Skip to content

feat(handlers/configuration): enable manifest payload size limit

Jaime Martinezrequested to merge
434-add-payloadsizelimit-for-manifests into master

It adds a configuration payloadsizelimit configuration option for manifest validation.

Related to #434

Manual testing

With limit below the payload size

$ curl -XPUT -T 'manifest.test.json' --header "Content-Type: application/vnd.docker.distribution.manifest.v2+json" "http://registry.test:5000/v2/alpine/manifests/payload-test | jq

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   908  100   170  100   738   6487  28162 --:--:-- --:--:-- --:--:-- 50444
{
  "errors": [
    {
      "code": "MANIFEST_SIZE_LIMIT",
      "message": "payload size limit exceeded",
      "detail": "errors verifying manifest: manifest payload size of 738 exceeds limit of 5"
    }
  ]
}
$ curl -XPUT -T 'manifest.test.json' --header "Content-Type: application/vnd.docker.distribution.manifest.v2+json" "http://registry.test:5000/v2/alpine/manifests/payload-test" | jq

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   910  100   172  100   738   8336  35767 --:--:-- --:--:-- --:--:-- 65000
{
  "errors": [
    {
      "code": "MANIFEST_SIZE_LIMIT",
      "message": "payload size limit exceeded",
      "detail": "errors verifying manifest: manifest payload size of 738 exceeds limit of 737"
    }
  ]
}

with limit equal to the payload size:

 curl -XPUT -T 'manifest.test.json' --header "Content-Type: application/vnd.docker.distribution.manifest.v2+json" "http://registry.test:5000/v2/alpine/manifests/payload-test" -i
HTTP/1.1 100 Continue

HTTP/1.1 201 Created
Docker-Content-Digest: sha256:a9b8034f46df21c224f795d45de7d64aff963d2217dbe2d028abf422a0547dd3
Docker-Distribution-Api-Version: registry/2.0
Location: http://registry.test:5000/v2/alpine/manifests/sha256:a9b8034f46df21c224f795d45de7d64aff963d2217dbe2d028abf422a0547dd3
Date: Thu, 23 Dec 2021 03:16:16 GMT
Content-Length: 0

With limit set to 0

$ curl -XPUT -T 'manifest.test.json' --header "Content-Type: application/vnd.docker.distribution.manifest.v2+json" "http://registry.test:5000/v2/alpine/manifests/payload-test" -i

HTTP/1.1 100 Continue

HTTP/1.1 201 Created
Docker-Content-Digest: sha256:a9b8034f46df21c224f795d45de7d64aff963d2217dbe2d028abf422a0547dd3
Docker-Distribution-Api-Version: registry/2.0
Location: http://registry.test:5000/v2/alpine/manifests/sha256:a9b8034f46df21c224f795d45de7d64aff963d2217dbe2d028abf422a0547dd3
Date: Thu, 23 Dec 2021 03:16:52 GMT
Content-Length: 0
Edited by Jaime Martinez

Merge request reports