Use the same logic to parse the registry URL (#11320)

Use the same logic to parse the registry URL to fix #11274

Signed-off-by: Wenkai Yin <yinw@vmware.com>
This commit is contained in:
Wenkai Yin(尹文开) 2020-03-27 10:33:20 +08:00 committed by GitHub
parent e8cc84738a
commit f4ad0fbf00
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -5,7 +5,6 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"strconv" "strconv"
"strings"
common_http "github.com/goharbor/harbor/src/common/http" common_http "github.com/goharbor/harbor/src/common/http"
"github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/common/utils"
@ -208,10 +207,13 @@ func (t *RegistryAPI) Post() {
t.SendConflictError(fmt.Errorf("name '%s' is already used", r.Name)) t.SendConflictError(fmt.Errorf("name '%s' is already used", r.Name))
return return
} }
i := strings.Index(r.URL, "://") url, err := utils.ParseEndpoint(r.URL)
if i == -1 { if err != nil {
r.URL = fmt.Sprintf("http://%s", r.URL) t.SendBadRequestError(err)
return
} }
// Prevent SSRF security issue #3755
r.URL = url.Scheme + "://" + url.Host + url.Path
status, err := registry.CheckHealthStatus(r) status, err := registry.CheckHealthStatus(r)
if err != nil { if err != nil {