localstack
diff --git a/‎localstack-core/localstack/services/s3/presigned_url.py
Lines changed: 7 additions & 1 deletion b/‎localstack-core/localstack/services/s3/presigned_url.py
Lines changed: 7 additions & 1 deletion
diff --git a/‎tests/aws/services/s3/test_s3.py
Lines changed: 45 additions & 19 deletions b/‎tests/aws/services/s3/test_s3.py
Lines changed: 45 additions & 19 deletions
diff --git a/‎tests/aws/services/s3/test_s3.snapshot.json
Lines changed: 11 additions & 3 deletions b/‎tests/aws/services/s3/test_s3.snapshot.json
Lines changed: 11 additions & 3 deletions
diff --git a/‎tests/aws/services/s3/test_s3.validation.json
Lines changed: 3 additions & 3 deletions b/‎tests/aws/services/s3/test_s3.validation.json
Lines changed: 3 additions & 3 deletions
@@ -790,8 +790,9 @@ def validate_post_policy(
     form_dict = {k.lower(): v for k, v in request_form.items()}
     for condition in conditions:
         if not _verify_condition(condition, form_dict, additional_policy_metadata):
+            str_condition = str(condition).replace("'", '"')
             raise AccessDenied(
-                f"Invalid according to Policy: Policy Condition failed: {condition}",
+                f"Invalid according to Policy: Policy Condition failed: {str_condition}",
                 HostId=FAKE_HOST_ID,
             )
 
@@ -829,6 +830,11 @@ def _verify_condition(condition: list | dict, form: dict, additional_policy_meta
 
         case ["content-length-range", start, end]:
             size = additional_policy_metadata.get("content_length", 0)
+            try:
+                start, end = int(start), int(end)
+            except ValueError:
+                return False
+
             if size < start:
                 raise EntityTooSmall(
                     "Your proposed upload is smaller than the minimum allowed size",
 
@@ -10140,13 +10140,6 @@ def post_generated_presigned_post_with_default_file(
             allow_redirects=False,
         )
 
-    @staticmethod
-    def parse_response_xml(content: bytes) -> dict:
-        if not is_aws_cloud():
-            # AWS use double quotes in error messages and LocalStack uses single. Try to unify before snapshotting
-            content = content.replace(b"'", b'"')
-        return xmltodict.parse(content)
-
     @markers.aws.validated
     @pytest.mark.xfail(
         reason="failing sporadically with new HTTP gateway (only in CI)",
@@ -10763,8 +10756,7 @@ def test_post_object_policy_conditions_validation_eq(self, s3_bucket, aws_client
 
         # assert that it's rejected
         assert response.status_code == 403
-        resp_content = self.parse_response_xml(response.content)
-        snapshot.match("invalid-condition-eq", resp_content)
+        snapshot.match("invalid-condition-eq", xmltodict.parse(response.content))
 
         # PostObject with a wrong condition (missing $ prefix)
         presigned_request = aws_client.s3.generate_presigned_post(
@@ -10781,8 +10773,7 @@ def test_post_object_policy_conditions_validation_eq(self, s3_bucket, aws_client
 
         # assert that it's rejected
         assert response.status_code == 403
-        resp_content = self.parse_response_xml(response.content)
-        snapshot.match("invalid-condition-missing-prefix", resp_content)
+        snapshot.match("invalid-condition-missing-prefix", xmltodict.parse(response.content))
 
         # PostObject with a wrong condition (multiple condition in one dict)
         presigned_request = aws_client.s3.generate_presigned_post(
@@ -10799,8 +10790,7 @@ def test_post_object_policy_conditions_validation_eq(self, s3_bucket, aws_client
 
         # assert that it's rejected
         assert response.status_code == 400
-        resp_content = self.parse_response_xml(response.content)
-        snapshot.match("invalid-condition-wrong-condition", resp_content)
+        snapshot.match("invalid-condition-wrong-condition", xmltodict.parse(response.content))
 
         # PostObject with a wrong condition value casing
         presigned_request = aws_client.s3.generate_presigned_post(
@@ -10815,8 +10805,7 @@ def test_post_object_policy_conditions_validation_eq(self, s3_bucket, aws_client
         response = self.post_generated_presigned_post_with_default_file(presigned_request)
         # assert that it's rejected
         assert response.status_code == 403
-        resp_content = self.parse_response_xml(response.content)
-        snapshot.match("invalid-condition-wrong-value-casing", resp_content)
+        snapshot.match("invalid-condition-wrong-value-casing", xmltodict.parse(response.content))
 
         object_expires = rfc_1123_datetime(
             datetime.datetime.now(ZoneInfo("GMT")) + datetime.timedelta(minutes=10)
@@ -10948,17 +10937,15 @@ def test_post_object_policy_conditions_validation_starts_with(
 
         # assert that it's rejected
         assert response.status_code == 403
-        resp_content = self.parse_response_xml(response.content)
-        snapshot.match("invalid-condition-starts-with", resp_content)
+        snapshot.match("invalid-condition-starts-with", xmltodict.parse(response.content))
 
         # PostObject with a right redirect location start but wrong casing
         presigned_request["fields"]["success_action_redirect"] = "HTTP://localhost.test/random"
         response = self.post_generated_presigned_post_with_default_file(presigned_request)
 
         # assert that it's rejected
         assert response.status_code == 403
-        resp_content = self.parse_response_xml(response.content)
-        snapshot.match("invalid-condition-starts-with-casing", resp_content)
+        snapshot.match("invalid-condition-starts-with-casing", xmltodict.parse(response.content))
 
         # PostObject with a right redirect location start
         presigned_request["fields"]["success_action_redirect"] = redirect_location
@@ -11079,6 +11066,45 @@ def test_post_object_policy_validation_size(self, s3_bucket, aws_client, snapsho
         final_object = aws_client.s3.get_object(Bucket=s3_bucket, Key=object_key)
         snapshot.match("final-object", final_object)
 
+        # try with string values for the content length range
+        presigned_request = aws_client.s3.generate_presigned_post(
+            Bucket=s3_bucket,
+            Key=object_key,
+            ExpiresIn=60,
+            Conditions=[
+                {"bucket": s3_bucket},
+                ["content-length-range", "5", "10"],
+            ],
+        )
+        # PostObject with a body length of 10
+        response = requests.post(
+            presigned_request["url"],
+            data=presigned_request["fields"],
+            files={"file": "a" * 10},
+            verify=False,
+        )
+        assert response.status_code == 204
+
+        # try with string values that are not cast-able for the content length range
+        presigned_request = aws_client.
F438
s3.generate_presigned_post(
+            Bucket=s3_bucket,
+            Key=object_key,
+            ExpiresIn=60,
+            Conditions=[
+                {"bucket": s3_bucket},
+                ["content-length-range", "test", "10"],
+            ],
+        )
+        # PostObject with a body length of 10
+        response = requests.post(
+            presigned_request["url"],
+            data=presigned_request["fields"],
+            files={"file": "a" * 10},
+            verify=False,
+        )
+        assert response.status_code == 403
+        snapshot.match("invalid-content-length-wrong-type", xmltodict.parse(response.content))
+
     @pytest.mark.skipif(
         condition=TEST_S3_IMAGE or LEGACY_V2_S3_PROVIDER,
         reason="STS not enabled in S3 image / moto does not implement this",
 
@@ -11526,7 +11526,7 @@
     }
   },
   "tests/aws/services/s3/test_s3.py::TestS3PresignedPost::test_post_object_policy_validation_size": {
-    "recorded-date": "08-04-2024, 17:29:34",
+    "recorded-date": "24-05-2024, 11:43:48",
     "recorded-content": {
       "invalid-content-length-too-big": {
         "Error": {
@@ -11561,11 +11561,19 @@
           "HTTPHeaders": {},
           "HTTPStatusCode": 200
         }
+      },
+      "invalid-content-length-wrong-type": {
         "Error": {
+          "Code": "AccessDenied",
+          "HostId": "<host-id>",
+          "Message": "Invalid according to Policy: Policy Condition failed: [\"content-length-range\", \"test\", \"10\"]",
+          "RequestId": "<request-id:4>"
+        }
       }
     }
   },
   "tests/aws/services/s3/test_s3.py::TestS3PresignedPost::test_post_object_policy_conditions_validation_eq": {
-    "recorded-date": "21-05-2024, 16:51:17",
+    "recorded-date": "24-05-2024, 15:10:58",
     "recorded-content": {
       "invalid-condition-eq": {
         "Error": {
@@ -11633,7 +11641,7 @@
     }
   },
   "tests/aws/services/s3/test_s3.py::TestS3PresignedPost::test_post_object_policy_conditions_validation_starts_with": {
-    "recorded-date": "10-04-2024, 12:16:01",
+    "recorded-date": "24-05-2024, 15:11:14",
     "recorded-content": {
       "invalid-condition-starts-with": {
         "Error": {
 
@@ -522,13 +522,13 @@
     "last_validated_date": "2023-08-09T15:58:37+00:00"
   },
   "tests/aws/services/s3/test_s3.py::TestS3PresignedPost::test_post_object_policy_conditions_validation_eq": {
-    "last_validated_date": "2024-05-21T16:51:17+00:00"
+    "last_validated_date": "2024-05-24T15:10:58+00:00"
   },
   "tests/aws/services/s3/test_s3.py::TestS3PresignedPost::test_post_object_policy_conditions_validation_starts_with": {
-    "last_validated_date": "2024-04-10T12:16:01+00:00"
+    "last_validated_date": "2024-05-24T15:11:14+00:00"
   },
   "tests/aws/services/s3/test_s3.py::TestS3PresignedPost::test_post_object_policy_validation_size": {
-    "last_validated_date": "2024-04-08T17:29:34+00:00"
+    "last_validated_date": "2024-05-24T11:43:48+00:00"
   },
   "tests/aws/services/s3/test_s3.py::TestS3PresignedPost::test_post_object_with_file_as_string": {
     "last_validated_date": "2024-02-24T01:01:59+00:00"