From 897d4afa60eeca59a3cee8c6977f0e2864dccaf6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 18 Apr 2024 19:10:39 +0200 Subject: [PATCH] Validate the tags returned by a registry MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Miloslav Trmač --- docker/docker_image.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docker/docker_image.go b/docker/docker_image.go index 6a4331e335..007b5f2a42 100644 --- a/docker/docker_image.go +++ b/docker/docker_image.go @@ -87,7 +87,12 @@ func GetRepositoryTags(ctx context.Context, sys *types.SystemContext, ref types. if err = json.NewDecoder(res.Body).Decode(&tagsHolder); err != nil { return nil, err } - tags = append(tags, tagsHolder.Tags...) + for _, tag := range tagsHolder.Tags { + if _, err := reference.WithTag(dr.ref, tag); err != nil { // Ensure the tag does not contain unexpected values + return nil, fmt.Errorf("registry returned invalid tag %q: %w", tag, err) + } + tags = append(tags, tag) + } link := res.Header.Get("Link") if link == "" {