Open yonoho opened 1 year ago
in file oss2/api.py: Line 2753
def __do_object(self, method, key, **kwargs): return self._do(method, self.bucket_name, key, **kwargs) def __do_bucket(self, method, **kwargs): return self._do(method, self.bucket_name, '', **kwargs)
As it shows, when calling __do_object() with key='', it equals calling __do_bucket(), and there aren't any checks before that。if the client calls bucket.delete_object(key='') accidentally, the whole bucket may be deleted, which is really dangerous.
__do_object()
key=''
__do_bucket()
bucket.delete_object(key='')
in file oss2/api.py: Line 2753
As it shows, when calling
__do_object()withkey='', it equals calling__do_bucket(), and there aren't any checks before that。if the client callsbucket.delete_object(key='')accidentally, the whole bucket may be deleted, which is really dangerous.