86ae5d2895
This fix tries to address the issue raised in 28769 where
checkpoint name was not checked before passing to containerd.
As a result, it was possible to use a special checkpoint name
to get outside of the container's directory.
This fix add restriction `[a-zA-Z0-9][a-zA-Z0-9_.-]+` (`RestrictedNamePattern`).
This is the same as container name restriction.
This fix fixes 28769.
Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit c90ec05175
)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
9 lines
416 B
Go
9 lines
416 B
Go
package utils
|
|
|
|
import "regexp"
|
|
|
|
// RestrictedNameChars collects the characters allowed to represent a name, normally used to validate container and volume names.
|
|
const RestrictedNameChars = `[a-zA-Z0-9][a-zA-Z0-9_.-]`
|
|
|
|
// RestrictedNamePattern is a regular expression to validate names against the collection of restricted characters.
|
|
var RestrictedNamePattern = regexp.MustCompile(`^` + RestrictedNameChars + `+$`)
|