Skip to content

Commit 02ba6e2

Browse files
sudo-bmitchsudo-bmitch
committed
Descriptor size cannot be negative
Signed-off-by: Brandon Mitchell <[email protected]>
1 parent 2daaaaf commit 02ba6e2

File tree

4 files changed

+125
-69
lines changed

4 files changed

+125
-69
lines changed

descriptor.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ The following fields contain the primary properties that constitute a Descriptor
3434
This REQUIRED property specifies the size, in bytes, of the raw content.
3535
This property exists so that a client will have an expected size for the content before processing.
3636
If the length of the retrieved content does not match the specified length, the content SHOULD NOT be trusted.
37+
The size MUST NOT be negative.
3738

3839
- **`urls`** *array of strings*
3940

schema/content-descriptor.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
},
1111
"size": {
1212
"description": "the size in bytes of the referenced object",
13-
"$ref": "defs.json#/definitions/int64"
13+
"$ref": "defs-descriptor.json#/definitions/size"
1414
},
1515
"digest": {
1616
"description": "the cryptographic checksum digest of the object, in the pattern '<algorithm>:<encoded>'",

schema/defs-descriptor.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,11 @@
77
"type": "string",
88
"pattern": "^[A-Za-z0-9][A-Za-z0-9!#$&^_.+-]{0,126}/[A-Za-z0-9][A-Za-z0-9!#$&^_.+-]{0,126}$"
99
},
10+
"size": {
11+
"type": "integer",
12+
"minimum": 0,
13+
"maximum": 9223372036854776000
14+
},
1015
"digest": {
1116
"description": "the cryptographic checksum digest of the object, in the pattern '<algorithm>:<encoded>'",
1217
"type": "string",

schema/descriptor_test.go

Lines changed: 118 additions & 68 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,18 @@ func TestDescriptor(t *testing.T) {
3838
fail: false,
3939
},
4040

41+
// zero length blob
42+
{
43+
descriptor: `
44+
{
45+
"mediaType": "application/octet-stream",
46+
"size": 0,
47+
"digest": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
48+
}
49+
`,
50+
fail: false,
51+
},
52+
4153
// expected failure: mediaType missing
4254
{
4355
descriptor: `
@@ -236,111 +248,149 @@ func TestDescriptor(t *testing.T) {
236248
// expected success: artifactType is present and an IANA compliant value
237249
{
238250
descriptor: `
239-
{
240-
"mediaType": "application/vnd.oci.image.manifest.v1+json",
241-
"artifactType": "application/vnd.oci.image.manifest.v1+json",
242-
"size": 7682,
243-
"digest": "sha256:5b0bcabd1ed22e9fb1310cf6c2dec7cdef19f0ad69efa1f392e94a4333501270"
244-
}
245-
`,
251+
{
252+
"mediaType": "application/vnd.oci.image.manifest.v1+json",
253+
"artifactType": "application/vnd.oci.image.manifest.v1+json",
254+
"size": 7682,
255+
"digest": "sha256:5b0bcabd1ed22e9fb1310cf6c2dec7cdef19f0ad69efa1f392e94a4333501270"
256+
}
257+
`,
246258
fail: false,
247259
},
248260

249261
// expected failure: artifactType does not match pattern (invalid first subtype character)
250262
{
251263
descriptor: `
252-
{
253-
"mediaType": "application/vnd.oci.image.manifest.v1+json",
254-
"artifactType": "foo/.bar",
255-
"size": 7682,
256-
"digest": "sha256:5b0bcabd1ed22e9fb1310cf6c2dec7cdef19f0ad69efa1f392e94a4333501270"
257-
}
258-
`,
264+
{
265+
"mediaType": "application/vnd.oci.image.manifest.v1+json",
266+
"artifactType": "foo/.bar",
267+
"size": 7682,
268+
"digest": "sha256:5b0bcabd1ed22e9fb1310cf6c2dec7cdef19f0ad69efa1f392e94a4333501270"
269+
}
270+
`,
259271
fail: true,
260272
},
261273

262274
// expected success: data field is present and has base64 content
263275
{
264276
descriptor: `
265-
{
266-
"mediaType": "text/plain",
267-
"size": 34,
268-
"data": "aHR0cHM6Ly9naXRodWIuY29tL29wZW5jb250YWluZXJzCg==",
269-
"digest": "sha256:2690af59371e9eca9453dc29882643f46e5ca47ec2862bd517b5e17351325153"
270-
}
271-
`,
277+
{
278+
"mediaType": "text/plain",
279+
"size": 34,
280+
"data": "aHR0cHM6Ly9naXRodWIuY29tL29wZW5jb250YWluZXJzCg==",
281+
"digest": "sha256:2690af59371e9eca9453dc29882643f46e5ca47ec2862bd517b5e17351325153"
282+
}
283+
`,
272284
fail: false,
273285
},
274286

287+
// expected success: test for alternate digest algorithm
275288
{
276-
descriptor: `{
277-
"mediaType": "application/vnd.oci.image.config.v1+json",
278-
"size": 1470,
279-
"digest": "sha256+b64:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
289+
descriptor: `
290+
{
291+
"mediaType": "application/vnd.oci.image.config.v1+json",
292+
"size": 1470,
293+
"digest": "sha256+b64:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
280294
}`,
295+
fail: false,
281296
},
297+
298+
// expected success: test for alternate digest algorithm
282299
{
283-
descriptor: `{
284-
"mediaType": "application/vnd.oci.image.config.v1+json",
285-
"size": 1470,
286-
"digest": "sha256+b64:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
287-
}`,
300+
descriptor: `
301+
{
302+
"mediaType": "application/vnd.oci.image.config.v1+json",
303+
"size": 1470,
304+
"digest": "sha256+b64:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
305+
}`,
306+
fail: false,
288307
},
308+
309+
// expected success: test for alternate digest algorithm
289310
{
290-
descriptor: `{
291-
"mediaType": "application/vnd.oci.image.config.v1+json",
292-
"size": 1470,
293-
"digest": "sha256+foo-bar:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
294-
}`,
311+
descriptor: `
312+
{
313+
"mediaType": "application/vnd.oci.image.config.v1+json",
314+
"size": 1470,
315+
"digest": "sha256+foo-bar:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
316+
}`,
317+
fail: false,
295318
},
319+
320+
// expected success: test for alternate digest algorithm
296321
{
297322
descriptor: `
298-
{
299-
"mediaType": "application/vnd.oci.image.config.v1+json",
300-
"size": 1470,
301-
"digest": "sha256.foo-bar:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
302-
}`,
323+
{
324+
"mediaType": "application/vnd.oci.image.config.v1+json",
325+
"size": 1470,
326+
"digest": "sha256.foo-bar:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
327+
}`,
328+
fail: false,
303329
},
330+
331+
// expected success: test for alternate digest algorithm
304332
{
305-
descriptor: `{
306-
"mediaType": "application/vnd.oci.image.config.v1+json",
307-
"size": 1470,
308-
"digest": "multihash+base58:QmRZxt2b1FVZPNqd8hsiykDL3TdBDeTSPX9Kv46HmX4Gx8"
309-
}`,
333+
descriptor: `
334+
{
335+
"mediaType": "application/vnd.oci.image.config.v1+json",
336+
"size": 1470,
337+
"digest": "multihash+base58:QmRZxt2b1FVZPNqd8hsiykDL3TdBDeTSPX9Kv46HmX4Gx8"
338+
}`,
339+
fail: false,
310340
},
341+
342+
// fail: repeated separators in algorithm
311343
{
312-
// fail: repeated separators in algorithm
313-
descriptor: `{
314-
"mediaType": "application/vnd.oci.image.config.v1+json",
315-
"size": 1470,
316-
"digest": "sha256+foo+-b:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
317-
}`,
344+
descriptor: `
345+
{
346+
"mediaType": "application/vnd.oci.image.config.v1+json",
347+
"size": 1470,
348+
"digest": "sha256+foo+-b:c86f7763873b6c0aae22d963bab59b4f5debbed6685761b5951584f6efb0633b"
349+
}`,
318350
fail: true,
319351
},
352+
353+
// expected success: test for alternate digest encoding
320354
{
321-
descriptor: `{
322-
"digest": "sha256+b64u:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
323-
"size": 1000000,
324-
"mediaType": "application/vnd.oci.image.config.v1+json"
325-
}`,
355+
descriptor: `
356+
{
357+
"digest": "sha256+b64u:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
358+
"size": 1000000,
359+
"mediaType": "application/vnd.oci.image.config.v1+json"
360+
}`,
361+
fail: false,
326362
},
363+
364+
// expected success: test for those who cannot use modulo arithmetic to recover padding.
327365
{
328-
// test for those who cannot use modulo arithmetic to recover padding.
329-
descriptor: `{
330-
"digest": "sha256+b64u.unknownlength:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564=",
331-
"size": 1000000,
332-
"mediaType": "application/vnd.oci.image.config.v1+json"
333-
}`,
366+
descriptor: `
367+
{
368+
"digest": "sha256+b64u.unknownlength:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564=",
369+
"size": 1000000,
370+
"mediaType": "application/vnd.oci.image.config.v1+json"
371+
}`,
334372
},
373+
374+
// expected failure: invalid data base64, missing padding
335375
{
336376
descriptor: `
377+
{
378+
"mediaType": "text/plain",
379+
"size": 34,
380+
"data": "aHR0cHM6Ly9naXRodWIuY29tL29wZW5jb250YWluZXJzCg",
381+
"digest": "sha256:2690af59371e9eca9453dc29882643f46e5ca47ec2862bd517b5e17351325153"
382+
}`,
383+
fail: true,
384+
},
385+
386+
// expected failure: negative size
337387
{
338-
"mediaType": "text/plain",
339-
"size": 34,
340-
"data": "aHR0cHM6Ly9naXRodWIuY29tL29wZW5jb250YWluZXJzCg",
341-
"digest": "sha256:2690af59371e9eca9453dc29882643f46e5ca47ec2862bd517b5e17351325153"
342-
}
343-
`,
388+
descriptor: `
389+
{
390+
"mediaType": "application/vnd.oci.image.manifest.v1+json",
391+
"size": -7682,
392+
"digest": "sha256:5b0bcabd1ed22e9fb1310cf6c2dec7cdef19f0ad69efa1f392e94a4333501270"
393+
}`,
344394
fail: true,
345395
},
346396
} {

0 commit comments

Comments
 (0)