This repository has been archived by the owner on Jan 27, 2023. It is now read-only.
Ensure only supported os overrides are used in skopeo download commands #430
Comments
nurmi
added a commit
that referenced
this issue
Apr 22, 2020
…ds. Fixes #430. Signed-off-by: Daniel Nurmi <nurmi@anchore.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In the anchore skopeo wrapper, as of 0.7.0, there is logic that supports multiple attempts to download an image from a registry using a combination of os override and destination type options. The initial implementation in 0.7.0 attempts to derive an os override option from the image manifest itself, but there are only a couple of overrides that are supported, so it would be better to explicitly enumerate them rather than attempting to use a field from the image manifest. This would have two benefits:
while the input is run through an internal command sanitizer, it may be possible for a string to be crafted to circumvent sanitization and cause incorrect/insecure call out to the skopeo command (e.g. potential for a command injection)
there are only a few known overrides that are supported, so there is no need for this field to be inferred from any input source, which would fail for any override other than the known set that are supported
Suggested fix is to alter the code to use an explicit enumeration of the os override options that are supported by anchore/skopeo.
The text was updated successfully, but these errors were encountered: