From 6934c854513dd66298d1ec8f79b8c0e8488bafcd Mon Sep 17 00:00:00 2001 From: Pablo Caderno Date: Wed, 17 Feb 2021 18:06:00 +1100 Subject: [PATCH] Improved insecure registry validation function --- cmd/minikube/cmd/start.go | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/cmd/minikube/cmd/start.go b/cmd/minikube/cmd/start.go index 7810dd0ce74d..9fa69225ccb3 100644 --- a/cmd/minikube/cmd/start.go +++ b/cmd/minikube/cmd/start.go @@ -27,6 +27,7 @@ import ( "os/user" "regexp" "runtime" + "strconv" "strings" "github.com/blang/semver" @@ -72,7 +73,7 @@ var ( insecureRegistry []string apiServerNames []string apiServerIPs []net.IP - hostRe = regexp.MustCompile(`[\w\.-]+`) + hostRe = regexp.MustCompile(`^[^-][\w\.-]+$`) ) func init() { @@ -1066,28 +1067,37 @@ func validateRegistryMirror() { } // This function validates that the --insecure-registry follows one of the following formats: -// ":" ":" "/" +// "[:]" "[:]" "/" func validateInsecureRegistry() { if len(insecureRegistry) > 0 { for _, addr := range insecureRegistry { + // Remove http or https from registryMirror + if strings.HasPrefix(strings.ToLower(addr), "http://") || strings.HasPrefix(strings.ToLower(addr), "https://") { + i := strings.Index(addr, "//") + addr = addr[i+2:] + } else if strings.Contains(addr, "://") || strings.HasSuffix(addr, ":") { + exit.Message(reason.Usage, "Sorry, the address provided with the --insecure-registry flag is invalid: {{.addr}}. Expected formtas are: [:], [:] or /", out.V{"addr": addr}) + } hostnameOrIP, port, err := net.SplitHostPort(addr) if err != nil { _, _, err := net.ParseCIDR(addr) if err == nil { continue } + hostnameOrIP = addr } - if port == "" { - exit.Message(reason.Usage, "Sorry, the address provided with the --insecure-registry flag is invalid: {{.addr}}. Expected formtas are: :, : or /", out.V{"addr": addr}) - } - // checks both IPv4 and IPv6 - ipAddr := net.ParseIP(hostnameOrIP) - if ipAddr != nil { - continue + if !hostRe.MatchString(hostnameOrIP) && net.ParseIP(hostnameOrIP) == nil { + // fmt.Printf("This is not hostname or ip %s", hostnameOrIP) + exit.Message(reason.Usage, "Sorry, the address provided with the --insecure-registry flag is invalid: {{.addr}}. Expected formtas are: [:], [:] or /", out.V{"addr": addr}) } - isValidHost := hostRe.MatchString(hostnameOrIP) - if err != nil || !isValidHost { - exit.Message(reason.Usage, "Sorry, the address provided with the --insecure-registry flag is invalid: {{.addr}}. Expected formtas are: :, : or /", out.V{"addr": addr}) + if port != "" { + v, err := strconv.Atoi(port) + if err != nil { + exit.Message(reason.Usage, "Sorry, the address provided with the --insecure-registry flag is invalid: {{.addr}}. Expected formtas are: [:], [:] or /", out.V{"addr": addr}) + } + if v < 0 || v > 65535 { + exit.Message(reason.Usage, "Sorry, the address provided with the --insecure-registry flag is invalid: {{.addr}}. Expected formtas are: [:], [:] or /", out.V{"addr": addr}) + } } } }