From e35b582fe25a97c018367ef9244dfe93d4500ad9 Mon Sep 17 00:00:00 2001 From: Marina Biryukova Date: Tue, 8 Oct 2024 12:44:00 +0300 Subject: [PATCH] [#506] Deny bucket names with dot Signed-off-by: Marina Biryukova --- api/handler/put.go | 14 ++++---------- api/handler/put_test.go | 2 +- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/api/handler/put.go b/api/handler/put.go index 009dbb08..3e99501a 100644 --- a/api/handler/put.go +++ b/api/handler/put.go @@ -1011,18 +1011,12 @@ func checkBucketName(bucketName string) error { return apierr.GetAPIError(apierr.ErrInvalidBucketName) } - labels := strings.Split(bucketName, ".") - for _, label := range labels { - if len(label) == 0 { + for i, r := range bucketName { + if r == '.' || (!isAlphaNum(r) && r != '-') { return apierr.GetAPIError(apierr.ErrInvalidBucketName) } - for i, r := range label { - if !isAlphaNum(r) && r != '-' { - return apierr.GetAPIError(apierr.ErrInvalidBucketName) - } - if (i == 0 || i == len(label)-1) && r == '-' { - return apierr.GetAPIError(apierr.ErrInvalidBucketName) - } + if (i == 0 || i == len(bucketName)-1) && r == '-' { + return apierr.GetAPIError(apierr.ErrInvalidBucketName) } } diff --git a/api/handler/put_test.go b/api/handler/put_test.go index 07c59e67..235a5e58 100644 --- a/api/handler/put_test.go +++ b/api/handler/put_test.go @@ -42,10 +42,10 @@ func TestCheckBucketName(t *testing.T) { }{ {name: "bucket"}, {name: "2bucket"}, - {name: "buc.ket"}, {name: "buc-ket"}, {name: "abc"}, {name: "63aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"}, + {name: "buc.ket", err: true}, {name: "buc.-ket", err: true}, {name: "bucket.", err: true}, {name: ".bucket", err: true},