Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(s3): Add validations for S3 bucket names #2256

Merged
merged 6 commits into from
Apr 16, 2019
Merged

fix(s3): Add validations for S3 bucket names #2256

merged 6 commits into from
Apr 16, 2019

Conversation

nija-at
Copy link
Contributor

@nija-at nija-at commented Apr 12, 2019
edited
Loading

Bucket names are verified to conform with rules published by S3 -
https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html

fixes #1308

Pull Request Checklist

  • Testing
    • Unit test added (prefer not to modify an existing test, otherwise, it's probably a breaking change)
    • CLI change?: coordinate update of integration tests with team
    • cdk-init template change?: coordinated update of integration tests with team
  • Docs
    • jsdocs: All public APIs documented
    • README: README and/or documentation topic updated
  • Title and Description
    • Change type: title prefixed with fix, feat will appear in changelog
    • Title: use lower-case and doesn't end with a period
    • Breaking?: last paragraph: "BREAKING CHANGE: <describe what changed + link for details>"
    • Issues: Indicate issues fixed via: "Fixes #xxx" or "Closes #xxx"
  • Sensitive Modules (requires 2 PR approvers)
    • IAM Policy Document (in @aws-cdk/aws-iam)
    • EC2 Security Groups and ACLs (in @aws-cdk/aws-ec2)
    • Grant APIs (only if not based on official documentation with a reference)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license.

@nija-at nija-at requested a review from a team as a code owner April 12, 2019 12:08
RomainMuller
RomainMuller reviewed Apr 12, 2019
View reviewed changes
packages/@aws-cdk/aws-s3/lib/bucket.ts Outdated
if (/\.-|-\.|\.\./.test(bucketName)) {
errors.push('Bucket name must not have dash next to period, or period next to dash, or consecutive periods');
}
if (/\d+\.\d+\.\d+\.\d+/.test(bucketName)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this how S3 validates? I feel like this might be prohibiting certain options that S3 would permit...

Copy link
Contributor Author

@nija-at nija-at Apr 12, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if this is how S3 does it. I've reversed engineered their validations based on their rules here and manually trying out combinations.

Some of these are pretty straight forward, like length and character set, but the ones around IP and symbol combinations get more tricky.
I've picked combinations and regex that I should be more liberal than S3 (in that, S3 might have additional/stricter checks I don't have here), but would be ok with dropping the more tricky ones if you think they could potentially break customers.

What do you think?

packages/@aws-cdk/aws-s3/lib/bucket.ts Show resolved Hide resolved
Niranjan Jayakar added 4 commits April 12, 2019 16:32
Replaced ok assertions with doesNotThrow.
8e74077 
Misused the wrong assertion method previously. `ok` assertions don't
fail when the conditional throws an exception.
Skip bucket name validation checks for CDK tokens
de5c283
Fixed regexp for IP address to match entire string
e19b859
Error messages now include offending offset
c9cdd27 
Each class of failed bucket name validation shows the offset of the
offending character.
eladb
eladb reviewed Apr 14, 2019
View reviewed changes
Copy link
Contributor

@eladb eladb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

packages/@aws-cdk/aws-s3/test/test.bucket.ts Show resolved Hide resolved
Additional test that validates the entire error message.
a040f09 
As suggested on the PR review, current set of tests only validate that
the offsets are computed correctly. This test verifies that the message
is generated as expected.
@rix0rrr rix0rrr merged commit f810265 into aws:master Apr 16, 2019
@NGL321 NGL321 added the contribution/core This is a PR that came from AWS. label Sep 27, 2019
This was referenced Dec 12, 2019
Closed
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RomainMuller RomainMuller RomainMuller left review comments

@rix0rrr rix0rrr rix0rrr left review comments

@eladb eladb eladb approved these changes

Assignees
No one assigned
Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add bucket name check
5 participants
@nija-at @RomainMuller @rix0rrr @eladb @NGL321