Actions
Issue #8303
closedpush of an image that contains foreign layers should not succeed
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 109
Quarter:
Description
https://github.com/pulp/pulp_container/blob/2.3/pulp_container/app/registry_api.py#L459
Our upload logic does not seem to check on the type of the blob that is being uploaded. Foreign layers should be rejected. We should check on the content_type provided in the request.
We should audit manifests too.
https://github.com/pulp/pulp_container/blob/2.3/pulp_container/app/registry_api.py#L576
Updated by ipanova@redhat.com about 3 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to ipanova@redhat.com
- Sprint set to Sprint 107
Updated by ipanova@redhat.com about 3 years ago
- Status changed from ASSIGNED to POST
Added by ipanova@redhat.com about 3 years ago
Added by ipanova@redhat.com about 3 years ago
Updated by ipanova@redhat.com about 3 years ago
- Status changed from POST to MODIFIED
Applied in changeset 0a8fe8b5d7c3eb5649283212465a298f7c84057d.
Updated by pulpbot about 3 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions
Fixed blob content_type headers and added blob/manifest validation.
closes #9571 closes #8303