fakestorage: add name validation on bucket creation

fsouza · Sep 12, 2020 · d8107a8 · d8107a8
1 parent 32043a0
commit d8107a8
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/fakestorage/bucket.go b/fakestorage/bucket.go
@@ -6,11 +6,15 @@ package fakestorage
 
 import (
 	"encoding/json"
+	"errors"
 	"net/http"
+	"regexp"
 
 	"github.com/gorilla/mux"
 )
 
+var bucketRegexp = regexp.MustCompile(`^[a-zA-Z0-9-][a-zA-Z0-9.-]*[a-zA-Z0-9-]$`)
+
 // CreateBucket creates a bucket inside the server, so any API calls that
 // require the bucket name will recognize this bucket.
 //
@@ -62,6 +66,11 @@ func (s *Server) createBucketByPost(w http.ResponseWriter, r *http.Request) {
 	if data.Versioning != nil {
 		versioning = data.Versioning.Enabled
 	}
+	if err := validateBucketName(name); err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+
 	// Create the named bucket
 	if err := s.backend.CreateBucket(name, versioning); err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
@@ -102,3 +111,10 @@ func (s *Server) getBucket(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 	encoder.Encode(resp)
 }
+
+func validateBucketName(bucketName string) error {
+	if !bucketRegexp.MatchString(bucketName) {
+		return errors.New("invalid bucket name")
+	}
+	return nil
+}
diff --git a/fakestorage/bucket_test.go b/fakestorage/bucket_test.go
@@ -64,6 +64,7 @@ func TestServerClientBucketAttrsAfterCreateBucket(t *testing.T) {
 }
 
 func TestServerClientBucketAttrsAfterCreateBucketByPost(t *testing.T) {
+	t.Parallel()
 	for _, versioningEnabled := range []bool{true, false} {
 		versioningEnabled := versioningEnabled
 		runServersTest(t, nil, func(t *testing.T, server *Server) {
@@ -92,6 +93,28 @@ func TestServerClientBucketAttrsAfterCreateBucketByPost(t *testing.T) {
 	}
 }
 
+func TestServerClientBucketCreateValidation(t *testing.T) {
+	bucketNames := []string{
+		"..what-is-this",
+		".host.name.cant.start.with.dot",
+		"no_underlines_either",
+		"or spaces",
+		"don't even try",
+		"no/slashes/either",
+	}
+
+	for _, bucketName := range bucketNames {
+		bucketName := bucketName
+		runServersTest(t, nil, func(t *testing.T, server *Server) {
+			client := server.Client()
+			err := client.Bucket(bucketName).Create(context.Background(), "whatever", nil)
+			if err == nil {
+				t.Error("unexpected <nil> error")
+			}
+		})
+	}
+}
+
 func TestServerClientBucketAttrsNotFound(t *testing.T) {
 	runServersTest(t, nil, func(t *testing.T, server *Server) {
 		client := server.Client()