vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add very basic security tests for CNR APIs

Browse source
This commit is contained in:
Joseph Schorr 2017-03-23 13:14:12 -04:00
parent f1dccc9554
commit ef4569f2c5
3 changed files with 82 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

13
endpoints/appr/registry.py
View file

@ -181,11 +181,9 @@ def push(namespace, package_name):
logger.debug('Found invalid repository name CNR push: %s', reponame)
raise InvalidUsage()
values = request.get_json(force=True, silent=True)
release_version = values['release']
media_type = values['media_type']
force = request.args.get('force', 'false') == 'true'
values = request.get_json(force=True, silent=True) or {}
private = values.get('visibility', 'public')
owner = get_authenticated_user()
if not Package.exists(reponame):
if not CreateRepositoryPermission(namespace).can():
@ -198,6 +196,13 @@ def push(namespace, package_name):
raise UnauthorizedAccess("Unauthorized access for: %s" % reponame,
{"package": reponame, "scopes": ['push']})
if not 'release' in values:
raise InvalidUsage('Missing release')
release_version = values['release']
media_type = values['media_type']
force = request.args.get('force', 'false') == 'true'
blob = Blob(reponame, values['blob'])
app_release = cnr_registry.push(reponame, release_version, media_type, blob, force,
package_class=Package, user=owner, visibility=private)