check policy per object

This commit is contained in:
Page Asgardius 2023-02-03 15:52:10 -07:00
parent ce28a53de7
commit 7aa05c783a
2 changed files with 51 additions and 12 deletions

View file

@ -0,0 +1,47 @@
package asgardius.page.s3manager;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.model.GeneratePresignedUrlRequest;
import java.util.Date;
public class PolicyCheck {
public static String getFileKey(AmazonS3 s3client, String bucket, String object, Date expiration) {
try {
Boolean publicobject;
String fileKey = null;
String policy = s3client.getBucketPolicy(bucket).getPolicyText();
publicobject = false;
if(policy.contains("arn:aws:s3:::"+bucket+"/*") && policy.contains("s3:GetObject")) {
publicobject = true;
} else if(policy.contains("s3:GetObject")) {
if((policy.contains("\"arn:aws:s3:::"+bucket+"/"+object+"\"") || policy.contains("\"arn:aws:s3:::"+bucket+"/"+object+"*\"") || policy.contains("\"arn:aws:s3:::"+bucket+"/"+object+"**\"")) && policy.contains("s3:GetObject")) {
publicobject = true;
} else {
String[] path = object.split("/");
String filepath = "";
for (int i = 0; i < path.length-1; i++) {
filepath = filepath+path[i]+"/";
//System.out.println(filepath);
if(policy.contains("\"arn:aws:s3:::"+bucket+"/"+filepath+"*\"") || policy.contains("\"arn:aws:s3:::"+bucket+"/"+filepath+"**\"")) {
publicobject = true;
i = path.length;
}
}
}
}
if(publicobject) {
fileKey = s3client.getUrl(bucket, object).toString();
} else {
GeneratePresignedUrlRequest request;
request = new GeneratePresignedUrlRequest(bucket, object).withExpiration(expiration);
fileKey = s3client.generatePresignedUrl(request).toString();
}
return fileKey;
} catch (Exception e) {
GeneratePresignedUrlRequest request;
request = new GeneratePresignedUrlRequest(bucket, object).withExpiration(expiration);
return s3client.generatePresignedUrl(request).toString();
}
}
}

View file

@ -273,6 +273,7 @@ public class Share extends AppCompatActivity {
@Override
public void run() {
simpleProgressBar.setVisibility(View.INVISIBLE);
Toast.makeText(getApplicationContext(),getResources().getString(R.string.invalid_expiration_date), Toast.LENGTH_SHORT).show();
}
});
@ -371,23 +372,13 @@ public class Share extends AppCompatActivity {
objectlist = "";
List<S3ObjectSummary> objects = result.getObjectSummaries();
for (S3ObjectSummary os : objects) {
if(publicobject) {
objectlist = objectlist+s3client.getUrl(bucket, os.getKey()).toString()+"\n";
} else {
request = new GeneratePresignedUrlRequest(bucket, os.getKey()).withExpiration(expiration);
objectlist = objectlist+s3client.generatePresignedUrl(request).toString()+"\n";
}
objectlist = objectlist+PolicyCheck.getFileKey(s3client, bucket, os.getKey(), expiration)+"\n";
}
while (result.isTruncated()) {
result = s3client.listNextBatchOfObjects (result);
objects = result.getObjectSummaries();
for (S3ObjectSummary os : objects) {
if(publicobject) {
objectlist = objectlist+s3client.getUrl(bucket, os.getKey()).toString()+"\n";
} else {
request = new GeneratePresignedUrlRequest(bucket, os.getKey()).withExpiration(expiration);
objectlist = objectlist+s3client.generatePresignedUrl(request).toString()+"\n";
}
objectlist = objectlist+PolicyCheck.getFileKey(s3client, bucket, os.getKey(), expiration)+"\n";
}
}
@ -464,6 +455,7 @@ public class Share extends AppCompatActivity {
@Override
public void run() {
simpleProgressBar.setVisibility(View.INVISIBLE);
Toast.makeText(getApplicationContext(),getResources().getString(R.string.invalid_expiration_date), Toast.LENGTH_SHORT).show();
}
});