Skip to content

Commit

Permalink
Return error when attempting to create a policy with commas in name (m…
Browse files Browse the repository at this point in the history 
…inio#20724)
  • Loading branch information
@taran-p
taran-p authored Dec 4, 2024
1 parent eddbe6b commit aff2a76
Show file tree
Hide file tree
Showing 4 changed files with 218 additions and 199 deletions.
6 changes: 6 additions & 0 deletions cmd/admin-handlers-users.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1719,6 +1719,12 @@ func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request
}
setReqInfoPolicyName(ctx, policyName)

// Reject policy names with commas.
if strings.Contains(policyName, ",") {
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrPolicyInvalidName), r.URL)
return
}

// Error out if Content-Length is missing.
if r.ContentLength <= 0 {
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrMissingContentLength), r.URL)
Expand Down
6 changes: 6 additions & 0 deletions cmd/admin-handlers-users_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -716,6 +716,12 @@ func (s *TestSuiteIAM) TestCannedPolicies(c *check) {
c.Fatalf("policy info err: %v", err)
}

// Check that policy with comma is rejected.
err = s.adm.AddCannedPolicy(ctx, "invalid,policy", policyBytes)
if err == nil {
c.Fatalf("invalid policy created successfully")
}

infoStr := string(info)
if !strings.Contains(infoStr, `"s3:PutObject"`) || !strings.Contains(infoStr, ":"+bucket+"/") {
c.Fatalf("policy contains unexpected content!")
Expand Down
6 changes: 6 additions & 0 deletions cmd/api-errors.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,7 @@ const (
ErrPolicyAlreadyAttached
ErrPolicyNotAttached
ErrExcessData
ErrPolicyInvalidName
// Add new error codes here.

// SSE-S3/SSE-KMS related API errors
Expand Down Expand Up @@ -561,6 +562,11 @@ var errorCodes = errorCodeMap{
Description: "More data provided than indicated content length",
HTTPStatusCode: http.StatusBadRequest,
},
ErrPolicyInvalidName: {
Code: "PolicyInvalidName",
Description: "Policy name may not contain comma",
HTTPStatusCode: http.StatusBadRequest,
},
ErrPolicyTooLarge: {
Code: "PolicyTooLarge",
Description: "Policy exceeds the maximum allowed document size.",
Expand Down
Loading

0 comments on commit aff2a76

Please sign in to comment.