mirror of
https://github.com/openfaas/faas.git
synced 2025-06-27 01:03:26 +00:00
Update vendoring via vndr
This commit is contained in:
Alex Ellis
192
gateway/vendor/github.com/docker/distribution/contrib/docker-integration/malevolent.bats
generated
vendored
192
gateway/vendor/github.com/docker/distribution/contrib/docker-integration/malevolent.bats
generated
vendored
@ -1,192 +0,0 @@
|
||||
#!/usr/bin/env bats
|
||||
|
||||
# This tests various expected error scenarios when pulling bad content
|
||||
|
||||
load helpers
|
||||
|
||||
host="localregistry:6666"
|
||||
base="malevolent-test"
|
||||
|
||||
function setup() {
|
||||
tempImage $base:latest
|
||||
}
|
||||
|
||||
@test "Test malevolent proxy pass through" {
|
||||
docker_t tag $base:latest $host/$base/nochange:latest
|
||||
run docker_t push $host/$base/nochange:latest
|
||||
echo $output
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest "$output"
|
||||
|
||||
run docker_t pull $host/$base/nochange:latest
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
||||
|
||||
@test "Test malevolent image name change" {
|
||||
imagename="$host/$base/rename"
|
||||
image="$imagename:lastest"
|
||||
docker_t tag $base:latest $image
|
||||
run docker_t push $image
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest "$output"
|
||||
|
||||
# Pull attempt should fail to verify manifest digest
|
||||
run docker_t pull "$imagename@$digest"
|
||||
echo "$output"
|
||||
[ "$status" -ne 0 ]
|
||||
}
|
||||
|
||||
@test "Test malevolent altered layer" {
|
||||
image="$host/$base/addfile:latest"
|
||||
tempImage $image
|
||||
run docker_t push $image
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest "$output"
|
||||
|
||||
# Remove image to ensure layer is pulled and digest verified
|
||||
docker_t rmi -f $image
|
||||
|
||||
run docker_t pull $image
|
||||
echo "$output"
|
||||
[ "$status" -ne 0 ]
|
||||
}
|
||||
|
||||
@test "Test malevolent altered layer (by digest)" {
|
||||
imagename="$host/$base/addfile"
|
||||
image="$imagename:latest"
|
||||
tempImage $image
|
||||
run docker_t push $image
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest "$output"
|
||||
|
||||
# Remove image to ensure layer is pulled and digest verified
|
||||
docker_t rmi -f $image
|
||||
|
||||
run docker_t pull "$imagename@$digest"
|
||||
echo "$output"
|
||||
[ "$status" -ne 0 ]
|
||||
}
|
||||
|
||||
@test "Test malevolent poisoned images" {
|
||||
truncid="777cf9284131"
|
||||
poison="${truncid}d77ca0863fb7f054c0a276d7e227b5e9a5d62b497979a481fa32"
|
||||
image1="$host/$base/image1/poison:$poison"
|
||||
tempImage $image1
|
||||
run docker_t push $image1
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest "$output"
|
||||
|
||||
image2="$host/$base/image2/poison:$poison"
|
||||
tempImage $image2
|
||||
run docker_t push $image2
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest "$output"
|
||||
|
||||
|
||||
# Remove image to ensure layer is pulled and digest verified
|
||||
docker_t rmi -f $image1
|
||||
docker_t rmi -f $image2
|
||||
|
||||
run docker_t pull $image1
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run docker_t pull $image2
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
|
||||
# Test if there are multiple images
|
||||
run docker_t images
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
|
||||
# Test images have same ID and not the poison
|
||||
id1=$(docker_t inspect --format="{{.Id}}" $image1)
|
||||
id2=$(docker_t inspect --format="{{.Id}}" $image2)
|
||||
|
||||
# Remove old images
|
||||
docker_t rmi -f $image1
|
||||
docker_t rmi -f $image2
|
||||
|
||||
[ "$id1" != "$id2" ]
|
||||
|
||||
[ "$id1" != "$truncid" ]
|
||||
|
||||
[ "$id2" != "$truncid" ]
|
||||
}
|
||||
|
||||
@test "Test malevolent altered identical images" {
|
||||
truncid1="777cf9284131"
|
||||
poison1="${truncid1}d77ca0863fb7f054c0a276d7e227b5e9a5d62b497979a481fa32"
|
||||
truncid2="888cf9284131"
|
||||
poison2="${truncid2}d77ca0863fb7f054c0a276d7e227b5e9a5d62b497979a481fa64"
|
||||
|
||||
image1="$host/$base/image1/alteredid:$poison1"
|
||||
tempImage $image1
|
||||
run docker_t push $image1
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest "$output"
|
||||
|
||||
image2="$host/$base/image2/alteredid:$poison2"
|
||||
docker_t tag $image1 $image2
|
||||
run docker_t push $image2
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest "$output"
|
||||
|
||||
|
||||
# Remove image to ensure layer is pulled and digest verified
|
||||
docker_t rmi -f $image1
|
||||
docker_t rmi -f $image2
|
||||
|
||||
run docker_t pull $image1
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run docker_t pull $image2
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
|
||||
# Test if there are multiple images
|
||||
run docker_t images
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
|
||||
# Test images have same ID and not the poison
|
||||
id1=$(docker_t inspect --format="{{.Id}}" $image1)
|
||||
id2=$(docker_t inspect --format="{{.Id}}" $image2)
|
||||
|
||||
# Remove old images
|
||||
docker_t rmi -f $image1
|
||||
docker_t rmi -f $image2
|
||||
|
||||
[ "$id1" == "$id2" ]
|
||||
|
||||
[ "$id1" != "$truncid1" ]
|
||||
|
||||
[ "$id2" != "$truncid2" ]
|
||||
}
|
||||
|
||||
@test "Test malevolent resumeable pull" {
|
||||
version_check docker "$GOLEM_DIND_VERSION" "1.11.0"
|
||||
version_check registry "$GOLEM_DISTRIBUTION_VERSION" "2.3.0"
|
||||
|
||||
imagename="$host/$base/resumeable"
|
||||
image="$imagename:latest"
|
||||
tempImage $image
|
||||
run docker_t push $image
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
has_digest "$output"
|
||||
|
||||
# Remove image to ensure layer is pulled and digest verified
|
||||
docker_t rmi -f $image
|
||||
|
||||
run docker_t pull "$imagename@$digest"
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
||||
Reference in New Issue
Block a user