From fc3cf97b813c272f8e6d73c6469c66d646ef07b6 Mon Sep 17 00:00:00 2001 From: Michael Lynch Date: Thu, 30 Nov 2017 17:43:21 -0500 Subject: [PATCH] Removing isValidObjectName from Sia gateway (#5243) This check incorrectly rejects most valid filenames. The only filenames Sia forbids are leading forward slashes and path traversal characters, but it's better to simply allow Sia to reject invalid names on its own rather than try to anticipate errors from Sia: https://github.com/NebulousLabs/Sia/blob/master/doc/api/Renter.md#path-parameters-4 --- cmd/gateway-sia.go | 16 ------ cmd/gateway-sia_test.go | 119 ---------------------------------------- 2 files changed, 135 deletions(-) diff --git a/cmd/gateway-sia.go b/cmd/gateway-sia.go index 39fdd7abe..dd4ca25e1 100644 --- a/cmd/gateway-sia.go +++ b/cmd/gateway-sia.go @@ -26,7 +26,6 @@ import ( "net/url" "os" "path/filepath" - "regexp" "strings" "time" @@ -395,10 +394,6 @@ func (s *siaObjects) ListObjects(bucket string, prefix string, marker string, de } func (s *siaObjects) GetObject(bucket string, object string, startOffset int64, length int64, writer io.Writer) error { - if !isValidObjectName(object) { - return errors.Trace(ObjectNameInvalid{bucket, object}) - } - dstFile := pathJoin(s.TempDir, mustGetUUID()) defer fsRemoveFile(dstFile) @@ -473,11 +468,6 @@ func (s *siaObjects) GetObjectInfo(bucket string, object string) (ObjectInfo, er // PutObject creates a new object with the incoming data, func (s *siaObjects) PutObject(bucket string, object string, data *hash.Reader, metadata map[string]string) (objInfo ObjectInfo, err error) { - // Check the object's name first - if !isValidObjectName(object) { - return objInfo, errors.Trace(ObjectNameInvalid{bucket, object}) - } - bufSize := int64(readSizeV1) size := data.Size() if size > 0 && bufSize > size { @@ -527,12 +517,6 @@ type siaObjectInfo struct { UploadProgress float64 `json:"uploadprogress"` } -// isValidObjectName returns whether or not the objectName provided is suitable for Sia -func isValidObjectName(objectName string) bool { - reg, _ := regexp.Compile("[^a-zA-Z0-9., _/\\\\+-]+") - return objectName == reg.ReplaceAllString(objectName, "") -} - type renterFiles struct { Files []siaObjectInfo `json:"files"` } diff --git a/cmd/gateway-sia_test.go b/cmd/gateway-sia_test.go index a21a6b0fe..600e24588 100644 --- a/cmd/gateway-sia_test.go +++ b/cmd/gateway-sia_test.go @@ -30,122 +30,3 @@ func TestSianon2xx(t *testing.T) { } } } - -func TestSiaIsValidObjectName(t *testing.T) { - testCases := []struct { - input string - expected bool - }{ - { - input: `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890., _/+-\`, - expected: true, - }, - { - input: "`", - expected: false, - }, - { - input: "~", - expected: false, - }, - { - input: "!", - expected: false, - }, - { - input: "@", - expected: false, - }, - { - input: "#", - expected: false, - }, - { - input: "$", - expected: false, - }, - { - input: `%`, - expected: false, - }, - { - input: "^", - expected: false, - }, - { - input: "&", - expected: false, - }, - { - input: "*", - expected: false, - }, - { - input: "(", - expected: false, - }, - { - input: ")", - expected: false, - }, - { - input: "=", - expected: false, - }, - { - input: "{", - expected: false, - }, - { - input: "}", - expected: false, - }, - { - input: "[", - expected: false, - }, - { - input: "]", - expected: false, - }, - { - input: ":", - expected: false, - }, - { - input: ";", - expected: false, - }, - { - input: "?", - expected: false, - }, - { - input: ">", - expected: false, - }, - { - input: "<", - expected: false, - }, - { - input: `"`, - expected: false, - }, - { - input: `'`, - expected: false, - }, - { - input: "|", - expected: false, - }, - } - - for i, tc := range testCases { - actual := isValidObjectName(tc.input) - if actual != tc.expected { - t.Errorf("Test case %d: isValidObjectName(%s) returned %t but expected %t", i+1, tc.input, actual, tc.expected) - } - } -}