From 5250f1bab59f208de6a024f187c684614d3e2d21 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 29 Aug 2023 08:50:07 +0200 Subject: [PATCH 1/2] cli/registry: fix client.pullManifestList not de-referencing manifest Kudos to gosec; cli/registry/client/fetcher.go:205:57: G601: Implicit memory aliasing in for loop. (gosec) imageManifest.Descriptor.Platform = types.OCIPlatform(&manifestDescriptor.Platform) ^ Signed-off-by: Sebastiaan van Stijn --- cli/registry/client/fetcher.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cli/registry/client/fetcher.go b/cli/registry/client/fetcher.go index acae274a44..9b362ba894 100644 --- a/cli/registry/client/fetcher.go +++ b/cli/registry/client/fetcher.go @@ -202,7 +202,8 @@ func pullManifestList(ctx context.Context, ref reference.Named, repo distributio } // Replace platform from config - imageManifest.Descriptor.Platform = types.OCIPlatform(&manifestDescriptor.Platform) + p := manifestDescriptor.Platform + imageManifest.Descriptor.Platform = types.OCIPlatform(&p) infos = append(infos, imageManifest) } From 22b4bab90f32593aee5e3e1349ae5334a7d73193 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 29 Aug 2023 09:37:37 +0200 Subject: [PATCH 2/2] cli/registry: client.iterateEndpoints: remove check for APIVersion1 registryService.LookupPullEndpoints uses lookupV2Endpoints https://github.com/moby/moby/blob/v24.0.5/registry/service.go#L137-L142 which, as the name indicates, only returns V2 endpoints; https://github.com/moby/moby/blob/v24.0.5/registry/service_v2.go#L10-L80 Signed-off-by: Sebastiaan van Stijn --- cli/registry/client/fetcher.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/cli/registry/client/fetcher.go b/cli/registry/client/fetcher.go index 9b362ba894..3ce09d137c 100644 --- a/cli/registry/client/fetcher.go +++ b/cli/registry/client/fetcher.go @@ -243,11 +243,6 @@ func (c *client) iterateEndpoints(ctx context.Context, namedRef reference.Named, confirmedTLSRegistries := make(map[string]bool) for _, endpoint := range endpoints { - if endpoint.Version == registry.APIVersion1 { - logrus.Debugf("skipping v1 endpoint %s", endpoint.URL) - continue - } - if endpoint.URL.Scheme != "https" { if _, confirmedTLS := confirmedTLSRegistries[endpoint.URL.Host]; confirmedTLS { logrus.Debugf("skipping non-TLS endpoint %s for host/port that appears to use TLS", endpoint.URL)