From 3277fe9b4e834ddd5c5013da77572bc8b35863ba Mon Sep 17 00:00:00 2001 From: Joseph Schorr Date: Thu, 23 Mar 2017 00:51:54 -0400 Subject: [PATCH] Make sure repository names in APPR match regex --- endpoints/appr/registry.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/endpoints/appr/registry.py b/endpoints/appr/registry.py index c44e30cb7..731ecc8d7 100644 --- a/endpoints/appr/registry.py +++ b/endpoints/appr/registry.py @@ -18,6 +18,7 @@ from endpoints.appr import appr_bp, require_app_repo_read, require_app_repo_writ from endpoints.appr.decorators import disallow_for_image_repository from endpoints.appr.cnr_backend import Package, Channel, Blob from endpoints.decorators import anon_allowed, anon_protect +from util.names import REPOSITORY_NAME_REGEX logger = logging.getLogger(__name__) @@ -171,6 +172,11 @@ def pull(namespace, package_name, release, media_type): @anon_protect def push(namespace, package_name): reponame = repo_name(namespace, package_name) + + if not REPOSITORY_NAME_REGEX.match(package_name): + logger.debug('Found invalid repository name CNR push: %s', reponame) + raise InvalidUsage() + values = request.get_json(force=True, silent=True) release_version = values['release'] media_type = values['media_type']