Ensure that we limit the length of repository names

Until now, they'd simply be truncated by the database. Now, we properly check their lengths.

Fixes https://jira.coreos.com/browse/QUAY-963
This commit is contained in:
Joseph Schorr 2018-07-08 15:20:02 +03:00
parent beebe6d5ed
commit a572fd33c7
6 changed files with 41 additions and 7 deletions

View file

@ -96,3 +96,24 @@ def test_list_starred_repos(client):
repos = {r['namespace'] + '/' + r['name'] for r in response['repositories']}
assert 'devtable/simple' in repos
assert 'public/publicrepo' not in repos
@pytest.mark.parametrize('repo_name, expected_status', [
pytest.param('x' * 255, 201, id='Maximum allowed length'),
pytest.param('x' * 256, 400, id='Over allowed length'),
pytest.param('a|b', 400, id='Invalid name'),
])
def test_create_repository(repo_name, expected_status, client):
with client_with_identity('devtable', client) as cl:
body = {
'namespace': 'devtable',
'repository': repo_name,
'visibility': 'public',
'description': 'foo',
}
result = conduct_api_call(client, RepositoryList, 'post', None, body,
expected_code=expected_status).json
if expected_status == 201:
assert result['name'] == repo_name
assert model.repository.get_repository('devtable', repo_name).name == repo_name

View file

@ -21,7 +21,8 @@ class V1Protocol(RegistryProtocol):
Failures.UNAUTHENTICATED: 401,
Failures.UNAUTHORIZED: 403,
Failures.APP_REPOSITORY: 405,
Failures.INVALID_REPOSITORY: 404,
Failures.SLASH_REPOSITORY: 404,
Failures.INVALID_REPOSITORY: 400,
Failures.DISALLOWED_LIBRARY_NAMESPACE: 400,
Failures.NAMESPACE_DISABLED: 400,
},

View file

@ -28,6 +28,7 @@ class V2Protocol(RegistryProtocol):
Failures.APP_REPOSITORY: 405,
Failures.ANONYMOUS_NOT_ALLOWED: 401,
Failures.INVALID_REPOSITORY: 400,
Failures.SLASH_REPOSITORY: 400,
Failures.NAMESPACE_DISABLED: 400,
},
V2ProtocolSteps.MOUNT_BLOB: {

View file

@ -41,6 +41,7 @@ class Failures(Enum):
UNAUTHORIZED = 'unauthorized'
INVALID_REGISTRY = 'invalid-registry'
INVALID_REPOSITORY = 'invalid-repository'
SLASH_REPOSITORY = 'slash-repository'
APP_REPOSITORY = 'app-repository'
UNKNOWN_TAG = 'unknown-tag'
ANONYMOUS_NOT_ALLOWED = 'anonymous-not-allowed'

View file

@ -362,15 +362,25 @@ def test_image_replication(pusher, basic_images, liveserver_session, app_reloade
assert r.text == 'OK'
def test_push_reponame_with_slashes(pusher, basic_images, liveserver_session, app_reloader):
""" Test: Attempt to add a repository name with slashes. This should fail as we do not
support it.
@pytest.mark.parametrize('repo_name, expected_failure', [
('something', None),
('some/slash', Failures.SLASH_REPOSITORY),
pytest.param('x' * 255, None, id='Valid long name'),
pytest.param('x' * 256, Failures.INVALID_REPOSITORY, id='Name too long'),
])
def test_push_reponame(repo_name, expected_failure, pusher, puller, basic_images,
liveserver_session, app_reloader):
""" Test: Attempt to add a repository with various names.
"""
credentials = ('devtable', 'password')
pusher.push(liveserver_session, 'devtable', 'some/slash', 'latest', basic_images,
pusher.push(liveserver_session, 'devtable', repo_name, 'latest', basic_images,
credentials=credentials,
expected_failure=Failures.INVALID_REPOSITORY)
expected_failure=expected_failure)
if expected_failure is None:
puller.pull(liveserver_session, 'devtable', repo_name, 'latest', basic_images,
credentials=credentials)
@pytest.mark.parametrize('tag_name, expected_failure', [

View file

@ -5,7 +5,7 @@ import anunidecode # Don't listen to pylint's lies. This import is required for
from uuid import uuid4
REPOSITORY_NAME_REGEX = re.compile(r'^[\.a-zA-Z0-9_-]+$')
REPOSITORY_NAME_REGEX = re.compile(r'^[\.a-zA-Z0-9_-]{1,255}$')
VALID_TAG_PATTERN = r'[\w][\w.-]{0,127}'
FULL_TAG_PATTERN = r'^[\w][\w.-]{0,127}$'