154b3f0e4f
This fix tries to address the issue raised in 28769 where checkpoint name was not checked before passing to containerd. As a result, it was possible to use a special checkpoint name to get outside of the container's directory. This fix add restriction `[a-zA-Z0-9][a-zA-Z0-9_.-]+` (`RestrictedNamePattern`). This is the same as container name restriction. This fix fixes 28769. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> Upstream-commit: c90ec0517544e7d054d79f71f4d24d9ebbad7408 Component: engine
10 lines
416 B
Go
10 lines
416 B
Go
package utils
|
|
|
|
import "regexp"
|
|
|
|
// RestrictedNameChars collects the characters allowed to represent a name, normally used to validate container and volume names.
|
|
const RestrictedNameChars = `[a-zA-Z0-9][a-zA-Z0-9_.-]`
|
|
|
|
// RestrictedNamePattern is a regular expression to validate names against the collection of restricted characters.
|
|
var RestrictedNamePattern = regexp.MustCompile(`^` + RestrictedNameChars + `+$`)
|