avoid leaks during zip download and multi-object downloads (#3481)

Author: harshavardhana

.github/workflows/jobs.yaml

@@ -22,7 +22,7 @@ jobs:
     runs-on: [ubuntu-latest]
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -64,7 +64,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -112,7 +112,7 @@ jobs:
     runs-on: [ubuntu-latest]
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
     steps:
       # To build minio image, we need to clone the repository first
       - name: Clone github.com/minio/minio
@@ -150,7 +150,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -189,7 +189,7 @@ jobs:
     timeout-minutes: 10
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -243,7 +243,7 @@ jobs:
     timeout-minutes: 10
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -296,7 +296,7 @@ jobs:
     timeout-minutes: 10
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -348,7 +348,7 @@ jobs:
     timeout-minutes: 10
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -400,7 +400,7 @@ jobs:
     timeout-minutes: 15
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -448,7 +448,7 @@ jobs:
     runs-on: [ubuntu-latest]
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -496,7 +496,7 @@ jobs:
     runs-on: [ubuntu-latest]
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -544,7 +544,7 @@ jobs:
     runs-on: [ubuntu-latest]
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -595,7 +595,7 @@ jobs:
     runs-on: [ubuntu-latest]
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -648,7 +648,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -683,7 +683,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -720,7 +720,7 @@ jobs:
 
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
 
     steps:
       - name: Check out code
@@ -817,7 +817,7 @@ jobs:
 
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
 
     steps:
       - name: Check out code
@@ -867,7 +867,7 @@ jobs:
           echo "replace github.com/minio/console => ../" >> go.mod
 
           echo "updates to go.mod needed; to update it: go mod tidy"
-          go mod tidy -compat=1.22
+          go mod tidy -compat=1.23
 
           echo "Get git version to build MinIO Image";
           VERSION=`git rev-parse HEAD`;
@@ -901,7 +901,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -956,7 +956,7 @@ jobs:
           echo "download golang x tools"
           go mod download golang.org/x/tools
           echo "go mod tidy compat mode"
-          go mod tidy -compat=1.22
+          go mod tidy -compat=1.23
           echo "go build gocoverage.go"
           go build gocovmerge.go
           echo "put together the outs for final coverage resolution"
@@ -1027,7 +1027,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -1069,7 +1069,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -1109,7 +1109,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -1137,7 +1137,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -1164,7 +1164,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -1192,7 +1192,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code
@@ -1220,7 +1220,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        go-version: [1.22.x]
+        go-version: [1.23.x]
         os: [ubuntu-latest]
     steps:
       - name: Check out code

.github/workflows/vulncheck.yaml

@@ -19,7 +19,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22
+          go-version: 1.23.3
           check-latest: true
       - name: Get official govulncheck
         run: go install golang.org/x/vuln/cmd/govulncheck@latest
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [ 1.22 ]
+        go-version: [ 1.23.x ]
         os: [ ubuntu-latest ]
     steps:
       - name: Check out code

README.md

@@ -25,21 +25,7 @@ A graphical user interface for [MinIO](https://github.com/minio/minio)
 
 <!-- markdown-toc end -->
 
-## Install
-
 MinIO Console is a library that provides a management and browser UI overlay for the MinIO Server.
-The standalone binary installation path has been removed.
-
-In case a Console standalone binary is needed, it can be generated by building this package from source as follows:
-
-### Build from source
-
-> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
-> Minimum version required is go1.22
-
-```
-go install github.com/minio/console/cmd/console@latest
-```
 
 ## Setup
 

api/user_objects.go

@@ -550,10 +550,13 @@ func getDownloadFolderResponse(session *models.Principal, params objectApi.Downl
 				Modified: modified,
 			})
 			if err != nil {
+				object.Close()
 				// Ignore errors, move to next
 				continue
 			}
+
 			_, err = io.Copy(f, object)
+			object.Close()
 			if err != nil {
 				// We have a partial object, report error.
 				pw.CloseWithError(err)
@@ -650,14 +653,17 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
 						// Ignore errors, move to next
 						continue
 					}
-					modified, _ := time.Parse(time.RFC3339, obj.LastModified)
 
+					modified, _ := time.Parse(time.RFC3339, obj.LastModified)
 					f, err := addToZip(name, modified)
 					if err != nil {
+						object.Close()
 						// Ignore errors, move to next
 						continue
 					}
+
 					_, err = io.Copy(f, object)
+					object.Close()
 					if err != nil {
 						// We have a partial object, report error.
 						pw.CloseWithError(err)
@@ -666,13 +672,14 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
 				}
 
 			} else {
-				// add selected individual object
-				objectData, err := mClient.StatObject(ctx, params.BucketName, dObj, minio.StatObjectOptions{})
+				object, err := mClient.GetObject(ctx, params.BucketName, dObj, minio.GetObjectOptions{})
 				if err != nil {
 					// Ignore errors, move to next
 					continue
 				}
-				object, err := mClient.GetObject(ctx, params.BucketName, dObj, minio.GetObjectOptions{})
+
+				// add selected individual object
+				objectData, err := object.Stat()
 				if err != nil {
 					// Ignore errors, move to next
 					continue
@@ -683,10 +690,13 @@ func getMultipleFilesDownloadResponse(session *models.Principal, params objectAp
 				objectName := prefixes[len(prefixes)-1]
 				f, err := addToZip(objectName, objectData.LastModified)
 				if err != nil {
+					object.Close()
 					// Ignore errors, move to next
 					continue
 				}
+
 				_, err = io.Copy(f, object)
+				object.Close()
 				if err != nil {
 					// We have a partial object, report error.
 					pw.CloseWithError(err)

go.mod

@@ -1,6 +1,6 @@
 module github.com/minio/console
 
-go 1.22
+go 1.23
 
 require (
 	github.com/blang/semver/v4 v4.0.0
@@ -24,6 +24,7 @@ require (
 	github.com/minio/madmin-go/v3 v3.0.68
 	github.com/minio/mc v0.0.0-20240815155011-479171e7be9c
 	github.com/minio/minio-go/v7 v7.0.81-0.20241125171916-a563333c01ef
+	github.com/minio/pkg/v3 v3.0.22
 	github.com/minio/selfupdate v0.6.0
 	github.com/minio/websocket v1.6.0
 	github.com/mitchellh/go-homedir v1.1.0
@@ -35,14 +36,13 @@ require (
 	golang.org/x/crypto v0.28.0
 	golang.org/x/net v0.30.0
 	golang.org/x/oauth2 v0.22.0
+
 	// Added to include security fix for
 	// https://github.com/golang/go/issues/56152
 	golang.org/x/text v0.19.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 
-require github.com/minio/pkg/v3 v3.0.22
-
 require (
 	aead.dev/mem v0.2.0 // indirect
 	aead.dev/minisign v0.3.0 // indirect