gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

s3tables: improve robustness, security, and error propagation in handlers

Browse Source 
- Implement strict table name validation (prevention of path traversal and character enforcement)
- Add nil checks for entry.Entry in all listing loops to prevent panics
- Propagate backend errors instead of swallowing them or assuming 404
- Correctly map filer_pb.ErrNotFound to appropriate S3 error codes
- Standardize existence checks across bucket, namespace, and table handlers
This commit is contained in:
Chris Lu
2026-01-28 11:37:02 -08:00
parent da15ee3e49
commit 62a1178a0b
5 changed files with 96 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
weed/s3api/s3tables/handler_bucket_create.go
View File

@@ -2,6 +2,7 @@ package s3tables
import (
"encoding/json"
"errors"
"fmt"
"net/http"
"time"
@@ -47,17 +48,17 @@ func (h *S3TablesHandler) handleCreateTableBucket(w http.ResponseWriter, r *http
// Check if bucket already exists
exists := false
err := filerClient.WithFilerClient(false, func(client filer_pb.SeaweedFilerClient) error {
resp, err := client.LookupDirectoryEntry(r.Context(), &filer_pb.LookupDirectoryEntryRequest{
_, err := filer_pb.LookupEntry(r.Context(), client, &filer_pb.LookupDirectoryEntryRequest{
Directory: TablesPath,
Name: req.Name,
})
if err != nil {
// Not found is expected when creating a new bucket
return nil
}
if resp.Entry != nil {
exists = true
if errors.Is(err, filer_pb.ErrNotFound) {
return nil
}
return err
}
exists = true
return nil
})