Google Git
Sign in
fuchsia / third_party / github.com / moby / moby / refs/tags/v18.09.1^! / .
commita79fabbfe84117696a19671f4aa88b82d0f64fc1[log] [tgz]
authorJameson Hyde <jameson.hyde@docker.com>Sat Dec 01 11:25:49 2018 -0500
committerEli Uriegas <eli.uriegas@docker.com>Wed Jan 09 17:31:53 2019 +0000
treea3a459d30ba0185c56e4bc2b87357aaeaa425ddf
parentfc274cd2ff4cf3b48c91697fb327dd1fb95588fb [diff]
If url includes scheme, urlPath will drop hostname, which would not match the auth check

Signed-off-by: Jameson Hyde <jameson.hyde@docker.com>
(cherry picked from commit 754fb8d9d03895ae3ab60d2ad778152b0d835206)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Eli Uriegas <eli.uriegas@docker.com>

diff --git a/pkg/authorization/authz.go b/pkg/authorization/authz.go
index f63b885..f504b13 100644
--- a/pkg/authorization/authz.go
+++ b/pkg/authorization/authz.go

@@ -56,11 +56,11 @@
 
 func isChunked(r *http.Request) bool {
 	//RFC 7230 specifies that content length is to be ignored if Transfer-Encoding is chunked
-	if strings.ToLower(r.Header.Get("Transfer-Encoding")) == "chunked" {
+	if strings.EqualFold(r.Header.Get("Transfer-Encoding"), "chunked") {
 		return true
 	}
 	for _, v := range r.TransferEncoding {
-		if 0 == strings.Compare(strings.ToLower(v), "chunked") {
+		if strings.EqualFold(v, "chunked") {
 			return true
 		}
 	}
@@ -162,7 +162,7 @@
 
 func isAuthEndpoint(urlPath string) (bool, error) {
 	// eg www.test.com/v1.24/auth/optional?optional1=something&optional2=something (version optional)
-	matched, err := regexp.MatchString(`^[^\/]+\/(v\d[\d\.]*\/)?auth.*`, urlPath)
+	matched, err := regexp.MatchString(`^[^\/]*\/(v\d[\d\.]*\/)?auth.*`, urlPath)
 	if err != nil {
 		return false, err
 	}

diff --git a/pkg/authorization/authz_unix_test.go b/pkg/authorization/authz_unix_test.go
index 0fc51d3..8f45d3a 100644
--- a/pkg/authorization/authz_unix_test.go
+++ b/pkg/authorization/authz_unix_test.go

@@ -259,6 +259,41 @@
 				contentType: "application/json;charset=UTF8",
 				expected:    false,
 			},
+			{
+				url:         "www.nothing.com/v1.24/auth/test",
+				contentType: "application/json;charset=UTF8",
+				expected:    false,
+			},
+			{
+				url:         "https://www.nothing.com/v1.24/auth/test",
+				contentType: "application/json;charset=UTF8",
+				expected:    false,
+			},
+			{
+				url:         "http://nothing.com/v1.24/auth/test",
+				contentType: "application/json;charset=UTF8",
+				expected:    false,
+			},
+			{
+				url:         "www.nothing.com/test?p1=/auth",
+				contentType: "application/json;charset=UTF8",
+				expected:    true,
+			},
+			{
+				url:         "http://www.nothing.com/test?p1=/auth",
+				contentType: "application/json;charset=UTF8",
+				expected:    true,
+			},
+			{
+				url:         "www.nothing.com/something/auth",
+				contentType: "application/json;charset=UTF8",
+				expected:    true,
+			},
+			{
+				url:         "https://www.nothing.com/something/auth",
+				contentType: "application/json;charset=UTF8",
+				expected:    true,
+			},
 		}
 	)