cmd/oci-image-tool: validate descriptors MediaType

runcom · runcom · commit 7eb8a4b6798c · 2016-09-06T10:26:39.000+02:00
Signed-off-by: Antonio Murdaca &lt;runcom@redhat.com&gt;
diff --git a/image/descriptor.go b/image/descriptor.go
@@ -73,7 +73,17 @@ func findDescriptor(w walker, name string) (*descriptor, error) {
 	}
 }
 
-func (d *descriptor) validate(w walker) error {
+func (d *descriptor) validate(w walker, mts []string) error {
+	var found bool
+	for _, mt := range mts {
+		if d.MediaType == mt {
+			found = true
+			break
+		}
+	}
+	if !found {
+		return fmt.Errorf("invalid descriptor MediaType %q", d.MediaType)
+	}
 	switch err := w.walk(func(path string, info os.FileInfo, r io.Reader) error {
 		if info.IsDir() {
 			return nil
diff --git a/image/image.go b/image/image.go
@@ -19,6 +19,7 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
@@ -42,13 +43,18 @@ func Validate(tarFile, ref string) error {
 	return validate(newTarWalker(f), ref)
 }
 
+var validRefMediaTypes = []string{
+	v1.MediaTypeImageManifest,
+	v1.MediaTypeImageManifestList,
+}
+
 func validate(w walker, refName string) error {
 	ref, err := findDescriptor(w, refName)
 	if err != nil {
 		return err
 	}
 
-	if err = ref.validate(w); err != nil {
+	if err = ref.validate(w, validRefMediaTypes); err != nil {
 		return err
 	}
 
@@ -88,7 +94,7 @@ func unpack(w walker, dest, refName string) error {
 		return err
 	}
 
-	if err = ref.validate(w); err != nil {
+	if err = ref.validate(w, validRefMediaTypes); err != nil {
 		return err
 	}
 
@@ -130,7 +136,7 @@ func createRuntimeBundle(w walker, dest, refName, rootfs string) error {
 		return err
 	}
 
-	if err = ref.validate(w); err != nil {
+	if err = ref.validate(w, validRefMediaTypes); err != nil {
 		return err
 	}
 
diff --git a/image/manifest.go b/image/manifest.go
@@ -28,6 +28,7 @@ import (
 	"time"
 
 	"github.com/opencontainers/image-spec/schema"
+	"github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 )
 
@@ -74,12 +75,12 @@ func findManifest(w walker, d *descriptor) (*manifest, error) {
 }
 
 func (m *manifest) validate(w walker) error {
-	if err := m.Config.validate(w); err != nil {
+	if err := m.Config.validate(w, []string{v1.MediaTypeImageConfig}); err != nil {
 		return errors.Wrap(err, "config validation failed")
 	}
 
 	for _, d := range m.Layers {
-		if err := d.validate(w); err != nil {
+		if err := d.validate(w, []string{v1.MediaTypeImageLayer}); err != nil {
 			return errors.Wrap(err, "layer validation failed")
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@ import (`
`19`	`19`	`"os"`
`20`	`20`	`"path/filepath"`
`21`	`21`
	`22`	`+ "github.com/opencontainers/image-spec/specs-go/v1"`
`22`	`23`	`"github.com/pkg/errors"`
`23`	`24`	`)`
`24`	`25`
`@@ -42,13 +43,18 @@ func Validate(tarFile, ref string) error {`
`42`	`43`	`return validate(newTarWalker(f), ref)`
`43`	`44`	`}`
`44`	`45`
	`46`	`+var validRefMediaTypes = []string{`
	`47`	`+ v1.MediaTypeImageManifest,`
	`48`	`+ v1.MediaTypeImageManifestList,`
	`49`	`+}`
	`50`	`+`
`45`	`51`	`func validate(w walker, refName string) error {`
`46`	`52`	`ref, err := findDescriptor(w, refName)`
`47`	`53`	`if err != nil {`
`48`	`54`	`return err`
`49`	`55`	`}`
`50`	`56`
`51`		`- if err = ref.validate(w); err != nil {`
	`57`	`+ if err = ref.validate(w, validRefMediaTypes); err != nil {`
`52`	`58`	`return err`
`53`	`59`	`}`
`54`	`60`
`@@ -88,7 +94,7 @@ func unpack(w walker, dest, refName string) error {`
`88`	`94`	`return err`
`89`	`95`	`}`
`90`	`96`
`91`		`- if err = ref.validate(w); err != nil {`
	`97`	`+ if err = ref.validate(w, validRefMediaTypes); err != nil {`
`92`	`98`	`return err`
`93`	`99`	`}`
`94`	`100`
`@@ -130,7 +136,7 @@ func createRuntimeBundle(w walker, dest, refName, rootfs string) error {`
`130`	`136`	`return err`
`131`	`137`	`}`
`132`	`138`
`133`		`- if err = ref.validate(w); err != nil {`
	`139`	`+ if err = ref.validate(w, validRefMediaTypes); err != nil {`
`134`	`140`	`return err`
`135`	`141`	`}`
`136`	`142`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ import (`
`28`	`28`	`"time"`
`29`	`29`
`30`	`30`	`"github.com/opencontainers/image-spec/schema"`
	`31`	`+ "github.com/opencontainers/image-spec/specs-go/v1"`
`31`	`32`	`"github.com/pkg/errors"`
`32`	`33`	`)`
`33`	`34`
`@@ -74,12 +75,12 @@ func findManifest(w walker, d descriptor) (manifest, error) {`
`74`	`75`	`}`
`75`	`76`
`76`	`77`	`func (m *manifest) validate(w walker) error {`
`77`		`- if err := m.Config.validate(w); err != nil {`
	`78`	`+ if err := m.Config.validate(w, []string{v1.MediaTypeImageConfig}); err != nil {`
`78`	`79`	`return errors.Wrap(err, "config validation failed")`
`79`	`80`	`}`
`80`	`81`
`81`	`82`	`for _, d := range m.Layers {`
`82`		`- if err := d.validate(w); err != nil {`
	`83`	`+ if err := d.validate(w, []string{v1.MediaTypeImageLayer}); err != nil {`
`83`	`84`	`return errors.Wrap(err, "layer validation failed")`
`84`	`85`	`}`
`85`	`86`	`}`