registry: always treat 127.0.0.1 as insecure for all cases anytime anywhere

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
This commit is contained in:
Erik Hollensbe 2014-11-12 09:08:45 -08:00
parent 8582d04393
commit 524aa8b1a6
2 changed files with 19 additions and 25 deletions

View file

@ -152,19 +152,25 @@ func (e Endpoint) Ping() (RegistryInfo, error) {
// IsSecure returns false if the provided hostname is part of the list of insecure registries. // IsSecure returns false if the provided hostname is part of the list of insecure registries.
// Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs. // Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
func IsSecure(hostname string, insecureRegistries []string) bool { func IsSecure(hostname string, insecureRegistries []string) bool {
if hostname == IndexServerAddress() { if hostname == IndexServerAddress() {
return true return true
} }
host, _, err := net.SplitHostPort(hostname)
if err != nil {
host = hostname
}
if host == "127.0.0.1" || host == "localhost" {
return false
}
if len(insecureRegistries) == 0 { if len(insecureRegistries) == 0 {
host, _, err := net.SplitHostPort(hostname)
if err != nil {
host = hostname
}
if host == "127.0.0.1" || host == "localhost" {
return false
}
return true return true
} }
for _, h := range insecureRegistries { for _, h := range insecureRegistries {
if hostname == h { if hostname == h {
return false return false

View file

@ -328,31 +328,19 @@ func TestIsSecure(t *testing.T) {
}{ }{
{"example.com", []string{}, true}, {"example.com", []string{}, true},
{"example.com", []string{"example.com"}, false}, {"example.com", []string{"example.com"}, false},
{"localhost", []string{"localhost:5000"}, true}, {"localhost", []string{"localhost:5000"}, false},
{"localhost:5000", []string{"localhost:5000"}, false}, {"localhost:5000", []string{"localhost:5000"}, false},
{"localhost", []string{"example.com"}, true}, {"localhost", []string{"example.com"}, false},
{"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false}, {"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false},
}
for _, tt := range tests {
if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {
t.Errorf("IsSecure failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)
}
}
}
func TestIsSecure(t *testing.T) {
tests := []struct {
addr string
insecureRegistries []string
expected bool
}{
{"localhost", []string{}, false}, {"localhost", []string{}, false},
{"localhost:5000", []string{}, false}, {"localhost:5000", []string{}, false},
{"127.0.0.1", []string{}, false}, {"127.0.0.1", []string{}, false},
{"localhost", []string{"example.com"}, true}, {"localhost", []string{"example.com"}, false},
{"127.0.0.1", []string{"example.com"}, true}, {"127.0.0.1", []string{"example.com"}, false},
{"example.com", []string{}, true}, {"example.com", []string{}, true},
{"example.com", []string{"example.com"}, false}, {"example.com", []string{"example.com"}, false},
{"127.0.0.1", []string{"example.com"}, false},
{"127.0.0.1:5000", []string{"example.com"}, false},
} }
for _, tt := range tests { for _, tt := range tests {
if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected { if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {