安全优化 (#161)

* 安全优化

demo/test_file/test.srt

@@ -0,0 +1,7 @@
+1
+00:00:04,160 --> 00:00:08,640
+srt字幕啊，我一杯品尝你的啡，留下唇印的嘴。蝴蝶玫瑰名字写错谁告白节说风吹的对街微笑在脸上飞。哼，和你说你有点难追，想让我知难而退。礼物不屑掉，最贵只要乡榭的落叶营造浪漫的约回，不害怕留在一切拥有。
+
+2
+00:00:08,640 --> 00:00:12,680
+你就拥有全世界。亲爱的，爱上你从那天起甜蜜的痕迹，亲爱的，别人性你的眼睛在说，我愿意咖啡，我说一杯品尝你的啡，留下唇印的嘴，蝴蝶，玫瑰。

gen_lcov.sh

@@ -35,6 +35,10 @@ lcov -d build -b . --no-external -c -o sevenyou.info
 lcov --extract sevenyou_init.info ${EXTRACT} -o sevenyou_init_filted.info
 lcov --extract sevenyou.info ${EXTRACT} -o sevenyou_filted.info
 
+lcov --remove sevenyou.info "${workspace}/third_party/*" -o sevenyou_rm_third_party.info
+rm sevenyou.info
+mv sevenyou_rm_third_party.info sevenyou.info
+
 # genhtml and zip
 genhtml -o UTReport --prefix=`pwd` sevenyou_init_filted.info sevenyou_filted.info
 tar -cvf UTReport.tar UTReport

include/cos_api.h

@@ -924,6 +924,18 @@ class CosAPI {
   CosResult UpdateMediaQueue(const UpdateMediaQueueReq& req,
                                   UpdateQueueResp* resp);
 
+  /** 文档处理接口 **/
+
+  /*** 查询已经开通文档处理功能的存储桶 ***/
+  // https://cloud.tencent.com/document/product/460/95747
+  CosResult DescribeFileBuckets(const DescribeFileBucketsReq& req,
+                                 DescribeFileBucketsResp* resp);
+
+  /*** 存储桶绑定文档处理 ***/
+  // https://cloud.tencent.com/document/product/460/86377
+  CosResult CreateFileBucket(const CreateFileBucketReq& req,
+                          CreateFileBucketResp* resp);
+
   /* 异步任务接口 */
   /** 创建异步任务 **/
   CosResult CreateDataProcessJobs(const CreateDataProcessJobsReq& req,

include/cos_sys_config.h

@@ -163,7 +163,11 @@ class CosSysConfig {
 
   static bool GetRetryChangeDomain();
 
- private:
+  static void SetObjectKeySimplifyCheck(bool object_key_simplify_check);
+
+  static bool GetObjectKeySimplifyCheck();
+
+private:
   // 打印日志:0,不打印,1:打印到屏幕,2:打印到syslog
   static LOG_OUT_TYPE m_log_outtype;
   // 日志级别:1: ERR, 2: WARN, 3:INFO, 4:DBG
@@ -215,6 +219,8 @@ class CosSysConfig {
   static unsigned m_dns_cache_size;
 
   static bool m_retry_change_domain;
+
+  static bool m_object_key_simplify_check;
 };
 
 }  // namespace qcloud_cos

include/op/bucket_op.h

@@ -549,6 +549,24 @@ class BucketOp : public BaseOp {
   CosResult UpdateMediaQueue(const UpdateMediaQueueReq& req,
                                   UpdateQueueResp* resp);
 
+  /// \brief 查询文件处理开通状态
+  /// \brief https://cloud.tencent.com/document/product/460/95747
+  /// \param req  DescribeFileBuckets请求
+  /// \param resp DescribeFileBuckets返回
+  ///
+  /// \return 本次请求的调用情况(如状态码等)
+  CosResult DescribeFileBuckets(const DescribeFileBucketsReq& req,
+                                 DescribeFileBucketsResp* resp);
+
+  /// \brief 开通文件处理
+  /// \brief https://cloud.tencent.com/document/product/460/86377
+  /// \param req  CreateFileBucketReq请求
+  /// \param resp CreateFileBucketResp返回
+  ///
+  /// \return 本次请求的调用情况(如状态码等)
+  CosResult CreateFileBucket(const CreateFileBucketReq& req,
+                          CreateFileBucketResp* resp);
+
   /// \brief 提交数据处理任务
   /// \brief https://cloud.tencent.com/document/product/436/83110
   /// \param req  CreateFileProcessJobs请求

include/request/auditing_req.h

@@ -245,7 +245,7 @@ class RecognitionResult {
 
 class LibResults {
   public:
-    LibResults() : m_mask(0x00000000u) {}
+    LibResults() : m_mask(0x00000000u), m_key_words(std::vector<std::string>()) {}
     virtual ~LibResults() {}
 
   void SetLibType(const int lib_type) { 
@@ -1020,6 +1020,7 @@ class ListInfo {
   }
 
   void AddListResult(const ListResult& list_result) {
+    m_mask |= 0x00000001u;
     m_list_results.push_back(list_result);
   }
 
@@ -1276,7 +1277,7 @@ class AuditingJobsDetail {
 
   std::string GetCreationTime() const { return m_creation_time; }
 
-  UserInfo getUserInfo() const { return m_user_info; }
+  UserInfo GetUserInfo() const { return m_user_info; }
 
   bool HasCode() const { return (m_mask & 0x00000001u) != 0; }
 

include/request/data_process_req.h

@@ -472,6 +472,39 @@ struct CreateMediaBucketResult {
     return ss.str();
   }
 };
+
+struct CreateFileBucketResult {
+  std::string request_id;                 // 请求的唯一ID
+  BucketInfo file_bucket;                // 文件Bucket
+  std::string to_string() const {
+    std::stringstream ss;
+    ss << "request_id: " << request_id << std::endl;
+    ss << file_bucket.to_string() << std::endl;
+    ss << std::endl;
+    return ss.str();
+  }
+};
+
+struct DescribeFileBucketsResult {
+  std::string request_id;                     // 请求的唯一ID
+  int total_count;                            // 媒体Bucket总数
+  int page_number;                            // 当前页数
+  int page_size;                              // 每页个数
+  std::vector<BucketInfo> file_bucket_list;  // 文件Bucket列表
+  std::string to_string() const {
+    std::stringstream ss;
+    ss << "request_id: " << request_id << std::endl
+       << "total_count: " << total_count << std::endl
+       << "page_number: " << page_number << std::endl
+       << "page_size: " << page_size << std::endl;
+    for (auto& bucket : file_bucket_list) {
+      ss << bucket.to_string() << std::endl;
+    }
+    ss << std::endl;
+    return ss.str();
+  }
+};
+
 struct VideoInfo {
   int index;                     // 该流的编号
   std::string codec_name;        // 编解码格式名字
@@ -2025,6 +2058,31 @@ class CreateMediaBucketReq : public BucketReq{
   virtual ~CreateMediaBucketReq() {}
 };
 
+
+class CreateFileBucketReq : public BucketReq{
+  public:
+  explicit CreateFileBucketReq(const std::string& bucket_name) : BucketReq(bucket_name) {
+    m_method = "POST";
+    m_path = "/file_bucket";
+    SetHttps();
+  }
+
+  virtual ~CreateFileBucketReq() {}
+};
+
+class DescribeFileBucketsReq : public DescribeMediaBucketsReq {
+ public:
+  DescribeFileBucketsReq() {
+    m_method = "GET";
+
+    m_path = "/file_bucket";
+
+    // 该接口只支持https
+    SetHttps();
+  }
+  virtual ~DescribeFileBucketsReq() {}
+};
+
 class GetMediaInfoReq : public ObjectReq {
  public:
   GetMediaInfoReq(const std::string& bucket_name,

include/response/data_process_resp.h

@@ -294,6 +294,29 @@ class GetPm3u8Resp : public GetObjectByFileResp {
   virtual ~GetPm3u8Resp() {}
 };
 
+class CreateFileBucketResp : public BaseResp {
+ public:
+  CreateFileBucketResp() {}
+  virtual ~CreateFileBucketResp() {}
+  virtual bool ParseFromXmlString(const std::string& body);
+
+  CreateFileBucketResult GetResult() const { return m_result; }
+
+ private:
+  CreateFileBucketResult m_result;
+};
+
+class DescribeFileBucketsResp : public BaseResp {
+ public:
+  DescribeFileBucketsResp() {}
+  virtual ~DescribeFileBucketsResp() {}
+  virtual bool ParseFromXmlString(const std::string& body);
+  DescribeFileBucketsResult GetResult() const { return m_result; }
+
+ private:
+  DescribeFileBucketsResult m_result;
+};
+
 
 
 class DataProcessJobBase : public BaseResp {

include/util/illegal_intercept.h

@@ -0,0 +1,13 @@
+#ifndef ILLEGAL_INTERCEPT_H
+#define ILLEGAL_INTERCEPT_H
+#include <string>
+namespace qcloud_cos {
+
+class IllegalIntercept {
+ public:
+  static bool ObjectKeySimplifyCheck(const std::string& path);
+
+};
+}  // namespace qcloud_cos
+
+#endif

src/cos_api.cpp

@@ -1162,6 +1162,16 @@ CosResult CosAPI::UpdateMediaQueue(const UpdateMediaQueueReq& req,
   return m_bucket_op.UpdateMediaQueue(req, resp);
 }
 
+CosResult CosAPI::DescribeFileBuckets(const DescribeFileBucketsReq& req,
+                                       DescribeFileBucketsResp* resp) {
+  return m_bucket_op.DescribeFileBuckets(req, resp);
+}
+
+CosResult CosAPI::CreateFileBucket(const CreateFileBucketReq& req,
+                                    CreateFileBucketResp* resp) {
+  return m_bucket_op.CreateFileBucket(req, resp);
+}
+
 CosResult CosAPI::CreateDataProcessJobs(const CreateDataProcessJobsReq& req,
                                CreateDataProcessJobsResp* resp) {
   return m_bucket_op.CreateDataProcessJobs(req, resp);

src/cos_sys_config.cpp

@@ -59,6 +59,8 @@ unsigned CosSysConfig::m_dns_cache_size = 1000;
 
 bool CosSysConfig::m_retry_change_domain = false;
 
+bool CosSysConfig::m_object_key_simplify_check = true;
+
 std::mutex m_intranet_addr_lock;
 std::mutex m_dest_domain_lock;
 
@@ -307,4 +309,12 @@ void CosSysConfig::SetRetryChangeDomain(bool retry_change_domain){
 bool CosSysConfig::GetRetryChangeDomain(){
   return m_retry_change_domain;
 }
+
+void CosSysConfig::SetObjectKeySimplifyCheck(bool object_key_simplify_check){
+  m_object_key_simplify_check = object_key_simplify_check;
+}
+
+bool CosSysConfig::GetObjectKeySimplifyCheck(){
+  return m_object_key_simplify_check;
+}
 }  // namespace qcloud_cos

src/op/base_op.cpp

@@ -60,9 +60,44 @@ bool BaseOp::UseDefaultDomain() const{
   return true;
 }
 
-bool BaseOp::IsDefaultHost(const std::string& host) const {
-    std::regex host_pattern(R"(^([\w-]+)-([\w-]+)\.cos\.([\w-]+)-([\w-]+)\.myqcloud\.com$)");
-    return std::regex_match(host, host_pattern);
+bool BaseOp::IsDefaultHost(const std::string &host) const {
+    size_t dot_pos = host.find('.');
+
+    if (dot_pos == std::string::npos) {
+      return false;
+    }
+    const char* str = host.substr(dot_pos + 1).c_str();
+    if (str == NULL) {
+        return false;
+    }
+
+    int len = strlen(str);
+    int i = 0;
+
+    // 匹配 \cos\.
+    if (i >= len || strncmp(str + i, "cos.", 4) != 0) {
+        return false;
+    }
+    i += 4;
+
+    // 匹配 ([\w-]+)-([\w-]+)
+    int flag = 0;
+    while (i < len && (isalnum(str[i]) || str[i] == '-'))
+    {
+        if(str[i] == '-') flag = 1;
+        i++;
+    }
+
+    if (i >= len || str[i] != '.' || !flag) {
+        return false;
+    }
+
+    if (i >= len || strncmp(str + i, ".myqcloud.com", 13) != 0) {
+        return false;
+    }
+    i += 13;
+
+    return i == len;
 }
 std::string  BaseOp::ChangeHostSuffix(const std::string& host) {
     const std::string old_suffix = ".myqcloud.com";

src/op/bucket_op.cpp

@@ -565,8 +565,7 @@ CosResult BucketOp::GetBucketIntelligentTiering(
 
 CosResult BucketOp::PutBucketToCI(const PutBucketToCIReq& req,
                              PutBucketToCIResp* resp) {
-  std::string host = CosSysConfig::GetPICHost(GetAppId(), m_config->GetRegion(),
-                                           req.GetBucketName());
+  std::string host = CosSysConfig::GetCIHost(req.GetBucketName(), m_config->GetRegion());
   std::string path = req.GetPath();
   return NormalAction(host, path, req, "", false, resp);
 }
@@ -678,6 +677,18 @@ CosResult BucketOp::UpdateMediaQueue(const UpdateMediaQueueReq& req,
   return ProcessReq(req, resp, true);
 }
 
+CosResult BucketOp::DescribeFileBuckets(const DescribeFileBucketsReq& req,
+                                         DescribeFileBucketsResp* resp) {
+  return ProcessReq(req, resp, true);
+}
+
+CosResult BucketOp::CreateFileBucket(const CreateFileBucketReq& req,
+                                    CreateFileBucketResp* resp) {
+  std::string host = CosSysConfig::GetCIHost(req.GetBucketName(), m_config->GetRegion());
+  std::string path = req.GetPath();
+  return NormalAction(host, path, req, "", false, resp);
+}
+
 CosResult BucketOp::BatchImageAuditing(const BatchImageAuditingReq& req,
                                        BatchImageAuditingResp* resp) {
   return ProcessReq(req, resp, true);