Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

reject object names with '\' on windows #16856

Merged
merged 1 commit into from
Mar 20, 2023
Merged

reject object names with '\' on windows #16856

merged 1 commit into from
Mar 20, 2023

Conversation

harshavardhana
Copy link
Member

Description

reject object names with '' on windows

Motivation and Context

also adds additional tests, to test for
security incident.

How to test this PR?

On windows, unit tests should cover it.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Optimization (provides speedup with no functional changes)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Fixes a regression (If yes, please add commit-id or PR # here)
  • Unit tests added/updated
  • Internal documentation updated
  • Create a documentation update request here

@harshavardhana harshavardhana mentioned this pull request Mar 20, 2023
Merged
8 tasks
@klauspost
Copy link
Contributor

klauspost commented Mar 20, 2023
edited

The reason we want to reject it is that we cannot distinguish between \ and /. When you upload an object with key prefix\object.txt, it will be listed back as prefix/object.txt, since a directory cannot preserve the backspace. The same conversion will happen with regards to ILM rules and access policies.

Therefore to avoid any confusion, it is IMO better to reject \ objects altogether.

(test should be adjusted)

klauspost
klauspost approved these changes Mar 20, 2023
View reviewed changes
Copy link
Contributor

@klauspost klauspost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

vadmeste
vadmeste approved these changes Mar 20, 2023
View reviewed changes
Copy link
Member

@vadmeste vadmeste left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@harshavardhana harshavardhana force-pushed the reject-object-names branch 3 times, most recently from 9142a45 to df1e628 Compare March 20, 2023 17:50
@minio-trusted
Copy link
Contributor

minio-trusted commented Mar 20, 2023
edited by harshavardhana

Mint Automation

Test Result
mint-erasure.sh ✔️
mint-compress-encrypt-dist-erasure.sh ✔️
mint-pools.sh ✔️
Deleting image on docker hub
Deleting image locally

@harshavardhana
reject object names with '\' on windows
36e179e 
also adds additional tests, to test for
security incident.
@minio minio deleted a comment from minio-trusted Mar 20, 2023
@harshavardhana harshavardhana merged commit b3c54ec into minio:master Mar 20, 2023
@harshavardhana harshavardhana deleted the reject-object-names branch March 20, 2023 20:16
@djwfyi djwfyi mentioned this pull request Mar 21, 2023
Closed
4 tasks
@bh4t bh4t added the bugfix label May 23, 2023
alexanghh pushed a commit to alexanghh/minio that referenced this pull request Sep 14, 2023
@harshavardhana @alexanghh
reject object names with '\' on windows (minio#16856)
ef919b8 
(cherry picked from commit b3c54ec)
daveaugustus pushed a commit to chef/minio that referenced this pull request Nov 15, 2023
@harshavardhana
reject object names with '\' on windows (minio#16856)
1e9617c
daveaugustus pushed a commit to chef/minio that referenced this pull request Nov 17, 2023
@harshavardhana
reject object names with '\' on windows (minio#16856)
233ddee
daveaugustus pushed a commit to chef/minio that referenced this pull request Nov 20, 2023
@harshavardhana
reject object names with '\' on windows (minio#16856)
7e05d9f
Adphi pushed a commit to linka-cloud/minio-gateway that referenced this pull request Mar 21, 2024
@harshavardhana @Adphi
reject object names with '\' on windows (minio#16856)
a88abec
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vadmeste vadmeste vadmeste approved these changes

@klauspost klauspost klauspost approved these changes

Assignees
No one assigned
Labels
bugfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@harshavardhana @klauspost @minio-trusted @vadmeste @bh4t