Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

avoid leaks during zip download and multi-object downloads #3481

Merged
merged 1 commit into from
Dec 3, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 27 additions & 27 deletions .github/workflows/jobs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -64,7 +64,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -112,7 +112,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
steps:
# To build minio image, we need to clone the repository first
- name: Clone github.com/minio/minio
Expand Down Expand Up @@ -150,7 +150,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -189,7 +189,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -243,7 +243,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -296,7 +296,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -348,7 +348,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -400,7 +400,7 @@ jobs:
timeout-minutes: 15
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -448,7 +448,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -496,7 +496,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -544,7 +544,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -595,7 +595,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -648,7 +648,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -683,7 +683,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -720,7 +720,7 @@ jobs:

strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]

steps:
- name: Check out code
Expand Down Expand Up @@ -817,7 +817,7 @@ jobs:

strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]

steps:
- name: Check out code
Expand Down Expand Up @@ -867,7 +867,7 @@ jobs:
echo "replace github.com/minio/console => ../" >> go.mod

echo "updates to go.mod needed; to update it: go mod tidy"
go mod tidy -compat=1.22
go mod tidy -compat=1.23

echo "Get git version to build MinIO Image";
VERSION=`git rev-parse HEAD`;
Expand Down Expand Up @@ -901,7 +901,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -956,7 +956,7 @@ jobs:
echo "download golang x tools"
go mod download golang.org/x/tools
echo "go mod tidy compat mode"
go mod tidy -compat=1.22
go mod tidy -compat=1.23
echo "go build gocoverage.go"
go build gocovmerge.go
echo "put together the outs for final coverage resolution"
Expand Down Expand Up @@ -1027,7 +1027,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -1069,7 +1069,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -1109,7 +1109,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -1137,7 +1137,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand All @@ -1164,7 +1164,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -1192,7 +1192,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down Expand Up @@ -1220,7 +1220,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/vulncheck.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22
go-version: 1.23.3
check-latest: true
- name: Get official govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
Expand All @@ -33,7 +33,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [ 1.22 ]
go-version: [ 1.23.x ]
os: [ ubuntu-latest ]
steps:
- name: Check out code
Expand Down
14 changes: 0 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,21 +25,7 @@ A graphical user interface for [MinIO](https://github.com/minio/minio)

<!-- markdown-toc end -->

## Install

MinIO Console is a library that provides a management and browser UI overlay for the MinIO Server.
The standalone binary installation path has been removed.

In case a Console standalone binary is needed, it can be generated by building this package from source as follows:

### Build from source

> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
> Minimum version required is go1.22

```
go install github.com/minio/console/cmd/console@latest
```

## Setup

Expand Down
18 changes: 14 additions & 4 deletions api/user_objects.go
Original file line number Diff line number Diff line change
Expand Up @@ -550,10 +550,13 @@ func getDownloadFolderResponse(session *models.Principal, params objectApi.Downl
Modified: modified,
})
if err != nil {
object.Close()
// Ignore errors, move to next
continue
}

_, err = io.Copy(f, object)
object.Close()
if err != nil {
// We have a partial object, report error.
pw.CloseWithError(err)
Expand Down Expand Up @@ -650,14 +653,17 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
// Ignore errors, move to next
continue
}
modified, _ := time.Parse(time.RFC3339, obj.LastModified)

modified, _ := time.Parse(time.RFC3339, obj.LastModified)
f, err := addToZip(name, modified)
if err != nil {
object.Close()
// Ignore errors, move to next
continue
}

_, err = io.Copy(f, object)
object.Close()
if err != nil {
// We have a partial object, report error.
pw.CloseWithError(err)
Expand All @@ -666,13 +672,14 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
}

} else {
// add selected individual object
objectData, err := mClient.StatObject(ctx, params.BucketName, dObj, minio.StatObjectOptions{})
object, err := mClient.GetObject(ctx, params.BucketName, dObj, minio.GetObjectOptions{})
if err != nil {
// Ignore errors, move to next
continue
}
object, err := mClient.GetObject(ctx, params.BucketName, dObj, minio.GetObjectOptions{})

// add selected individual object
objectData, err := object.Stat()
if err != nil {
// Ignore errors, move to next
continue
Expand All @@ -683,10 +690,13 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
objectName := prefixes[len(prefixes)-1]
f, err := addToZip(objectName, objectData.LastModified)
if err != nil {
object.Close()
// Ignore errors, move to next
continue
}

_, err = io.Copy(f, object)
object.Close()
if err != nil {
// We have a partial object, report error.
pw.CloseWithError(err)
Expand Down
6 changes: 3 additions & 3 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/minio/console

go 1.22
go 1.23

require (
github.com/blang/semver/v4 v4.0.0
Expand All @@ -24,6 +24,7 @@ require (
github.com/minio/madmin-go/v3 v3.0.68
github.com/minio/mc v0.0.0-20240815155011-479171e7be9c
github.com/minio/minio-go/v7 v7.0.81-0.20241125171916-a563333c01ef
github.com/minio/pkg/v3 v3.0.22
github.com/minio/selfupdate v0.6.0
github.com/minio/websocket v1.6.0
github.com/mitchellh/go-homedir v1.1.0
Expand All @@ -35,14 +36,13 @@ require (
golang.org/x/crypto v0.28.0
golang.org/x/net v0.30.0
golang.org/x/oauth2 v0.22.0

// Added to include security fix for
// https://github.com/golang/go/issues/56152
golang.org/x/text v0.19.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
)

require github.com/minio/pkg/v3 v3.0.22

require (
aead.dev/mem v0.2.0 // indirect
aead.dev/minisign v0.3.0 // indirect
Expand Down
Loading
Loading