Disallow dots in repository names to fix reflected text "attack"

Fixes https://jira.coreos.com/browse/QS-125
2018-01-18 13:19:37 -05:00 · 2018-01-18 13:19:37 -05:00 · ede3a81c68
commit ede3a81c68
parent b29e8202e5
2 changed files with 2 additions and 2 deletions
--- a/test/test_api_usage.py
+++ b/test/test_api_usage.py
@ -2241,7 +2241,7 @@ class TestGetRepository(ApiTestCase):
  def test_getrepo_badnames(self):
    self.login(ADMIN_ACCESS_USER)

-    bad_names = ['logs', 'build', 'tokens', 'foo.bar', 'foo-bar', 'foo_bar']
+    bad_names = ['logs', 'build', 'tokens', 'foo-bar', 'foo_bar']

    # For each bad name, create the repo.
    for bad_name in bad_names:
--- a/util/names.py
+++ b/util/names.py
@ -5,7 +5,7 @@ import anunidecode # Don't listen to pylint's lies. This import is required for

 from uuid import uuid4

-REPOSITORY_NAME_REGEX = re.compile(r'^[\.a-zA-Z0-9_-]+$')
+REPOSITORY_NAME_REGEX = re.compile(r'^[a-zA-Z0-9_-]+$')

 VALID_TAG_PATTERN = r'[\w][\w.-]{0,127}'
 FULL_TAG_PATTERN = r'^[\w][\w.-]{0,127}$'