From bce0bca03c8c3ac182b32d284a81ccfa52d8479a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?nils=20ma=CC=8Ase=CC=81n?= Date: Tue, 11 Apr 2023 17:40:02 +0200 Subject: [PATCH 1/2] fix(registry): ignore empty challenge fields --- pkg/registry/auth/auth.go | 7 +++---- pkg/registry/auth/auth_test.go | 11 +++++++++-- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/pkg/registry/auth/auth.go b/pkg/registry/auth/auth.go index 23aef60ef..5056cb3f6 100644 --- a/pkg/registry/auth/auth.go +++ b/pkg/registry/auth/auth.go @@ -123,10 +123,9 @@ func GetAuthURL(challenge string, img string) (*url.URL, error) { for _, pair := range pairs { trimmed := strings.Trim(pair, " ") - kv := strings.Split(trimmed, "=") - key := kv[0] - val := strings.Trim(kv[1], "\"") - values[key] = val + if key, val, ok := strings.Cut(trimmed, "="); ok { + values[key] = strings.Trim(val, `"`) + } } logrus.WithFields(logrus.Fields{ "realm": values["realm"], diff --git a/pkg/registry/auth/auth_test.go b/pkg/registry/auth/auth_test.go index 6ad2307aa..b6559803a 100644 --- a/pkg/registry/auth/auth_test.go +++ b/pkg/registry/auth/auth_test.go @@ -2,13 +2,14 @@ package auth_test import ( "fmt" - "github.com/containrrr/watchtower/internal/actions/mocks" - "github.com/containrrr/watchtower/pkg/registry/auth" "net/url" "os" "testing" "time" + "github.com/containrrr/watchtower/internal/actions/mocks" + "github.com/containrrr/watchtower/pkg/registry/auth" + wtTypes "github.com/containrrr/watchtower/pkg/types" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -79,6 +80,12 @@ var _ = Describe("the auth module", func() { Expect(err).To(HaveOccurred()) Expect(res).To(BeNil()) }) + It("should not crash when an empty field is recieved", func() { + input := `bearer realm="https://ghcr.io/token",service="ghcr.io",scope="repository:user/image:pull",` + res, err := auth.GetAuthURL(input, "containrrr/watchtower") + Expect(err).NotTo(HaveOccurred()) + Expect(res).NotTo(BeNil()) + }) }) When("getting a challenge url", func() { It("should create a valid challenge url object based on the image ref supplied", func() { From d96481d7070850b149c5ab949023a685e6a6e584 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?nils=20ma=CC=8Ase=CC=81n?= Date: Tue, 11 Apr 2023 18:15:39 +0200 Subject: [PATCH 2/2] add additional test for valueless field --- pkg/registry/auth/auth_test.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/registry/auth/auth_test.go b/pkg/registry/auth/auth_test.go index b6559803a..e276ddaf9 100644 --- a/pkg/registry/auth/auth_test.go +++ b/pkg/registry/auth/auth_test.go @@ -86,6 +86,12 @@ var _ = Describe("the auth module", func() { Expect(err).NotTo(HaveOccurred()) Expect(res).NotTo(BeNil()) }) + It("should not crash when a field without a value is recieved", func() { + input := `bearer realm="https://ghcr.io/token",service="ghcr.io",scope="repository:user/image:pull",valuelesskey` + res, err := auth.GetAuthURL(input, "containrrr/watchtower") + Expect(err).NotTo(HaveOccurred()) + Expect(res).NotTo(BeNil()) + }) }) When("getting a challenge url", func() { It("should create a valid challenge url object based on the image ref supplied", func() {