Merge pull request #594 from coreos-inc/python-registry-v2-namecheck
Add repo name check to V2
This commit is contained in:
josephschorr
commit
1ca8b02637
3 changed files with 17 additions and 4 deletions
|
|
@ -17,10 +17,9 @@ from auth.permissions import (ModifyRepositoryPermission, ReadRepositoryPermissi
|
||||||
CreateRepositoryPermission)
|
CreateRepositoryPermission)
|
||||||
from endpoints.v2 import v2_bp
|
from endpoints.v2 import v2_bp
|
||||||
from util.cache import no_cache
|
from util.cache import no_cache
|
||||||
from util.names import parse_namespace_repository
|
from util.names import parse_namespace_repository, REPOSITORY_NAME_REGEX
|
||||||
from endpoints.decorators import anon_protect
|
from endpoints.decorators import anon_protect
|
||||||
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -73,6 +72,11 @@ def generate_registry_jwt():
|
||||||
actions = match.group(2).split(',')
|
actions = match.group(2).split(',')
|
||||||
|
|
||||||
namespace, reponame = parse_namespace_repository(namespace_and_repo)
|
namespace, reponame = parse_namespace_repository(namespace_and_repo)
|
||||||
|
|
||||||
|
# Ensure that we are never creating an invalid repository.
|
||||||
|
if not REPOSITORY_NAME_REGEX.match(reponame):
|
||||||
|
abort(400)
|
||||||
|
|
||||||
if 'pull' in actions and 'push' in actions:
|
if 'pull' in actions and 'push' in actions:
|
||||||
if user is None:
|
if user is None:
|
||||||
abort(401)
|
abort(401)
|
||||||
|
|
|
||||||
|
|
@ -377,14 +377,18 @@ class V2RegistryMixin(BaseRegistryMixin):
|
||||||
|
|
||||||
class V2RegistryPushMixin(V2RegistryMixin):
|
class V2RegistryPushMixin(V2RegistryMixin):
|
||||||
def do_push(self, namespace, repository, username, password, images=None, tag_name=None,
|
def do_push(self, namespace, repository, username, password, images=None, tag_name=None,
|
||||||
cancel=False, invalid=False, expected_manifest_code=202):
|
cancel=False, invalid=False, expected_manifest_code=202, expected_auth_code=200):
|
||||||
images = images or self._get_default_images()
|
images = images or self._get_default_images()
|
||||||
|
|
||||||
# Ping!
|
# Ping!
|
||||||
self.v2_ping()
|
self.v2_ping()
|
||||||
|
|
||||||
# Auth.
|
# Auth.
|
||||||
self.do_auth(username, password, namespace, repository, scopes=['push', 'pull'])
|
self.do_auth(username, password, namespace, repository, scopes=['push', 'pull'],
|
||||||
|
expected_code=expected_auth_code)
|
||||||
|
|
||||||
|
if expected_auth_code != 200:
|
||||||
|
return
|
||||||
|
|
||||||
# Build a fake manifest.
|
# Build a fake manifest.
|
||||||
tag_name = tag_name or 'latest'
|
tag_name = tag_name or 'latest'
|
||||||
|
|
@ -816,6 +820,9 @@ class V2RegistryTests(V2RegistryPullMixin, V2RegistryPushMixin, RegistryTestsMix
|
||||||
|
|
||||||
self.do_push('devtable', 'newrepo', 'devtable', 'password', images=images)
|
self.do_push('devtable', 'newrepo', 'devtable', 'password', images=images)
|
||||||
|
|
||||||
|
def test_invalid_regname(self):
|
||||||
|
self.do_push('devtable', 'this/is/a/repo', 'devtable', 'password', expected_auth_code=400)
|
||||||
|
|
||||||
def test_multiple_tags(self):
|
def test_multiple_tags(self):
|
||||||
latest_images = [
|
latest_images = [
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,10 @@
|
||||||
import urllib
|
import urllib
|
||||||
|
import re
|
||||||
|
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
from uuid import uuid4
|
from uuid import uuid4
|
||||||
|
|
||||||
|
REPOSITORY_NAME_REGEX = re.compile(r'^[\.a-zA-Z0-9_-]+$')
|
||||||
|
|
||||||
def parse_namespace_repository(repository, include_tag=False):
|
def parse_namespace_repository(repository, include_tag=False):
|
||||||
parts = repository.rstrip('/').split('/', 1)
|
parts = repository.rstrip('/').split('/', 1)
|
||||||
|
|
|
||||||
Reference in a new issue