forked from TrueCloudLab/distribution
Defer case-sensitive support to storage backend
Rather than enforce lowercase paths for all drivers, support for case-sensitivity has been deferred to the driver. There are a few caveats to this approach: 1. There are possible security implications for tags that only differ in their case. For instance, a tag "A" may be equivalent to tag "a" on certain file system backends. 2. All system paths should not use case-sensitive identifiers where possible. This might be problematic in a blob store that uses case-sensitive ids. For now, since digest hex ids are all case-insensitive, this will not be an issue. The recommend workaround is to not run the registry on a case-insensitive filesystem driver in security sensitive applications. Signed-off-by: Stephen J Day <stephen.day@docker.com>
This commit is contained in:
parent
434be18e35
commit
e23ca5ac5f
2 changed files with 5 additions and 4 deletions
|
@ -83,7 +83,7 @@ type StorageDriver interface {
|
||||||
// number of path components separated by slashes, where each component is
|
// number of path components separated by slashes, where each component is
|
||||||
// restricted to lowercase alphanumeric characters or a period, underscore, or
|
// restricted to lowercase alphanumeric characters or a period, underscore, or
|
||||||
// hyphen.
|
// hyphen.
|
||||||
var PathRegexp = regexp.MustCompile(`^(/[a-z0-9._-]+)+$`)
|
var PathRegexp = regexp.MustCompile(`^(/[A-Za-z0-9._-]+)+$`)
|
||||||
|
|
||||||
// ErrUnsupportedMethod may be returned in the case where a StorageDriver implementation does not support an optional method.
|
// ErrUnsupportedMethod may be returned in the case where a StorageDriver implementation does not support an optional method.
|
||||||
var ErrUnsupportedMethod = errors.New("unsupported method")
|
var ErrUnsupportedMethod = errors.New("unsupported method")
|
||||||
|
|
|
@ -136,7 +136,9 @@ func (suite *DriverSuite) TestValidPaths(c *check.C) {
|
||||||
"/.abc",
|
"/.abc",
|
||||||
"/a--b",
|
"/a--b",
|
||||||
"/a-.b",
|
"/a-.b",
|
||||||
"/_.abc"}
|
"/_.abc",
|
||||||
|
"/Docker/docker-registry",
|
||||||
|
"/Abc/Cba"}
|
||||||
|
|
||||||
for _, filename := range validFiles {
|
for _, filename := range validFiles {
|
||||||
err := suite.StorageDriver.PutContent(filename, contents)
|
err := suite.StorageDriver.PutContent(filename, contents)
|
||||||
|
@ -159,8 +161,7 @@ func (suite *DriverSuite) TestInvalidPaths(c *check.C) {
|
||||||
"abc",
|
"abc",
|
||||||
"123.abc",
|
"123.abc",
|
||||||
"//bcd",
|
"//bcd",
|
||||||
"/abc_123/",
|
"/abc_123/"}
|
||||||
"/Docker/docker-registry"}
|
|
||||||
|
|
||||||
for _, filename := range invalidFiles {
|
for _, filename := range invalidFiles {
|
||||||
err := suite.StorageDriver.PutContent(filename, contents)
|
err := suite.StorageDriver.PutContent(filename, contents)
|
||||||
|
|
Loading…
Reference in a new issue