[
https://issues.apache.org/jira/browse/HDDS-8920?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Siyao Meng updated HDDS-8920:
-----------------------------
Summary: Ozone is supporting unicode volume and bucket names, potentially
unintentionally (was: Ozone is potentially supporting unicode volume and
bucket names, unintentionally)
> Ozone is supporting unicode volume and bucket names, potentially
> unintentionally
> --------------------------------------------------------------------------------
>
> Key: HDDS-8920
> URL: https://issues.apache.org/jira/browse/HDDS-8920
> Project: Apache Ozone
> Issue Type: Bug
> Reporter: Siyao Meng
> Priority: Major
>
> Gabor found that because `HddsClientUtils#isSupportedCharacter` calls
> `Character.isLowerCase` and `Character.isDigit` which are Unicode-aware,
> Ozone client or Ozone Manager is not really filtering out those Unicode
> (non-letter) characters and can successfully pass the filter. e.g. with three
> [U+FF5A|https://www.compart.com/en/unicode/U+FF5A]:
> {code}
> [root@gimre-sp4-1 ~]# ozone sh volume create zzz
> 23/06/23 16:16:44 INFO rpc.RpcClient: Creating Volume: zzz, with root as
> owner and space quota set to -1 bytes, counts quota set to -1
> {code}
> while according to S3 [bucket naming
> rules|https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html]
> this wouldn't be allowed:
> {code}
> Bucket names can consist only of lowercase letters, numbers, dots (.), and
> hyphens (-).
> {code}
> And is indeed blocked by awscli:
> {code}
> $ aws s3api --endpoint-url https://s3g:9879 --ca-bundle cacerts.pem
> create-bucket --bucket zzz
> Parameter validation failed:
> Invalid bucket name "zzz": Bucket name must match the regex
> "^[a-zA-Z0-9.\-_]{1,255}$"
> $ aws --version
> aws-cli/1.15.57 Python/2.7.18 Darwin/22.5.0 botocore/1.10.56
> {code}
> TODO:
> 1. Confirm if indeed such unicode chars shall be blocked
> 2. Enhance volume and bucket name checking on both client and server side
> (use regex, or use some form of normalization like
> [Punycode|https://www.punycoder.com/])
> 3. Mitigate impact on existing users when they already have such volumes or
> buckets in their system. (e.g. by making the new check optional and not
> enforced on older clusters when upgraded)
> cc [~swamirishi] [~hemantk] [~ppogde]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
