forked from TrueCloudLab/distribution
Validate digest length on parsing
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
This commit is contained in:
parent
c0d094a72a
commit
1f5f9bad39
3 changed files with 26 additions and 26 deletions
10
docs/storage/cache/cachecheck/suite.go
vendored
10
docs/storage/cache/cachecheck/suite.go
vendored
|
@ -20,7 +20,7 @@ func CheckBlobDescriptorCache(t *testing.T, provider cache.BlobDescriptorCachePr
|
||||||
}
|
}
|
||||||
|
|
||||||
func checkBlobDescriptorCacheEmptyRepository(t *testing.T, ctx context.Context, provider cache.BlobDescriptorCacheProvider) {
|
func checkBlobDescriptorCacheEmptyRepository(t *testing.T, ctx context.Context, provider cache.BlobDescriptorCacheProvider) {
|
||||||
if _, err := provider.Stat(ctx, "sha384:abc"); err != distribution.ErrBlobUnknown {
|
if _, err := provider.Stat(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"); err != distribution.ErrBlobUnknown {
|
||||||
t.Fatalf("expected unknown blob error with empty store: %v", err)
|
t.Fatalf("expected unknown blob error with empty store: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -41,7 +41,7 @@ func checkBlobDescriptorCacheEmptyRepository(t *testing.T, ctx context.Context,
|
||||||
t.Fatalf("expected error with invalid digest: %v", err)
|
t.Fatalf("expected error with invalid digest: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := cache.SetDescriptor(ctx, "sha384:abc", distribution.Descriptor{
|
if err := cache.SetDescriptor(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111", distribution.Descriptor{
|
||||||
Digest: "",
|
Digest: "",
|
||||||
Size: 10,
|
Size: 10,
|
||||||
MediaType: "application/octet-stream"}); err == nil {
|
MediaType: "application/octet-stream"}); err == nil {
|
||||||
|
@ -52,15 +52,15 @@ func checkBlobDescriptorCacheEmptyRepository(t *testing.T, ctx context.Context,
|
||||||
t.Fatalf("expected error checking for cache item with empty digest: %v", err)
|
t.Fatalf("expected error checking for cache item with empty digest: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, err := cache.Stat(ctx, "sha384:abc"); err != distribution.ErrBlobUnknown {
|
if _, err := cache.Stat(ctx, "sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111"); err != distribution.ErrBlobUnknown {
|
||||||
t.Fatalf("expected unknown blob error with empty repo: %v", err)
|
t.Fatalf("expected unknown blob error with empty repo: %v", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func checkBlobDescriptorCacheSetAndRead(t *testing.T, ctx context.Context, provider cache.BlobDescriptorCacheProvider) {
|
func checkBlobDescriptorCacheSetAndRead(t *testing.T, ctx context.Context, provider cache.BlobDescriptorCacheProvider) {
|
||||||
localDigest := digest.Digest("sha384:abc")
|
localDigest := digest.Digest("sha384:abc111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111")
|
||||||
expected := distribution.Descriptor{
|
expected := distribution.Descriptor{
|
||||||
Digest: "sha256:abc",
|
Digest: "sha256:abc1111111111111111111111111111111111111111111111111111111111111",
|
||||||
Size: 10,
|
Size: 10,
|
||||||
MediaType: "application/octet-stream"}
|
MediaType: "application/octet-stream"}
|
||||||
|
|
||||||
|
|
|
@ -385,15 +385,15 @@ func TestLinkPathFuncs(t *testing.T) {
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
repo: "foo/bar",
|
repo: "foo/bar",
|
||||||
digest: "sha256:deadbeaf",
|
digest: "sha256:deadbeaf98fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
|
||||||
linkPathFn: blobLinkPath,
|
linkPathFn: blobLinkPath,
|
||||||
expected: "/docker/registry/v2/repositories/foo/bar/_layers/sha256/deadbeaf/link",
|
expected: "/docker/registry/v2/repositories/foo/bar/_layers/sha256/deadbeaf98fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/link",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
repo: "foo/bar",
|
repo: "foo/bar",
|
||||||
digest: "sha256:deadbeaf",
|
digest: "sha256:deadbeaf98fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
|
||||||
linkPathFn: manifestRevisionLinkPath,
|
linkPathFn: manifestRevisionLinkPath,
|
||||||
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/deadbeaf/link",
|
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/deadbeaf98fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/link",
|
||||||
},
|
},
|
||||||
} {
|
} {
|
||||||
p, err := testcase.linkPathFn(testcase.repo, testcase.digest)
|
p, err := testcase.linkPathFn(testcase.repo, testcase.digest)
|
||||||
|
|
|
@ -15,31 +15,31 @@ func TestPathMapper(t *testing.T) {
|
||||||
{
|
{
|
||||||
spec: manifestRevisionPathSpec{
|
spec: manifestRevisionPathSpec{
|
||||||
name: "foo/bar",
|
name: "foo/bar",
|
||||||
revision: "sha256:abcdef0123456789",
|
revision: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
|
||||||
},
|
},
|
||||||
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789",
|
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
spec: manifestRevisionLinkPathSpec{
|
spec: manifestRevisionLinkPathSpec{
|
||||||
name: "foo/bar",
|
name: "foo/bar",
|
||||||
revision: "sha256:abcdef0123456789",
|
revision: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
|
||||||
},
|
},
|
||||||
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789/link",
|
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/link",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
spec: manifestSignatureLinkPathSpec{
|
spec: manifestSignatureLinkPathSpec{
|
||||||
name: "foo/bar",
|
name: "foo/bar",
|
||||||
revision: "sha256:abcdef0123456789",
|
revision: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
|
||||||
signature: "sha256:abcdef0123456789",
|
signature: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
|
||||||
},
|
},
|
||||||
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789/signatures/sha256/abcdef0123456789/link",
|
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/signatures/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/link",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
spec: manifestSignaturesPathSpec{
|
spec: manifestSignaturesPathSpec{
|
||||||
name: "foo/bar",
|
name: "foo/bar",
|
||||||
revision: "sha256:abcdef0123456789",
|
revision: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
|
||||||
},
|
},
|
||||||
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789/signatures",
|
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/revisions/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/signatures",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
spec: manifestTagsPathSpec{
|
spec: manifestTagsPathSpec{
|
||||||
|
@ -72,17 +72,17 @@ func TestPathMapper(t *testing.T) {
|
||||||
spec: manifestTagIndexEntryPathSpec{
|
spec: manifestTagIndexEntryPathSpec{
|
||||||
name: "foo/bar",
|
name: "foo/bar",
|
||||||
tag: "thetag",
|
tag: "thetag",
|
||||||
revision: "sha256:abcdef0123456789",
|
revision: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
|
||||||
},
|
},
|
||||||
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/tags/thetag/index/sha256/abcdef0123456789",
|
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/tags/thetag/index/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
spec: manifestTagIndexEntryLinkPathSpec{
|
spec: manifestTagIndexEntryLinkPathSpec{
|
||||||
name: "foo/bar",
|
name: "foo/bar",
|
||||||
tag: "thetag",
|
tag: "thetag",
|
||||||
revision: "sha256:abcdef0123456789",
|
revision: "sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789",
|
||||||
},
|
},
|
||||||
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/tags/thetag/index/sha256/abcdef0123456789/link",
|
expected: "/docker/registry/v2/repositories/foo/bar/_manifests/tags/thetag/index/sha256/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/link",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
spec: layerLinkPathSpec{
|
spec: layerLinkPathSpec{
|
||||||
|
@ -93,15 +93,15 @@ func TestPathMapper(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
spec: blobDataPathSpec{
|
spec: blobDataPathSpec{
|
||||||
digest: digest.Digest("tarsum.dev+sha512:abcdefabcdefabcdef908909909"),
|
digest: digest.Digest("tarsum.dev+sha512:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"),
|
||||||
},
|
},
|
||||||
expected: "/docker/registry/v2/blobs/tarsum/dev/sha512/ab/abcdefabcdefabcdef908909909/data",
|
expected: "/docker/registry/v2/blobs/tarsum/dev/sha512/ab/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/data",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
spec: blobDataPathSpec{
|
spec: blobDataPathSpec{
|
||||||
digest: digest.Digest("tarsum.v1+sha256:abcdefabcdefabcdef908909909"),
|
digest: digest.Digest("tarsum.v1+sha256:abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"),
|
||||||
},
|
},
|
||||||
expected: "/docker/registry/v2/blobs/tarsum/v1/sha256/ab/abcdefabcdefabcdef908909909/data",
|
expected: "/docker/registry/v2/blobs/tarsum/v1/sha256/ab/abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789/data",
|
||||||
},
|
},
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue