Skip to content

Commit 2280c6f

Browse files
committed
[MCG] Using put-bucket-policy with wrong syntax under Resource results in InternalError instead of MalformedPolicy
The malformed syntax should give malformed systax error. Issue: Square brackets ([ ]) in resource_bucket_part were misinterpreted in regex. Fix: Escape all regex special characters before inserting into RegExp(). Fixes: https://issues.redhat.com/browse/DFBUGS-1517 Signed-off-by: Vinayakswami Hariharmath <[email protected]>
1 parent 23aec8d commit 2280c6f

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

src/endpoint/s3/s3_bucket_policy_utils.js

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -269,7 +269,12 @@ async function validate_s3_policy(policy, bucket_name, get_account_handler) {
269269
}
270270
for (const resource of _.flatten([statement.Resource || statement.NotResource])) {
271271
const resource_bucket_part = resource.split('/')[0];
272-
const resource_regex = RegExp(`^${resource_bucket_part.replace(qm_regex, '.?').replace(ar_regex, '.*')}$`);
272+
const resource_regex = RegExp(
273+
`^${resource_bucket_part
274+
.replace(/[-/^$+?.()|[\]{}]/g, '\\$&')
275+
.replace(qm_regex, '.?')
276+
.replace(ar_regex, '.*')}$`
277+
);
273278
if (!resource_regex.test('arn:aws:s3:::' + bucket_name)) {
274279
throw new RpcError('MALFORMED_POLICY', 'Policy has invalid resource', { detail: resource });
275280
}

0 commit comments

Comments
 (0)