We use cookies to ensure you get the best experience on our website
Domů Procházet Nápověda
Registrovat se Přihlásit se
0ct0pu5
/
moby
1
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Procházet zdrojové kódy

If url includes scheme, urlPath will drop hostname, which would not match the auth check

Signed-off-by: Jameson Hyde <jameson.hyde@docker.com>
(cherry picked from commit 754fb8d9d03895ae3ab60d2ad778152b0d835206)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>
Jameson Hyde před 6 roky
rodič
fc274cd2ff
revize
a79fabbfe8
2 změnil soubory, kde provedl 38 přidání a 3 odebrání
Jednotné zobrazení Ukázat statistiku rozdílových dat
  1. 3 3
      pkg/authorization/authz.go
  2. 35 0
      pkg/authorization/authz_unix_test.go

+ 3 - 3
pkg/authorization/authz.go
Zobrazit soubor 

@@ -56,11 +56,11 @@ type Ctx struct {
 
 
 
 func isChunked(r *http.Request) bool {
 
 func isChunked(r *http.Request) bool {
 
 	//RFC 7230 specifies that content length is to be ignored if Transfer-Encoding is chunked
 
 	//RFC 7230 specifies that content length is to be ignored if Transfer-Encoding is chunked
 
-	if strings.ToLower(r.Header.Get("Transfer-Encoding")) == "chunked" {
 
+	if strings.EqualFold(r.Header.Get("Transfer-Encoding"), "chunked") {
 
 		return true
 
 		return true
 
 	}
 
 	}
 
 	for _, v := range r.TransferEncoding {
 
 	for _, v := range r.TransferEncoding {
 
-		if 0 == strings.Compare(strings.ToLower(v), "chunked") {
 
+		if strings.EqualFold(v, "chunked") {
 
 			return true
 
 			return true
 
 		}
 
 		}
 
 	}
 
 	}
 
@@ -162,7 +162,7 @@ func drainBody(body io.ReadCloser) ([]byte, io.ReadCloser, error) {
 
 
 
 func isAuthEndpoint(urlPath string) (bool, error) {
 
 func isAuthEndpoint(urlPath string) (bool, error) {
 
 	// eg www.test.com/v1.24/auth/optional?optional1=something&optional2=something (version optional)
 
 	// eg www.test.com/v1.24/auth/optional?optional1=something&optional2=something (version optional)
 
-	matched, err := regexp.MatchString(`^[^\/]+\/(v\d[\d\.]*\/)?auth.*`, urlPath)
 
+	matched, err := regexp.MatchString(`^[^\/]*\/(v\d[\d\.]*\/)?auth.*`, urlPath)
 
 	if err != nil {
 
 	if err != nil {
 
 		return false, err
 
 		return false, err
 
 	}
 
 	}

+ 35 - 0
pkg/authorization/authz_unix_test.go
Zobrazit soubor 

@@ -259,6 +259,41 @@ func TestSendBody(t *testing.T) {
 
 				contentType: "application/json;charset=UTF8",
 
 				contentType: "application/json;charset=UTF8",
 
 				expected:    false,
 
 				expected:    false,
 
 			},
 
 			},
 
+			{
 
+				url:         "www.nothing.com/v1.24/auth/test",
 
+				contentType: "application/json;charset=UTF8",
 
+				expected:    false,
 
+			},
 
+			{
 
+				url:         "https://www.nothing.com/v1.24/auth/test",
 
+				contentType: "application/json;charset=UTF8",
 
+				expected:    false,
 
+			},
 
+			{
 
+				url:         "http://nothing.com/v1.24/auth/test",
 
+				contentType: "application/json;charset=UTF8",
 
+				expected:    false,
 
+			},
 
+			{
 
+				url:         "www.nothing.com/test?p1=/auth",
 
+				contentType: "application/json;charset=UTF8",
 
+				expected:    true,
 
+			},
 
+			{
 
+				url:         "http://www.nothing.com/test?p1=/auth",
 
+				contentType: "application/json;charset=UTF8",
 
+				expected:    true,
 
+			},
 
+			{
 
+				url:         "www.nothing.com/something/auth",
 
+				contentType: "application/json;charset=UTF8",
 
+				expected:    true,
 
+			},
 
+			{
 
+				url:         "https://www.nothing.com/something/auth",
 
+				contentType: "application/json;charset=UTF8",
 
+				expected:    true,
 
+			},
 
 		}
 
 		}
 
 	)
 
 	)

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5