-
Notifications
You must be signed in to change notification settings - Fork 247
Use HTTPS for Docker catalog assets #518
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -54,6 +54,32 @@ func Validate(ctx context.Context, rawURL string) error { | |
| return DefaultValidator().Validate(ctx, rawURL) | ||
| } | ||
|
|
||
| // UpgradeKnownHTTPURLToHTTPS rewrites legacy public HTTP URLs that are known to | ||
| // serve the same content over HTTPS. It deliberately does not relax validation | ||
| // for arbitrary HTTP URLs. | ||
| func UpgradeKnownHTTPURLToHTTPS(rawURL string) string { | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nicely scoped — exact-host match ( |
||
| u, err := url.Parse(rawURL) | ||
| if err != nil { | ||
| return rawURL | ||
| } | ||
| if !strings.EqualFold(u.Scheme, "http") { | ||
| return rawURL | ||
| } | ||
| if !strings.EqualFold(u.Hostname(), "desktop.docker.com") { | ||
| return rawURL | ||
| } | ||
| switch u.Port() { | ||
| case "": | ||
| u.Scheme = "https" | ||
| case "80": | ||
| u.Scheme = "https" | ||
| u.Host = u.Hostname() | ||
| default: | ||
| return rawURL | ||
| } | ||
| return u.String() | ||
| } | ||
|
|
||
| func (v Validator) Validate(ctx context.Context, rawURL string) error { | ||
| rawURL = strings.TrimSpace(rawURL) | ||
| if rawURL == "" { | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TestInspectServerWithReadmenow injects a fakefetchReadmethat only asserts URL equality, so it no longer exercises the realfetch.Untrustedpath (and therefore the new upgrade + the https/SSRF guard) on the inspect flow this PR fixes. AndinspectServerfetches the persistedReadmeURLas-is (server.go:62-65) —normalizeCatalogServerURLsonly runs at create time — so for any catalog persisted before this PR,fetch.Untrusted's internal upgrade is the only thing rescuing anhttp://desktop.docker.comreadme at inspect time.The upgrade itself is well covered at the unit seam (
remoteurl_test.go,fetch_test.go::TestUntrustedRejectsUnknownHTTPURL,create_test.go), so this is minor — but one end-to-end assertion through the exportedInspectServer(orfetch.Untrusteddirectly) with anhttp://desktop.docker.comreadme would restore a regression tripwire for the exact inspect scenario the PR is fixing.