mirrors/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-04-26 13:34:45 +00:00
Code Issues Projects Releases Wiki Activity

Fix secret image filter regex (#2674)

Browse source
This commit is contained in:
Jannik Heuer 2023-10-31 13:15:13 +01:00 committed by GitHub
parent 2f0bb7153e
commit 0fbf8cfc85
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
server/model/secret.go
View file

@ -112,10 +112,14 @@ func (s *Secret) Match(event WebhookEvent) bool {
} }
var validDockerImageString = regexp.MustCompile( var validDockerImageString = regexp.MustCompile(
`^([\w\d\-_\.\/]*` + // optional url prefix `^(` +
`[\w\d\-_]+` + // image name `[\w\d\-_\.]+` + // hostname
`)+` + `(:\d+)?` + // optional port
`(:[\w\d\-_]+)?$`, // optional image tag `/)?` + // optional hostname + port
`([\w\d\-_\.][\w\d\-_\.\/]*/)?` + // optional url prefix
`([\w\d\-_]+)` + // image name
`(:[\w\d\-_]+)?` + // optional image tag
`$`,
) )
// Validate validates the required fields and formats. // Validate validates the required fields and formats.

40
server/model/secret_test.go
View file

@ -40,7 +40,7 @@ func TestSecret(t *testing.T) {
Name: "secretname", Name: "secretname",
Value: "secretvalue", Value: "secretvalue",
Events: []WebhookEvent{EventPush}, Events: []WebhookEvent{EventPush},
Images: []string{"docker.io/library/mysql:latest", "alpine"}, Images: []string{"docker.io/library/mysql:latest", "alpine:latest", "localregistry.test:8443/mysql:latest", "localregistry.test:8443/library/mysql:latest", "docker.io/library/mysql", "alpine", "localregistry.test:8443/mysql", "localregistry.test:8443/library/mysql"},
} }
err := secret.Validate() err := secret.Validate()
g.Assert(err).IsNil() g.Assert(err).IsNil()
@ -50,7 +50,7 @@ func TestSecret(t *testing.T) {
secret := Secret{ secret := Secret{
Value: "secretvalue", Value: "secretvalue",
Events: []WebhookEvent{EventPush}, Events: []WebhookEvent{EventPush},
Images: []string{"docker.io/library/mysql:latest", "alpine"}, Images: []string{"docker.io/library/mysql:latest", "alpine:latest", "localregistry.test:8443/mysql:latest", "localregistry.test:8443/library/mysql:latest", "docker.io/library/mysql", "alpine", "localregistry.test:8443/mysql", "localregistry.test:8443/library/mysql"},
} }
err := secret.Validate() err := secret.Validate()
g.Assert(err).IsNotNil() g.Assert(err).IsNotNil()
@ -59,7 +59,7 @@ func TestSecret(t *testing.T) {
secret := Secret{ secret := Secret{
Name: "secretname", Name: "secretname",
Events: []WebhookEvent{EventPush}, Events: []WebhookEvent{EventPush},
Images: []string{"docker.io/library/mysql:latest", "alpine"}, Images: []string{"docker.io/library/mysql:latest", "alpine:latest", "localregistry.test:8443/mysql:latest", "localregistry.test:8443/library/mysql:latest", "docker.io/library/mysql", "alpine", "localregistry.test:8443/mysql", "localregistry.test:8443/library/mysql"},
} }
err := secret.Validate() err := secret.Validate()
g.Assert(err).IsNotNil() g.Assert(err).IsNotNil()
@ -68,12 +68,12 @@ func TestSecret(t *testing.T) {
secret := Secret{ secret := Secret{
Name: "secretname", Name: "secretname",
Value: "secretvalue", Value: "secretvalue",
Images: []string{"docker.io/library/mysql-alpine:latest", "alpine"}, Images: []string{"docker.io/library/mysql:latest", "alpine:latest", "localregistry.test:8443/mysql:latest", "localregistry.test:8443/library/mysql:latest", "docker.io/library/mysql", "alpine", "localregistry.test:8443/mysql", "localregistry.test:8443/library/mysql"},
} }
err := secret.Validate() err := secret.Validate()
g.Assert(err).IsNotNil() g.Assert(err).IsNotNil()
}) })
g.It("wrong image no value", func() { g.It("wrong image: no value", func() {
secret := Secret{ secret := Secret{
Name: "secretname", Name: "secretname",
Value: "secretvalue", Value: "secretvalue",
@ -83,6 +83,36 @@ func TestSecret(t *testing.T) {
err := secret.Validate() err := secret.Validate()
g.Assert(err).IsNotNil() g.Assert(err).IsNotNil()
}) })
g.It("wrong image: no hostname", func() {
secret := Secret{
Name: "secretname",
Value: "secretvalue",
Events: []WebhookEvent{EventPush},
Images: []string{"/library/mysql:latest", ":8443/mysql:latest", ":8443/library/mysql:latest", "/library/mysql", ":8443/mysql", ":8443/library/mysql"},
}
err := secret.Validate()
g.Assert(err).IsNotNil()
})
g.It("wrong image: no port number", func() {
secret := Secret{
Name: "secretname",
Value: "secretvalue",
Events: []WebhookEvent{EventPush},
Images: []string{"localregistry.test:/mysql:latest", "localregistry.test:/mysql"},
}
err := secret.Validate()
g.Assert(err).IsNotNil()
})
g.It("wrong image: no tag name", func() {
secret := Secret{
Name: "secretname",
Value: "secretvalue",
Events: []WebhookEvent{EventPush},
Images: []string{"docker.io/library/mysql:", "alpine:", "localregistry.test:8443/mysql:", "localregistry.test:8443/library/mysql:"},
}
err := secret.Validate()
g.Assert(err).IsNotNil()
})
}) })
}) })
} }