Skip to content

Commit

Permalink
fix: validate tag before build using OCI regex (#3191)
Browse files Browse the repository at this point in the history
Sources:
 * https://github.com/opencontainers/distribution-spec
 * https://docs.docker.com/engine/reference/commandline/tag/

Closes #3153.
---------

Signed-off-by: Daniel Lombardi <lombardi.daniel.o@gmail.com>
  • Loading branch information
LombardiDaniel authored Dec 5, 2023
1 parent cb8f2c6 commit a9b5494
Show file tree
Hide file tree
Showing 4 changed files with 157 additions and 119 deletions.
9 changes: 6 additions & 3 deletions docker/api/build.py
Original file line number Diff line number Diff line change
Expand Up @@ -129,13 +129,16 @@ def build(self, path=None, tag=None, quiet=False, fileobj=None,
raise errors.DockerException(
'Can not use custom encoding if gzip is enabled'
)

if tag is not None:
if not utils.match_tag(tag):
raise errors.DockerException(
f"invalid tag '{tag}': invalid reference format"
)
for key in container_limits.keys():
if key not in constants.CONTAINER_LIMITS_KEYS:
raise errors.DockerException(
f'Invalid container_limits key {key}'
f"invalid tag '{tag}': invalid reference format"
)

if custom_context:
if not fileobj:
raise TypeError("You must specify fileobj with custom_context")
Expand Down
2 changes: 1 addition & 1 deletion docker/utils/__init__.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

from .build import create_archive, exclude_paths, mkbuildcontext, tar
from .build import match_tag, create_archive, exclude_paths, mkbuildcontext, tar
from .decorators import check_resource, minimum_version, update_headers
from .utils import (
compare_version, convert_port_bindings, convert_volume_binds,
Expand Down
8 changes: 8 additions & 0 deletions docker/utils/build.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,14 @@


_SEP = re.compile('/|\\\\') if IS_WINDOWS_PLATFORM else re.compile('/')
_TAG = re.compile(
r"^[a-z0-9]+((\.|_|__|-+)[a-z0-9]+)*(\/[a-z0-9]+((\.|_|__|-+)[a-z0-9]+)*)*" \
+ "(:[a-zA-Z0-9_][a-zA-Z0-9._-]{0,127})?$"
)


def match_tag(tag: str) -> bool:
return bool(_TAG.match(tag))


def tar(path, exclude=None, dockerfile=None, fileobj=None, gzip=False):
Expand Down
Loading

0 comments on commit a9b5494

Please sign in to comment.