Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-07-24 07:49:41 +02:00
Code Issues Releases Activity

fix(service): webhook vulnerability for passing an invalid image tag EE-2121 (#6269)

Browse source 
* fix(service): webhook vulnerability for passing an invalid image tag
This commit is contained in:
Hao Zhang 2022-01-27 08:38:29 +08:00 committed by GitHub
parent dfb0ba9efe
commit a9406764ee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 115 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
api/http/handler/webhooks/webhook_execute.go
View file

@ -4,6 +4,7 @@ import (
"context"
"errors"
"github.com/portainer/portainer/api/internal/registryutils"
"io"
"net/http"
"strings"
@ -111,7 +112,15 @@ func (handler *Handler) executeServiceWebhook(
}
}
}
if imageTag != "" {
rc, err := dockerClient.ImagePull(context.Background(), service.Spec.TaskTemplate.ContainerSpec.Image, dockertypes.ImagePullOptions{RegistryAuth: serviceUpdateOptions.EncodedRegistryAuth})
if err != nil {
return &httperror.HandlerError{StatusCode: http.StatusNotFound, Message: "Error pulling image with the specified tag", Err: err}
}
defer func(rc io.ReadCloser) {
_ = rc.Close()
}(rc)
}
_, err = dockerClient.ServiceUpdate(context.Background(), resourceID, service.Version, service.Spec, serviceUpdateOptions)
if err != nil {