gsh-digital-services/seaweedFS
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

S3 Tables: validate ARN namespace to prevent path traversal

Browse Source 
- Enforce validation on decoded namespace in parseTableFromARN.
- Ensures path components are safe after URL unescaping.
This commit is contained in:
Chris Lu
2026-01-28 12:09:09 -08:00
parent f13e250fc3
commit ae19621230
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
weed/s3api/s3tables/utils.go
View File

@@ -43,6 +43,11 @@ func parseTableFromARN(arn string) (bucketName, namespace, tableName string, err
return "", "", "", fmt.Errorf("invalid namespace encoding in ARN: %v", err)
}
_, err = validateNamespace([]string{namespaceUnescaped})
if err != nil {
return "", "", "", fmt.Errorf("invalid namespace in ARN: %v", err)
}
return matches[1], namespaceUnescaped, matches[3], nil
}