From 38e3a017b0fdb1f55ce98d465ee583608c3a8603 Mon Sep 17 00:00:00 2001 From: chrislu Date: Wed, 12 Nov 2025 16:43:09 -0800 Subject: [PATCH] Fixed Typo, Restored []string Case, Added Cache Size Limit --- weed/s3api/s3api_bucket_handlers.go | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/weed/s3api/s3api_bucket_handlers.go b/weed/s3api/s3api_bucket_handlers.go index c96c87cd2..c00b5c54b 100644 --- a/weed/s3api/s3api_bucket_handlers.go +++ b/weed/s3api/s3api_bucket_handlers.go @@ -38,6 +38,9 @@ import ( ) // Pattern cache for regex compilation performance +// Limited to prevent unbounded memory growth +const maxPatternCacheSize = 1000 + var ( patternCache = make(map[string]*regexp.Regexp) patternCacheMu sync.RWMutex @@ -685,6 +688,13 @@ func principalMatchesAnonymous(principal interface{}) bool { return true } } + case []string: + // Handles manually constructed policies (not from JSON) + for _, v := range awsVal { + if v == "*" { + return true + } + } } } } @@ -750,13 +760,13 @@ func matchesPattern(pattern, str string, caseSensitive bool) bool { // Escape regex metacharacters before expanding wildcards // This prevents patterns like "*.json" from matching "filexjson" (no dot) escaped := regexp.QuoteMeta(pattern) - + // Convert S3 wildcard pattern to regex // * matches any sequence of characters // ? matches any single character escaped = strings.ReplaceAll(strings.ReplaceAll(escaped, "\\*", ".*"), "\\?", ".") regexPattern := "^" + escaped + "$" - + // Add case-insensitive flag if needed if !caseSensitive { regexPattern = "(?i)" + regexPattern @@ -768,11 +778,23 @@ func matchesPattern(pattern, str string, caseSensitive bool) bool { return false // Invalid patterns do not match } - // Cache the compiled regex (with double-check locking) + // Cache the compiled regex (with double-check locking and size limit) patternCacheMu.Lock() if re2, ok := patternCache[cacheKey]; ok { re = re2 // Another goroutine already cached it } else { + // Enforce cache size limit to prevent unbounded memory growth + if len(patternCache) >= maxPatternCacheSize { + // Simple eviction: clear oldest entries (clear half the cache) + // More sophisticated LRU could be added if needed + for k := range patternCache { + delete(patternCache, k) + if len(patternCache) < maxPatternCacheSize/2 { + break + } + } + glog.V(2).Infof("Pattern cache size limit reached, evicted entries (new size: %d)", len(patternCache)) + } patternCache[cacheKey] = re } patternCacheMu.Unlock()