|
|
|
@ -550,14 +550,14 @@ func (h httpStatsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
globalHTTPStats.updateStats(r, ww, durationSecs) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// pathValidityHandler validates all the incoming paths for
|
|
|
|
|
// any bad components and rejects them.
|
|
|
|
|
type pathValidityHandler struct { |
|
|
|
|
// requestValidityHandler validates all the incoming paths for
|
|
|
|
|
// any malicious requests.
|
|
|
|
|
type requestValidityHandler struct { |
|
|
|
|
handler http.Handler |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func setPathValidityHandler(h http.Handler) http.Handler { |
|
|
|
|
return pathValidityHandler{handler: h} |
|
|
|
|
func setRequestValidityHandler(h http.Handler) http.Handler { |
|
|
|
|
return requestValidityHandler{handler: h} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// Bad path components to be rejected by the path validity handler.
|
|
|
|
@ -581,7 +581,18 @@ func hasBadPathComponent(path string) bool { |
|
|
|
|
return false |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (h pathValidityHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
// Check if client is sending a malicious request.
|
|
|
|
|
func hasMultipleAuth(r *http.Request) bool { |
|
|
|
|
authTypeCount := 0 |
|
|
|
|
for _, hasValidAuth := range []func(*http.Request) bool{isRequestSignatureV2, isRequestPresignedSignatureV2, isRequestSignatureV4, isRequestPresignedSignatureV4, isRequestJWT, isRequestPostPolicySignatureV4} { |
|
|
|
|
if hasValidAuth(r) { |
|
|
|
|
authTypeCount++ |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
return authTypeCount > 1 |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (h requestValidityHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
// Check for bad components in URL path.
|
|
|
|
|
if hasBadPathComponent(r.URL.Path) { |
|
|
|
|
writeErrorResponse(context.Background(), w, errorCodes.ToAPIErr(ErrInvalidResourceName), r.URL, guessIsBrowserReq(r)) |
|
|
|
@ -596,6 +607,10 @@ func (h pathValidityHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
if hasMultipleAuth(r) { |
|
|
|
|
writeErrorResponse(context.Background(), w, errorCodes.ToAPIErr(ErrInvalidRequest), r.URL, guessIsBrowserReq(r)) |
|
|
|
|
return |
|
|
|
|
} |
|
|
|
|
h.handler.ServeHTTP(w, r) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|