[match] prevent directory download from s3 (#20975)

* fix: prevent directory download from s3 * chore: add test to verify file-like s3 downloads * Update match/lib/match/storage/s3_storage.rb Co-authored-by: Roger Oba <rogerluan.oba@gmail.com> --------- Co-authored-by: Roger Oba <rogerluan.oba@gmail.com>
fastlane · Aug 30, 2023 · ab9fb32 · ab9fb32
1 parent 65db20a
commit ab9fb32
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/match/lib/match/storage/s3_storage.rb b/match/lib/match/storage/s3_storage.rb
@@ -102,6 +102,12 @@ def download
         self.working_directory = Dir.mktmpdir
 
         s3_client.find_bucket!(s3_bucket).objects(prefix: s3_object_prefix).each do |object|
+
+          # Prevent download if the file path is a directory.
+          # We need to check if string ends with "/" instead of using `File.directory?` because
+          # the string represent a remote location, not a local file in disk.
+          next if object.key.end_with?("/")
+
           file_path = strip_s3_object_prefix(object.key) # :s3_object_prefix:team_id/path/to/file
 
           # strip s3_prefix from file_path

diff --git a/match/spec/storage/s3_storage_spec.rb b/match/spec/storage/s3_storage_spec.rb
@@ -95,6 +95,18 @@
 
         subject.download
       end
+
+      it 'downloads only file-like objects and skips folder-like objects' do
+        valid_object = files_to_download[0]
+        invalid_object = instance_double('Aws::S3::Object', key: 'ABCDEFG/certs/development/')
+
+        allow(s3_client).to receive_message_chain(:find_bucket!, :objects).and_return([valid_object, invalid_object])
+
+        expect(valid_object).to receive(:download_file).with("#{working_directory}/#{valid_object.key}")
+        expect(invalid_object).not_to receive(:download_file).with("#{working_directory}/#{invalid_object.key}")
+
+        subject.download
+      end
     end
   end
 end