Differential D1879

Don't accept initial / as container name
ClosedPublic
Actions

Authored by dereckson on Oct 10 2018, 23:46.

Tags

None

Referenced Files

	F11622341: D1879.id4745.diff
	Tue, Sep 2, 07:29

	F11616874: D1879.id4746.diff
	Mon, Sep 1, 20:09

	Unknown Object (File)
	Thu, Aug 28, 12:26

	Unknown Object (File)
	Thu, Aug 28, 11:57

	Unknown Object (File)
	Sun, Aug 17, 15:53

	Unknown Object (File)
	Sun, Aug 17, 09:09

	Unknown Object (File)
	Tue, Aug 12, 10:01

	Unknown Object (File)
	Mon, Aug 11, 15:26

Subscribers

None

Details

Reviewers

Commits

rAPIREGb7927f6e3017: Don't accept initial / as container name

Summary

The Docker registry allows to use /foo or foo as container name.

This is a dubious comfort feature, but it would be nice if queries
like %2Ftmp (/tmp URL encoded) doesn't have a lot of chance to
succeed: even if the API is intended to expose metadata of a
filesystem without any secret, it could theoretically be deployed
into environment where filesystem can expose secrets.

Test Plan

Browse {{URL}}/docker/registry/repository/%2Ftmp/

Diff Detail

Repository

rAPIREG Nasqueron private Docker registry API

Lint

Lint Passed

Unit

No Test Coverage

Branch

master

Build Status

Buildable 2902
Build 3150: arc lint + arc unit

Event Timeline

dereckson requested review of this revision.Oct 10 2018, 23:46

dereckson created this revision.

Harbormaster completed remote builds in B2902: Diff 4745.Oct 10 2018, 23:46

dereckson accepted this revision.Oct 10 2018, 23:46

This revision is now accepted and ready to land.Oct 10 2018, 23:46

dereckson edited the summary of this revision. (Show Details)Oct 10 2018, 23:46

Closed by commit rAPIREGb7927f6e3017: Don't accept initial / as container name (authored by dereckson). · Explain WhyOct 10 2018, 23:47

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

2 lines

Diff 4745

src/registry.rs

Loading...