This is an automated email from the ASF dual-hosted git repository.
ashishtiwari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 55b1dd2ac fix: timeout risk in usages of `lua-resty-aws` (#12070)
55b1dd2ac is described below
commit 55b1dd2ac409ff6bcd2321b319113f5dc59f5de2
Author: Shreemaan Abhishek <[email protected]>
AuthorDate: Thu Mar 20 11:29:57 2025 +0545
fix: timeout risk in usages of `lua-resty-aws` (#12070)
---
apisix/plugins/ai-aws-content-moderation.lua | 9 ++++++++-
apisix/secret/aws.lua | 7 ++++++-
t/plugin/ai-aws-content-moderation-secrets.t | 6 ++++++
t/plugin/ai-aws-content-moderation.t | 6 ++++++
t/plugin/ai-aws-content-moderation2.t | 6 ++++++
5 files changed, 32 insertions(+), 2 deletions(-)
diff --git a/apisix/plugins/ai-aws-content-moderation.lua
b/apisix/plugins/ai-aws-content-moderation.lua
index 85caf5520..d229b47b2 100644
--- a/apisix/plugins/ai-aws-content-moderation.lua
+++ b/apisix/plugins/ai-aws-content-moderation.lua
@@ -14,8 +14,12 @@
-- See the License for the specific language governing permissions and
-- limitations under the License.
--
+require("resty.aws.config") -- to read env vars before initing aws module
+
local core = require("apisix.core")
-local aws_instance = require("resty.aws")()
+local aws = require("resty.aws")
+local aws_instance
+
local http = require("resty.http")
local fetch_secrets = require("apisix.secret").fetch_secrets
@@ -96,6 +100,9 @@ function _M.rewrite(conf, ctx)
local comprehend = conf.comprehend
+ if not aws_instance then
+ aws_instance = aws()
+ end
local credentials = aws_instance:Credentials({
accessKeyId = comprehend.access_key_id,
secretAccessKey = comprehend.secret_access_key,
diff --git a/apisix/secret/aws.lua b/apisix/secret/aws.lua
index e194fff08..af2e045ca 100644
--- a/apisix/secret/aws.lua
+++ b/apisix/secret/aws.lua
@@ -16,9 +16,12 @@
--
--- AWS Tools.
+require("resty.aws.config") -- to read env vars before initing aws module
+
local core = require("apisix.core")
local http = require("resty.http")
local aws = require("resty.aws")
+local aws_instance
local sub = core.string.sub
local find = core.string.find
@@ -51,7 +54,9 @@ local _M = {
}
local function make_request_to_aws(conf, key)
- local aws_instance = aws()
+ if not aws_instance then
+ aws_instance = aws()
+ end
local region = conf.region
diff --git a/t/plugin/ai-aws-content-moderation-secrets.t
b/t/plugin/ai-aws-content-moderation-secrets.t
index 6c531b243..a88171ac1 100644
--- a/t/plugin/ai-aws-content-moderation-secrets.t
+++ b/t/plugin/ai-aws-content-moderation-secrets.t
@@ -33,6 +33,12 @@ add_block_preprocessor(sub {
$block->set_value("request", "GET /t");
}
+ my $main_config = $block->main_config // <<_EOC_;
+ env AWS_REGION=us-east-1;
+_EOC_
+
+ $block->set_value("main_config", $main_config);
+
my $http_config = $block->http_config // <<_EOC_;
server {
listen 2668;
diff --git a/t/plugin/ai-aws-content-moderation.t
b/t/plugin/ai-aws-content-moderation.t
index 1fb3eed8f..7810dea55 100644
--- a/t/plugin/ai-aws-content-moderation.t
+++ b/t/plugin/ai-aws-content-moderation.t
@@ -30,6 +30,12 @@ add_block_preprocessor(sub {
$block->set_value("request", "GET /t");
}
+ my $main_config = $block->main_config // <<_EOC_;
+ env AWS_REGION=us-east-1;
+_EOC_
+
+ $block->set_value("main_config", $main_config);
+
my $http_config = $block->http_config // <<_EOC_;
server {
listen 2668;
diff --git a/t/plugin/ai-aws-content-moderation2.t
b/t/plugin/ai-aws-content-moderation2.t
index 93897017d..869fcf09d 100644
--- a/t/plugin/ai-aws-content-moderation2.t
+++ b/t/plugin/ai-aws-content-moderation2.t
@@ -26,6 +26,12 @@ no_root_location();
add_block_preprocessor(sub {
my ($block) = @_;
+ my $main_config = $block->main_config // <<_EOC_;
+ env AWS_REGION=us-east-1;
+_EOC_
+
+ $block->set_value("main_config", $main_config);
+
if (!defined $block->request) {
$block->set_value("request", "GET /t");
}
