This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 4bbe59a4ca Remove matrix parameters from s3_auth plugin (#11586)
4bbe59a4ca is described below
commit 4bbe59a4ca10d38b82e156a80ea26269ff5c94ef
Author: Masakazu Kitajo <mas...@apache.org>
AuthorDate: Mon Jul 22 11:48:36 2024 -0600
Remove matrix parameters from s3_auth plugin (#11586)
* Remove matrix parameters from s3_auth plugin
* Fix for clang-analyzer
---
plugins/s3_auth/aws_auth_v4.cc | 5 -----
plugins/s3_auth/aws_auth_v4.h | 1 -
plugins/s3_auth/aws_auth_v4_wrap.h | 5 -----
plugins/s3_auth/s3_auth.cc | 25 ++++++-------------------
plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 14 --------------
plugins/s3_auth/unit_tests/test_aws_auth_v4.h | 7 -------
6 files changed, 6 insertions(+), 51 deletions(-)
diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc
index 724d1d7137..f5399d1322 100644
--- a/plugins/s3_auth/aws_auth_v4.cc
+++ b/plugins/s3_auth/aws_auth_v4.cc
@@ -315,11 +315,6 @@ getCanonicalRequestSha256Hash(TsInterface &api, bool
signPayload, const StringSe
str = api.getPath(&length);
String path("/");
path.append(str, length);
- str = api.getParams(&length);
- if (length > 0) {
- path.append(";", 1);
- path.append(str, length);
- }
String canonicalUri = canonicalEncode(path, /* isObjectName */ true);
sha256Update(&canonicalRequestSha256Ctx, canonicalUri);
sha256Update(&canonicalRequestSha256Ctx, "\n");
diff --git a/plugins/s3_auth/aws_auth_v4.h b/plugins/s3_auth/aws_auth_v4.h
index edb11b42a9..e01e49e9f3 100644
--- a/plugins/s3_auth/aws_auth_v4.h
+++ b/plugins/s3_auth/aws_auth_v4.h
@@ -47,7 +47,6 @@ public:
virtual const char *getMethod(int *length) = 0;
virtual const char *getHost(int *length) = 0;
virtual const char *getPath(int *length) = 0;
- virtual const char *getParams(int *length) = 0;
virtual const char *getQuery(int *length) = 0;
virtual HeaderIterator headerBegin() = 0;
virtual HeaderIterator headerEnd() = 0;
diff --git a/plugins/s3_auth/aws_auth_v4_wrap.h
b/plugins/s3_auth/aws_auth_v4_wrap.h
index 9b4b95b9a0..e8715ee1ea 100644
--- a/plugins/s3_auth/aws_auth_v4_wrap.h
+++ b/plugins/s3_auth/aws_auth_v4_wrap.h
@@ -108,11 +108,6 @@ public:
return TSUrlPathGet(_bufp, _url, len);
}
const char *
- getParams(int *len) override
- {
- return TSUrlHttpParamsGet(_bufp, _url, len);
- }
- const char *
getQuery(int *len) override
{
return TSUrlHttpQueryGet(_bufp, _url, len);
diff --git a/plugins/s3_auth/s3_auth.cc b/plugins/s3_auth/s3_auth.cc
index 4bd2eb7a76..a319bff153 100644
--- a/plugins/s3_auth/s3_auth.cc
+++ b/plugins/s3_auth/s3_auth.cc
@@ -841,12 +841,11 @@ S3Request::authorizeV2(S3Config *s3)
{
TSHttpStatus status = TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
TSMLoc host_loc = TS_NULL_MLOC, md5_loc = TS_NULL_MLOC, contype_loc =
TS_NULL_MLOC;
- int method_len = 0, path_len = 0, param_len = 0, host_len = 0,
con_md5_len = 0, con_type_len = 0, date_len = 0;
- const char *method = nullptr, *path = nullptr, *param = nullptr, *host =
nullptr, *con_md5 = nullptr, *con_type = nullptr,
- *host_endp = nullptr;
- char date[128]; // Plenty of space for a Date value
- time_t now = time(nullptr);
- struct tm now_tm;
+ int method_len = 0, path_len = 0, host_len = 0, con_md5_len = 0,
con_type_len = 0, date_len = 0;
+ const char *method = nullptr, *path = nullptr, *host = nullptr, *con_md5 =
nullptr, *con_type = nullptr, *host_endp = nullptr;
+ char date[128]; // Plenty of space for a Date value
+ time_t now = time(nullptr);
+ struct tm now_tm;
// Start with some request resources we need
if (nullptr == (method = TSHttpHdrMethodGet(_bufp, _hdr_loc, &method_len))) {
@@ -856,9 +855,6 @@ S3Request::authorizeV2(S3Config *s3)
return TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
}
- // get matrix parameters
- param = TSUrlHttpParamsGet(_bufp, _url_loc, ¶m_len);
-
// Next, setup the Date: header, it's required.
if (nullptr == gmtime_r(&now, &now_tm)) {
return TS_HTTP_STATUS_INTERNAL_SERVER_ERROR;
@@ -920,12 +916,7 @@ S3Request::authorizeV2(S3Config *s3)
loff += str_concat(&left[loff], (left_size - loff), "/", 1);
}
- loff += str_concat(&left[loff], (left_size - loff), path, path_len);
-
- if (param) {
- loff += str_concat(&left[loff], (left_size - loff), ";", 1);
- str_concat(&left[loff], (left_size - loff), param, param_len);
- }
+ str_concat(&left[loff], (left_size - loff), path, path_len);
Dbg(dbg_ctl, "%s", left);
}
@@ -954,10 +945,6 @@ S3Request::authorizeV2(S3Config *s3)
}
HMAC_Update(ctx, (unsigned char *)path, path_len);
- if (param) {
- HMAC_Update(ctx, reinterpret_cast<const unsigned char *>(";"), 1); //
TSUrlHttpParamsGet() does not include ';'
- HMAC_Update(ctx, (unsigned char *)param, param_len);
- }
HMAC_Final(ctx, hmac, &hmac_len);
HMAC_CTX_free(ctx);
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
index 8a3716d2ac..fa5fbdaff9 100644
--- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc
@@ -433,7 +433,6 @@ TEST_CASE("AWSAuthSpecByExample: GET Object",
"[AWS][auth][SpecByExample]")
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("test.txt");
- api._params.assign("");
api._query.assign("");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Range", "bytes=0-9"));
@@ -479,7 +478,6 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket Lifecycle",
"[AWS][auth][SpecByExamp
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("lifecycle");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
@@ -524,7 +522,6 @@ TEST_CASE("AWSAuthSpecByExample: Get Bucket List Objects",
"[AWS][auth][SpecByEx
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"));
@@ -616,7 +613,6 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects,
unsigned pay-load, exc
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"UNSIGNED-PAYLOAD"));
@@ -666,7 +662,6 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects,
query param value alre
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("PATH==");
- api._params.assign("");
api._query.assign("key=TEST==");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"UNSIGNED-PAYLOAD"));
@@ -713,7 +708,6 @@ TEST_CASE("S3AuthV4UtilParams: signing multiple same name
fields", "[AWS][auth][
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -778,7 +772,6 @@ TEST_CASE("S3AuthV4UtilParams: include all headers by
default", "[AWS][auth][uti
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -813,7 +806,6 @@ TEST_CASE("S3AuthV4UtilParams: include all headers
explicit", "[AWS][auth][SpecB
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -884,7 +876,6 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude non
overlapping headers", "[AWS][
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -919,7 +910,6 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping
headers", "[AWS][auth
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -955,7 +945,6 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping
headers missing inclu
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -991,7 +980,6 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping
headers missing exclu
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -1030,7 +1018,6 @@ TEST_CASE("S3AuthV4UtilParams: include content type",
"[AWS][auth][utility]")
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("Content-Type", "gzip"));
@@ -1064,7 +1051,6 @@ TEST_CASE("S3AuthV4UtilParams: include missing content
type", "[AWS][auth][utili
api._method.assign("GET");
api._host.assign("examplebucket.s3.amazonaws.com");
api._path.assign("");
- api._params.assign("");
api._query.assign("max-keys=2&prefix=J");
api._headers.insert(std::make_pair("Host",
"examplebucket.s3.amazonaws.com"));
api._headers.insert(std::make_pair("x-amz-content-sha256",
"UNSIGNED-PAYLOAD"));
diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
index 2d1ebf8eee..ba4b669790 100644
--- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h
@@ -95,12 +95,6 @@ public:
return _path.c_str();
}
const char *
- getParams(int *length) override
- {
- *length = _params.length();
- return _params.c_str();
- }
- const char *
getQuery(int *length) override
{
*length = _query.length();
@@ -120,7 +114,6 @@ public:
String _method;
String _host;
String _path;
- String _params;
String _query;
HeaderMultiMap _headers;
};
