cmd/oci-image-tool: validate descriptors MediaType

runcom · runcom · commit 4829143aff2e · 2016-09-06T19:12:52.000+02:00
Signed-off-by: Antonio Murdaca &lt;runcom@redhat.com&gt;
diff --git a/image/descriptor.go b/image/descriptor.go
@@ -73,7 +73,17 @@ func findDescriptor(w walker, name string) (*descriptor, error) {
 	}
 }
 
-func (d *descriptor) validate(w walker) error {
+func (d *descriptor) validate(w walker, mts []string) error {
+	var found bool
+	for _, mt := range mts {
+		if d.MediaType == mt {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return fmt.Errorf("invalid descriptor MediaType %q", d.MediaType)
+	}
 	switch err := w.walk(func(path string, info os.FileInfo, r io.Reader) error {
 		if info.IsDir() {
 			return nil
diff --git a/image/image.go b/image/image.go
@@ -20,6 +20,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
@@ -43,14 +44,19 @@ func Validate(tarFile string, refs []string, out *log.Logger) error {
 	return validate(newTarWalker(f), refs, out)
 }
 
+var validRefMediaTypes = []string{
+	v1.MediaTypeImageManifest,
+	v1.MediaTypeImageManifestList,
+}
+
 func validate(w walker, refs []string, out *log.Logger) error {
 	for _, r := range refs {
 		ref, err := findDescriptor(w, r)
 		if err != nil {
 			return err
 		}
 
-		if err = ref.validate(w); err != nil {
+		if err = ref.validate(w, validRefMediaTypes); err != nil {
 			return err
 		}
 
@@ -97,7 +103,7 @@ func unpack(w walker, dest, refName string) error {
 		return err
 	}
 
-	if err = ref.validate(w); err != nil {
+	if err = ref.validate(w, validRefMediaTypes); err != nil {
 		return err
 	}
 
@@ -139,7 +145,7 @@ func createRuntimeBundle(w walker, dest, refName, rootfs string) error {
 		return err
 	}
 
-	if err = ref.validate(w); err != nil {
+	if err = ref.validate(w, validRefMediaTypes); err != nil {
 		return err
 	}
 
diff --git a/image/manifest.go b/image/manifest.go
@@ -28,6 +28,7 @@ import (
 	"time"
 
 	"github.com/opencontainers/image-spec/schema"
+	"github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
@@ -74,12 +75,12 @@ func findManifest(w walker, d *descriptor) (*manifest, error) {
 }
 
 func (m *manifest) validate(w walker) error {
-	if err := m.Config.validate(w); err != nil {
+	if err := m.Config.validate(w, []string{v1.MediaTypeImageConfig}); err != nil {
 		return errors.Wrap(err, "config validation failed")
 	}
 
 	for _, d := range m.Layers {
-		if err := d.validate(w); err != nil {
+		if err := d.validate(w, []string{v1.MediaTypeImageLayer}); err != nil {
 			return errors.Wrap(err, "layer validation failed")
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ import (`
`20`	`20`	`"os"`
`21`	`21`	`"path/filepath"`
`22`	`22`
	`23`	`+ "github.com/opencontainers/image-spec/specs-go/v1"`
`23`	`24`	`"github.com/pkg/errors"`
`24`	`25`	`)`
`25`	`26`
`@@ -43,14 +44,19 @@ func Validate(tarFile string, refs []string, out *log.Logger) error {`
`43`	`44`	`return validate(newTarWalker(f), refs, out)`
`44`	`45`	`}`
`45`	`46`
	`47`	`+var validRefMediaTypes = []string{`
	`48`	`+ v1.MediaTypeImageManifest,`
	`49`	`+ v1.MediaTypeImageManifestList,`
	`50`	`+}`
	`51`	`+`
`46`	`52`	`func validate(w walker, refs []string, out *log.Logger) error {`
`47`	`53`	`for _, r := range refs {`
`48`	`54`	`ref, err := findDescriptor(w, r)`
`49`	`55`	`if err != nil {`
`50`	`56`	`return err`
`51`	`57`	`}`
`52`	`58`
`53`		`- if err = ref.validate(w); err != nil {`
	`59`	`+ if err = ref.validate(w, validRefMediaTypes); err != nil {`
`54`	`60`	`return err`
`55`	`61`	`}`
`56`	`62`
`@@ -97,7 +103,7 @@ func unpack(w walker, dest, refName string) error {`
`97`	`103`	`return err`
`98`	`104`	`}`
`99`	`105`
`100`		`- if err = ref.validate(w); err != nil {`
	`106`	`+ if err = ref.validate(w, validRefMediaTypes); err != nil {`
`101`	`107`	`return err`
`102`	`108`	`}`
`103`	`109`
`@@ -139,7 +145,7 @@ func createRuntimeBundle(w walker, dest, refName, rootfs string) error {`
`139`	`145`	`return err`
`140`	`146`	`}`
`141`	`147`
`142`		`- if err = ref.validate(w); err != nil {`
	`148`	`+ if err = ref.validate(w, validRefMediaTypes); err != nil {`
`143`	`149`	`return err`
`144`	`150`	`}`
`145`	`151`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ import (`
`28`	`28`	`"time"`
`29`	`29`
`30`	`30`	`"github.com/opencontainers/image-spec/schema"`
	`31`	`+ "github.com/opencontainers/image-spec/specs-go/v1"`
`31`	`32`	`"github.com/pkg/errors"`
`32`	`33`	`)`
`33`	`34`
`@@ -74,12 +75,12 @@ func findManifest(w walker, d descriptor) (manifest, error) {`
`74`	`75`	`}`
`75`	`76`
`76`	`77`	`func (m *manifest) validate(w walker) error {`
`77`		`- if err := m.Config.validate(w); err != nil {`
	`78`	`+ if err := m.Config.validate(w, []string{v1.MediaTypeImageConfig}); err != nil {`
`78`	`79`	`return errors.Wrap(err, "config validation failed")`
`79`	`80`	`}`
`80`	`81`
`81`	`82`	`for _, d := range m.Layers {`
`82`		`- if err := d.validate(w); err != nil {`
	`83`	`+ if err := d.validate(w, []string{v1.MediaTypeImageLayer}); err != nil {`
`83`	`84`	`return errors.Wrap(err, "layer validation failed")`
`84`	`85`	`}`
`85`	`86`	`}`