Skip to content

Commit 585374a

Browse files
authored
Merge pull request #696 from aws/bmaizels/s3control-validation
S3Control: Added additional validation on account Id
2 parents 9018bcf + 8d30c20 commit 585374a

File tree

2 files changed

+42
-2
lines changed

2 files changed

+42
-2
lines changed

services/s3control/src/main/java/software/amazon/awssdk/services/s3control/internal/interceptors/EndpointAddressInterceptor.java

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,9 @@
1515

1616
package software.amazon.awssdk.services.s3control.internal.interceptors;
1717

18-
import java.net.URI;
18+
import java.util.regex.Matcher;
19+
import java.util.regex.Pattern;
20+
1921
import software.amazon.awssdk.annotations.SdkInternalApi;
2022
import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
2123
import software.amazon.awssdk.core.exception.SdkClientException;
@@ -32,6 +34,8 @@
3234
*/
3335
@SdkInternalApi
3436
public class EndpointAddressInterceptor implements ExecutionInterceptor {
37+
private static final Pattern HOSTNAME_COMPLIANT_PATTERN = Pattern.compile("[A-Za-z0-9\\-]+");
38+
private static final int HOSTNAME_MAX_LENGTH = 63;
3539

3640
private static final String ENDPOINT_PREFIX = "s3-control";
3741

@@ -47,7 +51,6 @@ public SdkHttpRequest modifyHttpRequest(Context.ModifyHttpRequest context,
4751
}
4852

4953
String accountId = request.headers().get(X_AMZ_ACCOUNT_ID).get(0);
50-
URI endpoint = request.getUri();
5154

5255
S3ControlConfiguration config = (S3ControlConfiguration) executionAttributes.getAttribute(
5356
AwsSignerExecutionAttribute.SERVICE_CONFIG);
@@ -78,6 +81,7 @@ private String resolveHost(SdkHttpRequest request, String accountId, S3ControlCo
7881
host = host.replace(ENDPOINT_PREFIX, String.format("%s-%s", ENDPOINT_PREFIX, "fips"));
7982

8083
}
84+
validateComponentIsHostnameCompliant(accountId, "account id");
8185
return String.format("%s.%s", accountId, host);
8286
}
8387

@@ -88,4 +92,26 @@ private boolean isDualstackEnabled(S3ControlConfiguration configuration) {
8892
private boolean isFipsEnabled(S3ControlConfiguration configuration) {
8993
return configuration != null && configuration.fipsModeEnabled();
9094
}
95+
96+
private static void validateComponentIsHostnameCompliant(String component, String componentName) {
97+
if (component.isEmpty()) {
98+
throw new IllegalArgumentException(
99+
String.format("An argument has been passed that is not valid: the required '%s' "
100+
+ "component is missing.", componentName));
101+
}
102+
103+
if (component.length() > HOSTNAME_MAX_LENGTH) {
104+
throw new IllegalArgumentException(
105+
String.format("An argument has been passed that is not valid: the '%s' "
106+
+ "component exceeds the maximum length of %d characters.", componentName,
107+
HOSTNAME_MAX_LENGTH));
108+
}
109+
110+
Matcher m = HOSTNAME_COMPLIANT_PATTERN.matcher(component);
111+
if (!m.matches()) {
112+
throw new IllegalArgumentException(
113+
String.format("An argument has been passed that is not valid: the '%s' "
114+
+ "component must only contain alphanumeric characters and dashes.", componentName));
115+
}
116+
}
91117
}

services/s3control/src/test/java/software/amazon/awssdk/services/s3control/internal/interceptors/EndpointAddressInterceptorTest.java

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
package software.amazon.awssdk.services.s3control.internal.interceptors;
1616

1717
import static org.assertj.core.api.Assertions.assertThat;
18+
import static org.assertj.core.api.Assertions.assertThatThrownBy;
1819

1920
import java.util.Optional;
2021
import org.junit.Before;
@@ -50,6 +51,19 @@ public void setup() {
5051
.build();
5152
}
5253

54+
@Test
55+
public void modifyHttpRequest_illegalCharacterInAccountId_throwsException() {
56+
SdkHttpRequest modifiedRequest = SdkHttpFullRequest.builder()
57+
.appendHeader(X_AMZ_ACCOUNT_ID, "1234/#")
58+
.protocol(Protocol.HTTPS.toString())
59+
.method(SdkHttpMethod.POST)
60+
.host(S3ControlClient.serviceMetadata().endpointFor(Region.US_EAST_1).toString())
61+
.build();
62+
EndpointAddressInterceptor interceptor = new EndpointAddressInterceptor();
63+
assertThatThrownBy(() -> interceptor.modifyHttpRequest(new Context(modifiedRequest), new ExecutionAttributes()))
64+
.isInstanceOf(IllegalArgumentException.class).hasMessageContaining("account id");
65+
}
66+
5367
@Test
5468
public void modifyHttpRequest_ResolvesCorrectHost_StandardSettings() {
5569
EndpointAddressInterceptor interceptor = new EndpointAddressInterceptor();

0 commit comments

Comments
 (0)