Merge pull request #2980 from coreos-inc/joseph.schorr/QS-125/dot-names

Disallow dots in repository names to fix reflected text "attack"
This commit is contained in:
josephschorr 2018-01-23 14:51:23 -05:00 committed by GitHub
commit e2c1547df6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions

View file

@ -2241,7 +2241,7 @@ class TestGetRepository(ApiTestCase):
def test_getrepo_badnames(self):
self.login(ADMIN_ACCESS_USER)
bad_names = ['logs', 'build', 'tokens', 'foo.bar', 'foo-bar', 'foo_bar']
bad_names = ['logs', 'build', 'tokens', 'foo-bar', 'foo_bar']
# For each bad name, create the repo.
for bad_name in bad_names:

View file

@ -5,7 +5,7 @@ import anunidecode # Don't listen to pylint's lies. This import is required for
from uuid import uuid4
REPOSITORY_NAME_REGEX = re.compile(r'^[\.a-zA-Z0-9_-]+$')
REPOSITORY_NAME_REGEX = re.compile(r'^[a-zA-Z0-9_-]+$')
VALID_TAG_PATTERN = r'[\w][\w.-]{0,127}'
FULL_TAG_PATTERN = r'^[\w][\w.-]{0,127}$'