Don't accept initial / as container name
ClosedPublic
Actions

Authored by dereckson on Oct 10 2018, 23:46.

Tags

None

Referenced Files

	F3163589: D1879.id4745.diff
	Wed, Jun 26, 11:50

	F3162994: D1879.id4746.diff
	Wed, Jun 26, 10:44

	F3157483: D1879.id4746.diff
	Tue, Jun 25, 21:21

	F3156495: D1879.id4745.diff
	Tue, Jun 25, 17:47

	Unknown Object (File)
	Fri, Jun 21, 14:35

	Unknown Object (File)
	Fri, Jun 21, 06:46

	Unknown Object (File)
	Tue, Jun 18, 21:03

	Unknown Object (File)
	Tue, Jun 18, 21:02

View All Files

Subscribers

None

Details

Reviewers

dereckson

Commits

rAPIREGb7927f6e3017: Don't accept initial / as container name

Summary

The Docker registry allows to use /foo or foo as container name.

This is a dubious comfort feature, but it would be nice if queries
like %2Ftmp (/tmp URL encoded) doesn't have a lot of chance to
succeed: even if the API is intended to expose metadata of a
filesystem without any secret, it could theoretically be deployed
into environment where filesystem can expose secrets.

Test Plan

Browse {{URL}}/docker/registry/repository/%2Ftmp/