1、修复安全漏洞

2、修复分块上传续传时只能拉取1000个分块

Author: garenwang

CHANGELOG.md

@@ -1,3 +1,6 @@
+# 6.4.5    
+1、安全漏洞修复
+
 # 6.4.4  
 1、增加上传接口取消时类型保护
 

QCloudCOSXML.podspec

@@ -2,7 +2,7 @@ Pod::Spec.new do |s|
   s.name             = "QCloudCOSXML"
 
 
-s.version              = "6.4.4"
+s.version              = "6.4.5"
 
 
   s.summary          = "QCloudCOSXML 腾讯云iOS-SDK组件"
@@ -20,15 +20,15 @@ s.version              = "6.4.4"
   s.default_subspec = 'Default'
   s.subspec 'Default' do |default|
     default.source_files = 'QCloudCOSXML/Classes/**/*','QCloudCOSXML/Classes/QCloudCOSXML/*'
-  default.dependency "QCloudCore",'6.4.4'
+  default.dependency "QCloudCore",'6.4.5'
   end
   s.subspec 'Slim' do |slim|
     slim.source_files = 'QCloudCOSXML/Classes/**/*','QCloudCOSXML/Classes/QCloudCOSXML/*'
-  slim.dependency "QCloudCore/WithoutMTA",'6.4.4'
+  slim.dependency "QCloudCore/WithoutMTA",'6.4.5'
   end
   s.subspec 'Transfer' do |transfer|
     transfer.source_files = 'QCloudCOSXML/Classes/*','QCloudCOSXML/Classes/Transfer/**/*','QCloudCOSXML/Classes/Base/**/*'
-  transfer.dependency "QCloudCore/WithoutMTA",'6.4.4'
+  transfer.dependency "QCloudCore/WithoutMTA",'6.4.5'
 
   end
 

QCloudCOSXML/Classes/Base/QCloudCOSXMLEndPoint.m

@@ -78,6 +78,18 @@ - (NSURL *)serverURLWithBucket:(NSString *)bucket appID:(NSString *)appID region
     } else {
         regionNametmp = self.regionName;
     }
+    
+    if ([self.serviceName isEqualToString:@"myqcloud.com"]) {
+        NSParameterAssert(regionNametmp);
+        static NSString *regularExpression = @"[a-zA-Z0-9.-]*";
+        BOOL isLegal = [regionNametmp matchesRegularExpression:regularExpression];
+        NSAssert(isLegal, @"Region name contains illegal character! It can only contains a-z, A-Z, 0-9, '.' and '-' ");
+        if (!isLegal) {
+            QCloudLogDebug(@"Region %@ contains illeagal character, setter returns immediately", regionName);
+            return nil;
+        }
+    }
+    
     NSURL *serverURL;
 
     serverURL = [NSURL URLWithString:[NSString stringWithFormat:@"%@://%@.cos.%@.%@", scheme, formattedBucketName, regionNametmp, self.serviceName]];

QCloudCOSXML/Classes/CI/request/QCloudQRCodeRecognitionRequest.h

@@ -60,7 +60,7 @@ NS_ASSUME_NONNULL_BEGIN
 		// result：QCloudRecognitionQRcodeResponse 包含所有的响应；
 		// 具体查看代码注释或api文档：https://cloud.tencent.com/document/product/460/37513
 	}];
-	[[QCloudCOSXMLService defaultCOSXML] RecognitionQRcode:request];
+	[[QCloudCOSXMLService defaultCOSXML] CIQRCodeRecognition:request];
 
 
 */

QCloudCOSXML/Classes/Manager/QCloudCOSXMLService+Manager.h

@@ -51,6 +51,7 @@
 @class QCloudDeleteBucketTaggingRequest;
 
 @class QCloudPutBucketInventoryRequest;
+@class QCloudPostBucketInventoryRequest;
 @class QCloudGetBucketInventoryRequest;
 @class QCloudDeleteBucketInventoryRequest;
 @class QCloudListBucketInventoryConfigurationsRequest;
@@ -111,6 +112,7 @@ NS_ASSUME_NONNULL_BEGIN
 - (void)GetBucketWebsite:(QCloudGetBucketWebsiteRequest *)request;
 - (void)DeleteBucketWebsite:(QCloudDeleteBucketWebsiteRequest *)request;
 - (void)PutBucketInventory:(QCloudPutBucketInventoryRequest *)request;
+- (void)PostBucketInventory:(QCloudPostBucketInventoryRequest *)request;
 - (void)GetBucketInventory:(QCloudGetBucketInventoryRequest *)request;
 - (void)DeleteBucketInventory:(QCloudDeleteBucketInventoryRequest *)request;
 - (void)ListBucketInventory:(QCloudListBucketInventoryConfigurationsRequest *)request;

QCloudCOSXML/Classes/Manager/QCloudCOSXMLService+Manager.m

@@ -235,6 +235,10 @@ - (void)PutBucketInventory:(QCloudPutBucketInventoryRequest *)request {
     [super performRequest:request];
 }
 
+- (void)PostBucketInventory:(QCloudPostBucketInventoryRequest *)request {
+    [super performRequest:request];
+}
+
 - (void)GetBucketInventory:(QCloudGetBucketInventoryRequest *)request {
     [super performRequest:request];
 }

QCloudCOSXML/Classes/Manager/request/QCloudDeleteObjectRequest.m

@@ -43,6 +43,7 @@ - (instancetype)init {
     if (!self) {
         return nil;
     }
+    self.objectKeySimplifyCheck = YES;
     return self;
 }
 - (void)configureReuqestSerializer:(QCloudRequestSerializer *)requestSerializer responseSerializer:(QCloudResponseSerializer *)responseSerializer {
@@ -74,6 +75,17 @@ - (BOOL)buildRequestData:(NSError *__autoreleasing *)error {
             return NO;
         }
     }
+    
+    if (self.objectKeySimplifyCheck && [[self simplifyPath:self.object] isEqualToString:@"/"]) {
+        if (error != NULL) {
+            *error = [NSError
+                      qcloud_errorWithCode:QCloudNetworkErrorCodeParamterInvalid
+                      message:[NSString stringWithFormat:
+                               @"The Getobject Key is illegal"]];
+            return NO;
+        }
+    }
+    
     if (!self.bucket || ([self.bucket isKindOfClass:NSString.class] && ((NSString *)self.bucket).length == 0)) {
         if (error != NULL) {
             *error = [NSError

QCloudCOSXML/Classes/Manager/request/QCloudPostBucketInventoryRequest.h

@@ -0,0 +1,149 @@
+//
+//  QCloudPostBucketInventoryRequest.h
+//  QCloudPostBucketInventoryRequest
+//
+//  Created by tencent
+//  Copyright (c) 2015年 tencent. All rights reserved.
+//
+//   ██████╗  ██████╗██╗      ██████╗ ██╗   ██╗██████╗     ████████╗███████╗██████╗ ███╗   ███╗██╗███╗   ██╗ █████╗ ██╗         ██╗      █████╗
+//   ██████╗
+//  ██╔═══██╗██╔════╝██║     ██╔═══██╗██║   ██║██╔══██╗    ╚══██╔══╝██╔════╝██╔══██╗████╗ ████║██║████╗  ██║██╔══██╗██║         ██║ ██╔══██╗██╔══██╗
+//  ██║   ██║██║     ██║     ██║   ██║██║   ██║██║  ██║       ██║   █████╗  ██████╔╝██╔████╔██║██║██╔██╗ ██║███████║██║         ██║ ███████║██████╔╝
+//  ██║▄▄ ██║██║     ██║     ██║   ██║██║   ██║██║  ██║       ██║   ██╔══╝  ██╔══██╗██║╚██╔╝██║██║██║╚██╗██║██╔══██║██║         ██║ ██╔══██║██╔══██╗
+//  ╚██████╔╝╚██████╗███████╗╚██████╔╝╚██████╔╝██████╔╝       ██║   ███████╗██║  ██║██║ ╚═╝ ██║██║██║ ╚████║██║  ██║███████╗    ███████╗██║
+//  ██║██████╔╝
+//   ╚══▀▀═╝  ╚═════╝╚══════╝ ╚═════╝  ╚═════╝ ╚═════╝        ╚═╝   ╚══════╝╚═╝  ╚═╝╚═╝     ╚═╝╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚══════╝    ╚══════╝╚═╝ ╚═╝╚═════╝
+//
+//
+//                                                                              _             __                 _                _
+//                                                                             (_)           / _|               | |              | |
+//                                                          ___  ___ _ ____   ___  ___ ___  | |_ ___  _ __    __| | _____   _____| | ___  _ __   ___ _
+//                                                          __ ___
+//                                                         / __|/ _ \ '__\ \ / / |/ __/ _ \ |  _/ _ \| '__|  / _` |/ _ \ \ / / _ \ |/ _ \| '_ \ / _ \
+//                                                         '__/ __|
+//                                                         \__ \  __/ |   \ V /| | (_|  __/ | || (_) | |    | (_| |  __/\ V /  __/ | (_) | |_) |  __/
+//                                                         |  \__
+//                                                         |___/\___|_|    \_/ |_|\___\___| |_| \___/|_|     \__,_|\___| \_/ \___|_|\___/| .__/
+//                                                         \___|_|  |___/
+//    ______ ______ ______ ______ ______ ______ ______ ______                                                                            | |
+//   |______|______|______|______|______|______|______|______|                                                                           |_|
+//
+
+#import <Foundation/Foundation.h>
+#import <QCloudCore/QCloudCore.h>
+@class QCloudInventoryConfiguration;
+NS_ASSUME_NONNULL_BEGIN
+/**
+
+ 用于存储桶创建一个一次性清单任务
+
+ ### 功能说明
+
+ COS 支持在每个存储桶中创建最多1000条清单任务。
+
+ POST Bucket inventory 可以对一个存储桶创建一个一次性清单任务。区别于 PUT Bucket inventory，这个清单任务创建后将立即开始执行，每个任务只会执行一次，而不会周期性地重复执行。通过使用此功能，您能够更加灵活地获取到存储桶的对象清单，进而更精细化地管理对象。
+
+ 关于在存储桶中创建清单任务接口的具体描述，请查看 https://cloud.tencent.com/document/product/436/83382
+
+ ### 示例
+
+  @code
+
+    QCloudPostBucketInventoryRequest *putReq = [QCloudPostBucketInventoryRequest new];
+
+    // 存储桶名称，格式为 BucketName-APPID
+    putReq.bucket= @"examplebucket-1250000000";
+
+    // 清单任务的名称
+    putReq.inventoryID = @"list1";
+
+    // 用户在请求体中使用 XML 语言设置清单任务的具体配置信息。配置信息包括清单任务分析的对象，
+    // 分析的频次，分析的维度，分析结果的格式及存储的位置等信息。
+    QCloudInventoryConfiguration *config = [QCloudInventoryConfiguration new];
+
+    // 清单的名称，与请求参数中的 id 对应
+    config.identifier = @"list1";
+
+    // 清单是否启用的标识：
+    // 如果设置为 true，清单功能将生效
+    // 如果设置为 false，将不生成任何清单
+    config.isEnabled = @"True";
+
+    // 描述存放清单结果的信息
+    QCloudInventoryDestination *des = [QCloudInventoryDestination new];
+
+    QCloudInventoryBucketDestination *btDes =[QCloudInventoryBucketDestination new];
+
+    // 清单分析结果的文件形式，可选项为 CSV 格式
+    btDes.cs = @"CSV";
+
+    // 存储桶的所有者 ID
+    btDes.account = @"1278687956";
+
+    // 存储桶名称，格式为 BucketName-APPID
+    btDes.bucket  = @"qcs::cos:ap-guangzhou::examplebucket-1250000000";
+
+    // 清单分析结果的前缀
+    btDes.prefix = @"list1";
+
+    // COS 托管密钥的加密方式
+    QCloudInventoryEncryption *enc = [QCloudInventoryEncryption new];
+    enc.ssecos = @"";
+
+    // 为清单结果提供服务端加密的选项
+    btDes.encryption = enc;
+
+    // 清单结果导出后存放的存储桶信息
+    des.bucketDestination = btDes;
+
+    // 描述存放清单结果的信息
+    config.destination = des;
+
+    // 配置清单任务周期
+    QCloudInventorySchedule *sc = [QCloudInventorySchedule new];
+
+    // 清单任务周期，可选项为按日或者按周，枚举值：Daily、Weekly
+    sc.frequency = @"Daily";
+    config.schedule = sc;
+    QCloudInventoryFilter *fileter = [QCloudInventoryFilter new];
+    fileter.prefix = @"myPrefix";
+    config.filter = fileter;
+    config.includedObjectVersions = QCloudCOSIncludedObjectVersionsAll;
+    QCloudInventoryOptionalFields *fields = [QCloudInventoryOptionalFields new];
+
+    fields.field = @[ @"Size",
+                      @"LastModifiedDate",
+                      @"ETag",
+                      @"StorageClass",
+                      @"IsMultipartUploaded",
+                      @"ReplicationStatus"];
+
+    // 设置清单结果中应包含的分析项目
+    config.optionalFields = fields;
+    putReq.inventoryConfiguration = config;
+    [putReq setFinishBlock:^(id outputObject, NSError *error) {
+        // 可以从 outputObject 中获取 response 中 etag 或者自定义头部等信息
+        NSDictionary * result = (NSDictionary *)outputObject;
+
+    }];
+    [[QCloudCOSXMLService defaultCOSXML] PostBucketInventory:putReq];
+
+*/
+@interface QCloudPostBucketInventoryRequest : QCloudBizHTTPRequest
+/**
+说明日志记录配置的状态
+*/
+@property (strong, nonatomic) QCloudInventoryConfiguration *inventoryConfiguration;
+
+/**
+ 清单任务的名称。缺省值：None；合法字符：a-z，A-Z，0-9，-，_，.
+ */
+
+@property (strong, nonatomic) NSString *inventoryID;
+/**
+存储桶名
+*/
+@property (strong, nonatomic) NSString *bucket;
+
+@end
+NS_ASSUME_NONNULL_END

QCloudCOSXML/Classes/Manager/request/QCloudPostBucketInventoryRequest.m

@@ -0,0 +1,104 @@
+//
+//  QCloudPostBucketInventoryRequest.m
+//  QCloudPostBucketInventoryRequest
+//
+//  Created by tencent
+//  Copyright (c) 2015年 tencent. All rights reserved.
+//
+//   ██████╗  ██████╗██╗      ██████╗ ██╗   ██╗██████╗     ████████╗███████╗██████╗ ███╗   ███╗██╗███╗   ██╗ █████╗ ██╗         ██╗      █████╗
+//   ██████╗
+//  ██╔═══██╗██╔════╝██║     ██╔═══██╗██║   ██║██╔══██╗    ╚══██╔══╝██╔════╝██╔══██╗████╗ ████║██║████╗  ██║██╔══██╗██║         ██║ ██╔══██╗██╔══██╗
+//  ██║   ██║██║     ██║     ██║   ██║██║   ██║██║  ██║       ██║   █████╗  ██████╔╝██╔████╔██║██║██╔██╗ ██║███████║██║         ██║ ███████║██████╔╝
+//  ██║▄▄ ██║██║     ██║     ██║   ██║██║   ██║██║  ██║       ██║   ██╔══╝  ██╔══██╗██║╚██╔╝██║██║██║╚██╗██║██╔══██║██║         ██║ ██╔══██║██╔══██╗
+//  ╚██████╔╝╚██████╗███████╗╚██████╔╝╚██████╔╝██████╔╝       ██║   ███████╗██║  ██║██║ ╚═╝ ██║██║██║ ╚████║██║  ██║███████╗    ███████╗██║
+//  ██║██████╔╝
+//   ╚══▀▀═╝  ╚═════╝╚══════╝ ╚═════╝  ╚═════╝ ╚═════╝        ╚═╝   ╚══════╝╚═╝  ╚═╝╚═╝     ╚═╝╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚══════╝    ╚══════╝╚═╝ ╚═╝╚═════╝
+//
+//
+//                                                                              _             __                 _                _
+//                                                                             (_)           / _|               | |              | |
+//                                                          ___  ___ _ ____   ___  ___ ___  | |_ ___  _ __    __| | _____   _____| | ___  _ __   ___ _
+//                                                          __ ___
+//                                                         / __|/ _ \ '__\ \ / / |/ __/ _ \ |  _/ _ \| '__|  / _` |/ _ \ \ / / _ \ |/ _ \| '_ \ / _ \
+//                                                         '__/ __|
+//                                                         \__ \  __/ |   \ V /| | (_|  __/ | || (_) | |    | (_| |  __/\ V /  __/ | (_) | |_) |  __/
+//                                                         |  \__
+//                                                         |___/\___|_|    \_/ |_|\___\___| |_| \___/|_|     \__,_|\___| \_/ \___|_|\___/| .__/
+//                                                         \___|_|  |___/
+//    ______ ______ ______ ______ ______ ______ ______ ______                                                                            | |
+//   |______|______|______|______|______|______|______|______|                                                                           |_|
+//
+
+#import "QCloudPostBucketInventoryRequest.h"
+#import <QCloudCore/QCloudSignatureFields.h>
+#import <QCloudCore/QCloudCore.h>
+#import <QCloudCore/QCloudConfiguration_Private.h>
+#import "QCloudInventoryConfiguration.h"
+
+NS_ASSUME_NONNULL_BEGIN
+@implementation QCloudPostBucketInventoryRequest
+- (void)dealloc {
+}
+- (instancetype)init {
+    self = [super init];
+    if (!self) {
+        return nil;
+    }
+    return self;
+}
+- (void)configureReuqestSerializer:(QCloudRequestSerializer *)requestSerializer responseSerializer:(QCloudResponseSerializer *)responseSerializer {
+    NSArray *customRequestSerilizers = @[
+        QCloudURLFuseURIMethodASURLParamters,
+        QCloudURLFuseWithXMLParamters,
+    ];
+
+    NSArray *responseSerializers = @[
+        QCloudAcceptRespnseCodeBlock([NSSet setWithObjects:@(200), @(201), @(202), @(203), @(204), @(205), @(206), @(207), @(208), @(226), nil], nil),
+
+        QCloudResponseAppendHeadersSerializerBlock,
+    ];
+    [requestSerializer setSerializerBlocks:customRequestSerilizers];
+    [responseSerializer setSerializerBlocks:responseSerializers];
+
+    requestSerializer.HTTPMethod = @"post";
+}
+
+- (BOOL)buildRequestData:(NSError *__autoreleasing *)error {
+    if (![super buildRequestData:error]) {
+        return NO;
+    }
+    [self.requestData setParameter:[self.inventoryConfiguration qcloud_modelToJSONObject] withKey:@"InventoryConfiguration"];
+    if (!self.inventoryID || ([self.inventoryID isKindOfClass:NSString.class] && ((NSString *)self.inventoryID).length == 0)) {
+        if (error != NULL) {
+            *error = [NSError
+                qcloud_errorWithCode:QCloudNetworkErrorCodeParamterInvalid
+                             message:[NSString stringWithFormat:@"paramter[inventoryID] is invalid (nil), it must have some value. please check it"]];
+            return NO;
+        }
+    }
+    [self.requestData setQueryStringParamter:self.inventoryID withKey:@"id"];
+    if (!self.bucket || ([self.bucket isKindOfClass:NSString.class] && ((NSString *)self.bucket).length == 0)) {
+        if (error != NULL) {
+            *error = [NSError
+                qcloud_errorWithCode:QCloudNetworkErrorCodeParamterInvalid
+                             message:[NSString stringWithFormat:@"paramter[bucket] is invalid (nil), it must have some value. please check it"]];
+            return NO;
+        }
+    }
+    NSURL *__serverURL = [self.runOnService.configuration.endpoint serverURLWithBucket:self.bucket
+                                                                                 appID:self.runOnService.configuration.appID
+                                                                            regionName:self.regionName];
+    self.requestData.serverURL = __serverURL.absoluteString;
+    [self.requestData setValue:__serverURL.host forHTTPHeaderField:@"Host"];
+    self.requestData.URIMethod = @"inventory";
+    return YES;
+}
+
+- (QCloudSignatureFields *)signatureFields {
+    QCloudSignatureFields *fileds = [QCloudSignatureFields new];
+
+    return fileds;
+}
+
+@end
+NS_ASSUME_NONNULL_END

QCloudCOSXML/Classes/QCloudCOSXML/QCloudCOSXML.h

@@ -30,6 +30,7 @@
 #import "QCloudGetBucketTaggingRequest.h"
 #import "QCloudDeleteBucketTaggingRequest.h"
 #import "QCloudPutBucketInventoryRequest.h"
+#import "QCloudPostBucketInventoryRequest.h"
 #import "QCloudGetBucketInventoryRequest.h"
 #import "QCloudDeleteBucketInventoryRequest.h"
 #import "QCloudListBucketInventoryConfigurationsRequest.h"