fix(deps): update module github.com/aliyun/aliyun-oss-go-sdk to v3 (#14976)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Paul Rogers <paul.rogers@grafana.com>

go.mod

@@ -17,7 +17,7 @@ require (
 	github.com/NYTimes/gziphandler v1.1.1
 	github.com/Workiva/go-datastructures v1.1.5
 	github.com/alicebob/miniredis/v2 v2.33.0
-	github.com/aliyun/aliyun-oss-go-sdk v2.2.10+incompatible
+	github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible
 	github.com/aws/aws-sdk-go v1.55.5
 	github.com/baidubce/bce-sdk-go v0.9.200
 	github.com/bmatcuk/doublestar v1.3.4

go.sum

@@ -931,8 +931,8 @@ github.com/alicebob/miniredis/v2 v2.33.0 h1:uvTF0EDeu9RLnUEG27Db5I68ESoIxTiXbNUi
 github.com/alicebob/miniredis/v2 v2.33.0/go.mod h1:MhP4a3EU7aENRi9aO+tHfTBZicLqQevyi/DJpoj6mi0=
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.146/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs=
 github.com/aliyun/alibaba-cloud-sdk-go v1.62.156/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs=
-github.com/aliyun/aliyun-oss-go-sdk v2.2.10+incompatible h1:ROMcuN61gI8SfQ+AEMh4d7GZ3gwTZLIhPjtd05TQCG4=
-github.com/aliyun/aliyun-oss-go-sdk v2.2.10+incompatible/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
+github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible h1:8psS8a+wKfiLt1iVDX79F7Y6wUM49Lcha2FMXt4UM8g=
+github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
 github.com/amir/raidman v0.0.0-20170415203553-1ccc43bfb9c9/go.mod h1:eliMa/PW+RDr2QLWRmLH1R1ZA4RInpmvOzDDXtaIZkc=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=

vendor/github.com/aliyun/aliyun-oss-go-sdk/oss/auth.go

@@ -72,8 +72,8 @@ func (conn Conn) getAdditionalHeaderKeysV4(req *http.Request) ([]string, map[str
 }
 
 // signHeader signs the header and sets it as the authorization header.
-func (conn Conn) signHeader(req *http.Request, canonicalizedResource string) {
-	akIf := conn.config.GetCredentials()
+func (conn Conn) signHeader(req *http.Request, canonicalizedResource string, credentials Credentials) {
+	akIf := credentials
 	authorizationStr := ""
 	if conn.config.AuthVersion == AuthV4 {
 		strDay := ""
@@ -83,10 +83,9 @@ func (conn Conn) signHeader(req *http.Request, canonicalizedResource string) {
 			t, _ := time.Parse(http.TimeFormat, strDate)
 			strDay = t.Format("20060102")
 		} else {
-			t, _ := time.Parse(iso8601DateFormatSecond, strDate)
+			t, _ := time.Parse(timeFormatV4, strDate)
 			strDay = t.Format("20060102")
 		}
-
 		signHeaderProduct := conn.config.GetSignProduct()
 		signHeaderRegion := conn.config.GetSignRegion()
 
@@ -94,10 +93,10 @@ func (conn Conn) signHeader(req *http.Request, canonicalizedResource string) {
 		if len(additionalList) > 0 {
 			authorizationFmt := "OSS4-HMAC-SHA256 Credential=%v/%v/%v/" + signHeaderProduct + "/aliyun_v4_request,AdditionalHeaders=%v,Signature=%v"
 			additionnalHeadersStr := strings.Join(additionalList, ";")
-			authorizationStr = fmt.Sprintf(authorizationFmt, akIf.GetAccessKeyID(), strDay, signHeaderRegion, additionnalHeadersStr, conn.getSignedStrV4(req, canonicalizedResource, akIf.GetAccessKeySecret()))
+			authorizationStr = fmt.Sprintf(authorizationFmt, akIf.GetAccessKeyID(), strDay, signHeaderRegion, additionnalHeadersStr, conn.getSignedStrV4(req, canonicalizedResource, akIf.GetAccessKeySecret(), nil))
 		} else {
 			authorizationFmt := "OSS4-HMAC-SHA256 Credential=%v/%v/%v/" + signHeaderProduct + "/aliyun_v4_request,Signature=%v"
-			authorizationStr = fmt.Sprintf(authorizationFmt, akIf.GetAccessKeyID(), strDay, signHeaderRegion, conn.getSignedStrV4(req, canonicalizedResource, akIf.GetAccessKeySecret()))
+			authorizationStr = fmt.Sprintf(authorizationFmt, akIf.GetAccessKeyID(), strDay, signHeaderRegion, conn.getSignedStrV4(req, canonicalizedResource, akIf.GetAccessKeySecret(), nil))
 		}
 	} else if conn.config.AuthVersion == AuthV2 {
 		additionalList, _ := conn.getAdditionalHeaderKeys(req)
@@ -168,49 +167,44 @@ func (conn Conn) getSignedStr(req *http.Request, canonicalizedResource string, k
 	return signedStr
 }
 
-func (conn Conn) getSignedStrV4(req *http.Request, canonicalizedResource string, keySecret string) string {
+func (conn Conn) getSignedStrV4(req *http.Request, canonicalizedResource string, keySecret string, signingTime *time.Time) string {
 	// Find out the "x-oss-"'s address in header of the request
 	ossHeadersMap := make(map[string]string)
 	additionalList, additionalMap := conn.getAdditionalHeaderKeysV4(req)
 	for k, v := range req.Header {
-		if strings.HasPrefix(strings.ToLower(k), "x-oss-") {
-			ossHeadersMap[strings.ToLower(k)] = strings.Trim(v[0], " ")
+		lowKey := strings.ToLower(k)
+		if strings.EqualFold(lowKey, HTTPHeaderContentMD5) ||
+			strings.EqualFold(lowKey, HTTPHeaderContentType) ||
+			strings.HasPrefix(lowKey, "x-oss-") {
+			ossHeadersMap[lowKey] = strings.Trim(v[0], " ")
 		} else {
-			if _, ok := additionalMap[strings.ToLower(k)]; ok {
-				ossHeadersMap[strings.ToLower(k)] = strings.Trim(v[0], " ")
+			if _, ok := additionalMap[lowKey]; ok {
+				ossHeadersMap[lowKey] = strings.Trim(v[0], " ")
 			}
 		}
 	}
 
-	// Required parameters
+	// get day,eg 20210914
+	//signingTime
 	signDate := ""
-	dateFormat := ""
-	date := req.Header.Get(HTTPHeaderDate)
-	if date != "" {
-		signDate = date
-		dateFormat = http.TimeFormat
-	}
-
-	ossDate := req.Header.Get(HttpHeaderOssDate)
-	_, ok := ossHeadersMap[strings.ToLower(HttpHeaderOssDate)]
-	if ossDate != "" {
-		signDate = ossDate
-		dateFormat = iso8601DateFormatSecond
-		if !ok {
-			ossHeadersMap[strings.ToLower(HttpHeaderOssDate)] = strings.Trim(ossDate, " ")
+	strDay := ""
+	if signingTime != nil {
+		signDate = signingTime.Format(timeFormatV4)
+		strDay = signingTime.Format(shortTimeFormatV4)
+	} else {
+		var t time.Time
+		// Required parameters
+		if date := req.Header.Get(HTTPHeaderDate); date != "" {
+			signDate = date
+			t, _ = time.Parse(http.TimeFormat, date)
 		}
-	}
 
-	contentType := req.Header.Get(HTTPHeaderContentType)
-	_, ok = ossHeadersMap[strings.ToLower(HTTPHeaderContentType)]
-	if contentType != "" && !ok {
-		ossHeadersMap[strings.ToLower(HTTPHeaderContentType)] = strings.Trim(contentType, " ")
-	}
+		if ossDate := req.Header.Get(HttpHeaderOssDate); ossDate != "" {
+			signDate = ossDate
+			t, _ = time.Parse(timeFormatV4, ossDate)
+		}
 
-	contentMd5 := req.Header.Get(HTTPHeaderContentMD5)
-	_, ok = ossHeadersMap[strings.ToLower(HTTPHeaderContentMD5)]
-	if contentMd5 != "" && !ok {
-		ossHeadersMap[strings.ToLower(HTTPHeaderContentMD5)] = strings.Trim(contentMd5, " ")
+		strDay = t.Format("20060102")
 	}
 
 	hs := newHeaderSorter(ossHeadersMap)
@@ -227,7 +221,10 @@ func (conn Conn) getSignedStrV4(req *http.Request, canonicalizedResource string,
 	signStr := ""
 
 	// v4 signature
-	hashedPayload := req.Header.Get(HttpHeaderOssContentSha256)
+	hashedPayload := DefaultContentSha256
+	if val := req.Header.Get(HttpHeaderOssContentSha256); val != "" {
+		hashedPayload = val
+	}
 
 	// subResource
 	resource := canonicalizedResource
@@ -245,13 +242,10 @@ func (conn Conn) getSignedStrV4(req *http.Request, canonicalizedResource string,
 	hashedRequest := hex.EncodeToString(rh.Sum(nil))
 
 	if conn.config.LogLevel >= Debug {
-		conn.config.WriteLog(Debug, "[Req:%p]signStr:%s\n", req, EscapeLFString(canonicalReuqest))
+		conn.config.WriteLog(Debug, "[Req:%p]CanonicalRequest:%s\n", req, EscapeLFString(canonicalReuqest))
 	}
 
-	// get day,eg 20210914
-	t, _ := time.Parse(dateFormat, signDate)
-	strDay := t.Format("20060102")
-
+	// Product & Region
 	signedStrV4Product := conn.config.GetSignProduct()
 	signedStrV4Region := conn.config.GetSignRegion()
 

vendor/github.com/aliyun/aliyun-oss-go-sdk/oss/bucket.go

@@ -892,7 +892,7 @@ func (bucket Bucket) RestoreObjectXML(objectKey, configXML string, options ...Op
 // string    returns the signed URL, when error is nil.
 // error    it's nil if no error, otherwise it's an error object.
 func (bucket Bucket) SignURL(objectKey string, method HTTPMethod, expiredInSec int64, options ...Option) (string, error) {
-	err := CheckObjectName(objectKey)
+	err := CheckObjectNameEx(objectKey, isVerifyObjectStrict(bucket.GetConfig()))
 	if err != nil {
 		return "", err
 	}
@@ -913,7 +913,7 @@ func (bucket Bucket) SignURL(objectKey string, method HTTPMethod, expiredInSec i
 		return "", err
 	}
 
-	return bucket.Client.Conn.signURL(method, bucket.BucketName, objectKey, expiration, params, headers), nil
+	return bucket.Client.Conn.signURL(method, bucket.BucketName, objectKey, expiration, params, headers)
 }
 
 // PutObjectWithURL uploads an object with the URL. If the object exists, it will be overwritten.

vendor/github.com/aliyun/aliyun-oss-go-sdk/oss/client.go

@@ -2908,6 +2908,13 @@ func Product(product string) ClientOption {
 	}
 }
 
+// VerifyObjectStrict  sets the flag of verifying object name strictly.
+func VerifyObjectStrict(enable bool) ClientOption {
+	return func(client *Client) {
+		client.Config.VerifyObjectStrict = enable
+	}
+}
+
 // Private
 func (client Client) do(method, bucketName string, params map[string]interface{},
 	headers map[string]string, data io.Reader, options ...Option) (*Response, error) {

vendor/github.com/aliyun/aliyun-oss-go-sdk/oss/conf.go

@@ -37,18 +37,23 @@ type HTTPMaxConns struct {
 	MaxConnsPerHost     int
 }
 
-// CredentialInf is interface for get AccessKeyID,AccessKeySecret,SecurityToken
+// Credentials is interface for get AccessKeyID,AccessKeySecret,SecurityToken
 type Credentials interface {
 	GetAccessKeyID() string
 	GetAccessKeySecret() string
 	GetSecurityToken() string
 }
 
-// CredentialInfBuild is interface for get CredentialInf
+// CredentialsProvider is interface for get Credential Info
 type CredentialsProvider interface {
 	GetCredentials() Credentials
 }
 
+type CredentialsProviderE interface {
+	CredentialsProvider
+	GetCredentialsE() (Credentials, error)
+}
+
 type defaultCredentials struct {
 	config *Config
 }
@@ -173,6 +178,7 @@ type Config struct {
 	Region              string              //  such as cn-hangzhou
 	CloudBoxId          string              //
 	Product             string              //  oss or oss-cloudbox, default is oss
+	VerifyObjectStrict  bool                //  a flag of verifying object name strictly. Default is enable.
 }
 
 // LimitUploadSpeed uploadSpeed:KB/s, 0 is unlimited,default is 0
@@ -289,5 +295,7 @@ func getDefaultOssConfig() *Config {
 
 	config.Product = "oss"
 
+	config.VerifyObjectStrict = true
+
 	return &config
 }

vendor/github.com/aliyun/aliyun-oss-go-sdk/oss/conn.go

@@ -53,6 +53,12 @@ var signKeyList = []string{"acl", "uploads", "location", "cors",
 	"metaQuery", "resourceGroup", "rtc", "x-oss-async-process", "responseHeader",
 }
 
+const (
+	timeFormatV4       = "20060102T150405Z"
+	shortTimeFormatV4  = "20060102"
+	signingAlgorithmV4 = "OSS4-HMAC-SHA256"
+)
+
 // init initializes Conn
 func (conn *Conn) init(config *Config, urlMaker *urlMaker, client *http.Client) error {
 	if client == nil {
@@ -338,7 +344,15 @@ func (conn Conn) doRequest(ctx context.Context, method string, uri *url.URL, can
 		req.Header.Set(HttpHeaderOssContentSha256, DefaultContentSha256)
 	}
 
-	akIf := conn.config.GetCredentials()
+	var akIf Credentials
+	if providerE, ok := conn.config.CredentialsProvider.(CredentialsProviderE); ok {
+		if akIf, err = providerE.GetCredentialsE(); err != nil {
+			return nil, err
+		}
+	} else {
+		akIf = conn.config.GetCredentials()
+	}
+
 	if akIf.GetSecurityToken() != "" {
 		req.Header.Set(HTTPHeaderOssSecurityToken, akIf.GetSecurityToken())
 	}
@@ -349,7 +363,7 @@ func (conn Conn) doRequest(ctx context.Context, method string, uri *url.URL, can
 		}
 	}
 
-	conn.signHeader(req, canonicalizedResource)
+	conn.signHeader(req, canonicalizedResource, akIf)
 
 	// Transfer started
 	event := newProgressEvent(TransferStartedEvent, 0, req.ContentLength, 0)
@@ -381,10 +395,15 @@ func (conn Conn) doRequest(ctx context.Context, method string, uri *url.URL, can
 	return conn.handleResponse(resp, crc)
 }
 
-func (conn Conn) signURL(method HTTPMethod, bucketName, objectName string, expiration int64, params map[string]interface{}, headers map[string]string) string {
-	akIf := conn.config.GetCredentials()
-	if akIf.GetSecurityToken() != "" {
-		params[HTTPParamSecurityToken] = akIf.GetSecurityToken()
+func (conn Conn) signURL(method HTTPMethod, bucketName, objectName string, expiration int64, params map[string]interface{}, headers map[string]string) (string, error) {
+	var akIf Credentials
+	var err error
+	if providerE, ok := conn.config.CredentialsProvider.(CredentialsProviderE); ok {
+		if akIf, err = providerE.GetCredentialsE(); err != nil {
+			return "", err
+		}
+	} else {
+		akIf = conn.config.GetCredentials()
 	}
 
 	m := strings.ToUpper(string(method))
@@ -399,38 +418,74 @@ func (conn Conn) signURL(method HTTPMethod, bucketName, objectName string, expir
 		req.Header.Set("Proxy-Authorization", basic)
 	}
 
-	req.Header.Set(HTTPHeaderDate, strconv.FormatInt(expiration, 10))
-	req.Header.Set(HTTPHeaderUserAgent, conn.config.UserAgent)
-
-	if headers != nil {
-		for k, v := range headers {
-			req.Header.Set(k, v)
+	if conn.config.AuthVersion == AuthV4 {
+		if akIf.GetSecurityToken() != "" {
+			params[HTTPParamOssSecurityToken] = akIf.GetSecurityToken()
 		}
-	}
 
-	if conn.config.AuthVersion == AuthV2 {
-		params[HTTPParamSignatureVersion] = "OSS2"
-		params[HTTPParamExpiresV2] = strconv.FormatInt(expiration, 10)
-		params[HTTPParamAccessKeyIDV2] = conn.config.AccessKeyID
+		if headers != nil {
+			for k, v := range headers {
+				req.Header.Set(k, v)
+			}
+		}
+
+		now := time.Now().UTC()
+		expires := expiration - now.Unix()
+		product := conn.config.GetSignProduct()
+		region := conn.config.GetSignRegion()
+		strDay := now.Format(shortTimeFormatV4)
 		additionalList, _ := conn.getAdditionalHeaderKeys(req)
+
+		params[HTTPParamSignatureVersion] = signingAlgorithmV4
+		params[HTTPParamCredential] = fmt.Sprintf("%s/%s/%s/%s/aliyun_v4_request", akIf.GetAccessKeyID(), strDay, region, product)
+		params[HTTPParamDate] = now.Format(timeFormatV4)
+		params[HTTPParamExpiresV2] = strconv.FormatInt(expires, 10)
 		if len(additionalList) > 0 {
 			params[HTTPParamAdditionalHeadersV2] = strings.Join(additionalList, ";")
 		}
+
+		subResource := conn.getSubResource(params)
+		canonicalizedResource := conn.getResourceV4(bucketName, objectName, subResource)
+		authorizationStr := conn.getSignedStrV4(req, canonicalizedResource, akIf.GetAccessKeySecret(), &now)
+		params[HTTPParamSignatureV2] = authorizationStr
+	} else {
+		if akIf.GetSecurityToken() != "" {
+			params[HTTPParamSecurityToken] = akIf.GetSecurityToken()
+		}
+
+		req.Header.Set(HTTPHeaderDate, strconv.FormatInt(expiration, 10))
+
+		if headers != nil {
+			for k, v := range headers {
+				req.Header.Set(k, v)
+			}
+		}
+
+		if conn.config.AuthVersion == AuthV2 {
+			params[HTTPParamSignatureVersion] = "OSS2"
+			params[HTTPParamExpiresV2] = strconv.FormatInt(expiration, 10)
+			params[HTTPParamAccessKeyIDV2] = conn.config.AccessKeyID
+			additionalList, _ := conn.getAdditionalHeaderKeys(req)
+			if len(additionalList) > 0 {
+				params[HTTPParamAdditionalHeadersV2] = strings.Join(additionalList, ";")
+			}
+		}
+
+		subResource := conn.getSubResource(params)
+		canonicalizedResource := conn.getResource(bucketName, objectName, subResource)
+		signedStr := conn.getSignedStr(req, canonicalizedResource, akIf.GetAccessKeySecret())
+
+		if conn.config.AuthVersion == AuthV1 {
+			params[HTTPParamExpires] = strconv.FormatInt(expiration, 10)
+			params[HTTPParamAccessKeyID] = akIf.GetAccessKeyID()
+			params[HTTPParamSignature] = signedStr
+		} else if conn.config.AuthVersion == AuthV2 {
+			params[HTTPParamSignatureV2] = signedStr
+		}
 	}
 
-	subResource := conn.getSubResource(params)
-	canonicalizedResource := conn.getResource(bucketName, objectName, subResource)
-	signedStr := conn.getSignedStr(req, canonicalizedResource, akIf.GetAccessKeySecret())
-
-	if conn.config.AuthVersion == AuthV1 {
-		params[HTTPParamExpires] = strconv.FormatInt(expiration, 10)
-		params[HTTPParamAccessKeyID] = akIf.GetAccessKeyID()
-		params[HTTPParamSignature] = signedStr
-	} else if conn.config.AuthVersion == AuthV2 {
-		params[HTTPParamSignatureV2] = signedStr
-	}
 	urlParams := conn.getURLParams(params)
-	return conn.url.getSignURL(bucketName, objectName, urlParams)
+	return conn.url.getSignURL(bucketName, objectName, urlParams), nil
 }
 
 func (conn Conn) signRtmpURL(bucketName, channelName, playlistName string, expiration int64) string {

vendor/github.com/aliyun/aliyun-oss-go-sdk/oss/const.go

@@ -227,6 +227,9 @@ const (
 	HTTPParamAccessKeyIDV2       = "x-oss-access-key-id"
 	HTTPParamSignatureV2         = "x-oss-signature"
 	HTTPParamAdditionalHeadersV2 = "x-oss-additional-headers"
+	HTTPParamCredential          = "x-oss-credential"
+	HTTPParamDate                = "x-oss-date"
+	HTTPParamOssSecurityToken    = "x-oss-security-token"
 )
 
 // Other constants
@@ -245,7 +248,7 @@ const (
 
 	DefaultContentSha256 = "UNSIGNED-PAYLOAD" // for v4 signature
 
-	Version = "v2.2.10" // Go SDK version
+	Version = "v3.0.2" // Go SDK version
 )
 
 // FrameType

vendor/github.com/aliyun/aliyun-oss-go-sdk/oss/utils.go

@@ -449,28 +449,83 @@ func CheckObjectName(objectName string) error {
 	return nil
 }
 
+func CheckObjectNameEx(objectName string, strict bool) error {
+	if err := CheckObjectName(objectName); err != nil {
+		return err
+	}
+
+	if strict && strings.HasPrefix(objectName, "?") {
+		return fmt.Errorf("object name is invalid, can't start with '?'")
+	}
+
+	return nil
+}
+
+/*
+	func GetReaderLen(reader io.Reader) (int64, error) {
+		var contentLength int64
+		var err error
+		switch v := reader.(type) {
+		case *bytes.Buffer:
+			contentLength = int64(v.Len())
+		case *bytes.Reader:
+			contentLength = int64(v.Len())
+		case *strings.Reader:
+			contentLength = int64(v.Len())
+		case *os.File:
+			fInfo, fError := v.Stat()
+			if fError != nil {
+				err = fmt.Errorf("can't get reader content length,%s", fError.Error())
+			} else {
+				contentLength = fInfo.Size()
+			}
+		case *io.LimitedReader:
+			contentLength = int64(v.N)
+		case *LimitedReadCloser:
+			contentLength = int64(v.N)
+		default:
+			err = fmt.Errorf("can't get reader content length,unkown reader type")
+		}
+		return contentLength, err
+	}
+*/
+
 func GetReaderLen(reader io.Reader) (int64, error) {
 	var contentLength int64
 	var err error
 	switch v := reader.(type) {
-	case *bytes.Buffer:
-		contentLength = int64(v.Len())
-	case *bytes.Reader:
-		contentLength = int64(v.Len())
-	case *strings.Reader:
-		contentLength = int64(v.Len())
-	case *os.File:
-		fInfo, fError := v.Stat()
-		if fError != nil {
-			err = fmt.Errorf("can't get reader content length,%s", fError.Error())
-		} else {
-			contentLength = fInfo.Size()
-		}
 	case *io.LimitedReader:
 		contentLength = int64(v.N)
 	case *LimitedReadCloser:
 		contentLength = int64(v.N)
 	default:
+		// Len
+		type lenner interface {
+			Len() int
+		}
+		if lr, ok := reader.(lenner); ok {
+			return int64(lr.Len()), nil
+		}
+		// seeker len
+		if s, ok := reader.(io.Seeker); ok {
+			curOffset, err := s.Seek(0, io.SeekCurrent)
+			if err != nil {
+				return 0, err
+			}
+			endOffset, err := s.Seek(0, io.SeekEnd)
+			if err != nil {
+				return 0, err
+			}
+			_, err = s.Seek(curOffset, io.SeekStart)
+			if err != nil {
+				return 0, err
+			}
+			n := endOffset - curOffset
+			if n >= 0 {
+				return n, nil
+			}
+		}
+		//
 		err = fmt.Errorf("can't get reader content length,unkown reader type")
 	}
 	return contentLength, err
@@ -607,3 +662,13 @@ func isInCharacterRange(r rune) (inrange bool) {
 		r >= 0xE000 && r <= 0xFFFD ||
 		r >= 0x10000 && r <= 0x10FFFF
 }
+
+func isVerifyObjectStrict(config *Config) bool {
+	if config != nil {
+		if config.AuthVersion == AuthV2 || config.AuthVersion == AuthV4 {
+			return false
+		}
+		return config.VerifyObjectStrict
+	}
+	return true
+}

vendor/modules.txt

@@ -347,7 +347,7 @@ github.com/alicebob/miniredis/v2/metro
 github.com/alicebob/miniredis/v2/proto
 github.com/alicebob/miniredis/v2/server
 github.com/alicebob/miniredis/v2/size
-# github.com/aliyun/aliyun-oss-go-sdk v2.2.10+incompatible
+# github.com/aliyun/aliyun-oss-go-sdk v3.0.2+incompatible
 ## explicit
 github.com/aliyun/aliyun-oss-go-sdk/oss
 # github.com/armon/go-metrics v0.4.1