mirror of
https://github.com/genuinetools/reg.git
synced 2024-05-12 17:38:31 -04:00
Fix vuln scanning on GCR (#152)
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
1ea91e7493
commit
eb4e1cc686
|
@ -8,8 +8,11 @@ import (
|
|||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"regexp"
|
||||
)
|
||||
|
||||
var gcrMatcher = regexp.MustCompile(`https://([a-z]+\.|)gcr\.io/`)
|
||||
|
||||
// TokenTransport defines the data structure for authentication via tokens.
|
||||
type TokenTransport struct {
|
||||
Transport http.RoundTripper
|
||||
|
@ -148,6 +151,13 @@ func (r *Registry) Token(url string) (string, error) {
|
|||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode == http.StatusForbidden && gcrMatcher.MatchString(url) {
|
||||
// GCR is not sending HTTP 401 on missing credentials but a HTTP 403 without
|
||||
// any further information about why the request failed. Sending the credentials
|
||||
// from the Docker config fixes this.
|
||||
return "", ErrBasicAuth
|
||||
}
|
||||
|
||||
a, err := isTokenDemand(resp)
|
||||
if err != nil {
|
||||
return "", err
|
||||
|
|
Loading…
Reference in a new issue