Skip to content

Commit

Permalink
fix s3 presign url check problem, support two versions(v2,v4) (langge…
Browse files Browse the repository at this point in the history 
…nius#9093)

Co-authored-by: Yuanbo Li <ybalbert@amazon.com>
  • Loading branch information
@ybalbert001 @lau-td
2 people authored and lau-td committed Oct 23, 2024
1 parent 0a400de commit 7a40ee5
Showing 1 changed file with 27 additions and 9 deletions.
36 changes: 27 additions & 9 deletions api/core/file/message_file_parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,16 +198,34 @@ def is_s3_presigned_url(url):
if "amazonaws.com" not in parsed_url.netloc:
return False
query_params = parse_qs(parsed_url.query)
required_params = ["Signature", "Expires"]
for param in required_params:
if param not in query_params:

def check_presign_v2(query_params):
required_params = ["Signature", "Expires"]
for param in required_params:
if param not in query_params:
return False
if not query_params["Expires"][0].isdigit():
return False
if not query_params["Expires"][0].isdigit():
return False
signature = query_params["Signature"][0]
if not re.match(r"^[A-Za-z0-9+/]+={0,2}$", signature):
return False
return True
signature = query_params["Signature"][0]
if not re.match(r"^[A-Za-z0-9+/]+={0,2}$", signature):
return False

return True

def check_presign_v4(query_params):
required_params = ["X-Amz-Signature", "X-Amz-Expires"]
for param in required_params:
if param not in query_params:
return False
if not query_params["X-Amz-Expires"][0].isdigit():
return False
signature = query_params["X-Amz-Signature"][0]
if not re.match(r"^[A-Za-z0-9+/]+={0,2}$", signature):
return False

return True

return check_presign_v4(query_params) or check_presign_v2(query_params)
except Exception:
return False

Expand Down

0 comments on commit 7a40ee5

Please sign in to comment.