forked from TrueCloudLab/distribution
Properly validate multi-URL foreign layers
The existing code effectively ignored errors from all but the last of a foreign layer's URLs. Signed-off-by: Noah Treuhaft <noah.treuhaft@docker.com>
This commit is contained in:
parent
4e17ab5d31
commit
042bc06175
2 changed files with 6 additions and 0 deletions
|
@ -107,6 +107,7 @@ func (ms *schema2ManifestHandler) verifyManifest(ctx context.Context, mnfst sche
|
||||||
pu, err = url.Parse(u)
|
pu, err = url.Parse(u)
|
||||||
if err != nil || (pu.Scheme != "http" && pu.Scheme != "https") || pu.Fragment != "" {
|
if err != nil || (pu.Scheme != "http" && pu.Scheme != "https") || pu.Fragment != "" {
|
||||||
err = errInvalidURL
|
err = errInvalidURL
|
||||||
|
break
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -78,6 +78,11 @@ func TestVerifyManifestForeignLayer(t *testing.T) {
|
||||||
[]string{"https://foo/bar", ""},
|
[]string{"https://foo/bar", ""},
|
||||||
errInvalidURL,
|
errInvalidURL,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
foreignLayer,
|
||||||
|
[]string{"", "https://foo/bar"},
|
||||||
|
errInvalidURL,
|
||||||
|
},
|
||||||
{
|
{
|
||||||
foreignLayer,
|
foreignLayer,
|
||||||
[]string{"http://foo/bar"},
|
[]string{"http://foo/bar"},
|
||||||
|
|
Loading…
Reference in a new issue