Decide whether a `GetObject` response is safe to buffer fully into memory. Returns `Ok(())` when the advertised `Content-Length` is non-negative and within `max_bytes`. Rejects in three cases: `Content-Length` was not advertised (we refuse to read without a size guard rather than risking OOM); the advertised length is negative (protocol violation); the advertised length exceeds `max_bytes`. Extr
(
advertised: Option<i64>,
max_bytes: u64,
bucket: &str,
key: &str,
)
| 992 | /// Extracted as a free function so it can be unit-tested without standing up |
| 993 | /// an `aws_sdk_s3::Client`. |
| 994 | fn validate_content_length( |
| 995 | advertised: Option<i64>, |
| 996 | max_bytes: u64, |
| 997 | bucket: &str, |
| 998 | key: &str, |
| 999 | ) -> Result<()> { |
| 1000 | match advertised { |
| 1001 | Some(n) if n < 0 => Err(anyhow!( |
| 1002 | "S3 object s3://{}/{} reported invalid content-length {}", |
| 1003 | bucket, |
| 1004 | key, |
| 1005 | n |
| 1006 | )), |
| 1007 | Some(n) if (n as u64) > max_bytes => Err(anyhow!( |
| 1008 | "S3 object s3://{}/{} is {} bytes, exceeds workspace max_read_bytes ({}); \ |
| 1009 | raise S3BackendConfig::max_read_bytes if the read is legitimate", |
| 1010 | bucket, |
| 1011 | key, |
| 1012 | n, |
| 1013 | max_bytes |
| 1014 | )), |
| 1015 | Some(_) => Ok(()), |
| 1016 | None => Err(anyhow!( |
| 1017 | "S3 object s3://{}/{} did not report Content-Length; refusing to read \ |
| 1018 | without a size guard. Check that the endpoint is S3-compliant.", |
| 1019 | bucket, |
| 1020 | key |
| 1021 | )), |
| 1022 | } |
| 1023 | } |
| 1024 | |
| 1025 | fn normalize_prefix(prefix: &str) -> String { |
| 1026 | prefix |
no outgoing calls