search

Azure / Azurite

A lightweight server clone of Azure Storage that simulates most of the commands supported by it with minimal dependencies
MIT License
1.83k stars 325 forks source link

Validate date header? #459

Open dwsteele opened 4 years ago

dwsteele commented 4 years ago

Which service(blob, file, queue, table) does this issue concern?

blob

Which version of the Azurite was used?

2020.04 Version 3.7.0

Where do you get Azurite? (npm, DockerHub, NuGet, Visual Studio Code Extension)

DockerHub

What problem was encountered?

Azurite does not validate the Date header.

Steps to reproduce the issue?

Create a request with a Date: BOGUS header. The request will succeed.

Have you found a mitigation/solution?

The Azure blob service requires RFC-2822 formatted dates and will error if the date is not formatted appropriately. It would be ideal if Azurite did the same validation since it is often used for testing before moving to production.

blueww commented 4 years ago

@dwsteele Thanks for reporting this issue! Would you please attach the debug log (Or request trace) for this issue? Then we can be more clear for this issue.

dwsteele commented 4 years ago

Here's a trace of a request where the Date header is set to BOGUS. As you can see the request succeeds. The Date field can be set to anything -- there is no validation on this field.

The actual Azure blob service does validate the Date field, so if there is an implementation issue it won't be caught by Azurite. Since Azurite is commonly used for testing it should act as much like actual Azure as possible.

2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobStorageContextMiddleware: RequestMethod=HEAD RequestURL=https://172.17.0.8/azAccount/azContainer/backup/db/20200622-110519F_20200622-110524D/pg_data/base/base2.txt.gz RequestHeaders:{"authorization":"SharedKey azAccount:JIRd1AfaT+4+Lm1zTdwBjLUUuYuvvaaQiA8yoe/gJp4=","content-length":"0","date":"BOGUS","host":"172.17.0.8","x-ms-version":"2019-02-02"} ClientIP=172.17.0.1 Protocol=https HTTPVersion=1.1
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobStorageContextMiddleware: Account=azAccount Container=azContainer Blob=backup/db/20200622-110519F_20200622-110524D/pg_data/base/base2.txt.gz
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 verbose: DispatchMiddleware: Dispatching request...
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: DispatchMiddleware: Operation=Blob_GetProperties
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 verbose: AuthenticationMiddlewareFactory:createAuthenticationMiddleware() Validating authentications.
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: PublicAccessAuthenticator:validate() Start validation against public access.
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 debug: PublicAccessAuthenticator:validate() Getting account properties...
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 debug: PublicAccessAuthenticator:validate() Retrieved account name from context: azAccount, container: azContainer, blob: backup/db/20200622-110519F_20200622-110524D/pg_data/base/base2.txt.gz
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 debug: PublicAccessAuthenticator:validate() Skip public access authentication. Cannot get public access type for container azContainer
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobSharedKeyAuthenticator:validate() Start validation against account shared key authentication.
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobSharedKeyAuthenticator:validate() [STRING TO SIGN]:"HEAD\n\n\n\n\n\nBOGUS\n\n\n\n\n\nx-ms-version:2019-02-02\n/azAccount/azAccount/azContainer/backup/db/20200622-110519F_20200622-110524D/pg_data/base/base2.txt.gz"
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobSharedKeyAuthenticator:validate() Calculated authentication header based on key1: SharedKey azAccount:JIRd1AfaT+4+Lm1zTdwBjLUUuYuvvaaQiA8yoe/gJp4=
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: BlobSharedKeyAuthenticator:validate() Signature 1 matched.
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 verbose: DeserializerMiddleware: Start deserializing...
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: HandlerMiddleware: DeserializedParameters={"options":{"leaseAccessConditions":{},"cpkInfo":{},"modifiedAccessConditions":{}},"version":"2019-02-02"}
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 verbose: SerializerMiddleware: Start serializing...
2020-06-22T11:05:24.881Z 53b11b3d-6422-47c5-bc05-d1bb68b88c17 info: EndMiddleware: End response. TotalTimeInMS=0 StatusCode=200 StatusMessage=undefined Headers={"server":"Azurite-Blob/3.7.0","last-modified":"Mon, 22 Jun 2020 11:05:24 GMT","x-ms-creation-time":"Mon, 22 Jun 2020 11:05:24 GMT","x-ms-blob-type":"BlockBlob","x-ms-lease-state":"available","x-ms-lease-status":"unlocked","content-length":"29","content-type":"application/octet-stream","etag":"\"0x2339F06ABCE9CE0\"","content-md5":"ItZ2NLQ+zBpgJ50ko1EInQ==","x-ms-request-id":"53b11b3d-6422-47c5-bc05-d1bb68b88c17","x-ms-version":"2019-07-07","date":"Mon, 22 Jun 2020 11:05:24 GMT","accept-ranges":"bytes","x-ms-server-encrypted":"true","x-ms-access-tier":"Hot","x-ms-access-tier-inferred":"true","x-ms-access-tier-change-time":"Mon, 22 Jun 2020 11:05:24 GMT"}
blueww commented 4 years ago

@dwsteele

Thanks for the detail debug log! Will prioritize the fix in a future release.