From aacc672b9832c33f120aaf5c0ee833aac5b16028 Mon Sep 17 00:00:00 2001 From: jay-dee7 Date: Sat, 31 Aug 2024 16:02:57 +0530 Subject: [PATCH 1/2] fix: Perform validations on file path operations Signed-off-by: jay-dee7 --- dfs/mock/memMappedSystem.go | 33 +++++++++++++++++++++++++++++++++ dfs/mock/mock.go | 8 +++++--- dfs/mock/mockFileSystem.go | 25 ++++++++++++++++++++++++- main.go | 3 ++- registry/v2/registry.go | 4 ++-- telemetry/log.go | 8 ++++++-- 6 files changed, 72 insertions(+), 9 deletions(-) diff --git a/dfs/mock/memMappedSystem.go b/dfs/mock/memMappedSystem.go index 0a36099a..9cf93982 100644 --- a/dfs/mock/memMappedSystem.go +++ b/dfs/mock/memMappedSystem.go @@ -75,6 +75,10 @@ func (ms *memMappedMockStorage) UploadPart( content io.ReadSeeker, contentLength int64, ) (s3types.CompletedPart, error) { + if err := ms.validateLayerKey(layerKey); err != nil { + return s3types.CompletedPart{}, err + } + fd, err := ms.memFs.OpenFile(layerKey, os.O_RDWR|os.O_CREATE, os.ModePerm) if err != nil { return s3types.CompletedPart{}, err @@ -108,6 +112,10 @@ func (ms *memMappedMockStorage) CompleteMultipartUpload( } func (ms *memMappedMockStorage) Upload(ctx context.Context, identifier, digest string, content []byte) (string, error) { + if err := ms.validateLayerKey(identifier); err != nil { + return "", err + } + fd, err := ms.memFs.Create(identifier) if err != nil { return "", err @@ -178,7 +186,23 @@ func (ms *memMappedMockStorage) Metadata(layer *types.ContainerImageLayer) (*typ }, nil } +func (ms *memMappedMockStorage) validateLayerKey(identifier string) error { + if len(identifier) <= LayerKeyPrefixLen || identifier[0:LayerKeyPrefixLen] != LayerKeyPrefix { + return fmt.Errorf( + "invalid layer prefix. Found: %s, expected: %s", + identifier[0:LayerKeyPrefixLen], + LayerKeyPrefix, + ) + } + + return nil +} + func (ms *memMappedMockStorage) GetUploadProgress(identifier, uploadID string) (*types.ObjectMetadata, error) { + if err := ms.validateLayerKey(identifier); err != nil { + return nil, err + } + fd, err := ms.memFs.Open(identifier) if err != nil { return nil, err @@ -209,6 +233,10 @@ func (ms *memMappedMockStorage) GeneratePresignedURL(ctx context.Context, key st } func (ms *memMappedMockStorage) AbortMultipartUpload(ctx context.Context, layerKey string, uploadId string) error { + if err := ms.validateLayerKey(layerKey); err != nil { + return err + } + if err := ms.memFs.Remove(layerKey); err != nil { return err } @@ -228,6 +256,11 @@ func (ms *memMappedMockStorage) FileServer() { e.Add(http.MethodGet, "/:uuid", func(ctx echo.Context) error { fileID := ctx.Param("uuid") + if err := ms.validateLayerKey(fileID); err != nil { + return ctx.JSON(http.StatusBadRequest, echo.Map{ + "error": err.Error(), + }) + } fd, err := ms.memFs.Open(fileID) if err != nil { return ctx.JSON(http.StatusBadRequest, echo.Map{ diff --git a/dfs/mock/mock.go b/dfs/mock/mock.go index b415b1f1..c0d2eea1 100644 --- a/dfs/mock/mock.go +++ b/dfs/mock/mock.go @@ -1,10 +1,11 @@ package mock import ( + "github.com/fatih/color" + "github.com/containerish/OpenRegistry/config" "github.com/containerish/OpenRegistry/dfs" "github.com/containerish/OpenRegistry/telemetry" - "github.com/fatih/color" ) func NewMockStorage( @@ -27,6 +28,7 @@ func NewMockStorage( } const ( - MockFSPath = ".mock-fs" - LayerKeyPrefix = "layers" + MockFSPath = ".mock-fs" + LayerKeyPrefix = "layers" + LayerKeyPrefixLen = len(LayerKeyPrefix) // to account for trailing slash ) diff --git a/dfs/mock/mockFileSystem.go b/dfs/mock/mockFileSystem.go index d5ae611a..18c04d86 100644 --- a/dfs/mock/mockFileSystem.go +++ b/dfs/mock/mockFileSystem.go @@ -52,7 +52,7 @@ func newFileBasedMockStorage( _ = os.MkdirAll(MockFSPath, os.ModePerm) _ = os.MkdirAll(fmt.Sprintf("%s/%s", MockFSPath, LayerKeyPrefix), os.ModePerm) mocker := &fileBasedMockStorage{ - fs: afero.NewBasePathFs(afero.NewOsFs(), ".mock-fs"), + fs: afero.NewBasePathFs(afero.NewOsFs(), MockFSPath), uploadSession: make(map[string]string), config: cfg, serviceEndpoint: net.JoinHostPort(parsedHost.Hostname(), "5002"), @@ -87,6 +87,10 @@ func (ms *fileBasedMockStorage) UploadPart( content io.ReadSeeker, contentLength int64, ) (s3types.CompletedPart, error) { + if err := ms.validateLayerKey(layerKey); err != nil { + return s3types.CompletedPart{}, err + } + fd, err := ms.fs.OpenFile(layerKey, os.O_RDWR|os.O_CREATE, os.ModePerm) if err != nil { return s3types.CompletedPart{}, err @@ -120,7 +124,22 @@ func (ms *fileBasedMockStorage) CompleteMultipartUpload( return layerKey, nil } +func (ms *fileBasedMockStorage) validateLayerKey(identifier string) error { + if len(identifier) <= LayerKeyPrefixLen || identifier[0:LayerKeyPrefixLen] != LayerKeyPrefix { + return fmt.Errorf( + "invalid layer prefix. Found: %s, expected: %s", + identifier[0:LayerKeyPrefixLen], + LayerKeyPrefix, + ) + } + + return nil +} + func (ms *fileBasedMockStorage) Upload(ctx context.Context, identifier, digest string, content []byte) (string, error) { + if err := ms.validateLayerKey(identifier); err != nil { + return "", err + } if err := ms.validateLayerPath(identifier); err != nil { return "", err } @@ -195,6 +214,10 @@ func (ms *fileBasedMockStorage) Metadata(layer *types.ContainerImageLayer) (*typ } func (ms *fileBasedMockStorage) GetUploadProgress(identifier, uploadID string) (*types.ObjectMetadata, error) { + if err := ms.validateLayerKey(identifier); err != nil { + return nil, err + } + fd, err := ms.fs.Open(identifier) if err != nil { return nil, err diff --git a/main.go b/main.go index 0cc6dbb3..d32cf9b7 100644 --- a/main.go +++ b/main.go @@ -7,10 +7,11 @@ import ( "os" "strings" + "github.com/urfave/cli/v2" + "github.com/containerish/OpenRegistry/cmd/extras" "github.com/containerish/OpenRegistry/cmd/migrations" "github.com/containerish/OpenRegistry/cmd/registry" - "github.com/urfave/cli/v2" ) var ( diff --git a/registry/v2/registry.go b/registry/v2/registry.go index da30d3fe..4f19d5d5 100644 --- a/registry/v2/registry.go +++ b/registry/v2/registry.go @@ -112,7 +112,7 @@ func (r *registry) Catalog(ctx echo.Context) error { var pageSize int var offset int if queryParamPageSize != "" { - ps, err := strconv.ParseInt(ctx.QueryParam("n"), 10, 64) + ps, err := strconv.Atoi(ctx.QueryParam("n")) if err != nil { echoErr := ctx.JSON(http.StatusBadRequest, echo.Map{ "error": err.Error(), @@ -120,7 +120,7 @@ func (r *registry) Catalog(ctx echo.Context) error { r.logger.Log(ctx, err).Send() return echoErr } - pageSize = int(ps) + pageSize = ps } if queryParamOffset != "" { diff --git a/telemetry/log.go b/telemetry/log.go index 51cdfbb4..5932436b 100644 --- a/telemetry/log.go +++ b/telemetry/log.go @@ -7,11 +7,12 @@ import ( "time" "github.com/axiomhq/axiom-go/axiom" - "github.com/containerish/OpenRegistry/config" - "github.com/containerish/OpenRegistry/types" "github.com/fatih/color" "github.com/labstack/echo/v4" "github.com/rs/zerolog" + + "github.com/containerish/OpenRegistry/config" + "github.com/containerish/OpenRegistry/types" ) type Logger interface { @@ -55,6 +56,9 @@ func setupLogger(config config.Logging) zerolog.Logger { TimeFormat: time.RFC3339, } + if !config.Enabled { + return zerolog.Nop() + } l = l.Output(consoleWriter) if config.RemoteForwarding { From 0b55dbd580b24469f72b21234b03d6ff672b48fa Mon Sep 17 00:00:00 2001 From: jay-dee7 Date: Sat, 31 Aug 2024 16:08:00 +0530 Subject: [PATCH 2/2] chore: Bump Bun ORM dependencies to `v1.2.3` Signed-off-by: jay-dee7 --- dfs/mock/memMappedSystem.go | 12 ++++++------ dfs/mock/mockFileSystem.go | 20 ++++---------------- go.mod | 14 +++++++------- go.sum | 28 ++++++++++++++-------------- telemetry/log.go | 3 --- 5 files changed, 31 insertions(+), 46 deletions(-) diff --git a/dfs/mock/memMappedSystem.go b/dfs/mock/memMappedSystem.go index 9cf93982..13c7c050 100644 --- a/dfs/mock/memMappedSystem.go +++ b/dfs/mock/memMappedSystem.go @@ -75,7 +75,7 @@ func (ms *memMappedMockStorage) UploadPart( content io.ReadSeeker, contentLength int64, ) (s3types.CompletedPart, error) { - if err := ms.validateLayerKey(layerKey); err != nil { + if err := ms.validateLayerPrefix(layerKey); err != nil { return s3types.CompletedPart{}, err } @@ -112,7 +112,7 @@ func (ms *memMappedMockStorage) CompleteMultipartUpload( } func (ms *memMappedMockStorage) Upload(ctx context.Context, identifier, digest string, content []byte) (string, error) { - if err := ms.validateLayerKey(identifier); err != nil { + if err := ms.validateLayerPrefix(identifier); err != nil { return "", err } @@ -186,7 +186,7 @@ func (ms *memMappedMockStorage) Metadata(layer *types.ContainerImageLayer) (*typ }, nil } -func (ms *memMappedMockStorage) validateLayerKey(identifier string) error { +func (ms *memMappedMockStorage) validateLayerPrefix(identifier string) error { if len(identifier) <= LayerKeyPrefixLen || identifier[0:LayerKeyPrefixLen] != LayerKeyPrefix { return fmt.Errorf( "invalid layer prefix. Found: %s, expected: %s", @@ -199,7 +199,7 @@ func (ms *memMappedMockStorage) validateLayerKey(identifier string) error { } func (ms *memMappedMockStorage) GetUploadProgress(identifier, uploadID string) (*types.ObjectMetadata, error) { - if err := ms.validateLayerKey(identifier); err != nil { + if err := ms.validateLayerPrefix(identifier); err != nil { return nil, err } @@ -233,7 +233,7 @@ func (ms *memMappedMockStorage) GeneratePresignedURL(ctx context.Context, key st } func (ms *memMappedMockStorage) AbortMultipartUpload(ctx context.Context, layerKey string, uploadId string) error { - if err := ms.validateLayerKey(layerKey); err != nil { + if err := ms.validateLayerPrefix(layerKey); err != nil { return err } @@ -256,7 +256,7 @@ func (ms *memMappedMockStorage) FileServer() { e.Add(http.MethodGet, "/:uuid", func(ctx echo.Context) error { fileID := ctx.Param("uuid") - if err := ms.validateLayerKey(fileID); err != nil { + if err := ms.validateLayerPrefix(fileID); err != nil { return ctx.JSON(http.StatusBadRequest, echo.Map{ "error": err.Error(), }) diff --git a/dfs/mock/mockFileSystem.go b/dfs/mock/mockFileSystem.go index 18c04d86..4f98c5af 100644 --- a/dfs/mock/mockFileSystem.go +++ b/dfs/mock/mockFileSystem.go @@ -69,15 +69,6 @@ func (ms *fileBasedMockStorage) CreateMultipartUpload(layerKey string) (string, return sessionId, nil } -func (ms *fileBasedMockStorage) validateLayerPath(layerKey string) error { - layerKeyParts := strings.Split(layerKey, "/") - if len(layerKeyParts) != 2 || layerKeyParts[0] != LayerKeyPrefix { - return fmt.Errorf("invalid layer key format") - } - - return nil -} - func (ms *fileBasedMockStorage) UploadPart( ctx context.Context, uploadId string, @@ -87,7 +78,7 @@ func (ms *fileBasedMockStorage) UploadPart( content io.ReadSeeker, contentLength int64, ) (s3types.CompletedPart, error) { - if err := ms.validateLayerKey(layerKey); err != nil { + if err := ms.validateLayerPrefix(layerKey); err != nil { return s3types.CompletedPart{}, err } @@ -124,7 +115,7 @@ func (ms *fileBasedMockStorage) CompleteMultipartUpload( return layerKey, nil } -func (ms *fileBasedMockStorage) validateLayerKey(identifier string) error { +func (ms *fileBasedMockStorage) validateLayerPrefix(identifier string) error { if len(identifier) <= LayerKeyPrefixLen || identifier[0:LayerKeyPrefixLen] != LayerKeyPrefix { return fmt.Errorf( "invalid layer prefix. Found: %s, expected: %s", @@ -137,10 +128,7 @@ func (ms *fileBasedMockStorage) validateLayerKey(identifier string) error { } func (ms *fileBasedMockStorage) Upload(ctx context.Context, identifier, digest string, content []byte) (string, error) { - if err := ms.validateLayerKey(identifier); err != nil { - return "", err - } - if err := ms.validateLayerPath(identifier); err != nil { + if err := ms.validateLayerPrefix(identifier); err != nil { return "", err } @@ -214,7 +202,7 @@ func (ms *fileBasedMockStorage) Metadata(layer *types.ContainerImageLayer) (*typ } func (ms *fileBasedMockStorage) GetUploadProgress(identifier, uploadID string) (*types.ObjectMetadata, error) { - if err := ms.validateLayerKey(identifier); err != nil { + if err := ms.validateLayerPrefix(identifier); err != nil { return nil, err } diff --git a/go.mod b/go.mod index dbfff872..b72aa030 100644 --- a/go.mod +++ b/go.mod @@ -38,12 +38,12 @@ require ( github.com/sendgrid/sendgrid-go v3.16.0+incompatible github.com/spf13/afero v1.11.0 github.com/spf13/viper v1.19.0 - github.com/uptrace/bun v1.2.2 - github.com/uptrace/bun/dialect/pgdialect v1.2.2 - github.com/uptrace/bun/dialect/sqlitedialect v1.2.2 - github.com/uptrace/bun/driver/pgdriver v1.2.2 - github.com/uptrace/bun/driver/sqliteshim v1.2.2 - github.com/uptrace/bun/extra/bundebug v1.2.2 + github.com/uptrace/bun v1.2.3 + github.com/uptrace/bun/dialect/pgdialect v1.2.3 + github.com/uptrace/bun/dialect/sqlitedialect v1.2.3 + github.com/uptrace/bun/driver/pgdriver v1.2.3 + github.com/uptrace/bun/driver/sqliteshim v1.2.3 + github.com/uptrace/bun/extra/bundebug v1.2.3 github.com/urfave/cli/v2 v2.27.4 go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0.54.0 go.opentelemetry.io/contrib/processors/baggagecopy v0.1.0 @@ -245,7 +245,7 @@ require ( lukechampine.com/blake3 v1.3.0 // indirect mellium.im/sasl v0.3.1 // indirect modernc.org/gc/v3 v3.0.0-20240801135723-a856999a2e4a // indirect - modernc.org/libc v1.60.0 // indirect + modernc.org/libc v1.60.1 // indirect modernc.org/mathutil v1.6.0 // indirect modernc.org/memory v1.8.0 // indirect modernc.org/sqlite v1.32.0 // indirect diff --git a/go.sum b/go.sum index 06975dda..4f5d869e 100644 --- a/go.sum +++ b/go.sum @@ -766,18 +766,18 @@ github.com/tmthrgd/go-hex v0.0.0-20190904060850-447a3041c3bc h1:9lRDQMhESg+zvGYm github.com/tmthrgd/go-hex v0.0.0-20190904060850-447a3041c3bc/go.mod h1:bciPuU6GHm1iF1pBvUfxfsH0Wmnc2VbpgvbI9ZWuIRs= github.com/ucarion/urlpath v0.0.0-20200424170820-7ccc79b76bbb h1:Ywfo8sUltxogBpFuMOFRrrSifO788kAFxmvVw31PtQQ= github.com/ucarion/urlpath v0.0.0-20200424170820-7ccc79b76bbb/go.mod h1:ikPs9bRWicNw3S7XpJ8sK/smGwU9WcSVU3dy9qahYBM= -github.com/uptrace/bun v1.2.2 h1:+PxDjUQotbncTDJ66ieIvoJ0ax/uzDeQrz+HQUVYzfo= -github.com/uptrace/bun v1.2.2/go.mod h1:8frYFHrO/Zol3I4FEjoXam0HoNk+t5k7aJRl3FXp0mk= -github.com/uptrace/bun/dialect/pgdialect v1.2.2 h1:+wjHevzczr2rUPFkMataSrfms5389QWKtjs0+DPrixs= -github.com/uptrace/bun/dialect/pgdialect v1.2.2/go.mod h1:yAXC0eUVm6o81QiZcBjXxNdSqgUX1sCmwTU4GEBb48E= -github.com/uptrace/bun/dialect/sqlitedialect v1.2.2 h1:LECPgenuszEgytndZ7Se7si1ROrj2hBYFl7VkkEUsDI= -github.com/uptrace/bun/dialect/sqlitedialect v1.2.2/go.mod h1:zC1dqXkcU5agts1rmmI32VYdlZbKVAaRgKCrLC1DzY0= -github.com/uptrace/bun/driver/pgdriver v1.2.2 h1:AwOhgNu6ctu3b3U5jnk1S2EcEfM5jNzswiRXsUtQnfQ= -github.com/uptrace/bun/driver/pgdriver v1.2.2/go.mod h1:iq3/e8GQDzPqWh26OAAOgLW3Zm51RpxHY8uKlb84648= -github.com/uptrace/bun/driver/sqliteshim v1.2.2 h1:G8y5eWx9X6wKi6mYmO0XO1IWo+Itrwztv0GD06G5vBY= -github.com/uptrace/bun/driver/sqliteshim v1.2.2/go.mod h1:YKWhRh5GFRoCb8ahq8wRMWnXWNheVz+6d4XX4JiAc7E= -github.com/uptrace/bun/extra/bundebug v1.2.2 h1:9MoNv6XVDpeRpbpjhJiDw2TqBCHTwptR7NXAx/itxCw= -github.com/uptrace/bun/extra/bundebug v1.2.2/go.mod h1:TGpIztKGSPeEGYd8k4Q0UOIj41GBzqJnGS5g9IWVn4w= +github.com/uptrace/bun v1.2.3 h1:6KDc6YiNlXde38j9ATKufb8o7MS8zllhAOeIyELKrk0= +github.com/uptrace/bun v1.2.3/go.mod h1:8frYFHrO/Zol3I4FEjoXam0HoNk+t5k7aJRl3FXp0mk= +github.com/uptrace/bun/dialect/pgdialect v1.2.3 h1:YyCxxqeL0lgFWRZzKCOt6mnxUsjqITcxSo0mLqgwMUA= +github.com/uptrace/bun/dialect/pgdialect v1.2.3/go.mod h1:Vx9TscyEq1iN4tnirn6yYGwEflz0KG3rBZTBCLpKAjc= +github.com/uptrace/bun/dialect/sqlitedialect v1.2.3 h1:gCxqT9pFpZxc6iRokdS6QrPF894ycBLxnh/3m7qQeQ0= +github.com/uptrace/bun/dialect/sqlitedialect v1.2.3/go.mod h1:eNiDNdfChKUpPZUTDivb/YvWGvHVsVhCBwDCQ0PvtR8= +github.com/uptrace/bun/driver/pgdriver v1.2.3 h1:VA5TKB0XW7EtreQq2R8Qu/vCAUX2ECaprxGKI9iDuDE= +github.com/uptrace/bun/driver/pgdriver v1.2.3/go.mod h1:yDiYTZYd4FfXFtV01m4I/RkI33IGj9N254jLStaeJLs= +github.com/uptrace/bun/driver/sqliteshim v1.2.3 h1:9xGBRmoUJYOUFfnylapoU2oGr3S7+KTGOgEPqQ/X5Lo= +github.com/uptrace/bun/driver/sqliteshim v1.2.3/go.mod h1:hoS3aDbLz87d8Tq4FEGEjL7sWAPa5YZeTz/VL4nuWKs= +github.com/uptrace/bun/extra/bundebug v1.2.3 h1:2QBykz9/u4SkN9dnraImDcbrMk2fUhuq2gL6hkh9qSc= +github.com/uptrace/bun/extra/bundebug v1.2.3/go.mod h1:bihsYJxXxWZXwc1R3qALTHvp+npE0ElgaCvcjzyPPdw= github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli/v2 v2.27.4 h1:o1owoI+02Eb+K107p27wEX9Bb8eqIoZCfLXloLUSWJ8= github.com/urfave/cli/v2 v2.27.4/go.mod h1:m4QzxcD2qpra4z7WhzEGn74WZLViBnMpb1ToCAKdGRQ= @@ -1193,8 +1193,8 @@ modernc.org/gc/v2 v2.5.0 h1:bJ9ChznK1L1mUtAQtxi0wi5AtAs5jQuw4PrPHO5pb6M= modernc.org/gc/v2 v2.5.0/go.mod h1:wzN5dK1AzVGoH6XOzc3YZ+ey/jPgYHLuVckd62P0GYU= modernc.org/gc/v3 v3.0.0-20240801135723-a856999a2e4a h1:CfbpOLEo2IwNzJdMvE8aiRbPMxoTpgAJeyePh0SmO8M= modernc.org/gc/v3 v3.0.0-20240801135723-a856999a2e4a/go.mod h1:Qz0X07sNOR1jWYCrJMEnbW/X55x206Q7Vt4mz6/wHp4= -modernc.org/libc v1.60.0 h1:XeRF1gXky7JE5E8IErtYAdKj+ykZPdYUsgJNQ8RFWIA= -modernc.org/libc v1.60.0/go.mod h1:xJuobKuNxKH3RUatS7GjR+suWj+5c2K7bi4m/S5arOY= +modernc.org/libc v1.60.1 h1:at373l8IFRTkJIkAU85BIuUoBM4T1b51ds0E1ovPG2s= +modernc.org/libc v1.60.1/go.mod h1:xJuobKuNxKH3RUatS7GjR+suWj+5c2K7bi4m/S5arOY= modernc.org/mathutil v1.6.0 h1:fRe9+AmYlaej+64JsEEhoWuAYBkOtQiMEU7n/XgfYi4= modernc.org/mathutil v1.6.0/go.mod h1:Ui5Q9q1TR2gFm0AQRqQUaBWFLAhQpCwNcuhBOSedWPo= modernc.org/memory v1.8.0 h1:IqGTL6eFMaDZZhEWwcREgeMXYwmW83LYW8cROZYkg+E= diff --git a/telemetry/log.go b/telemetry/log.go index 5932436b..e3b9e2f9 100644 --- a/telemetry/log.go +++ b/telemetry/log.go @@ -56,9 +56,6 @@ func setupLogger(config config.Logging) zerolog.Logger { TimeFormat: time.RFC3339, } - if !config.Enabled { - return zerolog.Nop() - } l = l.Output(consoleWriter) if config.RemoteForwarding {