| package main |
| |
| import ( |
| "archive/tar" |
| "bytes" |
| "net/http" |
| "strings" |
| |
| "github.com/go-check/check" |
| ) |
| |
| func (s *DockerSuite) TestBuildApiDockerfilePath(c *check.C) { |
| // Test to make sure we stop people from trying to leave the |
| // build context when specifying the path to the dockerfile |
| buffer := new(bytes.Buffer) |
| tw := tar.NewWriter(buffer) |
| defer tw.Close() |
| |
| dockerfile := []byte("FROM busybox") |
| if err := tw.WriteHeader(&tar.Header{ |
| Name: "Dockerfile", |
| Size: int64(len(dockerfile)), |
| }); err != nil { |
| c.Fatalf("failed to write tar file header: %v", err) |
| } |
| if _, err := tw.Write(dockerfile); err != nil { |
| c.Fatalf("failed to write tar file content: %v", err) |
| } |
| if err := tw.Close(); err != nil { |
| c.Fatalf("failed to close tar archive: %v", err) |
| } |
| |
| res, body, err := sockRequestRaw("POST", "/build?dockerfile=../Dockerfile", buffer, "application/x-tar") |
| c.Assert(err, check.IsNil) |
| c.Assert(res.StatusCode, check.Equals, http.StatusInternalServerError) |
| |
| out, err := readBody(body) |
| if err != nil { |
| c.Fatal(err) |
| } |
| |
| if !strings.Contains(string(out), "Forbidden path outside the build context") { |
| c.Fatalf("Didn't complain about leaving build context: %s", out) |
| } |
| } |
| |
| func (s *DockerSuite) TestBuildApiDockerFileRemote(c *check.C) { |
| testRequires(c, NotUserNamespace) |
| testRequires(c, DaemonIsLinux) |
| server, err := fakeStorage(map[string]string{ |
| "testD": `FROM busybox |
| COPY * /tmp/ |
| RUN find / -name ba* |
| RUN find /tmp/`, |
| }) |
| if err != nil { |
| c.Fatal(err) |
| } |
| defer server.Close() |
| |
| res, body, err := sockRequestRaw("POST", "/build?dockerfile=baz&remote="+server.URL()+"/testD", nil, "application/json") |
| c.Assert(err, check.IsNil) |
| c.Assert(res.StatusCode, check.Equals, http.StatusOK) |
| |
| buf, err := readBody(body) |
| if err != nil { |
| c.Fatal(err) |
| } |
| |
| // Make sure Dockerfile exists. |
| // Make sure 'baz' doesn't exist ANYWHERE despite being mentioned in the URL |
| out := string(buf) |
| if !strings.Contains(out, "/tmp/Dockerfile") || |
| strings.Contains(out, "baz") { |
| c.Fatalf("Incorrect output: %s", out) |
| } |
| } |
| |
| func (s *DockerSuite) TestBuildApiRemoteTarballContext(c *check.C) { |
| testRequires(c, DaemonIsLinux) |
| buffer := new(bytes.Buffer) |
| tw := tar.NewWriter(buffer) |
| defer tw.Close() |
| |
| dockerfile := []byte("FROM busybox") |
| if err := tw.WriteHeader(&tar.Header{ |
| Name: "Dockerfile", |
| Size: int64(len(dockerfile)), |
| }); err != nil { |
| c.Fatalf("failed to write tar file header: %v", err) |
| } |
| if _, err := tw.Write(dockerfile); err != nil { |
| c.Fatalf("failed to write tar file content: %v", err) |
| } |
| if err := tw.Close(); err != nil { |
| c.Fatalf("failed to close tar archive: %v", err) |
| } |
| |
| server, err := fakeBinaryStorage(map[string]*bytes.Buffer{ |
| "testT.tar": buffer, |
| }) |
| c.Assert(err, check.IsNil) |
| |
| defer server.Close() |
| |
| res, b, err := sockRequestRaw("POST", "/build?remote="+server.URL()+"/testT.tar", nil, "application/tar") |
| c.Assert(err, check.IsNil) |
| c.Assert(res.StatusCode, check.Equals, http.StatusOK) |
| b.Close() |
| } |
| |
| func (s *DockerSuite) TestBuildApiRemoteTarballContextWithCustomDockerfile(c *check.C) { |
| testRequires(c, DaemonIsLinux) |
| buffer := new(bytes.Buffer) |
| tw := tar.NewWriter(buffer) |
| defer tw.Close() |
| |
| dockerfile := []byte(`FROM busybox |
| RUN echo 'wrong'`) |
| if err := tw.WriteHeader(&tar.Header{ |
| Name: "Dockerfile", |
| Size: int64(len(dockerfile)), |
| }); err != nil { |
| c.Fatalf("failed to write tar file header: %v", err) |
| } |
| if _, err := tw.Write(dockerfile); err != nil { |
| c.Fatalf("failed to write tar file content: %v", err) |
| } |
| |
| custom := []byte(`FROM busybox |
| RUN echo 'right' |
| `) |
| if err := tw.WriteHeader(&tar.Header{ |
| Name: "custom", |
| Size: int64(len(custom)), |
| }); err != nil { |
| c.Fatalf("failed to write tar file header: %v", err) |
| } |
| if _, err := tw.Write(custom); err != nil { |
| c.Fatalf("failed to write tar file content: %v", err) |
| } |
| |
| if err := tw.Close(); err != nil { |
| c.Fatalf("failed to close tar archive: %v", err) |
| } |
| |
| server, err := fakeBinaryStorage(map[string]*bytes.Buffer{ |
| "testT.tar": buffer, |
| }) |
| c.Assert(err, check.IsNil) |
| |
| defer server.Close() |
| url := "/build?dockerfile=custom&remote=" + server.URL() + "/testT.tar" |
| res, body, err := sockRequestRaw("POST", url, nil, "application/tar") |
| c.Assert(err, check.IsNil) |
| c.Assert(res.StatusCode, check.Equals, http.StatusOK) |
| |
| defer body.Close() |
| content, err := readBody(body) |
| c.Assert(err, check.IsNil) |
| |
| if strings.Contains(string(content), "wrong") { |
| c.Fatalf("Build used the wrong dockerfile.") |
| } |
| } |
| |
| func (s *DockerSuite) TestBuildApiLowerDockerfile(c *check.C) { |
| testRequires(c, DaemonIsLinux) |
| git, err := newFakeGit("repo", map[string]string{ |
| "dockerfile": `FROM busybox |
| RUN echo from dockerfile`, |
| }, false) |
| if err != nil { |
| c.Fatal(err) |
| } |
| defer git.Close() |
| |
| res, body, err := sockRequestRaw("POST", "/build?remote="+git.RepoURL, nil, "application/json") |
| c.Assert(err, check.IsNil) |
| c.Assert(res.StatusCode, check.Equals, http.StatusOK) |
| |
| buf, err := readBody(body) |
| if err != nil { |
| c.Fatal(err) |
| } |
| |
| out := string(buf) |
| if !strings.Contains(out, "from dockerfile") { |
| c.Fatalf("Incorrect output: %s", out) |
| } |
| } |
| |
| func (s *DockerSuite) TestBuildApiBuildGitWithF(c *check.C) { |
| testRequires(c, DaemonIsLinux) |
| git, err := newFakeGit("repo", map[string]string{ |
| "baz": `FROM busybox |
| RUN echo from baz`, |
| "Dockerfile": `FROM busybox |
| RUN echo from Dockerfile`, |
| }, false) |
| if err != nil { |
| c.Fatal(err) |
| } |
| defer git.Close() |
| |
| // Make sure it tries to 'dockerfile' query param value |
| res, body, err := sockRequestRaw("POST", "/build?dockerfile=baz&remote="+git.RepoURL, nil, "application/json") |
| c.Assert(err, check.IsNil) |
| c.Assert(res.StatusCode, check.Equals, http.StatusOK) |
| |
| buf, err := readBody(body) |
| if err != nil { |
| c.Fatal(err) |
| } |
| |
| out := string(buf) |
| if !strings.Contains(out, "from baz") { |
| c.Fatalf("Incorrect output: %s", out) |
| } |
| } |
| |
| func (s *DockerSuite) TestBuildApiDoubleDockerfile(c *check.C) { |
| testRequires(c, UnixCli) // dockerfile overwrites Dockerfile on Windows |
| git, err := newFakeGit("repo", map[string]string{ |
| "Dockerfile": `FROM busybox |
| RUN echo from Dockerfile`, |
| "dockerfile": `FROM busybox |
| RUN echo from dockerfile`, |
| }, false) |
| if err != nil { |
| c.Fatal(err) |
| } |
| defer git.Close() |
| |
| // Make sure it tries to 'dockerfile' query param value |
| res, body, err := sockRequestRaw("POST", "/build?remote="+git.RepoURL, nil, "application/json") |
| c.Assert(err, check.IsNil) |
| c.Assert(res.StatusCode, check.Equals, http.StatusOK) |
| |
| buf, err := readBody(body) |
| if err != nil { |
| c.Fatal(err) |
| } |
| |
| out := string(buf) |
| if !strings.Contains(out, "from Dockerfile") { |
| c.Fatalf("Incorrect output: %s", out) |
| } |
| } |
| |
| func (s *DockerSuite) TestBuildApiDockerfileSymlink(c *check.C) { |
| // Test to make sure we stop people from trying to leave the |
| // build context when specifying a symlink as the path to the dockerfile |
| buffer := new(bytes.Buffer) |
| tw := tar.NewWriter(buffer) |
| defer tw.Close() |
| |
| if err := tw.WriteHeader(&tar.Header{ |
| Name: "Dockerfile", |
| Typeflag: tar.TypeSymlink, |
| Linkname: "/etc/passwd", |
| }); err != nil { |
| c.Fatalf("failed to write tar file header: %v", err) |
| } |
| if err := tw.Close(); err != nil { |
| c.Fatalf("failed to close tar archive: %v", err) |
| } |
| |
| res, body, err := sockRequestRaw("POST", "/build", buffer, "application/x-tar") |
| c.Assert(err, check.IsNil) |
| c.Assert(res.StatusCode, check.Equals, http.StatusInternalServerError) |
| |
| out, err := readBody(body) |
| if err != nil { |
| c.Fatal(err) |
| } |
| |
| // The reason the error is "Cannot locate specified Dockerfile" is because |
| // in the builder, the symlink is resolved within the context, therefore |
| // Dockerfile -> /etc/passwd becomes etc/passwd from the context which is |
| // a nonexistent file. |
| if !strings.Contains(string(out), "Cannot locate specified Dockerfile: Dockerfile") { |
| c.Fatalf("Didn't complain about leaving build context: %s", out) |
| } |
| } |