Skip to content

Added support validation against subpaths to hasPermission & SecureComponent #1570

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 15, 2022
Merged

Added support validation against subpaths to hasPermission & SecureComponent #1570

merged 1 commit into from
Feb 15, 2022

Conversation

bexsoft
Copy link
Collaborator

@bexsoft bexsoft commented Feb 15, 2022

What does this do?

Added support validation against subpaths to hasPermission & SecureComponent

Note: Please test roughly as this implies changes on how policies are processed in the application.

One test policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketPolicy",
                "s3:ListAllMyBuckets",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::amq-notifications"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:ListMultipartUploadParts",
                "s3:PutObject",
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::amq-notifications/*"
            ]
        }
    ]
}

Signed-off-by: Benjamin Perez benjamin@bexsoft.net

Added support validation against subpaths to hasPermission & SecureCo…
2738032 
…mponent

Signed-off-by: Benjamin Perez <benjamin@bexsoft.net>
@bexsoft bexsoft self-assigned this Feb 15, 2022
@harshavardhana
Copy link
Member

Can we add some tests here to avoid future regressions?

@bexsoft
Copy link
Collaborator Author

bexsoft commented Feb 15, 2022

Can we add some tests here to avoid future regressions?

Sure! We will be adding tests for this

prakashsvmx
prakashsvmx approved these changes Feb 15, 2022
View reviewed changes
Copy link
Member

@prakashsvmx prakashsvmx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested. Changes look good to me 👍

  • Prefix (Allow/Deny) -> Upload Files
  • Nested Prefix -> upload Files
  • File upload
  • Folder upload ( nested prefix) -> File upload

@dvaldivia dvaldivia merged commit 5b2715c into minio:master Feb 15, 2022
@bexsoft bexsoft deleted the fix-secure branch April 5, 2022 19:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dvaldivia dvaldivia dvaldivia approved these changes

@prakashsvmx prakashsvmx prakashsvmx approved these changes

@harshavardhana harshavardhana Awaiting requested review from harshavardhana

@Alevsk Alevsk Awaiting requested review from Alevsk

@cniackz cniackz Awaiting requested review from cniackz

Assignees

@bexsoft bexsoft

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bexsoft @harshavardhana @dvaldivia @prakashsvmx