preprocess urls to avoid errors in parsing (#14)

adamvduke · web-flow · commit e2d11ba0358a · 2021-03-17T16:07:04.000-04:00
* replace forward slashes in aws credentials fixes #11
diff --git a/method/method.go b/method/method.go
@@ -228,7 +228,7 @@ type objectLocation struct {
 }
 
 func newLocation(value, s3Hostname string) (objectLocation, error) {
-	uri, err := url.Parse(value)
+	uri, err := url.Parse(preProcessURL(value))
 	if err != nil {
 		return objectLocation{}, err
 	}
@@ -266,6 +266,30 @@ func newLocation(value, s3Hostname string) (objectLocation, error) {
 	}, nil
 }
 
+// replace any forward slashes in access key and secret
+func preProcessURL(url string) string {
+	idx := strings.Index(url, "@")
+	if idx < 0 {
+		return url
+	}
+	sub := url[0:idx] // drop everything after the @
+	sub = sub[5:]     // drop the s3://
+
+	key := ""
+	secret := ""
+	tkns := strings.Split(sub, ":")
+	if len(tkns) == 2 {
+		key = tkns[0]
+		secret = tkns[1]
+	}
+	processedKey := strings.ReplaceAll(key, "/", "%2F")
+	processedSecret := strings.ReplaceAll(secret, "/", "%2F")
+
+	p := strings.ReplaceAll(url, key, processedKey)
+	p = strings.ReplaceAll(p, secret, processedSecret)
+	return p
+}
+
 // uriAcquire downloads and stores objects from S3 based on the contents
 // of the provided Message.
 func (m *Method) uriAcquire(msg *message.Message) {
diff --git a/method/method_test.go b/method/method_test.go
@@ -101,3 +101,53 @@ func TestSettingRegion(t *testing.T) {
 		t.Errorf("method.region = %s; expected %s", method.region, expected)
 	}
 }
+
+type locTest struct {
+	url             string
+	accessKey       string
+	accessKeySecret string
+}
+
+var locTests = []locTest{
+	{
+		"s3://fake-access-key-id:fake-access-key-secret@s3.amazonaws.com/apt-repo-bucket/apt/generic/python-bernhard_0.2.3-1_all.deb",
+		"fake-access-key-id",
+		"fake-access-key-secret",
+	},
+	{
+		"s3://fake-ac/cess-key-id:fake-ac/cess-key-secret@s3.amazonaws.com/apt-repo-bucket/apt/generic/python-bernhard_0.2.3-1_all.deb",
+		"fake-ac/cess-key-id",
+		"fake-ac/cess-key-secret", // secret contains a forward slash
+	},
+	{
+		"s3://fake-ac%2Fcess-key-id:fake-ac%2Fcess-key-secret@s3.amazonaws.com/apt-repo-bucket/apt/generic/python-bernhard_0.2.3-1_all.deb",
+		"fake-ac/cess-key-id",     // access key contains a forward slash that was encoded as %2F in the original url
+		"fake-ac/cess-key-secret", // secret contains a forward slash that was encoded as %2F in the original url
+	},
+	{
+		"s3://fake-access-key-id:@s3.amazonaws.com/apt-repo-bucket/apt/generic/python-bernhard_0.2.3-1_all.deb",
+		"fake-access-key-id",
+		"", // secret is blank
+	},
+	{
+		"s3://:fake-access-key-secret@s3.amazonaws.com/apt-repo-bucket/apt/generic/python-bernhard_0.2.3-1_all.deb",
+		"", // access key is blank
+		"fake-access-key-secret",
+	},
+}
+
+func TestCreateLocation(t *testing.T) {
+	for _, lt := range locTests {
+		l, err := newLocation(lt.url, "s3.amazonaws.com")
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+		if l.uri.User.Username() != lt.accessKey {
+			t.Errorf("unexpected accessKey: got %s, want %s", l.uri.User.Username(), lt.accessKey)
+		}
+		pass, _ := l.uri.User.Password()
+		if pass != lt.accessKeySecret {
+			t.Errorf("unexpected accessKeySecret: got %s, want %s", pass, lt.accessKeySecret)
+		}
+	}
+}
