imagetools: reject manifest JSON passed as descriptor source#3755
Draft
thompson-shaun wants to merge 1 commit intodocker:masterfrom
Draft
imagetools: reject manifest JSON passed as descriptor source#3755thompson-shaun wants to merge 1 commit intodocker:masterfrom
thompson-shaun wants to merge 1 commit intodocker:masterfrom
Conversation
When a user pipes `imagetools inspect --raw` output into
`imagetools create -f`, the manifest/manifest-list JSON was silently
accepted as a descriptor (it starts with '{') but has no 'digest' or
'size' fields. This produced a zero-value descriptor that drove the
push to write 0 bytes and then call Commit() on an un-initialised
containerd pipe writer, causing a nil-pointer panic.
Validate that any JSON-encoded source has a non-empty 'digest' field
and return a clear error otherwise.
Add a table-driven unit test covering valid inputs and both Docker
manifest-list / OCI image-index rejection cases.
Fixes docker#2091
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Signed-off-by: Shaun Thompson <30006198+thompson-shaun@users.noreply.github.com>
Collaborator
|
I'm not sure this is the correct solution to this problem. I think the main issue is that this doesn't work with images that reference a media type of |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When a user pipes
imagetools inspect --rawoutput intoimagetools create -f, the manifest/manifest-list JSON was silentlyaccepted as a descriptor (it starts with '{') but has no 'digest' or
'size' fields. This produced a zero-value descriptor that drove the
push to write 0 bytes and then call Commit() on an un-initialised
containerd pipe writer, causing a nil-pointer panic.
Validate that any JSON-encoded source has a non-empty 'digest' field
and return a clear error otherwise.
Add a table-driven unit test covering valid inputs and both Docker
manifest-list / OCI image-index rejection cases.
Fixes #2091
Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com
Signed-off-by: Shaun Thompson 30006198+thompson-shaun@users.noreply.github.com