vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add endpoint security tests for the V2 endpoints

Browse source 
Fixes #581
This commit is contained in:
Joseph Schorr 2015-10-02 14:01:12 -04:00
parent 1cf930eb9c
commit d0dc8fe45d
5 changed files with 416 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

12
endpoints/v2/manifest.py
View file

@ -238,7 +238,11 @@ def fetch_manifest_by_digest(namespace, repo_name, manifest_ref):
@require_repo_write
@anon_protect
def write_manifest_by_tagname(namespace, repo_name, manifest_ref):
manifest = SignedManifest(request.data)
try:
manifest = SignedManifest(request.data)
except ValueError:
raise ManifestInvalid()
if manifest.tag != manifest_ref:
raise TagInvalid()
@ -250,7 +254,11 @@ def write_manifest_by_tagname(namespace, repo_name, manifest_ref):
@require_repo_write
@anon_protect
def write_manifest_by_digest(namespace, repo_name, manifest_ref):
manifest = SignedManifest(request.data)
try:
manifest = SignedManifest(request.data)
except ValueError:
raise ManifestInvalid()
if manifest.digest != manifest_ref:
raise ManifestInvalid()