Skip to content

Commit

Permalink
Fixes #38103 - disallow direct container tar uploads
Browse files Browse the repository at this point in the history
  • Loading branch information
ianballou committed Dec 20, 2024
1 parent 7a9771d commit 76287e9
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 4 deletions.
3 changes: 2 additions & 1 deletion app/controllers/katello/api/v2/content_uploads_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,10 @@ class Api::V2::ContentUploadsController < Api::V2::ApiController
param :repository_id, :number, :required => true, :desc => N_("repository id")
param :size, :number, :required => true, :desc => N_("Size of file to upload")
param :checksum, String, :required => false, :desc => N_("Checksum of file to upload")
param :content_type, RepositoryTypeManager.uploadable_content_types(false).map(&:label), :required => false, :desc => N_("content type ('deb', 'docker_manifest', 'file', 'ostree_ref', 'rpm', 'srpm')")
param :content_type, RepositoryTypeManager.uploadable_content_types(false).map(&:label), :required => false, :desc => N_("content type ('deb', 'file', 'ostree_ref', 'rpm', 'srpm')")
def create
fail Katello::Errors::InvalidRepositoryContent, _("Cannot upload Ansible collections.") if @repository.ansible_collection?
fail Katello::Errors::InvalidRepositoryContent, _("Cannot upload container content via Hammer/API. Use podman push instead.") if @repository.docker?
content_type = params[:content_type] || ::Katello::RepositoryTypeManager.find(@repository.content_type)&.default_managed_content_type&.label
RepositoryTypeManager.check_content_matches_repo_type!(@repository, content_type)
if ::Katello::RepositoryTypeManager.generic_content_type?(content_type)
Expand Down
1 change: 0 additions & 1 deletion lib/katello/repository_types/docker.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@
:priority => 1,
:pulp3_service_class => ::Katello::Pulp3::DockerManifest,
:removable => true,
:uploadable => true,
:primary_content => true
content_type Katello::DockerManifestList,
:priority => 2,
Expand Down
7 changes: 7 additions & 0 deletions test/controllers/api/v2/content_uploads_controller_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,13 @@ def test_create_generic_upload_request
assert_response :success
end

def test_create_container_upload_request
container_repo = katello_repositories(:busybox)
post :create, params: { :repository_id => container_repo.id, :size => 100, :checksum => 'test_checksum2' }
assert_response :error
assert_match 'Cannot upload container content via Hammer/API. Use podman push instead.', @response.body
end

def test_create_collection_upload_request
ansible_collection_repo = katello_repositories(:pulp3_ansible_collection_1)
post :create, params: { :repository_id => ansible_collection_repo.id, :size => 100, :checksum => 'test_checksum' }
Expand Down
4 changes: 2 additions & 2 deletions test/controllers/api/v2/repositories_controller_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -929,8 +929,8 @@ def test_upload_content_bad_type
post :upload_content, params: { :id => @repository.id, :content_type => 'cheese' }

assert_response 422
response = "{\"displayMessage\":\"Invalid params provided - content_type must be one of deb,docker_manifest,file,ostree_ref,python_package,rpm,srpm\"," \
"\"errors\":[\"Invalid params provided - content_type must be one of deb,docker_manifest,file,ostree_ref,python_package,rpm,srpm\"]}"
response = "{\"displayMessage\":\"Invalid params provided - content_type must be one of deb,file,ostree_ref,python_package,rpm,srpm\"," \
"\"errors\":[\"Invalid params provided - content_type must be one of deb,file,ostree_ref,python_package,rpm,srpm\"]}"
assert_match response, @response.body
end

Expand Down

0 comments on commit 76287e9

Please sign in to comment.