verify key len when creating faker

SiaFoundation · Sep 12, 2023 · ae483b0 · ae483b0
1 parent e839dd2
commit ae483b0
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 7 deletions.
diff --git a/cmd/gofakes3/main.go b/cmd/gofakes3/main.go
@@ -261,7 +261,7 @@ func run() error {
 		logger = gofakes3.DiscardLog()
 	}
 
-	faker := gofakes3.New(backend,
+	faker, err := gofakes3.New(backend,
 		gofakes3.WithIntegrityCheck(!values.noIntegrity),
 		gofakes3.WithTimeSkewLimit(timeSkewLimit),
 		gofakes3.WithTimeSource(timeSource),
@@ -270,6 +270,9 @@ func run() error {
 		gofakes3.WithHostBucketBase(values.hostBucketBases.Values...),
 		gofakes3.WithAutoBucket(values.autoBucket),
 	)
+	if err != nil {
+		return fmt.Errorf("gofakes3: could not create faker: %w", err)
+	}
 
 	return listenAndServe(values.host, faker.Server())
 }

diff --git a/gofakes3.go b/gofakes3.go
@@ -46,7 +46,7 @@ type GoFakeS3 struct {
 // New creates a new GoFakeS3 using the supplied Backend. Backends are pluggable.
 // Several Backend implementations ship with GoFakeS3, which can be found in the
 // gofakes3/backends package.
-func New(backend Backend, options ...Option) *GoFakeS3 {
+func New(backend Backend, options ...Option) (*GoFakeS3, error) {
 	s3 := &GoFakeS3{
 		storage:           backend,
 		timeSkew:          DefaultSkewLimit,
@@ -74,10 +74,11 @@ func New(backend Backend, options ...Option) *GoFakeS3 {
 	}
 
 	if len(s3.v4AuthPair) != 0 {
-		s3.AddAuthKeys(s3.v4AuthPair)
+		if err := s3.AddAuthKeys(s3.v4AuthPair); err != nil {
+			return nil, fmt.Errorf("failed to add auth keys: %w", err)
+		}
 	}
-
-	return s3
+	return s3, nil
 }
 
 func (g *GoFakeS3) nextRequestID() uint64 {
@@ -101,11 +102,15 @@ func (g *GoFakeS3) Server() http.Handler {
 	return g.authMiddleware(handler)
 }
 
-func (g *GoFakeS3) AddAuthKeys(p map[string]string) {
+func (g *GoFakeS3) AddAuthKeys(p map[string]string) error {
 	for k, v := range p {
+		if len(k) < signature.AccessKeyMinLen || len(k) > signature.AccessKeyMaxLen {
+			return fmt.Errorf("access key identifier length must be in range [%d-%d] but was: %d", signature.AccessKeyMinLen, signature.AccessKeyMaxLen, len(k))
+		}
 		g.v4AuthPair[k] = v
 	}
 	signature.StoreKeys(g.v4AuthPair)
+	return nil
 }
 
 func (g *GoFakeS3) DelAuthKeys(p []string) {

diff --git a/init_test.go b/init_test.go
@@ -201,7 +201,11 @@ func newTestServer(t *testing.T, opts ...testServerOption) *testServer {
 	}
 	fakerOpts = append(fakerOpts, ts.options...)
 
-	ts.GoFakeS3 = gofakes3.New(ts.backend, fakerOpts...)
+	var err error
+	ts.GoFakeS3, err = gofakes3.New(ts.backend, fakerOpts...)
+	if err != nil {
+		ts.Fatal(err)
+	}
 	ts.server = httptest.NewServer(ts.GoFakeS3.Server())
 
 	for _, bucket := range ts.initialBuckets {