Skip to content

[azure-storage-blob] wrong sas permission string caused authentication failure  #13099

@Juliehzl

Description

@Juliehzl
  • Package Name: azure-stroage-blob
  • Package Version: 12.4.0b1
  • Operating System: Win 10
  • Python Version: 3.7.7

Describe the bug
A clear and concise description of what the bug is.
When specify permission with string, it passes the permission string to _str as shown here:

parsed._str = permission # pylint: disable = protected-access

but what we expect is that it should be format with the following method:
self._str = (('r' if self.read else '') +
('w' if self.write else '') +
('d' if self.delete else '') +
('x' if self.delete_previous_version else '') +
('l' if self.list else '') +
('t' if self.tag else ''))

If the permission string sequence changes, it will cause signed signature change and authentication failure.

Removing this line could fix it.

parsed._str = permission # pylint: disable = protected-access

Same for other sas permissions.

To Reproduce
Steps to reproduce the behavior:

  1. generate sas token with specifying container sas permission with string like 'dlrw'
  2. upload blob with generated sas

but if you are using rwdl, it will work.

Expected behavior
A clear and concise description of what you expected to happen.

Authentication failed.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

Metadata

Metadata

Assignees

Labels

ClientThis issue points to a problem in the data-plane of the library.StorageStorage Service (Queues, Blobs, Files)bugThis issue requires a change to an existing behavior in the product in order to be resolved.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions