mirror of
https://github.com/goharbor/harbor.git
synced 2024-12-22 16:48:30 +01:00
Use the same logic to parse the registry URL (#11320)
Use the same logic to parse the registry URL to fix #11274 Signed-off-by: Wenkai Yin <yinw@vmware.com>
This commit is contained in:
parent
e8cc84738a
commit
f4ad0fbf00
@ -5,7 +5,6 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
|
||||||
|
|
||||||
common_http "github.com/goharbor/harbor/src/common/http"
|
common_http "github.com/goharbor/harbor/src/common/http"
|
||||||
"github.com/goharbor/harbor/src/common/utils"
|
"github.com/goharbor/harbor/src/common/utils"
|
||||||
@ -208,10 +207,13 @@ func (t *RegistryAPI) Post() {
|
|||||||
t.SendConflictError(fmt.Errorf("name '%s' is already used", r.Name))
|
t.SendConflictError(fmt.Errorf("name '%s' is already used", r.Name))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
i := strings.Index(r.URL, "://")
|
url, err := utils.ParseEndpoint(r.URL)
|
||||||
if i == -1 {
|
if err != nil {
|
||||||
r.URL = fmt.Sprintf("http://%s", r.URL)
|
t.SendBadRequestError(err)
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
// Prevent SSRF security issue #3755
|
||||||
|
r.URL = url.Scheme + "://" + url.Host + url.Path
|
||||||
|
|
||||||
status, err := registry.CheckHealthStatus(r)
|
status, err := registry.CheckHealthStatus(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Loading…
Reference in New Issue
Block a user