Open dwsteele opened 4 years ago
@dwsteele Thanks for reporting this issue! Would you please attach the debug log (Or request trace) for this issue? Then we can be more clear for this issue.
Here's a trace of a request where the Date
header is set to BOGUS
. As you can see the request succeeds. The Date field can be set to anything -- there is no validation on this field.
The actual Azure blob service does validate the Date field, so if there is an implementation issue it won't be caught by Azurite. Since Azurite is commonly used for testing it should act as much like actual Azure as possible.
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobStorageContextMiddleware: RequestMethod=HEAD RequestURL=https://172.17.0.8/azAccount/azContainer/backup/db/20200622-110519F_20200622-110524D/pg_data/base/base2.txt.gz RequestHeaders:{"authorization":"SharedKey azAccount:JIRd1AfaT+4+Lm1zTdwBjLUUuYuvvaaQiA8yoe/gJp4=","content-length":"0","date":"BOGUS","host":"172.17.0.8","x-ms-version":"2019-02-02"} ClientIP=172.17.0.1 Protocol=https HTTPVersion=1.1
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobStorageContextMiddleware: Account=azAccount Container=azContainer Blob=backup/db/20200622-110519F_20200622-110524D/pg_data/base/base2.txt.gz
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 verbose: DispatchMiddleware: Dispatching request...
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: DispatchMiddleware: Operation=Blob_GetProperties
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 verbose: AuthenticationMiddlewareFactory:createAuthenticationMiddleware() Validating authentications.
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: PublicAccessAuthenticator:validate() Start validation against public access.
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 debug: PublicAccessAuthenticator:validate() Getting account properties...
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 debug: PublicAccessAuthenticator:validate() Retrieved account name from context: azAccount, container: azContainer, blob: backup/db/20200622-110519F_20200622-110524D/pg_data/base/base2.txt.gz
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 debug: PublicAccessAuthenticator:validate() Skip public access authentication. Cannot get public access type for container azContainer
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobSharedKeyAuthenticator:validate() Start validation against account shared key authentication.
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobSharedKeyAuthenticator:validate() [STRING TO SIGN]:"HEAD\n\n\n\n\n\nBOGUS\n\n\n\n\n\nx-ms-version:2019-02-02\n/azAccount/azAccount/azContainer/backup/db/20200622-110519F_20200622-110524D/pg_data/base/base2.txt.gz"
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobSharedKeyAuthenticator:validate() Calculated authentication header based on key1: SharedKey azAccount:JIRd1AfaT+4+Lm1zTdwBjLUUuYuvvaaQiA8yoe/gJp4=
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobSharedKeyAuthenticator:validate() Signature 1 matched.
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 verbose: DeserializerMiddleware: Start deserializing...
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: HandlerMiddleware: DeserializedParameters={"options":{"leaseAccessConditions":{},"cpkInfo":{},"modifiedAccessConditions":{}},"version":"2019-02-02"}
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 verbose: SerializerMiddleware: Start serializing...
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: EndMiddleware: End response. TotalTimeInMS=0 StatusCode=200 StatusMessage=undefined Headers={"server":"Azurite-Blob/3.7.0","last-modified":"Mon, 22 Jun 2020 11:05:24 GMT","x-ms-creation-time":"Mon, 22 Jun 2020 11:05:24 GMT","x-ms-blob-type":"BlockBlob","x-ms-lease-state":"available","x-ms-lease-status":"unlocked","content-length":"29","content-type":"application/octet-stream","etag":"\"0x2339F06ABCE9CE0\"","content-md5":"ItZ2NLQ+zBpgJ50ko1EInQ==","x-ms-request-id":"53b11b3d-6422-47c5-bc05-d1bb68b88c17","x-ms-version":"2019-07-07","date":"Mon, 22 Jun 2020 11:05:24 GMT","accept-ranges":"bytes","x-ms-server-encrypted":"true","x-ms-access-tier":"Hot","x-ms-access-tier-inferred":"true","x-ms-access-tier-change-time":"Mon, 22 Jun 2020 11:05:24 GMT"}
@dwsteele
Thanks for the detail debug log! Will prioritize the fix in a future release.
Which service(blob, file, queue, table) does this issue concern?
blob
Which version of the Azurite was used?
2020.04 Version 3.7.0
Where do you get Azurite? (npm, DockerHub, NuGet, Visual Studio Code Extension)
DockerHub
What problem was encountered?
Azurite does not validate the
Date
header.Steps to reproduce the issue?
Create a request with a
Date: BOGUS
header. The request will succeed.Have you found a mitigation/solution?
The Azure blob service requires
RFC-2822
formatted dates and will error if the date is not formatted appropriately. It would be ideal if Azurite did the same validation since it is often used for testing before moving to production.