openstack/swift
Code Issues Proposed changes

s3api: Simplify HashingInput signature

Browse Source 
It's always called with sha256 and raises sha256-specific errors;
we don't need to pretend to support arbitrary hashes.

Change-Id: Icff79ded067084249080e3e6f555429261eb0af0
This commit is contained in:
Tim Burke
2025-02-19 16:54:32 -08:00
parent 8b6abfb85d
commit b49941c9b8
2 changed files with 10 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
swift/common/middleware/s3api/s3request.py
View File

@@ -135,13 +135,13 @@ class S3InputSHA256Mismatch(BaseException):
class HashingInput(object): class HashingInput(object):
""" """
wsgi.input wrapper to verify the hash of the input as it's read. wsgi.input wrapper to verify the SHA256 of the input as it's read.
""" """
def __init__(self, reader, content_length, hasher, expected_hex_hash): def __init__(self, reader, content_length, expected_hex_hash):
self._input = reader self._input = reader
self._to_read = content_length self._to_read = content_length
self._hasher = hasher() self._hasher = sha256()
self._expected = expected_hex_hash self._expected = expected_hex_hash
if content_length == 0 and \ if content_length == 0 and \
self._hasher.hexdigest() != self._expected.lower(): self._hasher.hexdigest() != self._expected.lower():
@@ -887,7 +887,6 @@ class S3Request(swob.Request):
self.environ['wsgi.input'] = HashingInput( self.environ['wsgi.input'] = HashingInput(
self.environ['wsgi.input'], self.environ['wsgi.input'],
self.content_length, self.content_length,
sha256,
aws_sha256) aws_sha256)
# If no content-length, either client's trying to do a HTTP chunked # If no content-length, either client's trying to do a HTTP chunked
# transfer, or a HTTP/1.0-style transfer (in which case swift will # transfer, or a HTTP/1.0-style transfer (in which case swift will

19
test/unit/common/middleware/s3api/test_s3request.py
View File

@@ -36,7 +36,6 @@ from swift.common.middleware.s3api.s3response import InvalidArgument, \
AccessDenied, SignatureDoesNotMatch, RequestTimeTooSkewed, \ AccessDenied, SignatureDoesNotMatch, RequestTimeTooSkewed, \
InvalidPartArgument, InvalidPartNumber, InvalidRequest, \ InvalidPartArgument, InvalidPartNumber, InvalidRequest, \
XAmzContentSHA256Mismatch XAmzContentSHA256Mismatch
from swift.common.utils import md5
from test.debug_logger import debug_logger from test.debug_logger import debug_logger
@@ -1461,8 +1460,7 @@ class TestHashingInput(S3ApiTestCase):
def test_good(self): def test_good(self):
raw = b'123456789' raw = b'123456789'
wrapped = HashingInput( wrapped = HashingInput(
BytesIO(raw), 9, lambda: md5(usedforsecurity=False), BytesIO(raw), 9, hashlib.sha256(raw).hexdigest())
md5(raw, usedforsecurity=False).hexdigest())
self.assertEqual(b'1234', wrapped.read(4)) self.assertEqual(b'1234', wrapped.read(4))
self.assertEqual(b'56', wrapped.read(2)) self.assertEqual(b'56', wrapped.read(2))
# trying to read past the end gets us whatever's left # trying to read past the end gets us whatever's left
@@ -1475,8 +1473,8 @@ class TestHashingInput(S3ApiTestCase):
self.assertTrue(wrapped._input.closed) self.assertTrue(wrapped._input.closed)
def test_empty(self): def test_empty(self):
wrapped = HashingInput(BytesIO(b''), 0, hashlib.sha256, wrapped = HashingInput(
hashlib.sha256(b'').hexdigest()) BytesIO(b''), 0, hashlib.sha256(b'').hexdigest())
self.assertEqual(b'', wrapped.read(4)) self.assertEqual(b'', wrapped.read(4))
self.assertEqual(b'', wrapped.read(2)) self.assertEqual(b'', wrapped.read(2))
@@ -1487,8 +1485,7 @@ class TestHashingInput(S3ApiTestCase):
def test_too_long(self): def test_too_long(self):
raw = b'123456789' raw = b'123456789'
wrapped = HashingInput( wrapped = HashingInput(
BytesIO(raw), 8, lambda: md5(usedforsecurity=False), BytesIO(raw), 8, hashlib.sha256(raw).hexdigest())
md5(raw, usedforsecurity=False).hexdigest())
self.assertEqual(b'1234', wrapped.read(4)) self.assertEqual(b'1234', wrapped.read(4))
self.assertEqual(b'56', wrapped.read(2)) self.assertEqual(b'56', wrapped.read(2))
# even though the hash matches, there was more data than we expected # even though the hash matches, there was more data than we expected
@@ -1503,8 +1500,7 @@ class TestHashingInput(S3ApiTestCase):
def test_too_short(self): def test_too_short(self):
raw = b'123456789' raw = b'123456789'
wrapped = HashingInput( wrapped = HashingInput(
BytesIO(raw), 10, lambda: md5(usedforsecurity=False), BytesIO(raw), 10, hashlib.sha256(raw).hexdigest())
md5(raw, usedforsecurity=False).hexdigest())
self.assertEqual(b'1234', wrapped.read(4)) self.assertEqual(b'1234', wrapped.read(4))
self.assertEqual(b'56', wrapped.read(2)) self.assertEqual(b'56', wrapped.read(2))
# even though the hash matches, there was more data than we expected # even though the hash matches, there was more data than we expected
@@ -1515,8 +1511,7 @@ class TestHashingInput(S3ApiTestCase):
def test_bad_hash(self): def test_bad_hash(self):
raw = b'123456789' raw = b'123456789'
wrapped = HashingInput( wrapped = HashingInput(
BytesIO(raw), 9, hashlib.sha256, BytesIO(raw), 9, hashlib.sha256().hexdigest())
md5(raw, usedforsecurity=False).hexdigest())
self.assertEqual(b'1234', wrapped.read(4)) self.assertEqual(b'1234', wrapped.read(4))
self.assertEqual(b'5678', wrapped.read(4)) self.assertEqual(b'5678', wrapped.read(4))
with self.assertRaises(S3InputSHA256Mismatch): with self.assertRaises(S3InputSHA256Mismatch):
@@ -1528,7 +1523,7 @@ class TestHashingInput(S3ApiTestCase):
self.assertFalse(_input.closed) self.assertFalse(_input.closed)
with self.assertRaises(XAmzContentSHA256Mismatch): with self.assertRaises(XAmzContentSHA256Mismatch):
# Don't even get a chance to try to read it # Don't even get a chance to try to read it
HashingInput(_input, 0, hashlib.sha256, 'nope') HashingInput(_input, 0, 'nope')
self.assertTrue(_input.closed) self.assertTrue(_input.closed)