Skip to content

Commit

Permalink
fix s3 presign url check problem, support two versions(v2,v4) (#9093)
Browse files Browse the repository at this point in the history 
Co-authored-by: Yuanbo Li <ybalbert@amazon.com>
  • Loading branch information
@ybalbert001
ybalbert001 and Yuanbo Li authored Oct 9, 2024
1 parent 0540995 commit 57994e4
Showing 1 changed file with 27 additions and 9 deletions.
36 changes: 27 additions & 9 deletions api/core/file/message_file_parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,16 +198,34 @@ def is_s3_presigned_url(url):
if "amazonaws.com" not in parsed_url.netloc:
return False
query_params = parse_qs(parsed_url.query)
required_params = ["Signature", "Expires"]
for param in required_params:
if param not in query_params:

def check_presign_v2(query_params):
required_params = ["Signature", "Expires"]
for param in required_params:
if param not in query_params:
return False
if not query_params["Expires"][0].isdigit():
return False
if not query_params["Expires"][0].isdigit():
return False
signature = query_params["Signature"][0]
if not re.match(r"^[A-Za-z0-9+/]+={0,2}$", signature):
return False
return True
signature = query_params["Signature"][0]
if not re.match(r"^[A-Za-z0-9+/]+={0,2}$", signature):
return False

return True

def check_presign_v4(query_params):
required_params = ["X-Amz-Signature", "X-Amz-Expires"]
for param in required_params:
if param not in query_params:
return False
if not query_params["X-Amz-Expires"][0].isdigit():
return False
signature = query_params["X-Amz-Signature"][0]
if not re.match(r"^[A-Za-z0-9+/]+={0,2}$", signature):
return False

return True

return check_presign_v4(query_params) or check_presign_v2(query_params)
except Exception:
return False

Expand Down

0 comments on commit 57994e4

Please sign in to comment.