Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

generate_signed_post_policy_v4() improperly handles expiration timestamps with tzinfo=None #244

Closed
andrewsg opened this issue Aug 13, 2020 · 0 comments · Fixed by #250
Closed

generate_signed_post_policy_v4() improperly handles expiration timestamps with tzinfo=None #244

andrewsg opened this issue Aug 13, 2020 · 0 comments · Fixed by #250
Assignees
@HemangChothani
Labels
api: storage Issues related to the googleapis/python-storage API. priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@andrewsg
Copy link
Contributor

The generate_signed_post_policy_v4() workflow, using get_expiration_seconds_v4() (get_expiration_seconds_v2() may also be affected) improperly calculates the expiration seconds if a datetime without tzinfo is used.

For instance, Python's datetime.datetime.now() produces a datetime with tzinfo=None, but in local time. The get_expiration_seconds_v4() method replaces that "None" timezone with a UTC tzinfo, which results in an inaccurate timestamp that was generated for local time but is now presented as UTC.

There is no way to safely handle tzinfo=None user input in Python. The library should either document that tzinfo=None will be treated as either local time or UTC (current behavior, UTC) or else it should reject timestamps without tzinfo for safety.

The system test TestV4POSTPolicies.test_get_signed_policy_v4() will also fail when run in a timezone west of the equator and should be modified along with the above code. Warning: it is possible Kokoro is not running in a timezone west of the equator and will not manifest this error.
@product-auto-label product-auto-label bot added the api: storage Issues related to the googleapis/python-storage API. label Aug 13, 2020
@yoshi-automation yoshi-automation added the triage me I really want to be triaged. label Aug 14, 2020
@tseaver tseaver added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. and removed triage me I really want to be triaged. labels Aug 17, 2020
@HemangChothani HemangChothani self-assigned this Aug 19, 2020
This was referenced Aug 19, 2020
Merged
Merged
gcf-merge-on-green bot pushed a commit that referenced this issue Aug 25, 2020
@HemangChothani
fix: change datetime.now to utcnow (#251)
3465d08 
Fixes #228  🦕

I think it's related to #244 issue so changed datetime.now() to datetime.utcnow()
cojenco pushed a commit to cojenco/python-storage that referenced this issue Oct 13, 2021
@HemangChothani @cojenco
fix: change datetime.now to utcnow (googleapis#251)
23e62ba 
Fixes googleapis#228  🦕

I think it's related to googleapis#244 issue so changed datetime.now() to datetime.utcnow()
cojenco pushed a commit to cojenco/python-storage that referenced this issue Oct 13, 2021
@HemangChothani @cojenco
fix: change datetime.now to utcnow (googleapis#251)
2955fc6 
Fixes googleapis#228  🦕

I think it's related to googleapis#244 issue so changed datetime.now() to datetime.utcnow()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HemangChothani HemangChothani

Labels
api: storage Issues related to the googleapis/python-storage API. priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: add docs signed_url expiration take default utc MaxxleLLC/python-storage
4 participants
@tseaver @andrewsg @yoshi-automation @HemangChothani