mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-24 09:38:09 +01:00
Don't return the error detail back to the client when adding registry
Don't return the error detail back to the client when adding registry to avoid security issue Signed-off-by: Wenkai Yin <yinw@vmware.com>
This commit is contained in:
parent
bad8f026fc
commit
9493611666
@ -6,7 +6,6 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
|
||||||
common_http "github.com/goharbor/harbor/src/common/http"
|
|
||||||
common_models "github.com/goharbor/harbor/src/common/models"
|
common_models "github.com/goharbor/harbor/src/common/models"
|
||||||
"github.com/goharbor/harbor/src/common/utils"
|
"github.com/goharbor/harbor/src/common/utils"
|
||||||
"github.com/goharbor/harbor/src/core/api/models"
|
"github.com/goharbor/harbor/src/core/api/models"
|
||||||
@ -111,21 +110,12 @@ func (t *RegistryAPI) Ping() {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
status, err := registry.CheckHealthStatus(reg)
|
status := t.getHealthStatus(reg)
|
||||||
if err != nil {
|
if status != model.Healthy {
|
||||||
e, ok := err.(*common_http.Error)
|
t.SendBadRequestError(errors.New("the registry is unhealthy"))
|
||||||
if ok && e.Code == http.StatusUnauthorized {
|
|
||||||
t.SendBadRequestError(errors.New("invalid credential"))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
t.SendInternalServerError(fmt.Errorf("failed to check health of registry %s: %v", reg.URL, err))
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if status != model.Healthy {
|
|
||||||
t.SendBadRequestError(errors.New(""))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -226,13 +216,9 @@ func (t *RegistryAPI) Post() {
|
|||||||
// Prevent SSRF security issue #3755
|
// Prevent SSRF security issue #3755
|
||||||
r.URL = url.Scheme + "://" + url.Host + url.Path
|
r.URL = url.Scheme + "://" + url.Host + url.Path
|
||||||
|
|
||||||
status, err := registry.CheckHealthStatus(r)
|
status := t.getHealthStatus(r)
|
||||||
if err != nil {
|
|
||||||
t.SendBadRequestError(fmt.Errorf("health check to registry %s failed: %v", r.URL, err))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if status != model.Healthy {
|
if status != model.Healthy {
|
||||||
t.SendBadRequestError(fmt.Errorf("registry %s is unhealthy: %s", r.URL, status))
|
t.SendBadRequestError(errors.New("the registry is unhealthy"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -247,6 +233,15 @@ func (t *RegistryAPI) Post() {
|
|||||||
t.Redirect(http.StatusCreated, strconv.FormatInt(id, 10))
|
t.Redirect(http.StatusCreated, strconv.FormatInt(id, 10))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (t *RegistryAPI) getHealthStatus(r *model.Registry) string {
|
||||||
|
status, err := registry.CheckHealthStatus(r)
|
||||||
|
if err != nil {
|
||||||
|
log.Errorf("failed to check the health status of registry %s: %v", r.URL, err)
|
||||||
|
return model.Unhealthy
|
||||||
|
}
|
||||||
|
return string(status)
|
||||||
|
}
|
||||||
|
|
||||||
// Put updates a registry
|
// Put updates a registry
|
||||||
func (t *RegistryAPI) Put() {
|
func (t *RegistryAPI) Put() {
|
||||||
id, err := t.GetIDFromURL()
|
id, err := t.GetIDFromURL()
|
||||||
@ -313,13 +308,9 @@ func (t *RegistryAPI) Put() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
status, err := registry.CheckHealthStatus(r)
|
status := t.getHealthStatus(r)
|
||||||
if err != nil {
|
|
||||||
t.SendBadRequestError(fmt.Errorf("health check to registry %s failed: %v", r.URL, err))
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if status != model.Healthy {
|
if status != model.Healthy {
|
||||||
t.SendBadRequestError(fmt.Errorf("registry %s is unhealthy: %s", r.URL, status))
|
t.SendBadRequestError(errors.New("the registry is unhealthy"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user