Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--disable-path-validation not working for oras push and oras attach #983

Closed
1 task
qweeah opened this issue Jun 21, 2023 · 3 comments
Closed
1 task

--disable-path-validation not working for oras push and oras attach #983

qweeah opened this issue Jun 21, 2023 · 3 comments
Assignees
@suganyas
Labels
bug Something isn't working
Milestone
v1.1.0

Comments

@qweeah
Copy link
Contributor

qweeah commented Jun 21, 2023

What happened in your environment?

I can still push files with absolute path even if --disable-path-validation is set to false

$ oras push localhost:5000/test:path /my/test/file --disable-path-validation=false
Uploading e3b0c44298fc /my/test/file
Uploaded  e3b0c44298fc /my/test/file
Pushed [registry] localhost:5000/test:path
Digest: sha256:c925e33e51a8ff03e378e2956fdd4aa3a28203ed9aaa778d634c5e647c65bc54

What did you expect to happen?

The operation should fail with warning mentioning that using absolute paths in artifacts is generally insecure and not friendly to cross-platform scenarios.

How can we reproduce it?

Use absolute path to specify files in oras push or oras attach

What is the version of your ORAS CLI?

1.0.0

What is your OS environment?

20.04

Are you willing to submit PRs to fix it?

  • Yes, I am willing to fix it.
@qweeah qweeah added the bug Something isn't working label Jun 21, 2023
@qweeah qweeah mentioned this issue Jun 21, 2023
Closed
1 task
@qweeah
Copy link
Contributor Author

qweeah commented Jun 26, 2023

@suganyas Do you want to work on this?

@suganyas
Copy link
Contributor

@qweeah my fix will fix this one too.

@suganyas suganyas mentioned this issue Jun 26, 2023
Merged
4 tasks
@shizhMSFT shizhMSFT added this to the v2.0.0 milestone Jun 28, 2023
@shizhMSFT shizhMSFT mentioned this issue Jun 28, 2023
Closed
1 task
@qweeah qweeah modified the milestones: v2.0.0, v1.1.0 Jun 29, 2023
@qweeah
Copy link
Contributor Author

qweeah commented Jun 29, 2023

completed in #988

@qweeah qweeah closed this as completed Jun 29, 2023
This was referenced Jul 5, 2023
Closed
Merged
@qweeah qweeah mentioned this issue Aug 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@suganyas suganyas

Labels
bug Something isn't working
Projects
ORAS Project Board-2023
Status: Done
Milestone
v1.1.0
Development

No branches or pull requests
3 participants
@qweeah @suganyas @shizhMSFT