Fix vuln scanning on GCR (#152)

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2018-10-17 09:53:20 +02:00 committed by Jess Frazelle
parent 1ea91e7493
commit eb4e1cc686

View file

@ -8,8 +8,11 @@ import (
"fmt"
"net/http"
"net/url"
"regexp"
)
var gcrMatcher = regexp.MustCompile(`https://([a-z]+\.|)gcr\.io/`)
// TokenTransport defines the data structure for authentication via tokens.
type TokenTransport struct {
Transport http.RoundTripper
@ -148,6 +151,13 @@ func (r *Registry) Token(url string) (string, error) {
}
defer resp.Body.Close()
if resp.StatusCode == http.StatusForbidden && gcrMatcher.MatchString(url) {
// GCR is not sending HTTP 401 on missing credentials but a HTTP 403 without
// any further information about why the request failed. Sending the credentials
// from the Docker config fixes this.
return "", ErrBasicAuth
}
a, err := isTokenDemand(resp)
if err != nil {
return "", err