add object name check.

aliyun · Dec 15, 2023 · a0ba751 · a0ba751
1 parent 2d1ed0d
commit a0ba751
Show file tree

Hide file tree

Showing 9 changed files with 353 additions and 27 deletions.
diff --git a/oss_c_sdk/aos_http_io.c b/oss_c_sdk/aos_http_io.c
@@ -108,6 +108,7 @@ aos_http_request_options_t *aos_http_request_options_create(aos_pool_t *p)
     options->verify_ssl = AOS_TRUE;
     options->ca_file = NULL;
     options->ca_path = NULL;
+    options->verify_object_strict = AOS_TRUE;
 
     return options;
 }

diff --git a/oss_c_sdk/aos_status.c b/oss_c_sdk/aos_status.c
@@ -20,6 +20,7 @@ const char AOS_SELECT_OBJECT_ERROR[] = "SelectObjectError";
 const char AOS_SELECT_OBJECT_CRC_ERROR[] = "SelectObjectCRCError";
 const char AOS_CREATE_SELECT_OBJECT_META_ERROR[] = "CreateSelectObjectMetaError";
 const char AOS_BUCKET_NAME_INVALID_ERROR[] = "BucketNameInvalidError";
+const char AOS_OBJECT_NAME_INVALID_ERROR[] = "ObjectNameInvalidError";
 
 aos_status_t *aos_status_create(aos_pool_t *p)
 {

diff --git a/oss_c_sdk/aos_status.h b/oss_c_sdk/aos_status.h
@@ -59,6 +59,8 @@ extern const char AOS_SELECT_OBJECT_ERROR[];
 extern const char AOS_SELECT_OBJECT_CRC_ERROR[];
 extern const char AOS_CREATE_SELECT_OBJECT_META_ERROR[];
 extern const char AOS_BUCKET_NAME_INVALID_ERROR[];
+extern const char AOS_OBJECT_NAME_INVALID_ERROR[];
+
 AOS_CPP_END
 
 #endif
diff --git a/oss_c_sdk/aos_transport.h b/oss_c_sdk/aos_transport.h
@@ -37,6 +37,7 @@ struct aos_http_request_options_s {
     int verify_ssl;
     char *ca_path;
     char *ca_file;
+    int verify_object_strict;
 };
 
 struct aos_http_transport_options_s {

diff --git a/oss_c_sdk/oss_object.c b/oss_c_sdk/oss_object.c
@@ -20,6 +20,11 @@ char *oss_gen_signed_url(const oss_request_options_t *options,
     aos_string_t expires_time;
     int res = AOSE_OK;
 
+    if (!oss_is_valid_bucket_name(bucket) ||
+        !oss_is_valid_object_name_ex(object, is_verify_object_strict(options))) {
+        return NULL;
+    }
+
     expires_str = apr_psprintf(options->pool, "%" APR_INT64_T_FMT, expires);
     aos_str_set(&expires_time, expires_str);
     oss_get_object_uri(options, bucket, object, req);
@@ -57,6 +62,7 @@ aos_status_t *oss_do_put_object_from_buffer(const oss_request_options_t *options
     aos_table_t *query_params = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     headers = aos_table_create_if_null(options, headers, 2);
     set_content_type(NULL, object->data, headers);
@@ -107,6 +113,7 @@ aos_status_t *oss_do_put_object_from_file(const oss_request_options_t *options,
     int res = AOSE_OK;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     s = aos_status_create(options->pool);
 
@@ -162,6 +169,7 @@ aos_status_t *oss_do_get_object_to_buffer(const oss_request_options_t *options,
     aos_http_response_t *resp = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     headers = aos_table_create_if_null(options, headers, 0);
     params = aos_table_create_if_null(options, params, 0);
@@ -193,6 +201,7 @@ aos_status_t *oss_restore_object(const oss_request_options_t *options,
     aos_http_response_t *resp = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     params = aos_table_create_if_null(options, params, 0);
     apr_table_add(params, OSS_RESTORE, "");
@@ -232,6 +241,7 @@ aos_status_t *oss_restore_object_with_tier(const oss_request_options_t *options,
     aos_list_t body;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     params = aos_table_create_if_null(options, params, 0);
     apr_table_add(params, OSS_RESTORE, "");
@@ -280,6 +290,7 @@ aos_status_t *oss_do_get_object_to_file(const oss_request_options_t *options,
     aos_string_t tmp_filename;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     headers = aos_table_create_if_null(options, headers, 0);
     params = aos_table_create_if_null(options, params, 0);
@@ -321,6 +332,7 @@ aos_status_t *oss_head_object(const oss_request_options_t *options,
     aos_table_t *query_params = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     headers = aos_table_create_if_null(options, headers, 0);
 
@@ -346,6 +358,7 @@ aos_status_t *oss_get_object_meta(const oss_request_options_t *options,
    aos_table_t *headers = NULL;
 
    oss_ensure_bucket_name_valid(bucket);
+   oss_ensure_object_name_valid(object);
 
    //init query_params
    query_params = aos_table_create_if_null(options, query_params, 1);
@@ -376,6 +389,7 @@ aos_status_t *oss_put_object_acl(const oss_request_options_t *options,
     const char *oss_acl_str = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     s = aos_status_create(options->pool);
 
@@ -418,6 +432,7 @@ aos_status_t *oss_get_object_acl(const oss_request_options_t *options,
     aos_table_t *headers = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     s = aos_status_create(options->pool);
 
@@ -474,6 +489,7 @@ aos_status_t *oss_do_put_symlink(const oss_request_options_t *options,
     aos_table_t *query_params = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(sym_object);
 
     headers = aos_table_create_if_null(options, headers, 1);
     apr_table_set(headers, OSS_CANNONICALIZED_HEADER_SYMLINK, target_object->data);
@@ -502,6 +518,7 @@ aos_status_t *oss_get_symlink(const oss_request_options_t *options,
     aos_table_t *headers = NULL; 
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(sym_object);
 
     headers = aos_table_create_if_null(options, headers, 0);    
 
@@ -529,6 +546,7 @@ aos_status_t *oss_delete_object(const oss_request_options_t *options,
     aos_table_t *query_params = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     headers = aos_table_create_if_null(options, headers, 0);
     query_params = aos_table_create_if_null(options, query_params, 0);
@@ -560,6 +578,7 @@ aos_status_t *oss_copy_object(const oss_request_options_t *options,
     int res = -1;
 
     oss_ensure_bucket_name_valid(dest_bucket);
+    oss_ensure_object_name_valid(dest_object);
 
     s = aos_status_create(options->pool);
 
@@ -601,6 +620,7 @@ aos_status_t *oss_append_object_from_buffer(const oss_request_options_t *options
     aos_table_t *query_params = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     /* init query_params */
     query_params = aos_table_create_if_null(options, query_params, 2);
@@ -640,6 +660,7 @@ aos_status_t *oss_do_append_object_from_buffer(const oss_request_options_t *opti
     aos_table_t *query_params = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     /* init query_params */
     query_params = aos_table_create_if_null(options, params, 2);
@@ -681,6 +702,7 @@ aos_status_t *oss_append_object_from_file(const oss_request_options_t *options,
     int res = AOSE_OK;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     /* init query_params */
     query_params = aos_table_create_if_null(options, query_params, 2);
@@ -727,6 +749,7 @@ aos_status_t *oss_do_append_object_from_file(const oss_request_options_t *option
     int res = AOSE_OK;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     /* init query_params */
     query_params = aos_table_create_if_null(options, params, 2);
@@ -954,6 +977,7 @@ aos_status_t *oss_do_select_object_to_buffer(const oss_request_options_t *option
     int b64_len;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     /*init query_params*/
     query_params = aos_table_create_if_null(options, params, 1);
@@ -1030,6 +1054,7 @@ aos_status_t *oss_do_select_object_to_file(const oss_request_options_t *options,
     aos_string_t tmp_filename;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     /*init query_params*/
     query_params = aos_table_create_if_null(options, params, 1);
@@ -1097,6 +1122,7 @@ aos_status_t *oss_create_select_object_meta(const oss_request_options_t *options
     int b64_len;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     /*init query_params*/
     query_params = aos_table_create_if_null(options, query_params, 1);
@@ -1146,6 +1172,7 @@ aos_status_t *oss_put_object_tagging(const oss_request_options_t *options,
     aos_list_t body;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     //init query_params
     query_params = aos_table_create_if_null(options, query_params, 1);
@@ -1180,6 +1207,7 @@ aos_status_t *oss_get_object_tagging(const oss_request_options_t *options,
     aos_table_t *headers = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     query_params = aos_table_create_if_null(options, query_params, 1);
     apr_table_add(query_params, OSS_TAGGING, "");
@@ -1215,6 +1243,7 @@ aos_status_t *oss_delete_object_tagging(const oss_request_options_t *options,
     aos_table_t *headers = NULL;
 
     oss_ensure_bucket_name_valid(bucket);
+    oss_ensure_object_name_valid(object);
 
     query_params = aos_table_create_if_null(options, query_params, 1);
     apr_table_add(query_params, OSS_TAGGING, "");

diff --git a/oss_c_sdk/oss_util.c b/oss_c_sdk/oss_util.c
@@ -1534,6 +1534,40 @@ aos_status_t *oss_get_bucket_name_invalid_error()
     return &oss_bucket_name_invalid_error;
 }
 
+int oss_is_valid_object_name(const aos_string_t* str)
+{
+    if (aos_string_is_empty(str)) {
+        return 0;
+    }
+    return 1;
+}
+
+int oss_is_valid_object_name_ex(const aos_string_t* str, int strict)
+{
+
+    if (aos_string_is_empty(str)) {
+        return 0;
+    }
+
+    if (strict && str->data[0] == '?') {
+        return 0;
+    }
+
+    return 1;
+}
+
+aos_status_t* oss_get_object_name_invalid_error()
+{
+    static aos_status_t oss_object_name_invalid_error = {
+        AOSE_INVALID_ARGUMENT,
+        (char*)AOS_OBJECT_NAME_INVALID_ERROR,
+        "The object name is invalid, please check.",
+        NULL
+    };
+
+    return &oss_object_name_invalid_error;
+}
+
 int oss_is_valid_host(const char *host)
 {
     //format like: userinfo@host:port, just check host
@@ -1579,3 +1613,7 @@ int oss_is_valid_host(const char *host)
     return 1;
 }
 
+int is_verify_object_strict(const oss_request_options_t* options)
+{
+    return options->ctl->options->verify_object_strict;
+}
diff --git a/oss_c_sdk/oss_util.h b/oss_c_sdk/oss_util.h
@@ -400,6 +400,12 @@ oss_tag_content_t *oss_create_tag_content(aos_pool_t *p);
 **/
 int oss_is_valid_bucket_name(const aos_string_t *str);
 
+/**
+  * @brief  check if object name is valid.
+**/
+int oss_is_valid_object_name(const aos_string_t *str);
+int oss_is_valid_object_name_ex(const aos_string_t* str, int strict);
+
 /**
   * @brief  pre-process endpoint, just keep host and port.
 **/
@@ -415,14 +421,25 @@ aos_status_t *oss_get_bucket_name_invalid_error();
 #define oss_ensure_bucket_name_valid(a) do {       \
         if (!oss_is_valid_bucket_name(a)) {        \
             return oss_get_bucket_name_invalid_error(); \
-        } \
+        } \
+    } while(0) 
+
+aos_status_t* oss_get_object_name_invalid_error();
+
+#define oss_ensure_object_name_valid(a) do {       \
+        if (!oss_is_valid_object_name(a)) {        \
+            return oss_get_object_name_invalid_error(); \
+        } \
     } while(0) 
 
+
 /**
   * @brief  check if the host is valid.
 **/
 int oss_is_valid_host(const char *host);
 
+int is_verify_object_strict(const oss_request_options_t * options);
+
 
 OSS_CPP_END