c90ec05175
This fix tries to address the issue raised in 28769 where checkpoint name was not checked before passing to containerd. As a result, it was possible to use a special checkpoint name to get outside of the container's directory. This fix add restriction `[a-zA-Z0-9][a-zA-Z0-9_.-]+` (`RestrictedNamePattern`). This is the same as container name restriction. This fix fixes 28769. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
9 lines
416 B
Go
9 lines
416 B
Go
package utils
|
|
|
|
import "regexp"
|
|
|
|
// RestrictedNameChars collects the characters allowed to represent a name, normally used to validate container and volume names.
|
|
const RestrictedNameChars = `[a-zA-Z0-9][a-zA-Z0-9_.-]`
|
|
|
|
// RestrictedNamePattern is a regular expression to validate names against the collection of restricted characters.
|
|
var RestrictedNamePattern = regexp.MustCompile(`^` + RestrictedNameChars + `+$`)
|