diff --git a/test/e2e/suite/command/attach.go b/test/e2e/suite/command/attach.go index 54c35f6c3..41632e0f0 100644 --- a/test/e2e/suite/command/attach.go +++ b/test/e2e/suite/command/attach.go @@ -104,6 +104,7 @@ var _ = Describe("Common registry users:", func() { fetched := ORAS("manifest", "fetch", RegistryRef(Host, testRepo, index.Manifests[0].Digest.String())).Exec().Out.Contents() MatchFile(filepath.Join(tempDir, exportName), string(fetched), DefaultTimeout) }) + It("should attach a file via a OCI Image", func() { testRepo := attachTestRepo("image") tempDir := PrepareTempFiles() @@ -121,6 +122,33 @@ var _ = Describe("Common registry users:", func() { Expect(len(index.Manifests)).To(Equal(1)) Expect(index.Manifests[0].MediaType).To(Equal(ocispec.MediaTypeImageManifest)) }) + + It("should attach file with path validation disabled", func() { + testRepo := attachTestRepo("simple") + absAttachFileName := filepath.Join(PrepareTempFiles(), foobar.AttachFileName) + + subjectRef := RegistryRef(Host, testRepo, foobar.Tag) + prepare(RegistryRef(Host, ImageRepo, foobar.Tag), subjectRef) + statusKey := foobar.AttachFileStateKey + statusKey.Name = absAttachFileName + ORAS("attach", "--artifact-type", "test.attach", subjectRef, fmt.Sprintf("%s:%s", absAttachFileName, foobar.AttachFileMedia), "--disable-path-validation"). + MatchStatus([]match.StateKey{statusKey}, false, 1). + Exec() + }) + + It("should fail path validation when attaching file with absolute path", func() { + testRepo := attachTestRepo("simple") + absAttachFileName := filepath.Join(PrepareTempFiles(), foobar.AttachFileName) + + subjectRef := RegistryRef(Host, testRepo, foobar.Tag) + prepare(RegistryRef(Host, ImageRepo, foobar.Tag), subjectRef) + statusKey := foobar.AttachFileStateKey + statusKey.Name = absAttachFileName + ORAS("attach", "--artifact-type", "test.attach", subjectRef, fmt.Sprintf("%s:%s", absAttachFileName, foobar.AttachFileMedia)). + ExpectFailure(). + Exec() + }) + It("should attach a file via a OCI Artifact", func() { testRepo := attachTestRepo("artifact") tempDir := PrepareTempFiles() diff --git a/test/e2e/suite/command/push.go b/test/e2e/suite/command/push.go index dfa56e283..17139fed4 100644 --- a/test/e2e/suite/command/push.go +++ b/test/e2e/suite/command/push.go @@ -25,6 +25,7 @@ import ( "github.com/onsi/gomega" . "github.com/onsi/gomega" "github.com/onsi/gomega/gbytes" + "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "oras.land/oras/test/e2e/internal/testdata/feature" "oras.land/oras/test/e2e/internal/testdata/foobar" @@ -65,6 +66,39 @@ var _ = Describe("Remote registry users:", func() { Expect(manifest.Layers).Should(ContainElements(foobar.BlobBarDescriptor("application/vnd.oci.image.layer.v1.tar"))) }) + It("should push files with path validation disabled", func() { + repo := fmt.Sprintf("%s/%s", repoPrefix, "disable-path-validation") + ref := RegistryRef(Host, repo, tag) + absBarName := filepath.Join(PrepareTempFiles(), foobar.FileBarName) + + ORAS("push", ref, absBarName, "-v", "--disable-path-validation"). + Exec() + + // validate + fetched := ORAS("manifest", "fetch", ref).Exec().Out.Contents() + var manifest ocispec.Manifest + Expect(json.Unmarshal(fetched, &manifest)).ShouldNot(HaveOccurred()) + Expect(manifest.Layers).Should(ContainElements(ocispec.Descriptor{ + MediaType: "application/vnd.oci.image.layer.v1.tar", + Digest: digest.Digest(foobar.BarBlobDigest), + Size: 3, + Annotations: map[string]string{ + "org.opencontainers.image.title": absBarName, + }, + })) + }) + + It("should fail path validation when pushing file with absolute path", func() { + repo := fmt.Sprintf("%s/%s", repoPrefix, "path-validation") + ref := RegistryRef(Host, repo, tag) + absBarName := filepath.Join(PrepareTempFiles(), foobar.FileBarName) + // test + ORAS("push", ref, absBarName, "-v"). + MatchErrKeyWords("--disable-path-validation"). + ExpectFailure(). + Exec() + }) + It("should push files and tag", func() { repo := fmt.Sprintf("%s/%s", repoPrefix, "multi-tag") tempDir := PrepareTempFiles()