From 2912e78f688d5082979441502570c8a44ef1a3e4 Mon Sep 17 00:00:00 2001 From: Anthony Lapenna Date: Mon, 7 Oct 2019 16:24:08 +1300 Subject: [PATCH] fix(api): add access validation for agent browse requests (#3235) * fix(api): add access validation for agent browse requests * fix(api): review query parameter retrieval * refactor(api): remove useless else case --- api/http/proxy/docker_transport.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/api/http/proxy/docker_transport.go b/api/http/proxy/docker_transport.go index c5eb96a64..6443a8268 100644 --- a/api/http/proxy/docker_transport.go +++ b/api/http/proxy/docker_transport.go @@ -113,11 +113,28 @@ func (p *proxyTransport) proxyDockerRequest(request *http.Request) (*http.Respon return p.proxyBuildRequest(request) case strings.HasPrefix(path, "/images"): return p.proxyImageRequest(request) + case strings.HasPrefix(path, "/v2"): + return p.proxyAgentRequest(request) default: return p.executeDockerRequest(request) } } +func (p *proxyTransport) proxyAgentRequest(r *http.Request) (*http.Response, error) { + requestPath := strings.TrimPrefix(r.URL.Path, "/v2") + + switch { + case strings.HasPrefix(requestPath, "/browse"): + volumeIDParameter, found := r.URL.Query()["volumeID"] + if !found || len(volumeIDParameter) < 1 { + return p.administratorOperation(r) + } + return p.restrictedOperation(r, volumeIDParameter[0]) + } + + return p.executeDockerRequest(r) +} + func (p *proxyTransport) proxyConfigRequest(request *http.Request) (*http.Response, error) { switch requestPath := request.URL.Path; requestPath { case "/configs/create":