Merge pull request #594 from coreos-inc/python-registry-v2-namecheck
Add repo name check to V2
This commit is contained in:
josephschorr
commit
1ca8b02637
3 changed files with 17 additions and 4 deletions
|
|
@ -17,10 +17,9 @@ from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermissi
|
|||
CreateRepositoryPermission)
|
||||
from endpoints.v2 import v2_bp
|
||||
from util.cache import no_cache
|
||||
from util.names import parse_namespace_repository
|
||||
from util.names import parse_namespace_repository, REPOSITORY_NAME_REGEX
|
||||
from endpoints.decorators import anon_protect
|
||||
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
|
|
@ -73,6 +72,11 @@ def generate_registry_jwt():
|
|||
actions = match.group(2).split(',')
|
||||
|
||||
namespace, reponame = parse_namespace_repository(namespace_and_repo)
|
||||
|
||||
# Ensure that we are never creating an invalid repository.
|
||||
if not REPOSITORY_NAME_REGEX.match(reponame):
|
||||
abort(400)
|
||||
|
||||
if 'pull' in actions and 'push' in actions:
|
||||
if user is None:
|
||||
abort(401)
|
||||
|
|
|
|||
|
|
@ -377,14 +377,18 @@ class V2RegistryMixin(BaseRegistryMixin):
|
|||
|
||||
class V2RegistryPushMixin(V2RegistryMixin):
|
||||
def do_push(self, namespace, repository, username, password, images=None, tag_name=None,
|
||||
cancel=False, invalid=False, expected_manifest_code=202):
|
||||
cancel=False, invalid=False, expected_manifest_code=202, expected_auth_code=200):
|
||||
images = images or self._get_default_images()
|
||||
|
||||
# Ping!
|
||||
self.v2_ping()
|
||||
|
||||
# Auth.
|
||||
self.do_auth(username, password, namespace, repository, scopes=['push', 'pull'])
|
||||
self.do_auth(username, password, namespace, repository, scopes=['push', 'pull'],
|
||||
expected_code=expected_auth_code)
|
||||
|
||||
if expected_auth_code != 200:
|
||||
return
|
||||
|
||||
# Build a fake manifest.
|
||||
tag_name = tag_name or 'latest'
|
||||
|
|
@ -816,6 +820,9 @@ class V2RegistryTests(V2RegistryPullMixin, V2RegistryPushMixin, RegistryTestsMix
|
|||
|
||||
self.do_push('devtable', 'newrepo', 'devtable', 'password', images=images)
|
||||
|
||||
def test_invalid_regname(self):
|
||||
self.do_push('devtable', 'this/is/a/repo', 'devtable', 'password', expected_auth_code=400)
|
||||
|
||||
def test_multiple_tags(self):
|
||||
latest_images = [
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,8 +1,10 @@
|
|||
import urllib
|
||||
import re
|
||||
|
||||
from functools import wraps
|
||||
from uuid import uuid4
|
||||
|
||||
REPOSITORY_NAME_REGEX = re.compile(r'^[\.a-zA-Z0-9_-]+$')
|
||||
|
||||
def parse_namespace_repository(repository, include_tag=False):
|
||||
parts = repository.rstrip('/').split('/', 1)
|
||||
|
|
|
|||
Reference in a new issue