Disallow creating a volume starting with a /.
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
... | ... |
@@ -7,3 +7,6 @@ const RestrictedNameChars = `[a-zA-Z0-9][a-zA-Z0-9_.-]` |
7 | 7 |
|
8 | 8 |
// RestrictedNamePattern is a regular expression to validate names against the collection of restricted characters. |
9 | 9 |
var RestrictedNamePattern = regexp.MustCompile(`^/?` + RestrictedNameChars + `+$`) |
10 |
+ |
|
11 |
+// RestrictedVolumeNamePattern is a regular expression to validate volume names against the collection of restricted characters. |
|
12 |
+var RestrictedVolumeNamePattern = regexp.MustCompile(`^` + RestrictedNameChars + `+$`) |
... | ... |
@@ -31,7 +31,7 @@ var ( |
31 | 31 |
// volumeNameRegex ensures the name assigned for the volume is valid. |
32 | 32 |
// This name is used to create the bind directory, so we need to avoid characters that |
33 | 33 |
// would make the path to escape the root directory. |
34 |
- volumeNameRegex = utils.RestrictedNamePattern |
|
34 |
+ volumeNameRegex = utils.RestrictedVolumeNamePattern |
|
35 | 35 |
) |
36 | 36 |
|
37 | 37 |
// New instantiates a new Root instance with the provided scope. Scope |
... | ... |
@@ -124,3 +124,24 @@ func TestCreate(t *testing.T) { |
124 | 124 |
} |
125 | 125 |
} |
126 | 126 |
} |
127 |
+ |
|
128 |
+func TestValidateName(t *testing.T) { |
|
129 |
+ r := &Root{} |
|
130 |
+ names := map[string]bool{ |
|
131 |
+ "/testvol": false, |
|
132 |
+ "thing.d": true, |
|
133 |
+ "hello-world": true, |
|
134 |
+ "./hello": false, |
|
135 |
+ ".hello": false, |
|
136 |
+ } |
|
137 |
+ |
|
138 |
+ for vol, expected := range names { |
|
139 |
+ err := r.validateName(vol) |
|
140 |
+ if expected && err != nil { |
|
141 |
+ t.Fatalf("expected %s to be valid got %v", vol, err) |
|
142 |
+ } |
|
143 |
+ if !expected && err == nil { |
|
144 |
+ t.Fatalf("expected %s to be invalid", vol) |
|
145 |
+ } |
|
146 |
+ } |
|
147 |
+} |