Skip to content

fix s3 expected bucket owner presigning #2662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 31, 2024
Merged

fix s3 expected bucket owner presigning #2662

merged 1 commit into from
May 31, 2024

Conversation

@lucix-aws
Copy link
Contributor

@lucix-aws lucix-aws commented May 31, 2024

Tested:

package main import ( "context" "fmt" "io" "net/http" "net/url" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/config" "github.com/aws/aws-sdk-go-v2/service/s3" ) func main() { cfg, err := config.LoadDefaultConfig(context.Background()) if err != nil { panic(err)	} svc := s3.NewFromConfig(cfg) presigner := s3.NewPresignClient(svc) u, err := presigner.PresignGetObject(context.Background(), &s3.GetObjectInput{ Bucket: aws.String("<...>"), Key: aws.String("<...>"), ExpectedBucketOwner: aws.String("<... an account id number that isn't expected>"),	}) if err != nil { panic(err)	} println(u.URL) fmt.Printf("%#v\n", u.SignedHeader) uu, _ := url.Parse(u.URL) resp, err := http.DefaultClient.Do(&http.Request{ URL: uu, Header: u.SignedHeader,	}) if err != nil { panic(err)	} fmt.Println(resp.Status) p, _ := io.ReadAll(resp.Body) fmt.Println(string(p)) }

with fix the presigned GET response printed is the expected 403.
@lucix-aws lucix-aws requested a review from a team as a code owner May 31, 2024 17:21
@lucix-aws lucix-aws linked an issue May 31, 2024 that may be closed by this pull request
Align SDK presigning behavior of expected bucket owner to match S3's #2508
Closed
Madrigal
Madrigal approved these changes May 31, 2024
View reviewed changes
aws/signer/v4/v4.go
query := url.Values{}
unsignedHeaders := http.Header{}
for k, h := range header {
// literally just this header has this constraint for some stupid reason,
Copy link
Contributor

@Madrigal Madrigal May 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

love this comment <3
@lucix-aws lucix-aws merged commit 4d3e8fd into main May 31, 2024
@lucix-aws lucix-aws deleted the fix-s3-nonsense branch May 31, 2024 18:57
@Maldris Maldris mentioned this pull request Aug 27, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

2 participants

@lucix-aws @Madrigal