Merge pull request #15124 from ywk253100/210610_rep

Add validation for destination namespace when creating/updating replication policy
This commit is contained in:
Wenkai Yin(尹文开) 2021-06-15 09:46:09 +08:00 committed by GitHub
commit 4997eea4c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 21 additions and 2 deletions

View File

@ -17,14 +17,15 @@ package model
import ( import (
"encoding/json" "encoding/json"
"fmt" "fmt"
"github.com/robfig/cron"
"strings" "strings"
"time" "time"
"github.com/goharbor/harbor/src/lib"
"github.com/goharbor/harbor/src/lib/errors" "github.com/goharbor/harbor/src/lib/errors"
"github.com/goharbor/harbor/src/lib/log" "github.com/goharbor/harbor/src/lib/log"
"github.com/goharbor/harbor/src/pkg/reg/model" "github.com/goharbor/harbor/src/pkg/reg/model"
replicationmodel "github.com/goharbor/harbor/src/pkg/replication/model" replicationmodel "github.com/goharbor/harbor/src/pkg/replication/model"
"github.com/robfig/cron"
) )
// Policy defines the structure of a replication policy // Policy defines the structure of a replication policy
@ -112,6 +113,14 @@ func (p *Policy) Validate() error {
} }
} }
// valid the destination namespace
if len(p.DestNamespace) > 0 {
if !lib.RepositoryNameRe.MatchString(p.DestNamespace) {
return errors.New(nil).WithCode(errors.BadRequestCode).
WithMessage("invalid destination namespace: %s", p.DestNamespace)
}
}
// valid trigger // valid trigger
if p.Trigger != nil { if p.Trigger != nil {
switch p.Trigger.Type { switch p.Trigger.Type {

View File

@ -26,8 +26,10 @@ var (
V2BlobURLRe = regexp.MustCompile(fmt.Sprintf(`^/v2/(?P<%s>%s)/blobs/(?P<%s>%s)$`, RepositorySubexp, reference.NameRegexp.String(), DigestSubexp, digest.DigestRegexp.String())) V2BlobURLRe = regexp.MustCompile(fmt.Sprintf(`^/v2/(?P<%s>%s)/blobs/(?P<%s>%s)$`, RepositorySubexp, reference.NameRegexp.String(), DigestSubexp, digest.DigestRegexp.String()))
// V2BlobUploadURLRe is the regular expression for matching the request to v2 handler to upload a blob, the upload uuid currently is not put into a group // V2BlobUploadURLRe is the regular expression for matching the request to v2 handler to upload a blob, the upload uuid currently is not put into a group
V2BlobUploadURLRe = regexp.MustCompile(fmt.Sprintf(`^/v2/(?P<%s>%s)/blobs/uploads[/a-zA-Z0-9\-_\.=]*$`, RepositorySubexp, reference.NameRegexp.String())) V2BlobUploadURLRe = regexp.MustCompile(fmt.Sprintf(`^/v2/(?P<%s>%s)/blobs/uploads[/a-zA-Z0-9\-_\.=]*$`, RepositorySubexp, reference.NameRegexp.String()))
// V2CatalogURLRe is the regular expression for mathing the request to v2 handler to list catalog // V2CatalogURLRe is the regular expression for matching the request to v2 handler to list catalog
V2CatalogURLRe = regexp.MustCompile(`^/v2/_catalog(/.*)?$`) V2CatalogURLRe = regexp.MustCompile(`^/v2/_catalog(/.*)?$`)
// RepositoryNameRe is the regular expression for matching repository name
RepositoryNameRe = regexp.MustCompile(fmt.Sprintf("^%s$", reference.NameRegexp))
) )
// MatchManifestURLPattern checks whether the provided path matches the manifest URL pattern, // MatchManifestURLPattern checks whether the provided path matches the manifest URL pattern,

View File

@ -102,3 +102,11 @@ func TestMatchCatalogURLPattern(t *testing.T) {
assert.Equal(t, c.match, V2CatalogURLRe.MatchString(c.url), "failed for %s", c.url) assert.Equal(t, c.match, V2CatalogURLRe.MatchString(c.url), "failed for %s", c.url)
} }
} }
func TestRepositoryNamePattern(t *testing.T) {
assert := assert.New(t)
assert.False(RepositoryNameRe.MatchString("a/*"))
assert.False(RepositoryNameRe.MatchString("a/"))
assert.True(RepositoryNameRe.MatchString("a/b"))
assert.True(RepositoryNameRe.MatchString("a"))
}