Skip to content
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions sdk/storage/azure-storage-blob/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

## 12.7.0-beta.1 (Unreleased)
- Fixed a bug that caused auth failures when constructing a client to a secondary endpoint using token auth.
- Modified client constructors to throw on invalid urls early to prevent SAS tokens from being logged in Exceptions.

## 12.6.1 (2020-05-06)
- Updated `azure-core` version to `1.5.0` to pickup fixes for percent encoding `UTF-8` and invalid leading bytes in a body string.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
import com.azure.storage.common.implementation.StorageImplUtils;
import reactor.core.publisher.Mono;

import java.net.URI;
import java.time.Duration;
import java.time.OffsetDateTime;
import java.time.temporal.ChronoUnit;
Expand All @@ -55,8 +56,8 @@
import static com.azure.core.util.FluxUtil.monoError;
import static com.azure.core.util.FluxUtil.pagedFluxError;
import static com.azure.core.util.FluxUtil.withContext;
import static com.azure.storage.common.Utility.STORAGE_TRACING_NAMESPACE_VALUE;
import static com.azure.core.util.tracing.Tracer.AZ_TRACING_NAMESPACE_KEY;
import static com.azure.storage.common.Utility.STORAGE_TRACING_NAMESPACE_VALUE;

/**
* Client to a container. It may only be instantiated through a {@link BlobContainerClientBuilder} or via the method
Expand Down Expand Up @@ -112,6 +113,13 @@ public final class BlobContainerAsyncClient {
BlobContainerAsyncClient(HttpPipeline pipeline, String url, BlobServiceVersion serviceVersion,
String accountName, String containerName, CpkInfo customerProvidedKey, EncryptionScope encryptionScope,
BlobContainerEncryptionScope blobContainerEncryptionScope) {
/* Check to make sure the uri is valid. We don't want the error to occur later in the generated layer
when the sas token has already been applied. */
try {
URI ignored = URI.create(url);
} catch (IllegalArgumentException ex) {
throw logger.logExceptionAsError(ex);
}
this.azureBlobStorage = new AzureBlobStorageBuilder()
.pipeline(pipeline)
.url(url)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
import com.azure.storage.common.sas.AccountSasSignatureValues;
import reactor.core.publisher.Mono;

import java.net.URI;
import java.time.Duration;
import java.time.OffsetDateTime;
import java.util.ArrayList;
Expand Down Expand Up @@ -103,6 +104,13 @@ public final class BlobServiceAsyncClient {
BlobServiceAsyncClient(HttpPipeline pipeline, String url, BlobServiceVersion serviceVersion, String accountName,
CpkInfo customerProvidedKey, EncryptionScope encryptionScope,
BlobContainerEncryptionScope blobContainerEncryptionScope, boolean anonymousAccess) {
/* Check to make sure the uri is valid. We don't want the error to occur later in the generated layer
when the sas token has already been applied. */
try {
URI ignored = URI.create(url);
} catch (IllegalArgumentException ex) {
throw logger.logExceptionAsError(ex);
}
this.azureBlobStorage = new AzureBlobStorageBuilder()
.pipeline(pipeline)
.url(url)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
import java.io.IOException;
import java.io.UncheckedIOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.channels.AsynchronousFileChannel;
Expand Down Expand Up @@ -139,6 +140,13 @@ protected BlobAsyncClientBase(HttpPipeline pipeline, String url, BlobServiceVers
protected BlobAsyncClientBase(HttpPipeline pipeline, String url, BlobServiceVersion serviceVersion,
String accountName, String containerName, String blobName, String snapshot, CpkInfo customerProvidedKey,
EncryptionScope encryptionScope) {
/* Check to make sure the uri is valid. We don't want the error to occur later in the generated layer
when the sas token has already been applied. */
try {
URI ignored = URI.create(url);
} catch (IllegalArgumentException ex) {
throw logger.logExceptionAsError(ex);
}
this.azureBlobStorage = new AzureBlobStorageBuilder()
.pipeline(pipeline)
.url(url)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,27 +4,14 @@
package com.azure.storage.blob

import com.azure.identity.DefaultAzureCredentialBuilder
import com.azure.identity.EnvironmentCredentialBuilder
import com.azure.storage.blob.models.BlobAnalyticsLogging
import com.azure.storage.blob.models.BlobContainerItem
import com.azure.storage.blob.models.BlobContainerListDetails
import com.azure.storage.blob.models.BlobCorsRule
import com.azure.storage.blob.models.BlobMetrics
import com.azure.storage.blob.models.BlobRetentionPolicy
import com.azure.storage.blob.models.BlobServiceProperties
import com.azure.storage.blob.models.CustomerProvidedKey
import com.azure.storage.blob.models.ListBlobContainersOptions
import com.azure.storage.blob.models.StaticWebsite

import com.azure.storage.common.StorageSharedKeyCredential
import com.azure.storage.blob.models.BlobStorageException

import com.azure.storage.blob.models.*
import com.azure.storage.common.policy.RequestRetryOptions
import com.azure.storage.common.policy.RequestRetryPolicy
import com.azure.storage.common.sas.AccountSasPermission
import com.azure.storage.common.sas.AccountSasResourceType
import com.azure.storage.common.sas.AccountSasService
import com.azure.storage.common.sas.AccountSasSignatureValues
import spock.lang.Unroll

import java.time.Duration
import java.time.OffsetDateTime
Expand Down Expand Up @@ -532,4 +519,29 @@ class ServiceAPITest extends APISpec {
then:
notThrown(Exception)
}

@Unroll
def "sas token does not show up on invalid uri"() {
setup:
/* random sas token. this does not actually authenticate anything. */
def mockSas = "?sv=2019-10-10&ss=b&srt=sco&sp=r&se=2019-06-04T12:04:58Z&st=2090-05-04T04:04:58Z&spr=http&sig=doesntmatter"

when:
BlobServiceClient client = new BlobServiceClientBuilder()
.endpoint(service)
.sasToken(mockSas)
.buildClient();
client.getBlobContainerClient(container)
.getBlobClient("blobname")

then:
def e = thrown(IllegalArgumentException)
!e.getMessage().contains(mockSas)

where:
service | container || _
"https://doesntmatter. blob.core.windows.net" | "containername" || _
"https://doesntmatter.blob.core.windows.net" | "container name" || _
/* Note: the check is on the blob builder as well but I can't test it this way since we encode all blob names - so it will not be invalid. */
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
{
"networkCallRecords" : [ {
"Method" : "PUT",
"Uri" : "https://REDACTED.blob.core.windows.net/jtcsastokendoesnotshowuponinvaliduri0555729625f76b47?restype=container",
"Headers" : {
"x-ms-version" : "2019-07-07",
"User-Agent" : "azsdk-java-azure-storage-blob/12.7.0-beta.1 (11.0.7; Windows 10 10.0)",
"x-ms-client-request-id" : "bf9bf799-e167-411a-97e9-552ac22a5e80"
},
"Response" : {
"x-ms-version" : "2019-07-07",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"ETag" : "0x8D7FD07BB0063F4",
"Last-Modified" : "Wed, 20 May 2020 21:49:54 GMT",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "201",
"x-ms-request-id" : "15ce2a1e-601e-0096-57f0-2e4471000000",
"Date" : "Wed, 20 May 2020 21:49:53 GMT",
"x-ms-client-request-id" : "bf9bf799-e167-411a-97e9-552ac22a5e80"
},
"Exception" : null
}, {
"Method" : "PUT",
"Uri" : "https://REDACTED.blob.core.windows.net?restype=service&comp=properties",
"Headers" : {
"x-ms-version" : "2019-07-07",
"User-Agent" : "azsdk-java-azure-storage-blob/12.7.0-beta.1 (11.0.7; Windows 10 10.0)",
"x-ms-client-request-id" : "522f7e7c-4201-41eb-b455-3ed29a0b7927",
"Content-Type" : "application/xml; charset=utf-8"
},
"Response" : {
"x-ms-version" : "2019-07-07",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "202",
"x-ms-request-id" : "d043da61-101e-000a-03f0-2ee917000000",
"Date" : "Wed, 20 May 2020 21:49:55 GMT",
"x-ms-client-request-id" : "522f7e7c-4201-41eb-b455-3ed29a0b7927"
},
"Exception" : null
}, {
"Method" : "PUT",
"Uri" : "https://REDACTED.blob.core.windows.net?restype=service&comp=properties",
"Headers" : {
"x-ms-version" : "2019-07-07",
"User-Agent" : "azsdk-java-azure-storage-blob/12.7.0-beta.1 (11.0.7; Windows 10 10.0)",
"x-ms-client-request-id" : "cef8048a-c027-4788-b8b9-30e8038059b9",
"Content-Type" : "application/xml; charset=utf-8"
},
"Response" : {
"x-ms-version" : "2019-07-07",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "202",
"x-ms-request-id" : "9b5a6e75-301e-0032-64f0-2e4dd7000000",
"Date" : "Wed, 20 May 2020 21:49:55 GMT",
"x-ms-client-request-id" : "cef8048a-c027-4788-b8b9-30e8038059b9"
},
"Exception" : null
}, {
"Method" : "GET",
"Uri" : "https://REDACTED.blob.core.windows.net?prefix=jtcsastokendoesnotshowuponinvaliduri&comp=list",
"Headers" : {
"x-ms-version" : "2019-07-07",
"User-Agent" : "azsdk-java-azure-storage-blob/12.7.0-beta.1 (11.0.7; Windows 10 10.0)",
"x-ms-client-request-id" : "b793f994-bd25-4ef8-a6bf-4060bb15c690"
},
"Response" : {
"Transfer-Encoding" : "chunked",
"x-ms-version" : "2019-07-07",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"StatusCode" : "200",
"x-ms-request-id" : "d1bd715e-801e-0045-54f0-2e9843000000",
"Body" : "<?xml version=\"1.0\" encoding=\"utf-8\"?><EnumerationResults ServiceEndpoint=\"https://seanmcccanary.blob.core.windows.net/\"><Prefix>jtcsastokendoesnotshowuponinvaliduri</Prefix><Containers><Container><Name>jtcsastokendoesnotshowuponinvaliduri0555729625f76b47</Name><Properties><Last-Modified>Wed, 20 May 2020 21:49:54 GMT</Last-Modified><Etag>\"0x8D7FD07BB0063F4\"</Etag><LeaseStatus>unlocked</LeaseStatus><LeaseState>available</LeaseState><DefaultEncryptionScope>$account-encryption-key</DefaultEncryptionScope><DenyEncryptionScopeOverride>false</DenyEncryptionScopeOverride><HasImmutabilityPolicy>false</HasImmutabilityPolicy><HasLegalHold>false</HasLegalHold></Properties></Container></Containers><NextMarker /></EnumerationResults>",
"Date" : "Wed, 20 May 2020 21:49:57 GMT",
"x-ms-client-request-id" : "b793f994-bd25-4ef8-a6bf-4060bb15c690",
"Content-Type" : "application/xml"
},
"Exception" : null
}, {
"Method" : "DELETE",
"Uri" : "https://REDACTED.blob.core.windows.net/jtcsastokendoesnotshowuponinvaliduri0555729625f76b47?restype=container",
"Headers" : {
"x-ms-version" : "2019-07-07",
"User-Agent" : "azsdk-java-azure-storage-blob/12.7.0-beta.1 (11.0.7; Windows 10 10.0)",
"x-ms-client-request-id" : "cd14b8d7-a9ee-4c1f-8a8f-62e408c1cd47"
},
"Response" : {
"x-ms-version" : "2019-07-07",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "202",
"x-ms-request-id" : "0f0cec0e-c01e-0009-2cf0-2e0873000000",
"Date" : "Wed, 20 May 2020 21:49:57 GMT",
"x-ms-client-request-id" : "cd14b8d7-a9ee-4c1f-8a8f-62e408c1cd47"
},
"Exception" : null
} ],
"variables" : [ "jtcsastokendoesnotshowuponinvaliduri0555729625f76b47" ]
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
{
"networkCallRecords" : [ {
"Method" : "PUT",
"Uri" : "https://REDACTED.blob.core.windows.net/jtcsastokendoesnotshowuponinvaliduri0138028e4e760e5e?restype=container",
"Headers" : {
"x-ms-version" : "2019-07-07",
"User-Agent" : "azsdk-java-azure-storage-blob/12.7.0-beta.1 (11.0.7; Windows 10 10.0)",
"x-ms-client-request-id" : "43908848-6eb4-4046-9a96-b1063d286e66"
},
"Response" : {
"x-ms-version" : "2019-07-07",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"ETag" : "0x8D7FD07BDFE0B11",
"Last-Modified" : "Wed, 20 May 2020 21:49:59 GMT",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "201",
"x-ms-request-id" : "782b810b-301e-001d-64f0-2e401c000000",
"Date" : "Wed, 20 May 2020 21:49:58 GMT",
"x-ms-client-request-id" : "43908848-6eb4-4046-9a96-b1063d286e66"
},
"Exception" : null
}, {
"Method" : "PUT",
"Uri" : "https://REDACTED.blob.core.windows.net?restype=service&comp=properties",
"Headers" : {
"x-ms-version" : "2019-07-07",
"User-Agent" : "azsdk-java-azure-storage-blob/12.7.0-beta.1 (11.0.7; Windows 10 10.0)",
"x-ms-client-request-id" : "e84e7786-891b-4004-9b07-2fb0822b1682",
"Content-Type" : "application/xml; charset=utf-8"
},
"Response" : {
"x-ms-version" : "2019-07-07",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "202",
"x-ms-request-id" : "ce91ccdd-901e-0059-66f0-2eca23000000",
"Date" : "Wed, 20 May 2020 21:50:00 GMT",
"x-ms-client-request-id" : "e84e7786-891b-4004-9b07-2fb0822b1682"
},
"Exception" : null
}, {
"Method" : "PUT",
"Uri" : "https://REDACTED.blob.core.windows.net?restype=service&comp=properties",
"Headers" : {
"x-ms-version" : "2019-07-07",
"User-Agent" : "azsdk-java-azure-storage-blob/12.7.0-beta.1 (11.0.7; Windows 10 10.0)",
"x-ms-client-request-id" : "837d9bc7-0312-4d76-b4b1-00a4b6612890",
"Content-Type" : "application/xml; charset=utf-8"
},
"Response" : {
"x-ms-version" : "2019-07-07",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "202",
"x-ms-request-id" : "a47ab135-e01e-006c-7ef0-2ea637000000",
"Date" : "Wed, 20 May 2020 21:50:01 GMT",
"x-ms-client-request-id" : "837d9bc7-0312-4d76-b4b1-00a4b6612890"
},
"Exception" : null
}, {
"Method" : "GET",
"Uri" : "https://REDACTED.blob.core.windows.net?prefix=jtcsastokendoesnotshowuponinvaliduri&comp=list",
"Headers" : {
"x-ms-version" : "2019-07-07",
"User-Agent" : "azsdk-java-azure-storage-blob/12.7.0-beta.1 (11.0.7; Windows 10 10.0)",
"x-ms-client-request-id" : "815812d5-ebbb-4346-be0c-765f4f8677a8"
},
"Response" : {
"Transfer-Encoding" : "chunked",
"x-ms-version" : "2019-07-07",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"StatusCode" : "200",
"x-ms-request-id" : "532b205c-701e-001c-49f0-2e1fc0000000",
"Body" : "<?xml version=\"1.0\" encoding=\"utf-8\"?><EnumerationResults ServiceEndpoint=\"https://seanmcccanary.blob.core.windows.net/\"><Prefix>jtcsastokendoesnotshowuponinvaliduri</Prefix><Containers><Container><Name>jtcsastokendoesnotshowuponinvaliduri0138028e4e760e5e</Name><Properties><Last-Modified>Wed, 20 May 2020 21:49:59 GMT</Last-Modified><Etag>\"0x8D7FD07BDFE0B11\"</Etag><LeaseStatus>unlocked</LeaseStatus><LeaseState>available</LeaseState><DefaultEncryptionScope>$account-encryption-key</DefaultEncryptionScope><DenyEncryptionScopeOverride>false</DenyEncryptionScopeOverride><HasImmutabilityPolicy>false</HasImmutabilityPolicy><HasLegalHold>false</HasLegalHold></Properties></Container></Containers><NextMarker /></EnumerationResults>",
"Date" : "Wed, 20 May 2020 21:50:01 GMT",
"x-ms-client-request-id" : "815812d5-ebbb-4346-be0c-765f4f8677a8",
"Content-Type" : "application/xml"
},
"Exception" : null
}, {
"Method" : "DELETE",
"Uri" : "https://REDACTED.blob.core.windows.net/jtcsastokendoesnotshowuponinvaliduri0138028e4e760e5e?restype=container",
"Headers" : {
"x-ms-version" : "2019-07-07",
"User-Agent" : "azsdk-java-azure-storage-blob/12.7.0-beta.1 (11.0.7; Windows 10 10.0)",
"x-ms-client-request-id" : "d16b3202-4412-4062-8ff1-fa9bf6d8907e"
},
"Response" : {
"x-ms-version" : "2019-07-07",
"Server" : "Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0",
"retry-after" : "0",
"Content-Length" : "0",
"StatusCode" : "202",
"x-ms-request-id" : "80c8813c-f01e-0094-48f0-2efac9000000",
"Date" : "Wed, 20 May 2020 21:50:02 GMT",
"x-ms-client-request-id" : "d16b3202-4412-4062-8ff1-fa9bf6d8907e"
},
"Exception" : null
} ],
"variables" : [ "jtcsastokendoesnotshowuponinvaliduri0138028e4e760e5e" ]
}