1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[rubygems/rubygems] Do not mutate uri.query during s3 signature creation

Browse Source 
https://github.com/rubygems/rubygems/commit/c0275ee537
This commit is contained in:
Alexander Pakulov 2019-08-14 12:00:27 -07:00 committed by Hiroshi SHIBATA
parent c4f7c260f9
commit 25a327d41b
No known key found for this signature in database
GPG Key ID: F9CF13417264FAC2
2 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/rubygems/s3_uri_signer.rb
View File

@ -49,12 +49,12 @@ class Gem::S3URISigner
credential_info = "#{date}/#{s3_config.region}/s3/aws4_request" credential_info = "#{date}/#{s3_config.region}/s3/aws4_request"
canonical_host = "#{uri.host}.s3.#{s3_config.region}.amazonaws.com" canonical_host = "#{uri.host}.s3.#{s3_config.region}.amazonaws.com"
uri.query = generate_canonical_query_params(s3_config, date_time, credential_info, expiration) query_params = generate_canonical_query_params(s3_config, date_time, credential_info, expiration)
canonical_request = generate_canonical_request(canonical_host) canonical_request = generate_canonical_request(canonical_host, query_params)
string_to_sign = generate_string_to_sign(date_time, credential_info, canonical_request) string_to_sign = generate_string_to_sign(date_time, credential_info, canonical_request)
signature = generate_signature(s3_config, date, string_to_sign) signature = generate_signature(s3_config, date, string_to_sign)
URI.parse("https://#{canonical_host}#{uri.path}?#{uri.query}&X-Amz-Signature=#{signature}") URI.parse("https://#{canonical_host}#{uri.path}?#{query_params}&X-Amz-Signature=#{signature}")
end end
private private
@ -76,11 +76,11 @@ class Gem::S3URISigner
end.join("&") end.join("&")
end end
def generate_canonical_request(canonical_host) def generate_canonical_request(canonical_host, query_params)
[ [
"GET", "GET",
uri.path, uri.path,
uri.query, query_params,
"host:#{canonical_host}", "host:#{canonical_host}",
"", # empty params "", # empty params
"host", "host",
@ -131,11 +131,11 @@ class Gem::S3URISigner
else else
id = auth[:id] || auth["id"] id = auth[:id] || auth["id"]
secret = auth[:secret] || auth["secret"] secret = auth[:secret] || auth["secret"]
raise ConfigurationError.new("s3_source for #{host} missing id or secret") unless id && secret
security_token = auth[:security_token] || auth["security_token"] security_token = auth[:security_token] || auth["security_token"]
end end
raise ConfigurationError.new("s3_source for #{host} missing id or secret") unless id && secret
region = auth[:region] || auth["region"] || "us-east-1" region = auth[:region] || auth["region"] || "us-east-1"
S3Config.new(id, secret, security_token, region) S3Config.new(id, secret, security_token, region)
end end

3
test/rubygems/test_gem_remote_fetcher.rb
View File

@ -675,6 +675,9 @@ PeIQQkFng2VVot/WAQbv3ePqWq07g1BBcwIBAg==
def s3_uri_signer.ec2_metadata_credentials_json def s3_uri_signer.ec2_metadata_credentials_json
JSON.parse($instance_profile) JSON.parse($instance_profile)
end end
# Running sign operation to make sure uri.query is not mutated
s3_uri_signer.sign
raise "URI query is not empty: #{uri.query}" unless uri.query.nil?
s3_uri_signer s3_uri_signer
end end