fix/Add hostname check in registry URL on login #5055
Draft
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did: To address the issue related to potential credential leakage when specifying a registry URL without a hostname, I added validation checks for the registry URL's validity and the presence of a hostname when passing the registry address in the CLI.
- How I did it: As fixing the bug on the server side seemed unfeasible due to the data formation for client-side authentication, which results in passing an empty hostname string and attempting login to the default address with private credentials, I incorporated corresponding checks into the code.
- How to verify it: You can verify it by using the command
docker login http:///path
, which should output the following message: "Server address must include a hostname: ''".- Description for the changelog:
- Link to the relevant code snippet in Moby: Moby Code - registry/service.go#L55
fixes: moby/moby#47795