mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avoid leaks during zip download and multi-object downloads (#3481)

Browse Source
This commit is contained in:
Harshavardhana
2024-12-03 07:47:32 +05:30
committed by GitHub
parent 0b8af385f1
commit 6afd0b16dc
6 changed files with 50 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
.github/workflows/jobs.yaml vendored
View File

@@ -22,7 +22,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -64,7 +64,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -112,7 +112,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
steps:
# To build minio image, we need to clone the repository first
- name: Clone github.com/minio/minio
@@ -150,7 +150,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -189,7 +189,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -243,7 +243,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -296,7 +296,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -348,7 +348,7 @@ jobs:
timeout-minutes: 10
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -400,7 +400,7 @@ jobs:
timeout-minutes: 15
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -448,7 +448,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -496,7 +496,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -544,7 +544,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -595,7 +595,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -648,7 +648,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -683,7 +683,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -720,7 +720,7 @@ jobs:
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
steps:
- name: Check out code
@@ -817,7 +817,7 @@ jobs:
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
steps:
- name: Check out code
@@ -867,7 +867,7 @@ jobs:
echo "replace github.com/minio/console => ../" >> go.mod
echo "updates to go.mod needed; to update it: go mod tidy"
go mod tidy -compat=1.22
go mod tidy -compat=1.23
echo "Get git version to build MinIO Image";
VERSION=`git rev-parse HEAD`;
@@ -901,7 +901,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -956,7 +956,7 @@ jobs:
echo "download golang x tools"
go mod download golang.org/x/tools
echo "go mod tidy compat mode"
go mod tidy -compat=1.22
go mod tidy -compat=1.23
echo "go build gocoverage.go"
go build gocovmerge.go
echo "put together the outs for final coverage resolution"
@@ -1027,7 +1027,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -1069,7 +1069,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -1109,7 +1109,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -1137,7 +1137,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -1164,7 +1164,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -1192,7 +1192,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -1220,7 +1220,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code

4
.github/workflows/vulncheck.yaml vendored
View File

@@ -19,7 +19,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.22
go-version: 1.23.3
check-latest: true
- name: Get official govulncheck
run: go install golang.org/x/vuln/cmd/govulncheck@latest
@@ -33,7 +33,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [ 1.22 ]
go-version: [ 1.23.x ]
os: [ ubuntu-latest ]
steps:
- name: Check out code

14
README.md
View File

@@ -25,21 +25,7 @@ A graphical user interface for [MinIO](https://github.com/minio/minio)
<!-- markdown-toc end -->
## Install
MinIO Console is a library that provides a management and browser UI overlay for the MinIO Server.
The standalone binary installation path has been removed.
In case a Console standalone binary is needed, it can be generated by building this package from source as follows:
### Build from source
> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
> Minimum version required is go1.22
```
go install github.com/minio/console/cmd/console@latest
```
## Setup

18
api/user_objects.go
View File

@@ -550,10 +550,13 @@ func getDownloadFolderResponse(session *models.Principal, params objectApi.Downl
Modified: modified,
})
if err != nil {
object.Close()
// Ignore errors, move to next
continue
}
_, err = io.Copy(f, object)
object.Close()
if err != nil {
// We have a partial object, report error.
pw.CloseWithError(err)
@@ -650,14 +653,17 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
// Ignore errors, move to next
continue
}
modified, _ := time.Parse(time.RFC3339, obj.LastModified)
modified, _ := time.Parse(time.RFC3339, obj.LastModified)
f, err := addToZip(name, modified)
if err != nil {
object.Close()
// Ignore errors, move to next
continue
}
_, err = io.Copy(f, object)
object.Close()
if err != nil {
// We have a partial object, report error.
pw.CloseWithError(err)
@@ -666,13 +672,14 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
}
} else {
// add selected individual object
objectData, err := mClient.StatObject(ctx, params.BucketName, dObj, minio.StatObjectOptions{})
object, err := mClient.GetObject(ctx, params.BucketName, dObj, minio.GetObjectOptions{})
if err != nil {
// Ignore errors, move to next
continue
}
object, err := mClient.GetObject(ctx, params.BucketName, dObj, minio.GetObjectOptions{})
// add selected individual object
objectData, err := object.Stat()
if err != nil {
// Ignore errors, move to next
continue
@@ -683,10 +690,13 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
objectName := prefixes[len(prefixes)-1]
f, err := addToZip(objectName, objectData.LastModified)
if err != nil {
object.Close()
// Ignore errors, move to next
continue
}
_, err = io.Copy(f, object)
object.Close()
if err != nil {
// We have a partial object, report error.
pw.CloseWithError(err)

6
go.mod
View File

@@ -1,6 +1,6 @@
module github.com/minio/console
go 1.22
go 1.23
require (
github.com/blang/semver/v4 v4.0.0
@@ -24,6 +24,7 @@ require (
github.com/minio/madmin-go/v3 v3.0.68
github.com/minio/mc v0.0.0-20240815155011-479171e7be9c
github.com/minio/minio-go/v7 v7.0.81-0.20241125171916-a563333c01ef
github.com/minio/pkg/v3 v3.0.22
github.com/minio/selfupdate v0.6.0
github.com/minio/websocket v1.6.0
github.com/mitchellh/go-homedir v1.1.0
@@ -35,14 +36,13 @@ require (
golang.org/x/crypto v0.28.0
golang.org/x/net v0.30.0
golang.org/x/oauth2 v0.22.0
// Added to include security fix for
// https://github.com/golang/go/issues/56152
golang.org/x/text v0.19.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
)
require github.com/minio/pkg/v3 v3.0.22
require (
aead.dev/mem v0.2.0 // indirect
aead.dev/minisign v0.3.0 // indirect

8
web-app/playwright/jobs.yaml
View File

@@ -20,7 +20,7 @@ jobs:
runs-on: [ubuntu-latest]
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -44,7 +44,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -84,7 +84,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code
@@ -129,7 +129,7 @@ jobs:
runs-on: ${{ matrix.os }}
strategy:
matrix:
go-version: [1.22.x]
go-version: [1.23.x]
os: [ubuntu-latest]
steps:
- name: Check out code