Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure credentials are not HTML encoded #277

Merged
merged 1 commit into from
Apr 5, 2021

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Apr 5, 2021

This PR pulls in the fixes from anchore/stereoscope#63 and anchore/syft#368.

Summary of fix in stereoscope: today when setting docker pull options we are responsible for base64 encoding the RegistryAuth JSON, which is an object containing username and password. Before base64 encoding we are not making certain that the JSON marshaling will not escape specific characters typical to HTML documents. This PR swaps out the JSON unmarshal with a JSON encoder with HTML escaping turned off.

Closes #254

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman wagoodman requested a review from a team April 5, 2021 18:29
@wagoodman wagoodman self-assigned this Apr 5, 2021
@wagoodman wagoodman enabled auto-merge April 5, 2021 18:29
@wagoodman wagoodman merged commit 3b3c59a into main Apr 5, 2021
@wagoodman wagoodman deleted the fix-registry-auth-encode-issue branch April 5, 2021 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

private registry and password with special chars
2 participants