Skip to content

Normalize URLs during signing (except for S3). #3534

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 2, 2022
Merged

Normalize URLs during signing (except for S3). #3534

merged 1 commit into from
Nov 2, 2022

Conversation

millems
Copy link
Contributor

@millems millems commented Nov 2, 2022

During signing when generating the canonical request, request paths are supposed to be normalized to remove . and .. path components. We were not doing this before, making it possible to construct requests that fail signature validation.

@millems millems requested a review from a team as a code owner November 2, 2022 21:25
@millems millems force-pushed the millem/normalize-signing-paths branch from 44b005e to 04459bb Compare November 2, 2022 21:55
@millems
Normalize URLs during signing (except for S3).
d593fdd 
During signing when generating the canonical request, request paths are supposed to be normalized to remove . and .. path components. We were not doing this before, making it possible to construct requests that fail signature validation.
@millems millems force-pushed the millem/normalize-signing-paths branch from 04459bb to d593fdd Compare November 2, 2022 21:55
@millems millems enabled auto-merge (squash) November 2, 2022 22:44
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 2, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 2 Code Smells

92.9% 92.9% Coverage
0.0% 0.0% Duplication

@millems millems merged commit d1a23e2 into master Nov 2, 2022
millems added a commit that referenced this pull request Dec 8, 2022
@millems
Fixed a bug where path normalization was not being disabled when sign…
2951a45 
…ing requests directly with AwsS3V4Signer.

The issue was introduced with #3534. The PR did not account for users who are using the signer directly.
@millems millems mentioned this pull request Dec 8, 2022
Merged
millems added a commit that referenced this pull request Dec 8, 2022
@millems
Fixed a bug where path normalization was not being disabled when sign…
65c3aa4 
…ing requests directly with AwsS3V4Signer. (#3601)

The issue was introduced with #3534. The PR did not account for users who are using the signer directly.
@millems millems deleted the millem/normalize-signing-paths branch February 5, 2024 20:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dagnir dagnir dagnir approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@millems @dagnir