Restrict repository names from matching hexadecimal strings

To avoid conflicting with layer IDs, repository names must
not be tagged with names that collide with hexadecimal strings.

Signed-off-by: Eric Windisch <eric@windisch.us>
This commit is contained in:
Eric Windisch 2014-08-17 20:50:15 -04:00
parent 94ff3f3e4d
commit 307e253d33
2 changed files with 13 additions and 0 deletions

View file

@ -23,6 +23,7 @@ var (
ErrAlreadyExists = errors.New("Image already exists") ErrAlreadyExists = errors.New("Image already exists")
ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")") ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")")
errLoginRequired = errors.New("Authentication is required.") errLoginRequired = errors.New("Authentication is required.")
validHex = regexp.MustCompile(`^([a-f0-9]{64})$`)
) )
type TimeoutType uint32 type TimeoutType uint32
@ -218,6 +219,10 @@ func validateRepositoryName(repositoryName string) error {
if len(nameParts) < 2 { if len(nameParts) < 2 {
namespace = "library" namespace = "library"
name = nameParts[0] name = nameParts[0]
if validHex.MatchString(name) {
return fmt.Errorf("Invalid repository name (%s), cannot specify 64-byte hexadecimal strings", name)
}
} else { } else {
namespace = nameParts[0] namespace = nameParts[0]
name = nameParts[1] name = nameParts[1]

View file

@ -224,6 +224,10 @@ func TestValidRepositoryName(t *testing.T) {
if err := validateRepositoryName("docker/docker"); err != nil { if err := validateRepositoryName("docker/docker"); err != nil {
t.Fatal(err) t.Fatal(err)
} }
// Support 64-byte non-hexadecimal names (hexadecimal names are forbidden)
if err := validateRepositoryName("thisisthesongthatneverendsitgoesonandonandonthisisthesongthatnev"); err != nil {
t.Fatal(err)
}
if err := validateRepositoryName("docker/Docker"); err == nil { if err := validateRepositoryName("docker/Docker"); err == nil {
t.Log("Repository name should be invalid") t.Log("Repository name should be invalid")
t.Fail() t.Fail()
@ -232,6 +236,10 @@ func TestValidRepositoryName(t *testing.T) {
t.Log("Repository name should be invalid") t.Log("Repository name should be invalid")
t.Fail() t.Fail()
} }
if err := validateRepositoryName("1a3f5e7d9c1b3a5f7e9d1c3b5a7f9e1d3c5b7a9f1e3d5d7c9b1a3f5e7d9c1b3a"); err == nil {
t.Log("Repository name should be invalid, 64-byte hexadecimal names forbidden")
t.Fail()
}
} }
func TestTrustedLocation(t *testing.T) { func TestTrustedLocation(t *testing.T) {