add params check

Author: jojoliang

auth.go

@@ -242,7 +242,7 @@ func genFormatHeaders(headers http.Header) (formatHeaders string, signedHeaderLi
 	hs := valuesSignMap{}
 	for key, values := range headers {
 		if isSignHeader(strings.ToLower(key)) {
-		    for _, value := range values {
+			for _, value := range values {
 				hs.Add(key, value)
 				signedHeaderList = append(signedHeaderList, strings.ToLower(safeURLEncode(key)))
 			}
@@ -308,6 +308,13 @@ func (t *AuthorizationTransport) RoundTrip(req *http.Request) (*http.Response, e
 	req = cloneRequest(req) // per RoundTrip contract
 
 	ak, sk, token := t.GetCredential()
+	if strings.HasPrefix(ak, " ") || strings.HasSuffix(ak, " ") {
+		return nil, fmt.Errorf("SecretID is invalid")
+	}
+	if strings.HasPrefix(sk, " ") || strings.HasSuffix(sk, " ") {
+		return nil, fmt.Errorf("SecretKey is invalid")
+	}
+
 	// 增加 Authorization header
 	authTime := NewAuthTime(defaultAuthExpire)
 	AddAuthorizationHeader(ak, sk, token, req, authTime)

cos.go

@@ -54,12 +54,18 @@ type BaseURL struct {
 //   bucketName: bucket名称, bucket的命名规则为{name}-{appid} ，此处填写的存储桶名称必须为此格式
 //   Region: 区域代码: ap-beijing-1,ap-beijing,ap-shanghai,ap-guangzhou...
 //   secure: 是否使用 https
-func NewBucketURL(bucketName, region string, secure bool) *url.URL {
+func NewBucketURL(bucketName, region string, secure bool) (*url.URL, error) {
 	schema := "https"
 	if !secure {
 		schema = "http"
 	}
 
+	if region == "" {
+		return nil, fmt.Errorf("region[%v] is invalid", region)
+	}
+	if bucketName == "" || !strings.ContainsAny(bucketName, "-") {
+		return nil, fmt.Errorf("bucketName[%v] is invalid", bucketName)
+	}
 	w := bytes.NewBuffer(nil)
 	bucketURLTemplate.Execute(w, struct {
 		Schema     string
@@ -70,7 +76,7 @@ func NewBucketURL(bucketName, region string, secure bool) *url.URL {
 	})
 
 	u, _ := url.Parse(w.String())
-	return u
+	return u, nil
 }
 
 type RetryOptions struct {