🔒 security(registries): route token-fetch requests through operator TLS settings

GAR, GitLab, Mau, DHI and public-ECR built their own token-fetch request
and called axios() directly, bypassing withTlsRequestOptions() — so the
credential exchange ignored the operator's cafile / insecure / client-cert
config and validated against the system trust store instead. A MITM with a
system-trusted cert could intercept the registry secret in the Authorization
header even when a private CA was configured.

- Promote BaseRegistry.withTlsRequestOptions from private to protected.
- Wrap each provider's token-fetch request with it (public-ECR branch only;
  the private-ECR path uses the AWS SDK and is out of scope).
- Align Ecr to extend BaseRegistry (it was the only provider extending the
  bare Registry, so it lacked the shared auth/TLS helpers).

Author: s-b-e-n-s-o-n

app/registries/BaseRegistry.ts

@@ -244,7 +244,7 @@ class BaseRegistry<
     return this.httpsAgent;
   }
 
-  private withTlsRequestOptions(requestOptions: RegistryRequestOptions): RegistryRequestOptions {
+  protected withTlsRequestOptions(requestOptions: RegistryRequestOptions): RegistryRequestOptions {
     const httpsAgent = requestOptions.httpsAgent || this.getHttpsAgent();
     if (!httpsAgent) {
       return requestOptions;

app/registries/providers/dhi/Dhi.test.ts

@@ -161,4 +161,35 @@ describe('DHI Registry', () => {
       auth: '[REDACTED]',
     });
   });
+
+  test('should pass httpsAgent to axios when insecure=true', async () => {
+    const { default: axios } = await import('axios');
+    axios.mockResolvedValue({ data: { token: 'auth-token' } });
+
+    dhi.configuration = {
+      url: 'https://dhi.io',
+      insecure: true,
+    };
+    dhi.getAuthCredentials = vi.fn().mockReturnValue(null);
+
+    await dhi.authenticate({ name: 'python' }, { headers: {} });
+
+    expect(axios).toHaveBeenCalledWith(expect.objectContaining({ httpsAgent: expect.anything() }));
+    const calledConfig = (axios as ReturnType<typeof vi.fn>).mock.calls[0][0];
+    expect(calledConfig.httpsAgent.options.rejectUnauthorized).toBe(false);
+  });
+
+  test('should NOT attach httpsAgent when no TLS config is set', async () => {
+    const { default: axios } = await import('axios');
+    axios.mockResolvedValue({ data: { token: 'auth-token' } });
+
+    dhi.getAuthCredentials = vi.fn().mockReturnValue(null);
+
+    await dhi.authenticate({ name: 'python' }, { headers: {} });
+
+    const calledConfig = (axios as ReturnType<typeof vi.fn>).mock.calls[0][0];
+    expect(calledConfig.httpsAgent).toBeUndefined();
+    expect(calledConfig.method).toBe('GET');
+    expect(calledConfig.url).toContain('https://dhi.io/token');
+  });
 });

app/registries/providers/dhi/Dhi.ts

@@ -64,7 +64,7 @@ class Dhi extends Custom<DhiRegistryConfiguration> {
       axiosConfig.headers.Authorization = `Basic ${credentials}`;
     }
 
-    const response = await axios(axiosConfig);
+    const response = await axios(this.withTlsRequestOptions(axiosConfig));
     return withAuthorizationHeader(
       requestOptions,
       'Bearer',

app/registries/providers/ecr/Ecr.test.ts

@@ -635,3 +635,35 @@ test('match should return true for public ECR gallery', async () => {
     }),
   ).toBeTruthy();
 });
+
+test('authenticate public ECR gallery should pass httpsAgent to axios when insecure=true', async () => {
+  mockAxios.mockResolvedValueOnce({ data: { token: 'public-token-insecure' } });
+
+  const ecrPublicInsecure = new Ecr();
+  ecrPublicInsecure.configuration = { insecure: true };
+
+  await ecrPublicInsecure.authenticate(
+    { registry: { url: 'https://public.ecr.aws/v2' } },
+    { headers: {} },
+  );
+
+  expect(mockAxios).toHaveBeenCalledWith(
+    expect.objectContaining({ httpsAgent: expect.anything() }),
+  );
+  const calledConfig = mockAxios.mock.calls[0][0];
+  expect(calledConfig.httpsAgent.options.rejectUnauthorized).toBe(false);
+});
+
+test('authenticate public ECR gallery should NOT attach httpsAgent when no TLS config is set', async () => {
+  mockAxios.mockResolvedValueOnce({ data: { token: 'public-token-123' } });
+
+  const ecrPublic = new Ecr();
+  ecrPublic.configuration = {};
+
+  await ecrPublic.authenticate({ registry: { url: 'https://public.ecr.aws/v2' } }, { headers: {} });
+
+  const calledConfig = mockAxios.mock.calls[0][0];
+  expect(calledConfig.httpsAgent).toBeUndefined();
+  expect(calledConfig.method).toBe('GET');
+  expect(calledConfig.url).toBe('https://public.ecr.aws/token/');
+});

app/registries/providers/ecr/Ecr.ts

@@ -1,7 +1,7 @@
 import { ECRClient, GetAuthorizationTokenCommand } from '@aws-sdk/client-ecr';
 import axios from 'axios';
 import { requireAuthString, withAuthorizationHeader } from '../../../security/auth.js';
-import Registry from '../../Registry.js';
+import BaseRegistry, { type BaseRegistryConfiguration } from '../../BaseRegistry.js';
 
 const ECR_PUBLIC_GALLERY_HOSTNAME = 'public.ecr.aws';
 const PRIVATE_ECR_AUTH_TOKEN_TTL_MS = 12 * 60 * 60 * 1000;
@@ -26,7 +26,7 @@ function getRegistryHost(registryUrl: string | undefined): string {
 /**
  * Elastic Container Registry integration.
  */
-interface EcrRegistryConfiguration {
+interface EcrRegistryConfiguration extends BaseRegistryConfiguration {
   accesskeyid?: string;
   secretaccesskey?: string;
   region?: string;
@@ -43,7 +43,7 @@ interface EcrAuthTokenFetchEntry {
   promise: Promise<string | undefined>;
 }
 
-class Ecr extends Registry<EcrRegistryConfiguration> {
+class Ecr extends BaseRegistry<EcrRegistryConfiguration> {
   private privateEcrAuthTokenCache?: EcrAuthTokenCacheEntry;
 
   private privateEcrAuthTokenFetch?: EcrAuthTokenFetchEntry;
@@ -195,13 +195,15 @@ class Ecr extends Registry<EcrRegistryConfiguration> {
 
       // Public ECR gallery
     } else if (getRegistryHost(image?.registry?.url) === ECR_PUBLIC_GALLERY_HOSTNAME) {
-      const response = await axios({
-        method: 'GET',
-        url: 'https://public.ecr.aws/token/',
-        headers: {
-          Accept: 'application/json',
-        },
-      });
+      const response = await axios(
+        this.withTlsRequestOptions({
+          method: 'GET',
+          url: 'https://public.ecr.aws/token/',
+          headers: {
+            Accept: 'application/json',
+          },
+        }),
+      );
       return withAuthorizationHeader(
         requestOptionsWithAuth,
         'Bearer',

app/registries/providers/gar/Gar.test.ts

@@ -259,3 +259,49 @@ test('authenticate should throw a URL error when registry URL is missing', async
     ),
   ).rejects.toThrow('Invalid URL');
 });
+
+test('authenticate should pass httpsAgent to axios when insecure=true', async () => {
+  const { default: axios } = await import('axios');
+
+  const garInsecure = new Gar();
+  garInsecure.configuration = {
+    clientemail: TEST_CLIENT_EMAIL,
+    privatekey: TEST_PRIVATE_KEY,
+    insecure: true,
+  };
+
+  await garInsecure.authenticate(
+    {
+      name: 'project/repository/image',
+      registry: { url: 'us-central1-docker.pkg.dev' },
+    },
+    { headers: {} },
+  );
+
+  expect(axios).toHaveBeenCalledWith(expect.objectContaining({ httpsAgent: expect.anything() }));
+  const calledConfig = (axios as ReturnType<typeof vi.fn>).mock.calls[0][0];
+  expect(calledConfig.httpsAgent.options.rejectUnauthorized).toBe(false);
+});
+
+test('authenticate should NOT attach httpsAgent when no TLS config is set', async () => {
+  const { default: axios } = await import('axios');
+
+  const garDefault = new Gar();
+  garDefault.configuration = {
+    clientemail: TEST_CLIENT_EMAIL,
+    privatekey: TEST_PRIVATE_KEY,
+  };
+
+  await garDefault.authenticate(
+    {
+      name: 'project/repository/image',
+      registry: { url: 'us-central1-docker.pkg.dev' },
+    },
+    { headers: {} },
+  );
+
+  const calledConfig = (axios as ReturnType<typeof vi.fn>).mock.calls[0][0];
+  expect(calledConfig.httpsAgent).toBeUndefined();
+  expect(calledConfig.method).toBe('GET');
+  expect(calledConfig.url).toContain('https://us-central1-docker.pkg.dev/v2/token');
+});

app/registries/providers/gar/Gar.ts

@@ -59,7 +59,7 @@ class Gar extends BaseRegistry<GarRegistryConfiguration> {
       },
     };
 
-    const response = await axios(request);
+    const response = await axios(this.withTlsRequestOptions(request));
     return withAuthorizationHeader(
       requestOptions,
       'Bearer',

app/registries/providers/gitlab/Gitlab.test.ts

@@ -193,3 +193,32 @@ test('getAuthPull should return pam', async () => {
     password: gitlab.configuration.token,
   });
 });
+
+test('authenticate should pass httpsAgent to axios when insecure=true', async () => {
+  axios.mockImplementation(() => ({ data: { token: 'token' } }));
+
+  const gitlabInsecure = new Gitlab();
+  gitlabInsecure.configuration = {
+    url: 'https://registry.gitlab.com',
+    authurl: 'https://gitlab.com',
+    token: TEST_TOKEN,
+    insecure: true,
+  };
+
+  await gitlabInsecure.authenticate({ name: 'group/project' }, { headers: {} });
+
+  expect(axios).toHaveBeenCalledWith(expect.objectContaining({ httpsAgent: expect.anything() }));
+  const calledConfig = (axios as ReturnType<typeof vi.fn>).mock.calls[0][0];
+  expect(calledConfig.httpsAgent.options.rejectUnauthorized).toBe(false);
+});
+
+test('authenticate should NOT attach httpsAgent when no TLS config is set', async () => {
+  axios.mockImplementation(() => ({ data: { token: 'token' } }));
+
+  await gitlab.authenticate({ name: 'group/project' }, { headers: {} });
+
+  const calledConfig = (axios as ReturnType<typeof vi.fn>).mock.calls[0][0];
+  expect(calledConfig.httpsAgent).toBeUndefined();
+  expect(calledConfig.method).toBe('GET');
+  expect(calledConfig.headers.Authorization).toContain('Basic ');
+});

app/registries/providers/gitlab/Gitlab.ts

@@ -69,7 +69,7 @@ class Gitlab<
         Authorization: `Basic ${Gitlab.base64Encode('', this.configuration.token)}`,
       },
     };
-    const response = await axios(request);
+    const response = await axios(this.withTlsRequestOptions(request));
     return withAuthorizationHeader(
       requestOptions,
       'Bearer',

app/registries/providers/mau/Mau.test.ts

@@ -236,3 +236,32 @@ test('init should convert string configuration to object defaults', async () =>
     authurl: 'https://dock.mau.dev',
   });
 });
+
+test('authenticate should pass httpsAgent to axios when insecure=true', async () => {
+  axios.mockImplementation(() => ({ data: { token: 'token' } }));
+
+  const mauInsecure = new Mau();
+  mauInsecure.configuration = {
+    url: 'https://dock.mau.dev',
+    authurl: 'https://dock.mau.dev',
+    token: TEST_TOKEN,
+    insecure: true,
+  };
+
+  await mauInsecure.authenticate({ name: 'team/image' }, { headers: {} });
+
+  expect(axios).toHaveBeenCalledWith(expect.objectContaining({ httpsAgent: expect.anything() }));
+  const calledConfig = (axios as ReturnType<typeof vi.fn>).mock.calls[0][0];
+  expect(calledConfig.httpsAgent.options.rejectUnauthorized).toBe(false);
+});
+
+test('authenticate should NOT attach httpsAgent when no TLS config is set', async () => {
+  axios.mockImplementation(() => ({ data: { token: 'token' } }));
+
+  await mau.authenticate({ name: 'team/image' }, { headers: {} });
+
+  const calledConfig = (axios as ReturnType<typeof vi.fn>).mock.calls[0][0];
+  expect(calledConfig.httpsAgent).toBeUndefined();
+  expect(calledConfig.method).toBe('GET');
+  expect(calledConfig.headers.Authorization).toContain('Basic ');
+});