Restrict repository names from matching hexadecimal strings
To avoid conflicting with layer IDs, repository names must not be tagged with names that collide with hexadecimal strings. Signed-off-by: Eric Windisch <eric@windisch.us>
This commit is contained in:
parent
94ff3f3e4d
commit
307e253d33
2 changed files with 13 additions and 0 deletions
|
@ -23,6 +23,7 @@ var (
|
||||||
ErrAlreadyExists = errors.New("Image already exists")
|
ErrAlreadyExists = errors.New("Image already exists")
|
||||||
ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")")
|
ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")")
|
||||||
errLoginRequired = errors.New("Authentication is required.")
|
errLoginRequired = errors.New("Authentication is required.")
|
||||||
|
validHex = regexp.MustCompile(`^([a-f0-9]{64})$`)
|
||||||
)
|
)
|
||||||
|
|
||||||
type TimeoutType uint32
|
type TimeoutType uint32
|
||||||
|
@ -218,6 +219,10 @@ func validateRepositoryName(repositoryName string) error {
|
||||||
if len(nameParts) < 2 {
|
if len(nameParts) < 2 {
|
||||||
namespace = "library"
|
namespace = "library"
|
||||||
name = nameParts[0]
|
name = nameParts[0]
|
||||||
|
|
||||||
|
if validHex.MatchString(name) {
|
||||||
|
return fmt.Errorf("Invalid repository name (%s), cannot specify 64-byte hexadecimal strings", name)
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
namespace = nameParts[0]
|
namespace = nameParts[0]
|
||||||
name = nameParts[1]
|
name = nameParts[1]
|
||||||
|
|
|
@ -224,6 +224,10 @@ func TestValidRepositoryName(t *testing.T) {
|
||||||
if err := validateRepositoryName("docker/docker"); err != nil {
|
if err := validateRepositoryName("docker/docker"); err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
}
|
}
|
||||||
|
// Support 64-byte non-hexadecimal names (hexadecimal names are forbidden)
|
||||||
|
if err := validateRepositoryName("thisisthesongthatneverendsitgoesonandonandonthisisthesongthatnev"); err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
if err := validateRepositoryName("docker/Docker"); err == nil {
|
if err := validateRepositoryName("docker/Docker"); err == nil {
|
||||||
t.Log("Repository name should be invalid")
|
t.Log("Repository name should be invalid")
|
||||||
t.Fail()
|
t.Fail()
|
||||||
|
@ -232,6 +236,10 @@ func TestValidRepositoryName(t *testing.T) {
|
||||||
t.Log("Repository name should be invalid")
|
t.Log("Repository name should be invalid")
|
||||||
t.Fail()
|
t.Fail()
|
||||||
}
|
}
|
||||||
|
if err := validateRepositoryName("1a3f5e7d9c1b3a5f7e9d1c3b5a7f9e1d3c5b7a9f1e3d5d7c9b1a3f5e7d9c1b3a"); err == nil {
|
||||||
|
t.Log("Repository name should be invalid, 64-byte hexadecimal names forbidden")
|
||||||
|
t.Fail()
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestTrustedLocation(t *testing.T) {
|
func TestTrustedLocation(t *testing.T) {
|
||||||
|
|
Loading…
Reference in a new issue