Skip to content
This repository was archived by the owner on Sep 12, 2018. It is now read-only.

Commit 7d650d4

Browse files
author
Olivier Gambier
committed
Additional checks on image ids
1 parent 43571dc commit 7d650d4

File tree

1 file changed

+20
-0
lines changed

1 file changed

+20
-0
lines changed

docker_registry/images.py

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
import datetime
44
import functools
55
import logging
6+
import re
67
import time
78

89
import flask
@@ -27,6 +28,7 @@
2728

2829
store = storage.load()
2930
logger = logging.getLogger(__name__)
31+
_re_hex_image_id = re.compile(r'^([a-f0-9]{16}|[a-f0-9]{64})$')
3032

3133

3234
def require_completion(f):
@@ -60,6 +62,16 @@ def wrapper(*args, **kwargs):
6062
return wrapper
6163

6264

65+
def valid_image_id(f):
66+
@functools.wraps(f)
67+
def wrapper(*args, **kwargs):
68+
image_id = kwargs.get('image_id', '')
69+
if _re_hex_image_id.match(image_id):
70+
return f(*args, **kwargs)
71+
return toolkit.api_error("Invalid image ID", 404)
72+
return wrapper
73+
74+
6375
def _get_image_layer(image_id, headers=None, bytes_range=None):
6476
if headers is None:
6577
headers = {}
@@ -172,6 +184,7 @@ def _valid_bytes_range(bytes_range):
172184
@app.route('/v1/images/<image_id>/layer', methods=['GET'])
173185
@toolkit.requires_auth
174186
@require_completion
187+
@valid_image_id
175188
@set_cache_headers
176189
@mirroring.source_lookup(cache=True, stream=True)
177190
def get_image_layer(image_id, headers):
@@ -193,6 +206,7 @@ def get_image_layer(image_id, headers):
193206

194207
@app.route('/v1/images/<image_id>/layer', methods=['PUT'])
195208
@toolkit.requires_auth
209+
@valid_image_id
196210
def put_image_layer(image_id):
197211
client_version = toolkit.docker_client_version()
198212
if client_version and client_version < (0, 10):
@@ -227,6 +241,7 @@ def put_image_layer(image_id):
227241

228242
@app.route('/v1/images/<image_id>/checksum', methods=['PUT'])
229243
@toolkit.requires_auth
244+
@valid_image_id
230245
def put_image_checksum(image_id):
231246
checksum = flask.request.headers.get('X-Docker-Checksum-Payload')
232247
if checksum is None:
@@ -256,6 +271,7 @@ def put_image_checksum(image_id):
256271

257272
@app.route('/v1/images/<image_id>/json', methods=['GET'])
258273
@toolkit.requires_auth
274+
@valid_image_id
259275
@require_completion
260276
@set_cache_headers
261277
@mirroring.source_lookup(cache=True, stream=False)
@@ -274,6 +290,7 @@ def get_image_json(image_id, headers):
274290

275291
@app.route('/v1/images/<image_id>/ancestry', methods=['GET'])
276292
@toolkit.requires_auth
293+
@valid_image_id
277294
@require_completion
278295
@set_cache_headers
279296
@mirroring.source_lookup(cache=True, stream=False)
@@ -325,6 +342,7 @@ def load_checksums(image_id):
325342

326343
@app.route('/v1/images/<image_id>/json', methods=['PUT'])
327344
@toolkit.requires_auth
345+
@valid_image_id
328346
def put_image_json(image_id):
329347
data = None
330348
try:
@@ -372,6 +390,7 @@ def put_image_json(image_id):
372390

373391
@app.route('/v1/images/<image_id>/files', methods=['GET'])
374392
@toolkit.requires_auth
393+
@valid_image_id
375394
@require_completion
376395
@set_cache_headers
377396
def get_image_files(image_id, headers):
@@ -392,6 +411,7 @@ def get_image_files(image_id, headers):
392411

393412
@app.route('/v1/images/<image_id>/diff', methods=['GET'])
394413
@toolkit.requires_auth
414+
@valid_image_id
395415
@require_completion
396416
@set_cache_headers
397417
def get_image_diff(image_id, headers):

0 commit comments

Comments
 (0)