Fix endpoint matcher host label validation (#2910)

aws · Sep 14, 2023 · 3599d6a · 3599d6a
1 parent 714584d
commit 3599d6a
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 9 deletions.
diff --git a/gems/aws-sdk-core/CHANGELOG.md b/gems/aws-sdk-core/CHANGELOG.md
@@ -1,6 +1,8 @@
 Unreleased Changes
 ------------------
 
+* Issue - Fix host label validation in endpoint matchers.
+
 3.181.0 (2023-08-22)
 ------------------
 

diff --git a/gems/aws-sdk-core/lib/aws-sdk-core/endpoints/matchers.rb b/gems/aws-sdk-core/lib/aws-sdk-core/endpoints/matchers.rb
@@ -79,11 +79,11 @@ def self.valid_host_label?(value, allow_sub_domains = false)
         return false if value.empty?
 
         if allow_sub_domains
-          labels = value.split('.')
+          labels = value.split('.', -1)
           return labels.all? { |l| valid_host_label?(l) }
         end
 
-        value =~ /\A(?!-)[a-zA-Z0-9-]{1,63}(?<!-)\z/
+        !!(value =~ /\A(?!-)[a-zA-Z0-9-]{1,63}(?<!-)\z/)
       end
 
       # AWS
@@ -114,13 +114,17 @@ def self.aws_parse_arn(value)
 
       # aws.isVirtualHostableS3Bucket(value: string, allowSubDomains: bool) bool
       def self.aws_virtual_hostable_s3_bucket?(value, allow_sub_domains = false)
-        !!(value.size < 64 &&
-          # regular naming rules
-          value =~ /^[a-z0-9][a-z0-9\-#{'.' if allow_sub_domains}]+[a-z0-9]$/ &&
-          # not IP address
-          value !~ /(\d+\.){3}\d+/ &&
-          # no dash and hyphen together
-          value !~ /[.-]{2}/)
+        return false if value.empty?
+
+        if allow_sub_domains
+          labels = value.split('.', -1)
+          return labels.all? { |l| aws_virtual_hostable_s3_bucket?(l) }
+        end
+
+        # must be between 3 and 63 characters long, no uppercase
+        value =~ /\A(?!-)[a-z0-9-]{3,63}(?<!-)\z/ &&
+          # not an IP address
+          value !~ /(\d+\.){3}\d+/
       end
     end
   end

diff --git a/gems/aws-sdk-core/spec/aws/endpoints/test-cases/is-virtual-hostable-s3-bucket.json b/gems/aws-sdk-core/spec/aws/endpoints/test-cases/is-virtual-hostable-s3-bucket.json
@@ -23,6 +23,17 @@
         }
       }
     },
+    {
+      "documentation": "bucket--with-multiple-dash: isVirtualHostable",
+      "params": {
+        "BucketName": "bucket--with-multiple-dash"
+      },
+      "expect": {
+        "endpoint": {
+          "url": "https://bucket--with-multiple-dash.s3.amazonaws.com"
+        }
+      }
+    },
     {
       "documentation": "BucketName: not isVirtualHostable (uppercase characters)",
       "params": {
@@ -143,6 +154,15 @@
       "expect": {
         "error": "not isVirtualHostableS3Bucket"
       }
+    },
+    {
+      "documentation": "bucket..name: not isVirtualHostable (consequetive dots)",
+      "params": {
+        "BucketName": "bucket..name"
+      },
+      "expect": {
+        "error": "not isVirtualHostableS3Bucket"
+      }
     }
   ]
 }
diff --git a/gems/aws-sdk-core/spec/aws/endpoints/test-cases/valid-hostlabel.json b/gems/aws-sdk-core/spec/aws/endpoints/test-cases/valid-hostlabel.json
@@ -51,6 +51,33 @@
       "expect": {
         "error": "Invalid hostlabel"
       }
+    },
+    {
+      "documentation": "ending with a dot is not a valid hostlabel",
+      "params": {
+        "Region": "part1."
+      },
+      "expect": {
+        "error": "Invalid hostlabel"
+      }
+    },
+    {
+      "documentation": "multiple consecutive dots are not allowed",
+      "params": {
+        "Region": "part1..part2"
+      },
+      "expect": {
+        "error": "Invalid hostlabel"
+      }
+    },
+    {
+      "documentation": "labels cannot start with a dash",
+      "params": {
+        "Region": "part1.-part2"
+      },
+      "expect": {
+        "error": "Invalid hostlabel"
+      }
     }
   ]
 }