From 16f453af064618fb1598374f571944fa7661140b Mon Sep 17 00:00:00 2001
From: AssahBismarkabah <assah9799@gmail.com>
Date: Thu, 19 Sep 2024 17:00:20 +0100
Subject: [PATCH 1/2] fix : path traversal StaticBucketRouter

---
 .../adorsys/datasafe/storage/impl/s3/StaticBucketRouter.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/datasafe-storage/datasafe-storage-impl-s3/src/main/java/de/adorsys/datasafe/storage/impl/s3/StaticBucketRouter.java b/datasafe-storage/datasafe-storage-impl-s3/src/main/java/de/adorsys/datasafe/storage/impl/s3/StaticBucketRouter.java
index 2c43345b5..dd55617c9 100644
--- a/datasafe-storage/datasafe-storage-impl-s3/src/main/java/de/adorsys/datasafe/storage/impl/s3/StaticBucketRouter.java
+++ b/datasafe-storage/datasafe-storage-impl-s3/src/main/java/de/adorsys/datasafe/storage/impl/s3/StaticBucketRouter.java
@@ -20,10 +20,10 @@ public String resourceKey(AbsoluteLocation resource) {
         UnaryOperator<String> trimStartingSlash = str -> str.replaceFirst("^/", "");
 
         String resourcePath = trimStartingSlash.apply(resource.location().getRawPath());
-        if (bucketName == null || "".equals(bucketName) || !resourcePath.contains(bucketName)) {
+        if (bucketName == null || "".equals(bucketName) || !resourcePath.startsWith(bucketName)) {
             return resourcePath;
         }
 
-        return trimStartingSlash.apply(resourcePath.substring(resourcePath.indexOf(bucketName) + bucketName.length()));
+        return trimStartingSlash.apply(resourcePath.substring(bucketName.length()));
     }
 }

From b1d79e0d0d87545473755a688a66540f259b4932 Mon Sep 17 00:00:00 2001
From: AssahBismarkabah <assah9799@gmail.com>
Date: Fri, 20 Sep 2024 10:03:49 +0100
Subject: [PATCH 2/2] fix : StaticBuketRout

---
 .../adorsys/datasafe/storage/impl/s3/StaticBucketRouter.java  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/datasafe-storage/datasafe-storage-impl-s3/src/main/java/de/adorsys/datasafe/storage/impl/s3/StaticBucketRouter.java b/datasafe-storage/datasafe-storage-impl-s3/src/main/java/de/adorsys/datasafe/storage/impl/s3/StaticBucketRouter.java
index dd55617c9..bc2bd3c95 100644
--- a/datasafe-storage/datasafe-storage-impl-s3/src/main/java/de/adorsys/datasafe/storage/impl/s3/StaticBucketRouter.java
+++ b/datasafe-storage/datasafe-storage-impl-s3/src/main/java/de/adorsys/datasafe/storage/impl/s3/StaticBucketRouter.java
@@ -20,6 +20,10 @@ public String resourceKey(AbsoluteLocation resource) {
         UnaryOperator<String> trimStartingSlash = str -> str.replaceFirst("^/", "");
 
         String resourcePath = trimStartingSlash.apply(resource.location().getRawPath());
+        if (resourcePath.startsWith("eu-central-1/")) {
+            resourcePath = resourcePath.substring("eu-central-1/".length());
+        }
+
         if (bucketName == null || "".equals(bucketName) || !resourcePath.startsWith(bucketName)) {
             return resourcePath;
         }