Project

General

Profile

Actions

Bug #19249

closed

Verify that x-amz-meta headers from s3 API cannot contain unescaped newlines or other control characters

Added by Peter Amstutz 7 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Keep
Target version:
Start date:
07/11/2022
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
-
Release relationship:
Auto

Subtasks 1 (0 open1 closed)

Task #19261: Review 19249-header-ctrl-charsResolvedTom Clegg07/11/2022

Actions
Actions #1

Updated by Tom Clegg 7 months ago

  • Status changed from New to In Progress

Go stdlib automatically replaces \r and \n in header values with spaces.

Updated keep-web to apply the optional mime-encoding instead for any values that contain control characters.

Added check for \r and \n in header keys as well (invalid keys properties are omitted from x-amz-meta headers, but this wasn't tested).

19249-header-ctrl-chars @ 831540fd5eedb6226996b5c72a86f2dba64cb196 -- developer-run-tests: #3226

retry wb1 developer-run-tests-apps-workbench-integration: #3467

Actions #2

Updated by Peter Amstutz 6 months ago

  • Target version changed from 2022-07-20 to 2022-08-03 Sprint
Actions #3

Updated by Stephen Smith 6 months ago

This looks good, assuming the test failures are nothing serious / unrelated

Actions #4

Updated by Tom Clegg 6 months ago

  • % Done changed from 0 to 100
  • Status changed from In Progress to Resolved
Actions #5

Updated by Peter Amstutz about 2 months ago

  • Release set to 47
Actions

Also available in: Atom PDF