From c9b5a6cb947da6a2c9169e6300ab18ef8a3d8403 Mon Sep 17 00:00:00 2001
From: "renovate-sh-app[bot]"
 <219655108+renovate-sh-app[bot]@users.noreply.github.com>
Date: Sat, 9 May 2026 20:08:38 +0000
Subject: [PATCH] fix(deps): Update module github.com/baidubce/bce-sdk-go to
 v0.9.266

| datasource | package                        | from     | to       |
| ---------- | ------------------------------ | -------- | -------- |
| go         | github.com/baidubce/bce-sdk-go | v0.9.265 | v0.9.266 |


Signed-off-by: renovate-sh-app[bot] <219655108+renovate-sh-app[bot]@users.noreply.github.com>
---
 go.mod                                        |  2 +-
 go.sum                                        |  4 +--
 .../baidubce/bce-sdk-go/bce/config.go         |  2 +-
 .../bce-sdk-go/services/bos/api/model.go      | 10 +++++++
 .../bce-sdk-go/services/bos/api/object.go     | 27 ++++++++++-------
 .../bce-sdk-go/services/bos/api/util.go       | 29 +++++++++++++++++++
 vendor/modules.txt                            |  2 +-
 7 files changed, 61 insertions(+), 15 deletions(-)

diff --git a/go.mod b/go.mod
index 5893ac562db..ec968c0afa1 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	github.com/aws/aws-sdk-go-v2 v1.41.7
 	github.com/aws/aws-sdk-go-v2/config v1.32.17
 	github.com/aws/aws-sdk-go-v2/credentials v1.19.16
-	github.com/baidubce/bce-sdk-go v0.9.265
+	github.com/baidubce/bce-sdk-go v0.9.266
 	github.com/c2h5oh/datasize v0.0.0-20231215233829-aa82cc1e6500
 	github.com/cespare/xxhash/v2 v2.3.0
 	github.com/containerd/fifo v1.1.0
diff --git a/go.sum b/go.sum
index a5c51229330..7856f0596d8 100644
--- a/go.sum
+++ b/go.sum
@@ -202,8 +202,8 @@ github.com/aymanbagabas/go-udiff v0.4.1 h1:OEIrQ8maEeDBXQDoGCbbTTXYJMYRCRO1fnodZ
 github.com/aymanbagabas/go-udiff v0.4.1/go.mod h1:0L9PGwj20lrtmEMeyw4WKJ/TMyDtvAoK9bf2u/mNo3w=
 github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=
 github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg=
-github.com/baidubce/bce-sdk-go v0.9.265 h1:xZeLhmADeOmmV+Zlt+3TelazS0czBNXELYSPrbtU3zE=
-github.com/baidubce/bce-sdk-go v0.9.265/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFTbwh4eIsqjVdg=
+github.com/baidubce/bce-sdk-go v0.9.266 h1:MDWm/S4TNRZRH8Mo5J0t4gq34G3y2+WcbG0KCGLEpek=
+github.com/baidubce/bce-sdk-go v0.9.266/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFTbwh4eIsqjVdg=
 github.com/basgys/goxml2json v1.1.1-0.20231018121955-e66ee54ceaad h1:3swAvbzgfaI6nKuDDU7BiKfZRdF+h2ZwKgMHd8Ha4t8=
 github.com/basgys/goxml2json v1.1.1-0.20231018121955-e66ee54ceaad/go.mod h1:9+nBLYNWkvPcq9ep0owWUsPTLgL9ZXTsZWcCSVGGLJ0=
 github.com/bboreham/go-loser v0.0.0-20230920113527-fcc2c21820a3 h1:6df1vn4bBlDDo4tARvBm7l6KA9iVMnE3NWizDeWSrps=
diff --git a/vendor/github.com/baidubce/bce-sdk-go/bce/config.go b/vendor/github.com/baidubce/bce-sdk-go/bce/config.go
index b3370dc2cc4..fb65c5e45b4 100644
--- a/vendor/github.com/baidubce/bce-sdk-go/bce/config.go
+++ b/vendor/github.com/baidubce/bce-sdk-go/bce/config.go
@@ -28,7 +28,7 @@ import (
 
 // Constants and default values for the package bce
 const (
-	SDK_VERSION                          = "0.9.265"
+	SDK_VERSION                          = "0.9.266"
 	URI_PREFIX                           = "/" // now support uri without prefix "v1" so just set root path
 	DEFAULT_DOMAIN                       = "baidubce.com"
 	DEFAULT_PROTOCOL                     = "http"
diff --git a/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/model.go b/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/model.go
index a6fe1abe1d8..ab0182e2d61 100644
--- a/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/model.go
+++ b/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/model.go
@@ -865,6 +865,16 @@ type ObjectTag struct {
 	Value string `json:"value"`
 }
 
+type TagSet struct {
+	TagInfo map[string]interface{} `json:"tagInfo,omitempty"`
+}
+
+type GetObjectTagResult struct {
+	Code    string   `json:"code,omitempty"`
+	Message string   `json:"message,omitempty"`
+	TagSet  []TagSet `json:"tagSet,omitempty"`
+}
+
 type BosShareLinkArgs struct {
 	Bucket          string `json:"bucket"`
 	Endpoint        string `json:"endpoint"`
diff --git a/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/object.go b/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/object.go
index 41dae7d0a27..5ae2671249d 100644
--- a/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/object.go
+++ b/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/object.go
@@ -364,7 +364,7 @@ func CopyObject(cli bce.Client, bucket, object, source string, args *CopyObjectA
 	if len(source) == 0 {
 		return nil, bce.NewBceClientError("copy source should not be null")
 	}
-	if len(args.SrcVersionId) > 0 {
+	if args != nil && len(args.SrcVersionId) > 0 {
 		source = source + "?versionId=" + args.SrcVersionId
 	}
 	req.SetHeader(http.BCE_COPY_SOURCE, util.UriEncode(source, false))
@@ -988,13 +988,13 @@ func GeneratePresignedUrlInternal(conf *bce.BceClientConfiguration, signer auth.
 	if len(method) == 0 {
 		method = http.GET
 	}
-	objectTrimSlash := strings.Trim(object, "/")
-	if method == http.GET && objectTrimSlash == "" {
-		log.Warnf("objectKey is empty, cannot generate presigned url.")
+	if bucket != "" && !isValidBucketName(bucket) {
+		log.Warnf("invalid bucket name: %s", bucket)
 		return ""
 	}
-	if !path_style && method == http.GET && objectTrimSlash == "v1" {
-		log.Warnf("objectKey '%s' is invalid, cannot generate presigned url.", object)
+	err := validateObjectKey(object)
+	if method == http.GET && err != nil {
+		fmt.Printf("cannot generate presigned url: %v", err)
 		return ""
 	}
 	req.SetMethod(method)
@@ -1391,11 +1391,18 @@ func GetObjectTag(cli bce.Client, bucket, object string, ctx *BosContext,
 		return nil, err
 	}
 
-	result, err := ParseObjectTagResult(bodyBytes)
-	if err != nil {
-		return nil, err
+	result := &GetObjectTagResult{}
+	if len(bodyBytes) > 0 {
+		err := json.Unmarshal(bodyBytes, result)
+		if err != nil {
+			return nil, err
+		}
 	}
-	return result, nil
+	if len(result.TagSet) == 0 {
+		return map[string]interface{}{}, nil
+	}
+
+	return result.TagSet[0].TagInfo, err
 }
 
 func DeleteObjectTag(cli bce.Client, bucket, object string, ctx *BosContext, options ...Option) error {
diff --git a/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/util.go b/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/util.go
index 138f31c9d49..c00b3d69b7e 100644
--- a/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/util.go
+++ b/vendor/github.com/baidubce/bce-sdk-go/services/bos/api/util.go
@@ -23,6 +23,8 @@ import (
 	"net"
 	net_http "net/http"
 	"net/url"
+	"path"
+	"regexp"
 	"strings"
 
 	"github.com/baidubce/bce-sdk-go/bce"
@@ -74,6 +76,7 @@ const (
 	INVENTORY_SCHEDULE_DAILY   = "ThreeDaily"
 	INVENTORY_SCHEDULE_WEEKLY  = "Weekly"
 	INVENTORY_SCHEDULE_MONTHLY = "Monthly"
+	INVENTORY_SCHEDULE_ONCE    = "Once"
 
 	INVENTORY_FILE_FORMAT_CSV = "CSV"
 
@@ -353,6 +356,9 @@ func SendRequest(cli bce.Client, req *BosRequest, resp *BosResponse, ctx *BosCon
 		need_retry bool
 	)
 	setUriAndEndpoint(cli, req, ctx, cli.GetBceClientConfig().Endpoint)
+	if req.Bucket() != "" && !isValidBucketName(req.Bucket()) {
+		return bce.NewBceClientError(fmt.Sprintf("invalid bucket name: %s", req.Bucket()))
+	}
 	req.SetContext(ctx.Ctx)
 	var body *bce.TeeReadNopCloser
 	if req.Body() != nil {
@@ -614,5 +620,28 @@ func getObjectMetaOptions(result *ObjectMeta) []GetOption {
 		getHeader(http.BCE_TAGGING_COUNT, &result.objectTagCount),
 		getHeader(http.BCE_CONTENT_CRC64ECMA, &result.ContentCrc64ECMA),
 		getHeader(http.BCE_USER_METADATA_PREFIX, &result.UserMeta),
+		getHeader(http.BCE_RESTORE, &result.BceRestore),
+	}
+}
+
+func validateObjectKey(objectKey string) error {
+	// 1. 拒绝路径穿越特征（关键）
+	if strings.Contains(objectKey, "..") {
+		return fmt.Errorf("invalid object key: %s", objectKey)
+	}
+	// 2. 路径规范化
+	objectCleaned := path.Clean("/" + strings.Trim(objectKey, "/"))
+	// 3. 去除首尾斜杠
+	objectCleaned = strings.Trim(objectCleaned, "/")
+	// 4. 最终校验
+	if len(objectCleaned) == 0 || objectCleaned == "v1" {
+		return fmt.Errorf("invalid object key: %s", objectKey)
 	}
+	return nil
+}
+
+var bucketRe = regexp.MustCompile(`^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$`)
+
+func isValidBucketName(bucket string) bool {
+	return bucketRe.MatchString(bucket)
 }
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 7b43842a6f8..7eb6fd6493d 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -485,7 +485,7 @@ github.com/axiomhq/hyperloglog
 # github.com/bahlo/generic-list-go v0.2.0
 ## explicit; go 1.18
 github.com/bahlo/generic-list-go
-# github.com/baidubce/bce-sdk-go v0.9.265
+# github.com/baidubce/bce-sdk-go v0.9.266
 ## explicit; go 1.11
 github.com/baidubce/bce-sdk-go/auth
 github.com/baidubce/bce-sdk-go/bce