satellite/metainfo: Log internal error and warning

Deleting a bucket with data without having read and list permissions isn't allowed, but we return a successful response to avoid attackers to figure out if a bucket exists. We never return an error to the clients under those circumstances, but we want to see them them in the logs. Change-Id: I1bb0dd3fa0c3534b17d98095c002032738eea103
storj · Mar 19, 2024 · a50f327 · a50f327
1 parent 13e69e4
commit a50f327
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/satellite/metainfo/endpoint_bucket.go b/satellite/metainfo/endpoint_bucket.go
@@ -323,6 +323,13 @@ func (endpoint *Endpoint) DeleteBucket(ctx context.Context, req *pb.BucketDelete
 	err = endpoint.deleteBucket(ctx, req.Name, keyInfo.ProjectID)
 	if err != nil {
 		if !canRead && !canList {
+			if !buckets.ErrBucketNotFound.Has(err) && !ErrBucketNotEmpty.Has(err) {
+				// We don't want to return an internal error if it doesn't have read and list permissions
+				// for not giving any little chance to find out that a bucket with a specific name and with
+				// data exists, but we want to log it about it.
+				endpoint.log.Error("internal", zap.Error(err))
+			}
+
 			// No error info is returned if neither Read, nor List permission is granted.
 			return &pb.BucketDeleteResponse{}, nil
 		}