Look into handling of non-normalized keys

dandi / s3invsync

AWS S3 Inventory-based backup tool with efficient incremental & versionId support

MIT License

0 stars 1 forks source link

Look into handling of non-normalized keys #12

Open jwodder opened 6 hours ago

jwodder commented 6 hours ago

Is it possible for an S3 key to be a non-normalized POSIX path, such as foo//bar, foo/./bar, or foo/../bar? If so, how should s3invsync handle such keys?

CC @yarikoptic

yarikoptic commented 5 hours ago

According to https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html it is impossible to upload objects starting with ../.

Overall, I feel that it should be sufficient, at least for now to state limitation that keys must be representable as filesystem path, do the check (if normpath results in a different key) and issue a warning to catch such cases. I think in case of dandi there should be no such cases.