object/put: Prohibit zero bytes in attributes

Zero byte is forbidden starting from nspcc-dev/neofs-api#323. This make `ObjectService.Put` server to deny object with least one attribute with zero byte in either key or value. Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
nspcc-dev · Feb 21, 2025 · 6f9647e · 6f9647e
1 parent 69e69fb
commit 6f9647e
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 1 deletion.
diff --git a/pkg/core/object/fmt.go b/pkg/core/object/fmt.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strings"
 
 	"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
 	cid "github.com/nspcc-dev/neofs-sdk-go/container/id"
@@ -415,24 +416,40 @@ func (v *FormatValidator) checkExpiration(obj object.Object) error {
 var (
 	errDuplAttr     = errors.New("duplication of attributes detected")
 	errEmptyAttrVal = errors.New("empty attribute value")
+	errZeroByte     = errors.New("illegal zero byte")
 )
 
+func checkZeroByte(k, v string) error {
+	if strings.IndexByte(k, 0x00) >= 0 {
+		return fmt.Errorf("invalid key: %w", errZeroByte)
+	}
+	if strings.IndexByte(v, 0x00) >= 0 {
+		return fmt.Errorf("invalid value: %w", errZeroByte)
+	}
+	return nil
+}
+
 func (v *FormatValidator) checkAttributes(obj *object.Object) error {
 	as := obj.Attributes()
 
 	mUnique := make(map[string]struct{}, len(as))
 
-	for _, a := range as {
+	for i, a := range as {
 		key := a.Key()
 
 		if _, was := mUnique[key]; was {
 			return errDuplAttr
 		}
 
+		val := a.Value()
 		if a.Value() == "" {
 			return errEmptyAttrVal
 		}
 
+		if err := checkZeroByte(key, val); err != nil {
+			return fmt.Errorf("invalid attribute #%d: %w", i, err)
+		}
+
 		mUnique[key] = struct{}{}
 	}
 

diff --git a/pkg/core/object/fmt_test.go b/pkg/core/object/fmt_test.go
@@ -16,6 +16,7 @@ import (
 	sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
 	"github.com/nspcc-dev/neofs-sdk-go/storagegroup"
 	"github.com/nspcc-dev/neofs-sdk-go/user"
+	usertest "github.com/nspcc-dev/neofs-sdk-go/user/test"
 	"github.com/stretchr/testify/require"
 )
 
@@ -335,6 +336,29 @@ func TestFormatValidator_Validate(t *testing.T) {
 			err := v.checkAttributes(obj)
 			require.Equal(t, errEmptyAttrVal, err)
 		})
+
+		t.Run("zero byte", func(t *testing.T) {
+			objWithAttr := func(k, v string) *object.Object {
+				obj := blankValidObject(usertest.User())
+				obj.SetAttributes(
+					*object.NewAttribute("valid key", "valid value"),
+					*object.NewAttribute(k, v),
+				)
+				return obj
+			}
+			t.Run("in key", func(t *testing.T) {
+				obj := objWithAttr("k\x00y", "value")
+				require.EqualError(t, v.Validate(obj, true), "invalid attributes: invalid attribute #1: invalid key: illegal zero byte")
+				obj.SetID(oidtest.ID())
+				require.EqualError(t, v.Validate(obj, false), "invalid attributes: invalid attribute #1: invalid key: illegal zero byte")
+			})
+			t.Run("in value", func(t *testing.T) {
+				obj := objWithAttr("key", "va\x00ue")
+				require.EqualError(t, v.Validate(obj, true), "invalid attributes: invalid attribute #1: invalid value: illegal zero byte")
+				obj.SetID(oidtest.ID())
+				require.EqualError(t, v.Validate(obj, false), "invalid attributes: invalid attribute #1: invalid value: illegal zero byte")
+			})
+		})
 	})
 }