Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Connection string SASs now sanitized #20520

Merged
merged 3 commits into from
Apr 12, 2021
Merged

Connection string SASs now sanitized #20520

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4a5eea3
Connection string SASs now sanitized
jaschrep-msft Apr 9, 2021
5c3fcd5
Fixed connection string SAS test.
jaschrep-msft Apr 9, 2021
3a1160f
CI fixes
jaschrep-msft Apr 9, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 67 additions & 0 deletions sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/ServiceAPITest.groovy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,14 @@

package com.azure.storage.blob

import com.azure.core.credential.AzureSasCredential
import com.azure.core.http.rest.Response
import com.azure.core.test.TestMode
import com.azure.core.util.BinaryData
import com.azure.core.util.Context
import com.azure.core.util.paging.ContinuablePage
import com.azure.identity.DefaultAzureCredentialBuilder
import com.azure.storage.blob.models.BlobAccessPolicy
import com.azure.storage.blob.models.BlobAnalyticsLogging
import com.azure.storage.blob.models.BlobContainerItem
import com.azure.storage.blob.models.BlobContainerListDetails
Expand All @@ -15,6 +19,7 @@ import com.azure.storage.blob.models.BlobMetrics
import com.azure.storage.blob.models.BlobRequestConditions
import com.azure.storage.blob.models.BlobRetentionPolicy
import com.azure.storage.blob.models.BlobServiceProperties
import com.azure.storage.blob.models.BlobSignedIdentifier
import com.azure.storage.blob.models.BlobStorageException
import com.azure.storage.blob.models.CustomerProvidedKey
import com.azure.storage.blob.models.ListBlobContainersOptions
Expand All @@ -23,6 +28,7 @@ import com.azure.storage.blob.models.StaticWebsite
import com.azure.storage.blob.options.BlobParallelUploadOptions
import com.azure.storage.blob.options.FindBlobsOptions
import com.azure.storage.blob.options.UndeleteBlobContainerOptions
import com.azure.storage.blob.sas.BlobServiceSasSignatureValues
import com.azure.storage.common.policy.RequestRetryOptions
import com.azure.storage.common.policy.RetryPolicyType
import com.azure.storage.common.sas.AccountSasPermission
Expand Down Expand Up @@ -75,6 +81,67 @@ class ServiceAPITest extends APISpec {
.setDefaultServiceVersion("2018-03-28"))
}

@Unroll
def "SAS Sanitization"() {
given:
def identifier = "id with spaces"
def blobName = generateBlobName()
cc.setAccessPolicy(null, Arrays.asList(new BlobSignedIdentifier()
.setId(identifier)
.setAccessPolicy(new BlobAccessPolicy()
.setPermissions("racwdl")
.setExpiresOn(getUTCNow().plusDays(1)))))
cc.getBlobClient(blobName).upload(BinaryData.fromBytes("test".getBytes()))
def sas = cc.generateSas(new BlobServiceSasSignatureValues(identifier))
if (unsanitize) {
sas = sas.replace("%20", " ")
}

when: "Endpoint with SAS built in"
optionalRecordingPolicy(new BlobContainerClientBuilder()
.httpClient(getHttpClient())
.endpoint(cc.getBlobContainerUrl() + "?" + sas))
.buildClient()
.getBlobClient(blobName)
.downloadContent()

then: "Works as expected"
notThrown(Exception)

// TODO AzureSasCredential doesn't currently sanitize inputs
//
// when: "Endpoint with SAS separate through Credential"
// new BlobContainerClientBuilder().endpoint(cc.getBlobContainerUrl()).credential(new AzureSasCredential(sas)).buildClient().getBlobClient(blobName).downloadContent()
//
// then: "Works as expected"
// notThrown(Exception)

when: "Connection string with SAS"
def connectionString = "AccountName=" + BlobUrlParts.parse(cc.getAccountUrl()).accountName + ";SharedAccessSignature=" + sas
optionalRecordingPolicy(new BlobContainerClientBuilder()
.httpClient(getHttpClient())
.connectionString(connectionString)
.containerName(cc.getBlobContainerName()))
.buildClient()
.getBlobClient(blobName)
.downloadContent()

then: "Works as expected"
notThrown(Exception)

where:
_ | unsanitize
_ | true
_ | false
}

BlobContainerClientBuilder optionalRecordingPolicy(BlobContainerClientBuilder builder) {
if (testMode == TestMode.RECORD) {
builder.addPolicy(interceptorManager.getRecordPolicy())
}
return builder
}

def "List containers"() {
when:
def response =
Expand Down
219 changes: 219 additions & 0 deletions ...ure-storage-blob/src/test/resources/session-records/ServiceAPITestsassanitization[0].json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,219 @@
{
"networkCallRecords" : [ {
"Method" : "PUT",
"Uri" : "https://REDACTED.blob.core.windows.net/jtcsassanitization0serviceapitestsassanitizationf9387476dcb?restype=container",
"Headers" : {
"x-ms-version" : "2020-06-12",
"User-Agent" : "azsdk-java-azure-storage-blob/12.11.0-beta.3 (11.0.9; Windows 10; 10.0)",
"x-ms-client-request-id" : "b911894b-c5b1-4b9b-a660-644c7710bc67"
},
"Response" : {
"x-ms-version" : "2020-06-12",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"eTag" : "0x8D8FBB22DBEACDF",
"Last-Modified" : "Fri, 09 Apr 2021 23:49:56 GMT",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "201",
"x-ms-request-id" : "6af526b8-201e-001c-7e9b-2d88a2000000",
"x-ms-client-request-id" : "b911894b-c5b1-4b9b-a660-644c7710bc67",
"Date" : "Fri, 09 Apr 2021 23:49:56 GMT"
},
"Exception" : null
}, {
"Method" : "PUT",
"Uri" : "https://REDACTED.blob.core.windows.net?restype=service&comp=properties",
"Headers" : {
"x-ms-version" : "2020-06-12",
"User-Agent" : "azsdk-java-azure-storage-blob/12.11.0-beta.3 (11.0.9; Windows 10; 10.0)",
"x-ms-client-request-id" : "b51a94a2-47bf-48a5-95c0-1dcb637142a4",
"Content-Type" : "application/xml"
},
"Response" : {
"x-ms-version" : "2020-06-12",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "202",
"x-ms-request-id" : "6af526fb-201e-001c-339b-2d88a2000000",
"x-ms-client-request-id" : "b51a94a2-47bf-48a5-95c0-1dcb637142a4",
"Date" : "Fri, 09 Apr 2021 23:49:56 GMT"
},
"Exception" : null
}, {
"Method" : "PUT",
"Uri" : "https://REDACTED.blob.core.windows.net/jtcsassanitization0serviceapitestsassanitizationf9387476dcb?restype=container&comp=acl",
"Headers" : {
"x-ms-version" : "2020-06-12",
"User-Agent" : "azsdk-java-azure-storage-blob/12.11.0-beta.3 (11.0.9; Windows 10; 10.0)",
"x-ms-client-request-id" : "118e81b2-c8d3-41e8-a309-04adf1bc8cf9",
"Content-Type" : "application/xml"
},
"Response" : {
"x-ms-version" : "2020-06-12",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"eTag" : "0x8D8FBB22DEDE1E0",
"Last-Modified" : "Fri, 09 Apr 2021 23:49:56 GMT",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "200",
"x-ms-request-id" : "6af5271c-201e-001c-4b9b-2d88a2000000",
"x-ms-client-request-id" : "118e81b2-c8d3-41e8-a309-04adf1bc8cf9",
"Date" : "Fri, 09 Apr 2021 23:49:56 GMT"
},
"Exception" : null
}, {
"Method" : "PUT",
"Uri" : "https://REDACTED.blob.core.windows.net/jtcsassanitization0serviceapitestsassanitizationf9387476dcb/javablobsassanitization1serviceapitestsassanitizationf9313153c",
"Headers" : {
"x-ms-version" : "2020-06-12",
"User-Agent" : "azsdk-java-azure-storage-blob/12.11.0-beta.3 (11.0.9; Windows 10; 10.0)",
"x-ms-client-request-id" : "eacd4f80-ac88-441a-9492-38af9583dae6",
"Content-Type" : "application/octet-stream"
},
"Response" : {
"x-ms-version" : "2020-06-12",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"x-ms-content-crc64" : "Q7G6/s6+u/k=",
"Last-Modified" : "Fri, 09 Apr 2021 23:49:56 GMT",
"x-ms-version-id" : "2021-04-09T23:49:56.7753099Z",
"retry-after" : "0",
"StatusCode" : "201",
"x-ms-request-server-encrypted" : "true",
"Date" : "Fri, 09 Apr 2021 23:49:56 GMT",
"Content-MD5" : "CY9rzUYh03PK3k6DJie09g==",
"eTag" : "0x8D8FBB22E04F78B",
"Content-Length" : "0",
"x-ms-request-id" : "6af52735-201e-001c-5f9b-2d88a2000000",
"x-ms-client-request-id" : "eacd4f80-ac88-441a-9492-38af9583dae6"
},
"Exception" : null
}, {
"Method" : "GET",
"Uri" : "https://REDACTED.blob.core.windows.net/jtcsassanitization0serviceapitestsassanitizationf9387476dcb/javablobsassanitization1serviceapitestsassanitizationf9313153c?sv=2020-06-12&sig=REDACTED&si=id%20with%20spaces&sr=c",
"Headers" : {
"x-ms-version" : "2020-06-12",
"User-Agent" : "azsdk-java-azure-storage-blob/12.11.0-beta.3 (11.0.9; Windows 10; 10.0)",
"x-ms-client-request-id" : "289d9228-9681-448a-8a0f-ea39637fcc49"
},
"Response" : {
"x-ms-is-current-version" : "true",
"x-ms-last-access-time" : "Fri, 09 Apr 2021 23:49:56 GMT",
"x-ms-version" : "2020-06-12",
"x-ms-lease-status" : "unlocked",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"x-ms-lease-state" : "available",
"Last-Modified" : "Fri, 09 Apr 2021 23:49:56 GMT",
"x-ms-version-id" : "2021-04-09T23:49:56.7753099Z",
"retry-after" : "0",
"StatusCode" : "200",
"Date" : "Fri, 09 Apr 2021 23:49:56 GMT",
"Content-MD5" : "CY9rzUYh03PK3k6DJie09g==",
"x-ms-blob-type" : "BlockBlob",
"Accept-Ranges" : "bytes",
"x-ms-server-encrypted" : "true",
"x-ms-creation-time" : "Fri, 09 Apr 2021 23:49:56 GMT",
"eTag" : "0x8D8FBB22E04F78B",
"Content-Length" : "4",
"x-ms-request-id" : "6af52753-201e-001c-779b-2d88a2000000",
"Body" : "dGVzdA==",
"x-ms-client-request-id" : "289d9228-9681-448a-8a0f-ea39637fcc49",
"Content-Type" : "application/octet-stream"
},
"Exception" : null
}, {
"Method" : "GET",
"Uri" : "https://REDACTED.blob.core.windows.net/jtcsassanitization0serviceapitestsassanitizationf9387476dcb/javablobsassanitization1serviceapitestsassanitizationf9313153c?sv=2020-06-12&sig=REDACTED&si=id%20with%20spaces&sr=c",
"Headers" : {
"x-ms-version" : "2020-06-12",
"User-Agent" : "azsdk-java-azure-storage-blob/12.11.0-beta.3 (11.0.9; Windows 10; 10.0)",
"x-ms-client-request-id" : "2555c2c4-20b0-41a2-8549-78ff6a147783"
},
"Response" : {
"x-ms-is-current-version" : "true",
"x-ms-last-access-time" : "Fri, 09 Apr 2021 23:49:57 GMT",
"x-ms-version" : "2020-06-12",
"x-ms-lease-status" : "unlocked",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"x-ms-lease-state" : "available",
"Last-Modified" : "Fri, 09 Apr 2021 23:49:56 GMT",
"x-ms-version-id" : "2021-04-09T23:49:56.7753099Z",
"retry-after" : "0",
"StatusCode" : "200",
"Date" : "Fri, 09 Apr 2021 23:49:57 GMT",
"Content-MD5" : "CY9rzUYh03PK3k6DJie09g==",
"x-ms-blob-type" : "BlockBlob",
"Accept-Ranges" : "bytes",
"x-ms-server-encrypted" : "true",
"x-ms-creation-time" : "Fri, 09 Apr 2021 23:49:56 GMT",
"eTag" : "0x8D8FBB22E04F78B",
"Content-Length" : "4",
"x-ms-request-id" : "6af527c1-201e-001c-599b-2d88a2000000",
"Body" : "dGVzdA==",
"x-ms-client-request-id" : "2555c2c4-20b0-41a2-8549-78ff6a147783",
"Content-Type" : "application/octet-stream"
},
"Exception" : null
}, {
"Method" : "PUT",
"Uri" : "https://REDACTED.blob.core.windows.net?restype=service&comp=properties",
"Headers" : {
"x-ms-version" : "2020-06-12",
"User-Agent" : "azsdk-java-azure-storage-blob/12.11.0-beta.3 (11.0.9; Windows 10; 10.0)",
"x-ms-client-request-id" : "b02f7be2-5ddb-4877-9913-a58f25356f87",
"Content-Type" : "application/xml"
},
"Response" : {
"x-ms-version" : "2020-06-12",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "202",
"x-ms-request-id" : "6af527da-201e-001c-709b-2d88a2000000",
"x-ms-client-request-id" : "b02f7be2-5ddb-4877-9913-a58f25356f87",
"Date" : "Fri, 09 Apr 2021 23:49:57 GMT"
},
"Exception" : null
}, {
"Method" : "GET",
"Uri" : "https://REDACTED.blob.core.windows.net?comp=list&prefix=jtcsassanitization",
"Headers" : {
"x-ms-version" : "2020-06-12",
"User-Agent" : "azsdk-java-azure-storage-blob/12.11.0-beta.3 (11.0.9; Windows 10; 10.0)",
"x-ms-client-request-id" : "c4c4ce96-b520-45aa-8b1a-b64e4e00a93b"
},
"Response" : {
"Transfer-Encoding" : "chunked",
"x-ms-version" : "2020-06-12",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"StatusCode" : "200",
"x-ms-request-id" : "6af52801-201e-001c-119b-2d88a2000000",
"Body" : "<?xml version=\"1.0\" encoding=\"utf-8\"?><EnumerationResults ServiceEndpoint=\"https://seanmcccanary3.blob.core.windows.net/\"><Prefix>jtcsassanitization</Prefix><Containers><Container><Name>jtcsassanitization0serviceapitestsassanitizationf9387476dcb</Name><Properties><Last-Modified>Fri, 09 Apr 2021 23:49:56 GMT</Last-Modified><Etag>\"0x8D8FBB22DEDE1E0\"</Etag><LeaseStatus>unlocked</LeaseStatus><LeaseState>available</LeaseState><DefaultEncryptionScope>$account-encryption-key</DefaultEncryptionScope><DenyEncryptionScopeOverride>false</DenyEncryptionScopeOverride><HasImmutabilityPolicy>false</HasImmutabilityPolicy><HasLegalHold>false</HasLegalHold><VersionLevelWormEnabled>false</VersionLevelWormEnabled></Properties></Container></Containers><NextMarker /></EnumerationResults>",
"x-ms-client-request-id" : "c4c4ce96-b520-45aa-8b1a-b64e4e00a93b",
"Date" : "Fri, 09 Apr 2021 23:49:57 GMT",
"Content-Type" : "application/xml"
},
"Exception" : null
}, {
"Method" : "DELETE",
"Uri" : "https://REDACTED.blob.core.windows.net/jtcsassanitization0serviceapitestsassanitizationf9387476dcb?restype=container",
"Headers" : {
"x-ms-version" : "2020-06-12",
"User-Agent" : "azsdk-java-azure-storage-blob/12.11.0-beta.3 (11.0.9; Windows 10; 10.0)",
"x-ms-client-request-id" : "ee6518ff-c69e-4837-ba2f-4cfa2995d1ca"
},
"Response" : {
"x-ms-version" : "2020-06-12",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "202",
"x-ms-request-id" : "6af52831-201e-001c-3c9b-2d88a2000000",
"x-ms-client-request-id" : "ee6518ff-c69e-4837-ba2f-4cfa2995d1ca",
"Date" : "Fri, 09 Apr 2021 23:49:57 GMT"
},
"Exception" : null
} ],
"variables" : [ "jtcsassanitization0serviceapitestsassanitizationf9387476dcb", "javablobsassanitization1serviceapitestsassanitizationf9313153c", "2021-04-09T23:49:56.562581200Z" ]
}
Loading