ADHOC: s3 bucket name verification (#4189)

* ADHOC: s3 bucket name verification * add test
2024-01-19 02:48:24 +00:00 · 2023-02-07 14:37:29 -08:00 · 2023-02-07 14:37:29 -08:00 · 5083429704
parent d5f77706a8
commit 5083429704
2 changed files with 59 additions and 0 deletions
--- a/weed/shell/command_s3_bucket_create.go
+++ b/weed/shell/command_s3_bucket_create.go
@ -5,8 +5,11 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"net"
 	"os"
+	"strings"
 	"time"
+	"unicode"

 	"github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
 )
@ -42,6 +45,11 @@ func (c *commandS3BucketCreate) Do(args []string, commandEnv *CommandEnv, writer
 		return fmt.Errorf("empty bucket name")
 	}

+	err = verifyS3BucketName(*bucketName)
+	if err != nil {
+		return err
+	}
+
 	err = commandEnv.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {

 		resp, err := client.GetFilerConfiguration(context.Background(), &filer_pb.GetFilerConfigurationRequest{})
@ -78,3 +86,35 @@ func (c *commandS3BucketCreate) Do(args []string, commandEnv *CommandEnv, writer
 	return err

 }
+
+// https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
+func verifyS3BucketName(name string) (err error) {
+	if len(name) < 3 || len(name) > 63 {
+		return fmt.Errorf("bucket name must between [3, 63] characters")
+	}
+	for idx, ch := range name {
+		if !(unicode.IsLower(ch) || ch == '.' || ch == '-' || unicode.IsNumber(ch)) {
+			return fmt.Errorf("bucket name can only contain lower case characters, numbers, dots, and hyphens")
+		}
+		if idx > 0 && (ch == '.' && name[idx-1] == '.') {
+			return fmt.Errorf("bucket names must not contain two adjacent periods")
+		}
+		//TODO buckets with s3 transfer accleration cannot have . in name
+	}
+	if name[0] == '.' || name[0] == '-' {
+		return fmt.Errorf("name must start with number or lower case character")
+	}
+	if name[len(name)-1] == '.' || name[len(name)-1] == '-' {
+		return fmt.Errorf("name must end with number or lower case character")
+	}
+	if strings.HasPrefix(name, "xn--") {
+		return fmt.Errorf("prefix xn-- is a reserved and not allowed in bucket prefix")
+	}
+	if strings.HasSuffix(name, "-s3alias") {
+		return fmt.Errorf("suffix -s3alias is a reserved and not allowed in bucket suffix")
+	}
+	if net.ParseIP(name) != nil {
+		return fmt.Errorf("bucket name cannot be ip addresses")
+	}
+	return nil
+}
--- a/weed/shell/command_s3_bucket_create_test.go
+++ b/weed/shell/command_s3_bucket_create_test.go
@ -0,0 +1,19 @@
+package shell
+
+import (
+	"github.com/stretchr/testify/assert"
+	"testing"
+)
+
+func Test_verifyBucketName(t *testing.T) {
+	invalidS3BucketNames := []string{"A9325325b", "123.12.153.10", "abc214..2", "d", ".ewfs3253543", "grehtrry-", "----------", "x@fdsgr032"}
+	for _, invalidName := range invalidS3BucketNames {
+		err := verifyS3BucketName(invalidName)
+		assert.NotNil(t, err)
+	}
+	validS3BucketName := []string{"a9325325b", "999.12.153.10", "abc214.2", "3d3d3d", "ewfs3253543", "grehtrry-a", "0----------0", "xafdsgr032"}
+	for _, invalidName := range validS3BucketName {
+		err := verifyS3BucketName(invalidName)
+		assert.Nil(t, err)
+	}
+}