From 307e253d3330218cba4f40fc9b2d01ef5fcaecae Mon Sep 17 00:00:00 2001 From: Eric Windisch Date: Sun, 17 Aug 2014 20:50:15 -0400 Subject: [PATCH] Restrict repository names from matching hexadecimal strings To avoid conflicting with layer IDs, repository names must not be tagged with names that collide with hexadecimal strings. Signed-off-by: Eric Windisch --- docs/registry.go | 5 +++++ docs/registry_test.go | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/registry.go b/docs/registry.go index 9c76aca9..4233d1f8 100644 --- a/docs/registry.go +++ b/docs/registry.go @@ -23,6 +23,7 @@ var ( ErrAlreadyExists = errors.New("Image already exists") ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")") errLoginRequired = errors.New("Authentication is required.") + validHex = regexp.MustCompile(`^([a-f0-9]{64})$`) ) type TimeoutType uint32 @@ -218,6 +219,10 @@ func validateRepositoryName(repositoryName string) error { if len(nameParts) < 2 { namespace = "library" name = nameParts[0] + + if validHex.MatchString(name) { + return fmt.Errorf("Invalid repository name (%s), cannot specify 64-byte hexadecimal strings", name) + } } else { namespace = nameParts[0] name = nameParts[1] diff --git a/docs/registry_test.go b/docs/registry_test.go index 303879e8..9f4f1230 100644 --- a/docs/registry_test.go +++ b/docs/registry_test.go @@ -224,6 +224,10 @@ func TestValidRepositoryName(t *testing.T) { if err := validateRepositoryName("docker/docker"); err != nil { t.Fatal(err) } + // Support 64-byte non-hexadecimal names (hexadecimal names are forbidden) + if err := validateRepositoryName("thisisthesongthatneverendsitgoesonandonandonthisisthesongthatnev"); err != nil { + t.Fatal(err) + } if err := validateRepositoryName("docker/Docker"); err == nil { t.Log("Repository name should be invalid") t.Fail() @@ -232,6 +236,10 @@ func TestValidRepositoryName(t *testing.T) { t.Log("Repository name should be invalid") t.Fail() } + if err := validateRepositoryName("1a3f5e7d9c1b3a5f7e9d1c3b5a7f9e1d3c5b7a9f1e3d5d7c9b1a3f5e7d9c1b3a"); err == nil { + t.Log("Repository name should be invalid, 64-byte hexadecimal names forbidden") + t.Fail() + } } func TestTrustedLocation(t *testing.T) {