}</Permission>'
|
|
permission_value:
|
|
- '2 {garbage}'
|
|
- FULL_CONTROL
|
|
- WRITE
|
|
- WRITE_ACP
|
|
- READ
|
|
- READ_ACP
|
|
policy_body:
|
|
- null
|
|
- '2 {garbage}'
|
|
logging_body:
|
|
- null
|
|
- '<BucketLoggingStatus xmlns="http://doc.s3.amazonaws.com/2006-03-01" />'
|
|
- '<BucketLoggingStatus xmlns="http://doc.s3.amazonaws.com/2006-03-01"><LoggingEnabled>{bucket}{target_prefix}{target_grants}</LoggingEnabled></BucketLoggingStatus>'
|
|
target_prefix:
|
|
- null
|
|
- '<TargetPrefix>{random 10-1000 printable}</TargetPrefix>'
|
|
- '<TargetPrefix>{random 10-1000 binary}</TargetPrefix>'
|
|
target_grants:
|
|
- null
|
|
- '10 <TargetGrants><Grant>{grantee}{permission}</Grant></TargetGrants>'
|
|
notification_body:
|
|
- null
|
|
- '<NotificationConfiguration />'
|
|
- '2 <NotificationConfiguration><TopicConfiguration>{topic}{event}</TopicConfiguration></NotificationConfiguration>'
|
|
topic:
|
|
- null
|
|
- '2 <Topic>{garbage}</Topic>'
|
|
event:
|
|
- null
|
|
- '<Event>s3:ReducedRedundancyLostObject</Event>'
|
|
- '2 <Event>{garbage}</Event>'
|
|
request_payment_body:
|
|
- null
|
|
- '<RequestPaymentConfiguration xlmns="http://s3.amazonaws.com/doc/2006-03-01/"><Payer>{payer}</Payer></RequestPaymentConfiguration>'
|
|
payer:
|
|
- Requester
|
|
- BucketOwner
|
|
- '2 {garbage}'
|
|
website_body:
|
|
- null
|
|
- '<WebsiteConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><IndexDocument><Suffix>{suffix}</Suffix><IndexDocument>{error_doc}<WebsiteConfiguration/>'
|
|
suffix:
|
|
- null
|
|
- '2 {garbage}'
|
|
- '{random 2-10 printable}.html'
|
|
error_doc:
|
|
- null
|
|
- '<ErrorDocument><Key>{suffix}</Key></ErrorDocument>'
|
|
choices: []
|
|
|
|
object:
|
|
set:
|
|
urlpath: '/{bucket}/{object}'
|
|
|
|
range_header:
|
|
- null
|
|
- 'bytes={random 1-2 digits}-{random 1-4 digits}'
|
|
- 'bytes={random 1-1000 binary_no_whitespace}'
|
|
if_modified_since_header:
|
|
- null
|
|
- '2 {garbage_no_whitespace}'
|
|
if_match_header:
|
|
- null
|
|
- '2 {garbage_no_whitespace}'
|
|
if_none_match_header:
|
|
- null
|
|
- '2 {garbage_no_whitespace}'
|
|
choices:
|
|
- object_delete
|
|
- object_get
|
|
- object_put
|
|
- object_head
|
|
- object_garbage_method
|
|
|
|
object_garbage_method:
|
|
set:
|
|
method:
|
|
- '{random 1-100 printable}'
|
|
- '{random 10-100 binary}'
|
|
bucket:
|
|
- '{bucket_readable}'
|
|
- '{bucket_not_readable}'
|
|
- '{bucket_writable}'
|
|
- '{bucket_not_writable}'
|
|
- '2 {garbage_no_whitespace}'
|
|
object:
|
|
- '{object_readable}'
|
|
- '{object_not_readable}'
|
|
- '{object_writable}'
|
|
- '{object_not_writable}'
|
|
- '2 {garbage_no_whitespace}'
|
|
choices:
|
|
- object_get_query
|
|
- object_get_head_simple
|
|
|
|
object_delete:
|
|
set:
|
|
method: DELETE
|
|
bucket:
|
|
- '5 {bucket_writable}'
|
|
- '{bucket_not_writable}'
|
|
- '{garbage_no_whitespace}'
|
|
object:
|
|
- '{object_writable}'
|
|
- '{object_not_writable}'
|
|
- '2 {garbage_no_whitespace}'
|
|
choices: []
|
|
|
|
object_get:
|
|
set:
|
|
method: GET
|
|
bucket:
|
|
- '5 {bucket_readable}'
|
|
- '{bucket_not_readable}'
|
|
- '{garbage_no_whitespace}'
|
|
object:
|
|
- '{object_readable}'
|
|
- '{object_not_readable}'
|
|
- '{garbage_no_whitespace}'
|
|
choices:
|
|
- 5 object_get_head_simple
|
|
- 2 object_get_query
|
|
|
|
object_get_query:
|
|
set:
|
|
query:
|
|
- 'torrent'
|
|
- 'acl'
|
|
choices: []
|
|
|
|
object_get_head_simple:
|
|
set: {}
|
|
headers:
|
|
- ['0-1', 'range', '{range_header}']
|
|
- ['0-1', 'if-modified-since', '{if_modified_since_header}']
|
|
- ['0-1', 'if-unmodified-since', '{if_modified_since_header}']
|
|
- ['0-1', 'if-match', '{if_match_header}']
|
|
- ['0-1', 'if-none-match', '{if_none_match_header}']
|
|
choices: []
|
|
|
|
object_head:
|
|
set:
|
|
method: HEAD
|
|
bucket:
|
|
- '5 {bucket_readable}'
|
|
- '{bucket_not_readable}'
|
|
- '{garbage_no_whitespace}'
|
|
object:
|
|
- '{object_readable}'
|
|
- '{object_not_readable}'
|
|
- '{garbage_no_whitespace}'
|
|
choices:
|
|
- object_get_head_simple
|
|
|
|
object_put:
|
|
set:
|
|
method: PUT
|
|
bucket:
|
|
- '5 {bucket_writable}'
|
|
- '{bucket_not_writable}'
|
|
- '{garbage_no_whitespace}'
|
|
object:
|
|
- '{object_writable}'
|
|
- '{object_not_writable}'
|
|
- '{garbage_no_whitespace}'
|
|
cache_control:
|
|
- null
|
|
- '{garbage_no_whitespace}'
|
|
- 'no-cache'
|
|
content_disposition:
|
|
- null
|
|
- '{garbage_no_whitespace}'
|
|
content_encoding:
|
|
- null
|
|
- '{garbage_no_whitespace}'
|
|
content_length:
|
|
- '{random 1-20 digits}'
|
|
- '{garbage_no_whitespace}'
|
|
content_md5:
|
|
- null
|
|
- '{garbage_no_whitespace}'
|
|
content_type:
|
|
- null
|
|
- 'binary/octet-stream'
|
|
- '{garbage_no_whitespace}'
|
|
expect:
|
|
- null
|
|
- '100-continue'
|
|
- '{garbage_no_whitespace}'
|
|
expires:
|
|
- null
|
|
- '{random 1-10000000 digits}'
|
|
- '{garbage_no_whitespace}'
|
|
meta_key:
|
|
- null
|
|
- 'foo'
|
|
- '{garbage_no_whitespace}'
|
|
meta_value:
|
|
- null
|
|
- '{garbage_no_whitespace}'
|
|
choices:
|
|
- object_put_simple
|
|
- object_put_acl
|
|
- object_put_copy
|
|
|
|
object_put_simple:
|
|
set: {}
|
|
headers:
|
|
- ['0-1', 'cache-control', '{cache_control}']
|
|
- ['0-1', 'content-disposition', '{content_disposition}']
|
|
- ['0-1', 'content-encoding', '{content_encoding}']
|
|
- ['0-1', 'content-length', '{content_length}']
|
|
- ['0-1', 'content-md5', '{content_md5}']
|
|
- ['0-1', 'content-type', '{content_type}']
|
|
- ['0-1', 'expect', '{expect}']
|
|
- ['0-1', 'expires', '{expires}']
|
|
- ['0-1', 'x-amz-acl', '{acl_header}']
|
|
- ['0-6', 'x-amz-meta-{meta_key}', '{meta_value}']
|
|
choices: []
|
|
|
|
object_put_acl:
|
|
set:
|
|
query: 'acl'
|
|
body:
|
|
- null
|
|
- '2 {garbage}'
|
|
- '<AccessControlPolicy>{owner}{acl}</AccessControlPolicy>'
|
|
owner:
|
|
- null
|
|
- '7 <Owner>{id}{display_name}</Owner>'
|
|
id:
|
|
- null
|
|
- '<ID>{random 10-200 binary}</ID>'
|
|
- '<ID>{random 1000-3000 printable}</ID>'
|
|
display_name:
|
|
- null
|
|
- '2 <DisplayName>{random 10-200 binary}</DisplayName>'
|
|
- '2 <DisplayName>{random 1000-3000 printable}</DisplayName>'
|
|
- '2 <DisplayName>{random 10-300 letters}@{random 10-300 letters}.{random 2-4 letters}</DisplayName>'
|
|
acl:
|
|
- null
|
|
- '10 <AccessControlList><Grant>{grantee}{permission}</Grant></AccessControlList>'
|
|
grantee:
|
|
- null
|
|
- '7 <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">{id}{display_name}</Grantee>'
|
|
permission:
|
|
- null
|
|
- '7 <Permission>{permission_value}</Permission>'
|
|
permission_value:
|
|
- '2 {garbage}'
|
|
- FULL_CONTROL
|
|
- WRITE
|
|
- WRITE_ACP
|
|
- READ
|
|
- READ_ACP
|
|
headers:
|
|
- ['0-1', 'cache-control', '{cache_control}']
|
|
- ['0-1', 'content-disposition', '{content_disposition}']
|
|
- ['0-1', 'content-encoding', '{content_encoding}']
|
|
- ['0-1', 'content-length', '{content_length}']
|
|
- ['0-1', 'content-md5', '{content_md5}']
|
|
- ['0-1', 'content-type', '{content_type}']
|
|
- ['0-1', 'expect', '{expect}']
|
|
- ['0-1', 'expires', '{expires}']
|
|
- ['0-1', 'x-amz-acl', '{acl_header}']
|
|
choices: []
|
|
|
|
object_put_copy:
|
|
set: {}
|
|
headers:
|
|
- ['1-1', 'x-amz-copy-source', '{source_object}']
|
|
- ['0-1', 'x-amz-acl', '{acl_header}']
|
|
- ['0-1', 'x-amz-metadata-directive', '{metadata_directive}']
|
|
- ['0-1', 'x-amz-copy-source-if-match', '{if_match_header}']
|
|
- ['0-1', 'x-amz-copy-source-if-none-match', '{if_none_match_header}']
|
|
- ['0-1', 'x-amz-copy-source-if-modified-since', '{if_modified_since_header}']
|
|
- ['0-1', 'x-amz-copy-source-if-unmodified-since', '{if_modified_since_header}']
|
|
choices: []
|