docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add additional length and lowercase checks, change regex to explicitly reject empty string, add hyphen char 

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy 2015-12-17 17:31:13 -08:00
parent 2c39fa2214
commit ad4c50709f
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
tuf/data/roles.go
View File

@ -116,13 +116,21 @@ func ValidRole(name string) bool {
// IsDelegation checks if the role is a delegation or a root role // IsDelegation checks if the role is a delegation or a root role
func IsDelegation(role string) bool { func IsDelegation(role string) bool {
targetsBase := fmt.Sprintf("%s/", ValidRoles[CanonicalTargetsRole]) targetsBase := fmt.Sprintf("%s/", ValidRoles[CanonicalTargetsRole])
whitelistedChars, err := regexp.MatchString("^[a-zA-Z0-9_/]*$", role)
whitelistedChars, err := regexp.MatchString("^[-a-z0-9_/]+$", role)
if err != nil { if err != nil {
return false return false
} }
// Limit size of full role string to 255 chars for db column size limit
correctLength := len(role) < 256
// Removes ., .., extra slashes, and trailing slash // Removes ., .., extra slashes, and trailing slash
isClean := filepath.Clean(role) == role isClean := filepath.Clean(role) == role
return strings.HasPrefix(role, targetsBase) && whitelistedChars && isClean return strings.HasPrefix(role, targetsBase) &&
whitelistedChars &&
correctLength &&
isClean
} }
// RootRole is a cut down role as it appears in the root.json // RootRole is a cut down role as it appears in the root.json

8
tuf/data/roles_test.go
View File

@ -187,6 +187,10 @@ func TestIsDelegation(t *testing.T) {
assert.True(t, IsDelegation(filepath.Join(CanonicalTargetsRole, "level1"))) assert.True(t, IsDelegation(filepath.Join(CanonicalTargetsRole, "level1")))
assert.True(t, IsDelegation( assert.True(t, IsDelegation(
filepath.Join(CanonicalTargetsRole, "level1", "level2", "level3"))) filepath.Join(CanonicalTargetsRole, "level1", "level2", "level3")))
assert.True(t, IsDelegation(filepath.Join(CanonicalTargetsRole, "under_score")))
assert.True(t, IsDelegation(filepath.Join(CanonicalTargetsRole, "hyphen-hyphen")))
assert.False(t, IsDelegation(
filepath.Join(CanonicalTargetsRole, strings.Repeat("x", 255-len(CanonicalTargetsRole)))))
assert.False(t, IsDelegation("")) assert.False(t, IsDelegation(""))
assert.False(t, IsDelegation(CanonicalRootRole)) assert.False(t, IsDelegation(CanonicalRootRole))
@ -195,6 +199,7 @@ func TestIsDelegation(t *testing.T) {
assert.False(t, IsDelegation(CanonicalTargetsRole)) assert.False(t, IsDelegation(CanonicalTargetsRole))
assert.False(t, IsDelegation(CanonicalTargetsRole+"/")) assert.False(t, IsDelegation(CanonicalTargetsRole+"/"))
assert.False(t, IsDelegation(filepath.Join(CanonicalTargetsRole, "level1")+"/")) assert.False(t, IsDelegation(filepath.Join(CanonicalTargetsRole, "level1")+"/"))
assert.False(t, IsDelegation(filepath.Join(CanonicalTargetsRole, "UpperCase")))
assert.False(t, IsDelegation( assert.False(t, IsDelegation(
filepath.Join(CanonicalTargetsRole, "directory")+"/../../traversal")) filepath.Join(CanonicalTargetsRole, "directory")+"/../../traversal"))
@ -216,6 +221,9 @@ func TestIsDelegation(t *testing.T) {
assert.False(t, IsDelegation( assert.False(t, IsDelegation(
filepath.Join(CanonicalTargetsRole, "white space"+"level2"))) filepath.Join(CanonicalTargetsRole, "white space"+"level2")))
assert.False(t, IsDelegation(
filepath.Join(CanonicalTargetsRole, strings.Repeat("x", 256-len(CanonicalTargetsRole)))))
} }
func TestValidRoleFunction(t *testing.T) { func TestValidRoleFunction(t *testing.T) {