Project

General

Profile

Actions
Copy link

Bug #19249

closed

Verify that x-amz-meta headers from s3 API cannot contain unescaped newlines or other control characters

Added by Peter Amstutz over 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Tom Clegg
Category:
Keep
Target version:
2022-08-03 Sprint
Start date:
07/11/2022
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
-
Release:
Arvados 2.5.0
Release relationship:
Auto

Subtasks 1 (0 open1 closed)

Task #19261: Review 19249-header-ctrl-charsResolvedTom Clegg07/11/2022

Actions
Actions
Copy link
 #1

Updated by Tom Clegg over 2 years ago

  • Status changed from New to In Progress

Go stdlib automatically replaces \r and \n in header values with spaces.

Updated keep-web to apply the optional mime-encoding instead for any values that contain control characters.

Added check for \r and \n in header keys as well (invalid keys properties are omitted from x-amz-meta headers, but this wasn't tested).

19249-header-ctrl-chars @ 831540fd5eedb6226996b5c72a86f2dba64cb196 -- developer-run-tests: #3226

retry wb1 developer-run-tests-apps-workbench-integration: #3467

Actions
Copy link
 #2

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-07-20 to 2022-08-03 Sprint
Actions
Copy link
 #3

Updated by Stephen Smith over 2 years ago

This looks good, assuming the test failures are nothing serious / unrelated

Actions
Copy link
 #4

Updated by Tom Clegg over 2 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #5

Updated by Peter Amstutz about 2 years ago

  • Release set to 47
Actions
Copy link

Also available in: Atom PDF