8000 S3Mock 5.0.0 by afranken · Pull Request #2453 · adobe/S3Mock · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

S3Mock 5.0.0 #2453

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

S3Mock 5.0.0 #2453

wants to merge 5 commits into from
+1,255 −1,851

Conversation

afranken
Copy link
Member
@afranken afranken commented Jun 13, 2025
edited
Loading

Description

  • Refactorings
    • S3Mock in Kotlin
    • AWS has deprecated SDK for Java v1, and will remove support EOY 2025.
      • Remove Java SDK v1.
    • JUnit 4.x deprecation
      • Remove JUnit 4.x support.
  • Version updates
    • Bump Spring Boot version to 4.x
    • Bump Spring Framework version to 7.x
    • Bump java version from 17 to 25

Related Issue

Tasks

  • I have signed the CLA.
  • I have written tests and verified that they fail without my change.

@afranken afranken changed the title Update to Spring-Boot 4.4.0-SNAPSHOT / Kotlin 2.2.0-RC Update to Spring-Boot 4 / Kotlin 2.2.x Jun 14, 2025
@afranken afranken changed the title Update to Spring-Boot 4 / Kotlin 2.2.x S3Mock 5.0.0 Jun 14, 2025
@afranken afranken force-pushed the spring-boot-4-snapshot branch 2 times, most recently from 96b0b36 to bae04ef Compare June 15, 2025 21:55
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 19, 2025
View reviewed changes
server/src/main/kotlin/com/adobe/testing/s3mock/util/DigestUtil.kt
@JvmStatic
fun hexDigest(file: File): String {
try {
FileUtils.openInputStream(file).use { stream ->

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression

This path depends on a [user-provided value](1). This path depends on a [user-provided value](2).
server/src/main/kotlin/com/adobe/testing/s3mock/util/DigestUtil.kt
@JvmStatic
fun hexDigest(salt: String?, file: File): String {
try {
FileUtils.openInputStream(file).use { stream ->

Check failure

Code scanning / CodeQL

Uncontrolled data used in path expression

This path depends on a [user-provided value](1). This path depends on a [user-provided value](2).

Copilot Autofix

AI 9 days ago

To fix the issue, we need to validate the uploadId parameter before using it in path construction. The validation should ensure that uploadId does not contain path traversal sequences (..) or path separators (/, \). This can be achieved by rejecting any uploadId that contains these characters.

The validation should be implemented in the MultipartService class, as it is the central point where uploadId is used for path construction. This ensures that all usages of uploadId are protected, regardless of where they originate.

Suggested changeset 2
server/src/main/java/com/adobe/testing/s3mock/service/MultipartService.java
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/server/src/main/java/com/adobe/testing/s3mock/service/MultipartService.java b/server/src/main/java/com/adobe/testing/s3mock/service/MultipartService.java
--- a/server/src/main/java/com/adobe/testing/s3mock/service/MultipartService.java
+++ b/server/src/main/java/com/adobe/testing/s3mock/service/MultipartService.java
@@ -76,2 +76,5 @@
       Map<String, String> encryptionHeaders) {
+    if (uploadId.contains("..") || uploadId.contains("/") || uploadId.contains("\\")) {
+      throw new IllegalArgumentException("Invalid uploadId: Path traversal or separators detected.");
+    }
     var bucketMetadata = bucketStore.getBucketMetadata(bucketName);
EOF
@@ -76,2 +76,5 @@
Map<String, String> encryptionHeaders) {
if (uploadId.contains("..") || uploadId.contains("/") || uploadId.contains("\\")) {
throw new IllegalArgumentException("Invalid uploadId: Path traversal or separators detected.");
}
var bucketMetadata = bucketStore.getBucketMetadata(bucketName);
server/src/main/java/com/adobe/testing/s3mock/store/MultipartStore.java
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/server/src/main/java/com/adobe/testing/s3mock/store/MultipartStore.java b/server/src/main/java/com/adobe/testing/s3mock/store/MultipartStore.java
--- a/server/src/main/java/com/adobe/testing/s3mock/store/MultipartStore.java
+++ b/server/src/main/java/com/adobe/testing/s3mock/store/MultipartStore.java
@@ -193,2 +193,5 @@
       Map<String, String> encryptionHeaders) {
+    if (uploadId.contains("..") || uploadId.contains("/") || uploadId.contains("\\")) {
+      throw new IllegalArgumentException("Invalid uploadId: Path traversal or separators detected.");
+    }
     var file = inputPathToFile(path, getPartPath(bucket, uploadId, partNumber));
EOF
@@ -193,2 +193,5 @@
Map<String, String> encryptionHeaders) {
if (uploadId.contains("..") || uploadId.contains("/") || uploadId.contains("\\")) {
throw new IllegalArgumentException("Invalid uploadId: Path traversal or separators detected.");
}
var file = inputPathToFile(path, getPartPath(bucket, uploadId, partNumber));
Copilot is powered by AI and may make mistakes. Always verify output.
@afranken afranken force-pushed the spring-boot-4-snapshot branch 2 times, most recently from a5b22a0 to 9fe17d9 Compare June 23, 2025 13:32
@afranken afranken force-pushed the spring-boot-4-snapshot branch from 9fe17d9 to 43f93c7 Compare June 23, 2025 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@afranken
0