registry: always treat 127.0.0.1 as insecure for all cases anytime anywhere
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
This commit is contained in:
parent
8582d04393
commit
524aa8b1a6
2 changed files with 19 additions and 25 deletions
|
@ -152,19 +152,25 @@ func (e Endpoint) Ping() (RegistryInfo, error) {
|
|||
// IsSecure returns false if the provided hostname is part of the list of insecure registries.
|
||||
// Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
|
||||
func IsSecure(hostname string, insecureRegistries []string) bool {
|
||||
|
||||
if hostname == IndexServerAddress() {
|
||||
return true
|
||||
}
|
||||
|
||||
host, _, err := net.SplitHostPort(hostname)
|
||||
|
||||
if err != nil {
|
||||
host = hostname
|
||||
}
|
||||
|
||||
if host == "127.0.0.1" || host == "localhost" {
|
||||
return false
|
||||
}
|
||||
|
||||
if len(insecureRegistries) == 0 {
|
||||
host, _, err := net.SplitHostPort(hostname)
|
||||
if err != nil {
|
||||
host = hostname
|
||||
}
|
||||
if host == "127.0.0.1" || host == "localhost" {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
for _, h := range insecureRegistries {
|
||||
if hostname == h {
|
||||
return false
|
||||
|
|
|
@ -328,31 +328,19 @@ func TestIsSecure(t *testing.T) {
|
|||
}{
|
||||
{"example.com", []string{}, true},
|
||||
{"example.com", []string{"example.com"}, false},
|
||||
{"localhost", []string{"localhost:5000"}, true},
|
||||
{"localhost", []string{"localhost:5000"}, false},
|
||||
{"localhost:5000", []string{"localhost:5000"}, false},
|
||||
{"localhost", []string{"example.com"}, true},
|
||||
{"localhost", []string{"example.com"}, false},
|
||||
{"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {
|
||||
t.Errorf("IsSecure failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsSecure(t *testing.T) {
|
||||
tests := []struct {
|
||||
addr string
|
||||
insecureRegistries []string
|
||||
expected bool
|
||||
}{
|
||||
{"localhost", []string{}, false},
|
||||
{"localhost:5000", []string{}, false},
|
||||
{"127.0.0.1", []string{}, false},
|
||||
{"localhost", []string{"example.com"}, true},
|
||||
{"127.0.0.1", []string{"example.com"}, true},
|
||||
{"localhost", []string{"example.com"}, false},
|
||||
{"127.0.0.1", []string{"example.com"}, false},
|
||||
{"example.com", []string{}, true},
|
||||
{"example.com", []string{"example.com"}, false},
|
||||
{"127.0.0.1", []string{"example.com"}, false},
|
||||
{"127.0.0.1:5000", []string{"example.com"}, false},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {
|
||||
|
|
Loading…
Reference in a new issue