add object check.

aliyun-sdk.gemspec

@@ -27,7 +27,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'nokogiri', '~> 1.6'
   spec.add_dependency 'rest-client', '~> 2.0'
 
-  spec.add_development_dependency 'bundler', '~> 1.10'
+  spec.add_development_dependency 'bundler', '>= 1.10'
   spec.add_development_dependency 'rake', '~> 10.4'
   spec.add_development_dependency 'rake-compiler', '~> 0.9.0'
   spec.add_development_dependency 'rspec', '~> 3.3'

lib/aliyun/oss/bucket.rb

@@ -620,6 +620,7 @@ def bucket_url
       # @param [Hash] parameters 附加的query参数，默认为空
       # @return [String] 用于直接访问Object的URL
       def object_url(key, sign = true, expiry = 60, parameters = {})
+        Util.ensure_object_name_valid(key, @protocol.verify_object_strict)
         url = @protocol.get_request_url(name, key).gsub('%2F', '/')
         query = parameters.dup
 

lib/aliyun/oss/config.rb

@@ -12,7 +12,8 @@ class Config < Common::Struct::Base
       attrs :endpoint, :cname, :sts_token,
             :access_key_id, :access_key_secret,
             :open_timeout, :read_timeout,
-            :download_crc_enable, :upload_crc_enable
+            :download_crc_enable, :upload_crc_enable,
+            :verify_object_strict
 
       def initialize(opts = {})
         super(opts)
@@ -22,6 +23,7 @@ def initialize(opts = {})
         normalize_endpoint if endpoint
         @upload_crc_enable = (@upload_crc_enable == 'false' || @upload_crc_enable == false) ? false : true
         @download_crc_enable = (@download_crc_enable == 'true' || @download_crc_enable == true) ? true : false
+        @verify_object_strict = (@verify_object_strict == 'false' || @verify_object_strict == false) ? false : true
       end
 
       private

lib/aliyun/oss/protocol.rb

@@ -1538,6 +1538,12 @@ def upload_crc_enable
         @config.upload_crc_enable
       end
 
+      # Get the the flag of verifying object name strictly.
+      # @return true or false
+      def verify_object_strict
+        @config.verify_object_strict
+      end
+
       private
 
       # Parse body content to xml document

lib/aliyun/oss/util.rb

@@ -99,6 +99,15 @@ def ensure_bucket_name_valid(name)
           end
         end  
 
+        def ensure_object_name_valid(name, strict)
+          if name.nil? || name.empty?
+            fail ClientError, "The object name is invalid."
+          end
+          if strict && name.start_with?("?")
+            fail ClientError, "The object name cannot start with '?'."
+          end
+        end
+
       end # self
     end # Util
   end # OSS

spec/aliyun/oss/util_spec.rb

@@ -143,7 +143,50 @@ module OSS
           Util.ensure_bucket_name_valid('abc-')
         }.to raise_error(ClientError, "The bucket name is invalid.")
 
-      end  
+      end
+
+      it "should check object name valid" do
+        expect {
+          Util.ensure_object_name_valid("123", true)
+        }.not_to raise_error
+
+        expect {
+          Util.ensure_object_name_valid("123?", true)
+        }.not_to raise_error
+
+        expect {
+          Util.ensure_object_name_valid("?", false)
+        }.not_to raise_error
+
+        expect {
+          Util.ensure_object_name_valid("?123", false)
+        }.not_to raise_error
+
+        expect {
+          Util.ensure_object_name_valid("", true)
+        }.to raise_error(ClientError, "The object name is invalid.")
+
+        expect {
+          Util.ensure_object_name_valid("", false)
+        }.to raise_error(ClientError, "The object name is invalid.")
+
+        expect {
+          Util.ensure_object_name_valid(nil, true)
+        }.to raise_error(ClientError, "The object name is invalid.")
+
+        expect {
+          Util.ensure_object_name_valid(nil, false)
+        }.to raise_error(ClientError, "The object name is invalid.")
+
+        expect {
+          Util.ensure_object_name_valid("?", true)
+        }.to raise_error(ClientError, "The object name cannot start with '?'.")
+
+        expect {
+          Util.ensure_object_name_valid("?123", true)
+        }.to raise_error(ClientError, "The object name cannot start with '?'.")
+
+      end
 
     end # Util
 

tests/test_content_type.rb

@@ -12,7 +12,6 @@ def setup
 
     @types = {
       "html" => "text/html",
-      "js" => "application/javascript",
       "xlsx" => "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
       "xltx" => "application/vnd.openxmlformats-officedocument.spreadsheetml.template",
       "potx" => "application/vnd.openxmlformats-officedocument.presentationml.template",

tests/test_object_url.rb

@@ -86,4 +86,57 @@ def test_signed_url_with_parameters
 
   end
 
+  def test_signed_url_with_name_check
+    parameters = {
+      'x-oss-process' => 'image/resize,m_fill,h_100,w_100',
+    }
+    key = '?'
+    begin
+      signed_url = @bucket.object_url(key, true, 60, parameters)
+      assert false, 'Shoud not here'
+    rescue => e
+      assert_equal "The object name cannot start with '?'.", e.message
+    end
+
+    key = '?123'
+    begin
+      signed_url = @bucket.object_url(key, true, 60, parameters)
+      assert false, 'Shoud not here'
+    rescue => e
+      assert_equal "The object name cannot start with '?'.", e.message
+    end
+
+    key = ''
+    begin
+      signed_url = @bucket.object_url(key, true, 60, parameters)
+      assert false, 'Shoud not here'
+    rescue => e
+      assert_equal "The object name is invalid.", e.message
+    end
+
+    client1 = Aliyun::OSS::Client.new(
+      endpoint: 'https://oss-cn-hangzhou.aliyuncs.com',
+      access_key_id: 'ak',
+      access_key_secret: 'sk',
+      verify_object_strict: false
+    )
+    @bucket1 = client1.get_bucket(TestConf.bucket)
+
+    key = '?'
+    begin
+      signed_url = @bucket1.object_url(key, true, 60, parameters)
+      assert_equal true, signed_url.include?('/%3F?')
+    rescue => e
+      assert false, 'Shoud not here'
+    end
+
+    key = '?123'
+    begin
+      signed_url = @bucket1.object_url(key, true, 60, parameters)
+      assert_equal true, signed_url.include?('/%3F123?')
+    rescue => e
+      assert false, 'Shoud not here'
+    end
+  end
+
 end