Skip to content

Commit 11380a1

Browse files
author
Erik Hollensbe
committed
registry: always treat 127.0.0.1 as insecure for all cases anytime anywhere
Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <[email protected]> (github: erikh)
1 parent 28ee373 commit 11380a1

2 files changed

Lines changed: 19 additions & 25 deletions

File tree

registry/endpoint.go

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -152,19 +152,25 @@ func (e Endpoint) Ping() (RegistryInfo, error) {
152152
// IsSecure returns false if the provided hostname is part of the list of insecure registries.
153153
// Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
154154
func IsSecure(hostname string, insecureRegistries []string) bool {
155+
155156
if hostname == IndexServerAddress() {
156157
return true
157158
}
159+
160+
host, _, err := net.SplitHostPort(hostname)
161+
162+
if err != nil {
163+
host = hostname
164+
}
165+
166+
if host == "127.0.0.1" || host == "localhost" {
167+
return false
168+
}
169+
158170
if len(insecureRegistries) == 0 {
159-
host, _, err := net.SplitHostPort(hostname)
160-
if err != nil {
161-
host = hostname
162-
}
163-
if host == "127.0.0.1" || host == "localhost" {
164-
return false
165-
}
166171
return true
167172
}
173+
168174
for _, h := range insecureRegistries {
169175
if hostname == h {
170176
return false

registry/registry_test.go

Lines changed: 6 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -328,31 +328,19 @@ func TestIsSecure(t *testing.T) {
328328
}{
329329
{"example.com", []string{}, true},
330330
{"example.com", []string{"example.com"}, false},
331-
{"localhost", []string{"localhost:5000"}, true},
331+
{"localhost", []string{"localhost:5000"}, false},
332332
{"localhost:5000", []string{"localhost:5000"}, false},
333-
{"localhost", []string{"example.com"}, true},
333+
{"localhost", []string{"example.com"}, false},
334334
{"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false},
335-
}
336-
for _, tt := range tests {
337-
if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {
338-
t.Errorf("IsSecure failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)
339-
}
340-
}
341-
}
342-
343-
func TestIsSecure(t *testing.T) {
344-
tests := []struct {
345-
addr string
346-
insecureRegistries []string
347-
expected bool
348-
}{
349335
{"localhost", []string{}, false},
350336
{"localhost:5000", []string{}, false},
351337
{"127.0.0.1", []string{}, false},
352-
{"localhost", []string{"example.com"}, true},
353-
{"127.0.0.1", []string{"example.com"}, true},
338+
{"localhost", []string{"example.com"}, false},
339+
{"127.0.0.1", []string{"example.com"}, false},
354340
{"example.com", []string{}, true},
355341
{"example.com", []string{"example.com"}, false},
342+
{"127.0.0.1", []string{"example.com"}, false},
343+
{"127.0.0.1:5000", []string{"example.com"}, false},
356344
}
357345
for _, tt := range tests {
358346
if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {

0 commit comments

Comments
 (0)