mirror of
https://github.com/containrrr/watchtower.git
synced 2026-02-19 05:38:07 +01:00
fix: Resolving several identified vulnerabilities
This commit is contained in:
Ravikiran Kondapaneni
parent
76f9cea516
commit
bc35a17f24
8 changed files with 238 additions and 178 deletions
|
|
@ -7,9 +7,9 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/docker/docker/api/types"
|
||||
"github.com/docker/docker/api/types/container"
|
||||
"github.com/docker/docker/api/types/filters"
|
||||
"github.com/docker/docker/api/types/image"
|
||||
"github.com/docker/docker/api/types/network"
|
||||
sdkClient "github.com/docker/docker/client"
|
||||
log "github.com/sirupsen/logrus"
|
||||
|
|
@ -109,7 +109,7 @@ func (client dockerClient) ListContainers(fn t.Filter) ([]t.Container, error) {
|
|||
filter := client.createListFilter()
|
||||
containers, err := client.api.ContainerList(
|
||||
bg,
|
||||
types.ContainerListOptions{
|
||||
container.ListOptions{
|
||||
Filters: filter,
|
||||
})
|
||||
|
||||
|
|
@ -206,7 +206,7 @@ func (client dockerClient) StopContainer(c t.Container, timeout time.Duration) e
|
|||
} else {
|
||||
log.Debugf("Removing container %s", shortID)
|
||||
|
||||
if err := client.api.ContainerRemove(bg, idStr, types.ContainerRemoveOptions{Force: true, RemoveVolumes: client.RemoveVolumes}); err != nil {
|
||||
if err := client.api.ContainerRemove(bg, idStr, container.RemoveOptions{Force: true, RemoveVolumes: client.RemoveVolumes}); err != nil {
|
||||
if sdkClient.IsErrNotFound(err) {
|
||||
log.Debugf("Container %s not found, skipping removal.", shortID)
|
||||
return nil
|
||||
|
|
@ -303,7 +303,7 @@ func (client dockerClient) doStartContainer(bg context.Context, c t.Container, c
|
|||
name := c.Name()
|
||||
|
||||
log.Debugf("Starting container %s (%s)", name, t.ContainerID(creation.ID).ShortID())
|
||||
err := client.api.ContainerStart(bg, creation.ID, types.ContainerStartOptions{})
|
||||
err := client.api.ContainerStart(bg, creation.ID, container.StartOptions{})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -411,7 +411,7 @@ func (client dockerClient) RemoveImageByID(id t.ImageID) error {
|
|||
items, err := client.api.ImageRemove(
|
||||
context.Background(),
|
||||
string(id),
|
||||
types.ImageRemoveOptions{
|
||||
image.RemoveOptions{
|
||||
Force: true,
|
||||
})
|
||||
|
||||
|
|
@ -444,7 +444,7 @@ func (client dockerClient) ExecuteCommand(containerID t.ContainerID, command str
|
|||
clog := log.WithField("containerID", containerID)
|
||||
|
||||
// Create the exec
|
||||
execConfig := types.ExecConfig{
|
||||
execConfig := container.ExecOptions{
|
||||
Tty: true,
|
||||
Detach: false,
|
||||
Cmd: []string{"sh", "-c", command},
|
||||
|
|
@ -455,7 +455,7 @@ func (client dockerClient) ExecuteCommand(containerID t.ContainerID, command str
|
|||
return false, err
|
||||
}
|
||||
|
||||
response, attachErr := client.api.ContainerExecAttach(bg, exec.ID, types.ExecStartCheck{
|
||||
response, attachErr := client.api.ContainerExecAttach(bg, exec.ID, container.ExecAttachOptions{
|
||||
Tty: true,
|
||||
Detach: false,
|
||||
})
|
||||
|
|
@ -464,7 +464,7 @@ func (client dockerClient) ExecuteCommand(containerID t.ContainerID, command str
|
|||
}
|
||||
|
||||
// Run the exec
|
||||
execStartCheck := types.ExecStartCheck{Detach: false, Tty: true}
|
||||
execStartCheck := container.ExecStartOptions{Detach: false, Tty: true}
|
||||
err = client.api.ContainerExecStart(bg, exec.ID, execStartCheck)
|
||||
if err != nil {
|
||||
return false, err
|
||||
|
|
|
|||
|
|
@ -1,9 +1,10 @@
|
|||
package container
|
||||
|
||||
import (
|
||||
"github.com/docker/docker/api/types/network"
|
||||
"time"
|
||||
|
||||
"github.com/docker/docker/api/types/network"
|
||||
|
||||
"github.com/containrrr/watchtower/internal/util"
|
||||
"github.com/containrrr/watchtower/pkg/container/mocks"
|
||||
"github.com/containrrr/watchtower/pkg/filters"
|
||||
|
|
@ -11,6 +12,7 @@ import (
|
|||
|
||||
"github.com/docker/docker/api/types"
|
||||
"github.com/docker/docker/api/types/backend"
|
||||
"github.com/docker/docker/api/types/container"
|
||||
cli "github.com/docker/docker/client"
|
||||
"github.com/docker/docker/errdefs"
|
||||
"github.com/onsi/gomega/gbytes"
|
||||
|
|
@ -270,7 +272,7 @@ var _ = Describe("the client", func() {
|
|||
// API.ContainerExecCreate
|
||||
ghttp.CombineHandlers(
|
||||
ghttp.VerifyRequest("POST", HaveSuffix("containers/%v/exec", containerID)),
|
||||
ghttp.VerifyJSONRepresenting(types.ExecConfig{
|
||||
ghttp.VerifyJSONRepresenting(container.ExecOptions{
|
||||
User: user,
|
||||
Detach: false,
|
||||
Tty: true,
|
||||
|
|
@ -285,7 +287,7 @@ var _ = Describe("the client", func() {
|
|||
// API.ContainerExecStart
|
||||
ghttp.CombineHandlers(
|
||||
ghttp.VerifyRequest("POST", HaveSuffix("exec/%v/start", execID)),
|
||||
ghttp.VerifyJSONRepresenting(types.ExecStartCheck{
|
||||
ghttp.VerifyJSONRepresenting(container.ExecStartOptions{
|
||||
Detach: false,
|
||||
Tty: true,
|
||||
}),
|
||||
|
|
|
|||
|
|
@ -335,7 +335,7 @@ func (c Container) GetCreateConfig() *dockercontainer.Config {
|
|||
|
||||
// subtract ports exposed in image from container
|
||||
for k := range config.ExposedPorts {
|
||||
if _, ok := imageConfig.ExposedPorts[k]; ok {
|
||||
if _, ok := imageConfig.ExposedPorts[string(k)]; ok {
|
||||
delete(config.ExposedPorts, k)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ import (
|
|||
"github.com/docker/docker/api/types"
|
||||
dockerContainer "github.com/docker/docker/api/types/container"
|
||||
"github.com/docker/go-connections/nat"
|
||||
dockerspec "github.com/moby/docker-image-spec/specs-go/v1"
|
||||
)
|
||||
|
||||
type MockContainerUpdate func(*types.ContainerJSON, *types.ImageInspect)
|
||||
|
|
@ -22,7 +23,7 @@ func MockContainer(updates ...MockContainerUpdate) *Container {
|
|||
}
|
||||
image := types.ImageInspect{
|
||||
ID: "image_id",
|
||||
Config: &dockerContainer.Config{},
|
||||
Config: &dockerspec.DockerOCIImageConfig{},
|
||||
}
|
||||
|
||||
for _, update := range updates {
|
||||
|
|
|
|||
|
|
@ -3,13 +3,14 @@ package mocks
|
|||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"github.com/onsi/ginkgo"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/onsi/ginkgo"
|
||||
|
||||
t "github.com/containrrr/watchtower/pkg/types"
|
||||
|
||||
"github.com/docker/docker/api/types"
|
||||
|
|
@ -260,14 +261,18 @@ func RemoveImageHandler(imagesWithParents map[string][]string) http.HandlerFunc
|
|||
func(w http.ResponseWriter, r *http.Request) {
|
||||
parts := strings.Split(r.URL.Path, `/`)
|
||||
image := parts[len(parts)-1]
|
||||
|
||||
if parents, found := imagesWithParents[image]; found {
|
||||
items := []types.ImageDeleteResponseItem{
|
||||
// Create a struct type that matches what Docker API returns for image removal
|
||||
type imageDeleteResponseItem struct {
|
||||
Untagged string `json:"Untagged,omitempty"`
|
||||
Deleted string `json:"Deleted,omitempty"`
|
||||
}
|
||||
items := []imageDeleteResponseItem{
|
||||
{Untagged: image},
|
||||
{Deleted: image},
|
||||
}
|
||||
for _, parent := range parents {
|
||||
items = append(items, types.ImageDeleteResponseItem{Deleted: parent})
|
||||
items = append(items, imageDeleteResponseItem{Deleted: parent})
|
||||
}
|
||||
ghttp.RespondWithJSONEncoded(http.StatusOK, items)(w, r)
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue