Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dev 2312 #401

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Dev 2312 #401

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
10d320f
support to verify object name strictly.
wushuai1415 Dec 7, 2023
56e56e4
Modify the information of version 2.9.19-SNAPSHOT
wushuai1415 Dec 7, 2023
3d6e0ee
modify javadoc
wushuai1415 Dec 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions changelog.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,10 @@ Github地址:https://github.com/aliyun/aliyun-oss-android-sdk

更新日志:

2023/12/7
- release 2.9.19-SNAPSHOT
1.support to verify object name strictly.

2023/11/9
- release 2.9.18
1.Modify OKHTTP dependency method
Expand Down
2 changes: 1 addition & 1 deletion oss-android-sdk/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ android {
minSdkVersion 14
targetSdkVersion 30
versionCode 40
versionName "2.9.18"
versionName "2.9.19-SNAPSHOT"
testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
}

Expand Down
5 changes: 5 additions & 0 deletions oss-android-sdk/maven-publish.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,11 @@ task sourcesJar(type: Jar) {
task javadoc(type: Javadoc) {
source = android.sourceSets.main.java.srcDirs
classpath += project.files(android.getBootClasspath().join(File.pathSeparator))
android.libraryVariants.all { variant ->
if (variant.name == 'release') {
owner.classpath += variant.javaCompile.classpath
}
}
failOnError false
}

Expand Down
68 changes: 66 additions & 2 deletions oss-android-sdk/src/androidTest/java/com/alibaba/sdk/android/OSSAuthenticationTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import android.support.test.InstrumentationRegistry;
import android.util.Log;

import com.alibaba.sdk.android.oss.ClientConfiguration;
import com.alibaba.sdk.android.oss.ClientException;
import com.alibaba.sdk.android.oss.OSSClient;
import com.alibaba.sdk.android.oss.ServiceException;
Expand Down Expand Up @@ -53,8 +54,8 @@
* Created by LK on 15/12/2.
*/
public class OSSAuthenticationTest extends BaseTestCase {
private String file1mPath = OSSTestConfig.EXTERNAL_FILE_DIR + "file1m";
private String imgPath = OSSTestConfig.EXTERNAL_FILE_DIR + "shilan.jpg";
private String file1mPath = OSSTestConfig.FILE_DIR + "file1m";
private String imgPath = OSSTestConfig.FILE_DIR + "shilan.jpg";

@Override
void initTestData() throws Exception {
Expand Down Expand Up @@ -180,6 +181,69 @@ public void testPresignObjectURLWithProcess() throws Exception {
assertEquals(200, resp.code());
}

@Test
public void testGenerateSignedURLIsKeyStrictly() throws Exception {
String key = "";
ClientConfiguration conf = new ClientConfiguration();
assertTrue(conf.isVerifyObjectStrict());
OSSClient ossClient = new OSSClient(InstrumentationRegistry.getTargetContext(), OSSTestConfig.ENDPOINT, OSSTestConfig.credentialProvider, conf);
long expiration = new Date(new Date().getTime() + 1000 * 60 *10).getTime();

key = "123";
try {
GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(mBucketName, key);
request.setExpiration(expiration);
String url = ossClient.presignConstrainedObjectURL(request);
//System.out.println(url.toString());
assertTrue(url.contains("/123?Expires="));
} catch (Exception e) {
fail("should not here");
}

key = "?123";
try {
GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(mBucketName, key);
request.setExpiration(expiration);
ossClient.presignConstrainedObjectURL(request);
fail("should not here");
} catch (Exception e) {
assertTrue(e.getMessage().startsWith("The object key is invalid."));
}

key = "?";
try {
GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(mBucketName, key);
request.setExpiration(expiration);
ossClient.presignConstrainedObjectURL(request);
fail("should not here");
} catch (Exception e) {
assertTrue(e.getMessage().startsWith("The object key is invalid."));
}

conf = new ClientConfiguration();
conf.setVerifyObjectStrictEnable(false);
ossClient = new OSSClient(InstrumentationRegistry.getTargetContext(), OSSTestConfig.ENDPOINT, OSSTestConfig.credentialProvider, conf);

key = "123";
try {
GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(mBucketName, key);
request.setExpiration(expiration);
String url = ossClient.presignConstrainedObjectURL(request);
assertTrue(url.toString().contains("/123?Expires="));
} catch (Exception e) {
fail("should not here");
}
key = "?123";
try {
GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest(mBucketName, key);
request.setExpiration(expiration);
String url = ossClient.presignConstrainedObjectURL(request);
assertTrue(url.contains("/%3F123?Expires="));
} catch (Exception e) {
fail("should not here");
}
}

@Test
public void testPresignObjectURLWithHeader() throws IOException, ClientException, ServiceException {
String objectKey = "testPresignObjectURLWithHeader";
Expand Down
44 changes: 44 additions & 0 deletions oss-android-sdk/src/androidTest/java/com/alibaba/sdk/android/OSSPutObjectTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,13 @@
import android.database.Cursor;
import android.net.Uri;
import android.provider.MediaStore;
import android.support.test.InstrumentationRegistry;
import android.support.test.filters.SdkSuppress;
import android.util.Log;

import com.alibaba.sdk.android.oss.ClientConfiguration;
import com.alibaba.sdk.android.oss.ClientException;
import com.alibaba.sdk.android.oss.OSSClient;
import com.alibaba.sdk.android.oss.ServiceException;
import com.alibaba.sdk.android.oss.callback.OSSProgressCallback;
import com.alibaba.sdk.android.oss.callback.OSSRetryCallback;
Expand All @@ -22,6 +25,8 @@
import com.alibaba.sdk.android.oss.model.DeleteMultipleObjectRequest;
import com.alibaba.sdk.android.oss.model.DeleteMultipleObjectResult;
import com.alibaba.sdk.android.oss.model.DeleteObjectRequest;
import com.alibaba.sdk.android.oss.model.GetObjectRequest;
import com.alibaba.sdk.android.oss.model.GetObjectResult;
import com.alibaba.sdk.android.oss.model.GetObjectTaggingRequest;
import com.alibaba.sdk.android.oss.model.GetObjectTaggingResult;
import com.alibaba.sdk.android.oss.model.HeadObjectRequest;
Expand Down Expand Up @@ -311,6 +316,45 @@ public void onProgress(AppendObjectRequest request, long currentSize, long total
assertEquals(1024 * 1000 * 2, result.getMetadata().getContentLength());
}

@Test
public void testGetObjectVerifyStrict() {
final String key = "?测\\r试-中.~,+\"'*&¥#@%!(文)+字符|?/.zip";
final long inputStreamLength = 128 * 1024; //128KB
OSSTestConfig.TestPutCallback putCallback = new OSSTestConfig.TestPutCallback();
OSSTestConfig.TestGetCallback getCallback = new OSSTestConfig.TestGetCallback();

ClientConfiguration conf = new ClientConfiguration();
conf.setVerifyObjectStrictEnable(true);
OSSClient oss = new OSSClient(InstrumentationRegistry.getTargetContext(), OSSTestConfig.ENDPOINT, OSSTestConfig.credentialProvider, conf);

PutObjectRequest putObjectRequest = new PutObjectRequest(mBucketName, key,
OSSTestConfig.FILE_DIR + "file1m");
OSSAsyncTask task = oss.asyncPutObject(putObjectRequest, putCallback);
task.waitUntilFinished();
assertNull(putCallback.clientException);

GetObjectRequest getObjectRequest = new GetObjectRequest(mBucketName, key);
OSSAsyncTask task1 = oss.asyncGetObject(getObjectRequest, getCallback);
task1.waitUntilFinished();
assertNull(putCallback.clientException);

try {
conf = new ClientConfiguration();
conf.setVerifyObjectStrictEnable(false);
oss = new OSSClient(InstrumentationRegistry.getTargetContext(), OSSTestConfig.ENDPOINT, OSSTestConfig.credentialProvider, conf);

PutObjectRequest putObjectRequest1 = new PutObjectRequest(mBucketName, key,
OSSTestConfig.FILE_DIR + "file1m");
oss.putObject(putObjectRequest1);

// Override 1
GetObjectRequest getObjectRequest1 = new GetObjectRequest(mBucketName, key);
GetObjectResult o = oss.getObject(getObjectRequest1);
} catch (Exception e) {
fail(e.getMessage());
}
}

@Test
@SdkSuppress(minSdkVersion = 29)
public void testAppendObjectWithFile() throws Exception {
Expand Down
20 changes: 20 additions & 0 deletions oss-android-sdk/src/main/java/com/alibaba/sdk/android/oss/ClientConfiguration.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ public class ClientConfiguration {

private HttpProtocol httpProtocol = HttpProtocol.HTTPS;

private boolean verifyObjectStrict = true;
/**
* Constructor
*/
Expand Down Expand Up @@ -303,4 +304,23 @@ public HttpProtocol getHttpProtocol() {
public void setHttpProtocol(HttpProtocol httpProtocol) {
this.httpProtocol = httpProtocol;
}

/**
* Sets the flag of verifying object name strictly.
*
* @param enabled
* True if it's enabled; False if it's disabled.
*/
public void setVerifyObjectStrictEnable(boolean enabled) {
this.verifyObjectStrict = enabled;
}

/**
* Gets the flag of verifying object name strictly. By default it's true.
*
* @return true enabled; false disabled.
*/
public boolean isVerifyObjectStrict() {
return verifyObjectStrict;
}
}
2 changes: 1 addition & 1 deletion oss-android-sdk/src/main/java/com/alibaba/sdk/android/oss/common/OSSConstants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
*/
public final class OSSConstants {

public static final String SDK_VERSION = "2.9.18";
public static final String SDK_VERSION = "2.9.19-SNAPSHOT";
public static final String DEFAULT_OSS_ENDPOINT = "http://oss-cn-hangzhou.aliyuncs.com";

public static final String DEFAULT_CHARSET_NAME = "utf-8";
Expand Down
17 changes: 17 additions & 0 deletions oss-android-sdk/src/main/java/com/alibaba/sdk/android/oss/common/utils/OSSUtils.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -559,6 +559,9 @@ public static void ensureBucketNameValid(String bucketName) {
* @return
*/
public static boolean validateObjectKey(String objectKey) {
return validateObjectKey(objectKey, false);
}
public static boolean validateObjectKey(String objectKey, boolean strict) {
if (objectKey == null) {
return false;
}
Expand All @@ -576,6 +579,10 @@ public static boolean validateObjectKey(String objectKey) {
if (beginKeyChar == '/' || beginKeyChar == '\\') {
return false;
}
if (strict && beginKeyChar == '?') {
return false;
}

for (char keyChar : keyChars) {
if (keyChar != 0x09 && keyChar < 0x20) {
return false;
Expand All @@ -584,6 +591,16 @@ public static boolean validateObjectKey(String objectKey) {
return true;
}

public static void ensureObjectKeyValid(String key, boolean strict) {
if (!validateObjectKey(key, strict)) {
throw new IllegalArgumentException("The object key is invalid. \n" +
"An object name should be: \n" +
"1) between 1 - 1023 bytes long when encoded as UTF-8 \n" +
"2) cannot contain LF or CR or unsupported chars in XML1.0, \n" +
"3) cannot begin with \"/\" or \"\\\".");
}
}

public static void ensureObjectKeyValid(String objectKey) {
if (!validateObjectKey(objectKey)) {
throw new IllegalArgumentException("The object key is invalid. \n" +
Expand Down
3 changes: 3 additions & 0 deletions oss-android-sdk/src/main/java/com/alibaba/sdk/android/oss/internal/ObjectURLPresigner.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,9 @@ public String presignConstrainedURL(GeneratePresignedUrlRequest request) throws
String expires = String.valueOf(DateUtil.getFixedSkewedTimeMillis() / 1000 + request.getExpiration());
HttpMethod method = request.getMethod() != null ? request.getMethod() : HttpMethod.GET;

OSSUtils.ensureBucketNameValid(request.getBucketName());
OSSUtils.ensureObjectKeyValid(request.getKey(), conf.isVerifyObjectStrict());

RequestMessage requestMessage = new RequestMessage();
requestMessage.setEndpoint(endpoint);
requestMessage.setMethod(method);
Expand Down
2 changes: 1 addition & 1 deletion project.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
project.name=aliyun-oss-sdk-android
project.groupId=com.aliyun.dpa
project.artifactId=oss-android-sdk
project.version=2.9.18
project.version=2.9.19-SNAPSHOT
project.packaging=aar
project.siteUrl=https://github.com/aliyun/aliyun-oss-android-sdk
project.gitUrl=https://github.com/aliyun/aliyun-oss-android-sdk.git
Expand Down