Project

Profile

Help

Issue #8303

closed

push of an image that contains foreign layers should not succeed

Added by ipanova@redhat.com almost 4 years ago. Updated about 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 109
Quarter:

Description

https://github.com/pulp/pulp_container/blob/2.3/pulp_container/app/registry_api.py#L459

Our upload logic does not seem to check on the type of the blob that is being uploaded. Foreign layers should be rejected. We should check on the content_type provided in the request.

We should audit manifests too.

https://github.com/pulp/pulp_container/blob/2.3/pulp_container/app/registry_api.py#L576

Actions #1

Updated by ipanova@redhat.com almost 4 years ago

  • Triaged changed from No to Yes
Actions #2

Updated by ipanova@redhat.com about 3 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ipanova@redhat.com
  • Sprint set to Sprint 107
Actions #3

Updated by ipanova@redhat.com about 3 years ago

  • Status changed from ASSIGNED to POST
Actions #4

Updated by rchan about 3 years ago

  • Sprint changed from Sprint 107 to Sprint 108
Actions #5

Updated by rchan about 3 years ago

  • Sprint changed from Sprint 108 to Sprint 109

Added by ipanova@redhat.com about 3 years ago

Revision 0a8fe8b5 | View on GitHub

Fixed blob content_type headers and added blob/manifest validation.

closes #9571 closes #8303

Added by ipanova@redhat.com about 3 years ago

Revision 0a8fe8b5 | View on GitHub

Fixed blob content_type headers and added blob/manifest validation.

closes #9571 closes #8303

Actions #6

Updated by ipanova@redhat.com about 3 years ago

  • Status changed from POST to MODIFIED
Actions #7

Updated by ipanova@redhat.com about 3 years ago

  • Sprint/Milestone set to 2.10.0
Actions #8

Updated by pulpbot about 3 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

Also available in: Atom PDF