Defer case-sensitive support to storage backend

Rather than enforce lowercase paths for all drivers, support for
case-sensitivity has been deferred to the driver. There are a few caveats to
this approach:

1. There are possible security implications for tags that only differ in their
case. For instance, a tag "A" may be equivalent to tag "a" on certain file
system backends.
2. All system paths should not use case-sensitive identifiers where possible.
This might be problematic in a blob store that uses case-sensitive ids. For
now, since digest hex ids are all case-insensitive, this will not be an issue.

The recommend workaround is to not run the registry on a case-insensitive
filesystem driver in security sensitive applications.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
This commit is contained in:
Stephen J Day 2015-04-07 14:14:45 -07:00
parent 434be18e35
commit e23ca5ac5f
2 changed files with 5 additions and 4 deletions

View file

@ -83,7 +83,7 @@ type StorageDriver interface {
// number of path components separated by slashes, where each component is // number of path components separated by slashes, where each component is
// restricted to lowercase alphanumeric characters or a period, underscore, or // restricted to lowercase alphanumeric characters or a period, underscore, or
// hyphen. // hyphen.
var PathRegexp = regexp.MustCompile(`^(/[a-z0-9._-]+)+$`) var PathRegexp = regexp.MustCompile(`^(/[A-Za-z0-9._-]+)+$`)
// ErrUnsupportedMethod may be returned in the case where a StorageDriver implementation does not support an optional method. // ErrUnsupportedMethod may be returned in the case where a StorageDriver implementation does not support an optional method.
var ErrUnsupportedMethod = errors.New("unsupported method") var ErrUnsupportedMethod = errors.New("unsupported method")

View file

@ -136,7 +136,9 @@ func (suite *DriverSuite) TestValidPaths(c *check.C) {
"/.abc", "/.abc",
"/a--b", "/a--b",
"/a-.b", "/a-.b",
"/_.abc"} "/_.abc",
"/Docker/docker-registry",
"/Abc/Cba"}
for _, filename := range validFiles { for _, filename := range validFiles {
err := suite.StorageDriver.PutContent(filename, contents) err := suite.StorageDriver.PutContent(filename, contents)
@ -159,8 +161,7 @@ func (suite *DriverSuite) TestInvalidPaths(c *check.C) {
"abc", "abc",
"123.abc", "123.abc",
"//bcd", "//bcd",
"/abc_123/", "/abc_123/"}
"/Docker/docker-registry"}
for _, filename := range invalidFiles { for _, filename := range invalidFiles {
err := suite.StorageDriver.PutContent(filename, contents) err := suite.StorageDriver.PutContent(filename, contents)