Merged
Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3481 +/- ##
==========================================
+ Coverage 23.15% 23.34% +0.19%
==========================================
Files 669 669
Lines 50251 50252 +1
==========================================
+ Hits 11634 11730 +96
+ Misses 37708 37606 -102
- Partials 909 916 +7 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
carpawell
approved these changes
Jul 24, 2025
3709c89 to
d2d7a33
Compare
cthulhu-rider
approved these changes
Jul 29, 2025
GetRange operates with byte chunks, the result doesn't have any new additional data compared to request processing time, if we had an object header we still have it, if we had no object header we still don't have it, the request itself hasn't change, so this check is no-op, it can't affect the result. Refs #3095. Signed-off-by: Roman Khimov <roman@nspcc.ru>
Search result is just IDs, the result doesn't have any new additional data compared to request processing time, if we had an object header we still have it, if we had no object header we still don't have it, the request itself hasn't change, so this check is no-op, it can't affect the result. Notice that SearchV2 doesn't do this at all. Refs #3095. Signed-off-by: Roman Khimov <roman@nspcc.ru>
Get and Head handlers check EACL before doing anything (just like other handlers do), but if there are rules based on object headers and this object is not stored locally the action would be allowed. Once we get a header from the other node EACL can and will always be rechecked which is suboptimal since in most cases it's the same simple (non-filter-dependent) set of rules. The patch tries to optimize it by avoiding rechecks if there was a rule match. If that's the case another EACL check would yield the same (positive) result anyway, so it's just a waste of time. Notice that from the security perspective this is still questionable since if the node storing object (erroneously) returns data this means the data can technically be retrieved by asking it directly. Closes #3095. Signed-off-by: Roman Khimov <roman@nspcc.ru>
d2d7a33 to
53c5106
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #3095.