Commit Graph

7642 Commits

Author SHA1 Message Date
Sebastiaan van Stijn 0e05f9efcb
Update to go 1.19.1 to address CVE-2022-27664, CVE-2022-32190
From the mailing list:

We have just released Go versions 1.19.1 and 1.18.6, minor point releases.
These minor releases include 2 security fixes following the security policy:

- net/http: handle server errors after sending GOAWAY
  A closing HTTP/2 server connection could hang forever waiting for a clean
  shutdown that was preempted by a subsequent fatal error. This failure mode
  could be exploited to cause a denial of service.

  Thanks to Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher,
  and Kaan Onarlioglu for reporting this.

  This is CVE-2022-27664 and Go issue https://go.dev/issue/54658.

- net/url: JoinPath does not strip relative path components in all circumstances
  JoinPath and URL.JoinPath would not remove `../` path components appended to a
  relative path. For example, `JoinPath("https://go.dev", "../go")` returned the
  URL `https://go.dev/../go`, despite the JoinPath documentation stating that
  `../` path elements are cleaned from the result.

  Thanks to q0jt for reporting this issue.

  This is CVE-2022-32190 and Go issue https://go.dev/issue/54385.

Release notes:

go1.19.1 (released 2022-09-06) includes security fixes to the net/http and
net/url packages, as well as bug fixes to the compiler, the go command, the pprof
command, the linker, the runtime, and the crypto/tls and crypto/x509 packages.
See the Go 1.19.1 milestone on the issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.19.1+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3a17d8a909)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-28 19:55:51 +02:00
Sebastiaan van Stijn fc9535e61f
update to golang 1.19
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 07ac2d8dc4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-28 19:55:48 +02:00
Sebastiaan van Stijn dfe0c3630c
Merge pull request #4125 from thaJeztah/20.10_backport_e2e_fix_certs
[20.10 backport] e2e: update notary certificates
2023-03-28 12:12:24 +02:00
CrazyMax 1db6eda2f0
e2e: update notary certificates
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit b201ce5efd)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-27 15:28:49 +02:00
Sebastiaan van Stijn 3825ed5f7e
Merge pull request #4060 from vvoland/test-fakecli-images-mock-2010
[20.10 backport] test/cli: Use empty array as empty output of images/json
2023-03-03 16:29:46 +01:00
Sebastiaan van Stijn 44c3028550
Merge pull request #4055 from corhere/20.10_backport_update_golangci_lint_v1.49.0
[20.10 backport] Prepare for Go 1.19 upgrade
2023-03-02 14:30:29 +01:00
Sebastiaan van Stijn 48151d432c golangci-lint: update to v1.49.0 for compatibilty with go1.19
Remove the "deadcode", "structcheck", and "varcheck" linters, as they are
deprecated:

    WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [linters context] structcheck is disabled because of generics. You can track the evolution of the generics support by following the golangci/golangci-lint#2649.

And ignore gosec G113, which only affects gp < 1.16.14. and go < 1.17.7

    opts/opts.go:398:13: G113: Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772) (gosec)
        cpu, ok := new(big.Rat).SetString(value)
                   ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0dd2c18082)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-03-01 10:22:42 -05:00
Sebastiaan van Stijn 2d955cbeed linting: assigned to src, but reassigned without using the value (wastedassign)
cli/command/container/opts.go:928:2: assigned to src, but reassigned without using the value (wastedassign)
        src := ""
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3dfdaa6458)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-03-01 10:22:42 -05:00
Sebastiaan van Stijn b8dd4ca57b linting: G112: Potential Slowloris Attack
Picking 2 seconds, although that's just a randomly picked timeout;
given that this is only for testing, it's not too important.

    e2e/plugin/basic/basic.go:25:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
        server := http.Server{
            Addr:    l.Addr().String(),
            Handler: http.NewServeMux(),
        }

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 98654202c2)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-03-01 10:22:42 -05:00
Cory Snider d3a4ff827f linting: exclude ST1005: error strings should not be capitalized (stylecheck)
Changing the output of errors would be unexpected in a patch release.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-03-01 10:21:08 -05:00
Paweł Gronowski 8c9c281100
test/cli: Use empty array as empty output of images/json
Tests mocking the output of GET images/json with fakeClient used an
array with one empty element as an empty response.
Change it to just an empty array.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit a1953e19b2)
2023-03-01 15:59:47 +01:00
Sebastiaan van Stijn 43c1e3d5cb linting: ST1017: don't use Yoda conditions (stylecheck)
opts/envfile_test.go:157:5: ST1017: don't use Yoda conditions (stylecheck)
        if 1 != len(variables) {
           ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b508b0fc31)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 17:03:24 -05:00
Sebastiaan van Stijn 8dc18ce7d0 linting: os.Setenv() can be replaced by `t.Setenv()` (tenv)
cli/command/cli_options_test.go:29:2: os.Setenv() can be replaced by `t.Setenv()` in TestWithContentTrustFromEnv (tenv)
        os.Setenv(envvar, "true")
        ^
    cli/command/cli_options_test.go:31:2: os.Setenv() can be replaced by `t.Setenv()` in TestWithContentTrustFromEnv (tenv)
        os.Setenv(envvar, "false")
        ^
    cli/command/cli_options_test.go:33:2: os.Setenv() can be replaced by `t.Setenv()` in TestWithContentTrustFromEnv (tenv)
        os.Setenv(envvar, "invalid")
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit cef858170d)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 17:03:24 -05:00
Sebastiaan van Stijn c06cb423eb linting: ST1019: package is being imported more than once (stylecheck)
cli/command/manifest/inspect_test.go:9:2: ST1019: package "github.com/docker/cli/cli/manifest/types" is being imported more than once (stylecheck)
        "github.com/docker/cli/cli/manifest/types"
        ^
    cli/command/manifest/inspect_test.go:10:2: ST1019(related information): other import of "github.com/docker/cli/cli/manifest/types" (stylecheck)
        manifesttypes "github.com/docker/cli/cli/manifest/types"
        ^
    cli/command/stack/swarm/deploy_composefile.go:14:2: ST1019: package "github.com/docker/docker/client" is being imported more than once (stylecheck)
        apiclient "github.com/docker/docker/client"
        ^
    cli/command/stack/swarm/deploy_composefile.go:15:2: ST1019(related information): other import of "github.com/docker/docker/client" (stylecheck)
        dockerclient "github.com/docker/docker/client"
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ce01160e74)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 17:03:24 -05:00
Sebastiaan van Stijn f9a2af0a49 linting: remove unused nolint comments (nolintlint)
cli-plugins/manager/plugin.go:37:1: directive `//nolint:gocyclo` is unused for linter "gocyclo" (nolintlint)
    //nolint:gocyclo
    ^
    cli/command/image/formatter_history_test.go:189:2: directive `//nolint:lll` is unused for linter "lll" (nolintlint)
        //nolint:lll
        ^
    cli/command/service/list.go:113:1: directive `//nolint:gocyclo` is unused for linter "gocyclo" (nolintlint)
    //nolint:gocyclo
    ^
    cli/command/stack/swarm/deploy_composefile.go:178:1: directive `//nolint:gocyclo` is unused for linter "gocyclo" (nolintlint)
    //nolint:gocyclo
    ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 491407b541)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 17:02:47 -05:00
Sebastiaan van Stijn 01c5120be7 linting: use consts from stdlib (usestdlibvars)
cli/command/image/build/context.go:238:23: "400" can be replaced by http.StatusBadRequest (usestdlibvars)
        if resp.StatusCode < 400 {
                             ^
    cli/trust/trust.go:139:30: "GET" can be replaced by http.MethodGet (usestdlibvars)
        req, err := http.NewRequest("GET", endpointStr, nil)
                                    ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d3d9301d2d)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 17:01:45 -05:00
Sebastiaan van Stijn 0573ec2b01 format (GoDoc) comments with Go 1.19 to prepare for go updates
Older versions of Go do not format these comments, so we can already
reformat them ahead of time to prevent gofmt linting failing once
we update to Go 1.19 or up.

Result of:

    gofmt -s -w $(find . -type f -name '*.go' | grep -v "/vendor/")

With some manual adjusting.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 82427d1a07)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 17:00:55 -05:00
Sebastiaan van Stijn e501531b5f cli-plugins/manager: remove uses of deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6c06950cdf)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn d228386fa0 opts: remove deprecated io/ioutil and use t.Cleanup()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 38e62571fb)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 3f681a2f64 man: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 85754c9ab5)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 8793cdd2c7 internal/test: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 7491c5ac65)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn ac72d64c30 e2e: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e89af84ffc)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 58d486bac7 docs/yaml: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 39ace68061)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn f471347d88 cmd/docker: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 0e3197ebd4)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn a0f0a4fe7a cli: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 86db51e86e)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn dc4e6835b7 cli/trust: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 1e54bca833)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn f8211f7f80 cli/manifest: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 58cf16da45)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn cec1b29b81 cli/context: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit cca80cdddd)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn fc37f52414 cli/config: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 71575ab3b5)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 38e86531d6 cli/compose: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b9f0340b68)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 8efbfcce25 cli/command: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3f7e7bf9d2)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 03d93a93c3 cli/command/volume: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit cca73bff41)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:59 -05:00
Sebastiaan van Stijn 65e4b0e2b3 cli/command/trust: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b5dce3c9e6)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:28:58 -05:00
Sebastiaan van Stijn 3d4a0c1612 cli/command/system: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e0299ff862)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn b5cd20f67a cli/command/swarm: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 78cb61c61c)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 7c6baba23b cli/command/stack: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d59330f40d)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn b061531f8c cli/command/service: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d1f26de646)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 65893236e0 cli/command/secret: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit c558df7ced)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 0dfc5567bc cli/command/registry: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 3b3a0b898f)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn d06eafc516 cli/command/plugin: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f61aab59f7)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 22300128ca cli/command/node: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9bdeb09ae9)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 4f3c38a7d9 cli/command/context: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f28c063e2f)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 5237d943a8 cli/command/manifest: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 43795ec8f7)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:37 -05:00
Sebastiaan van Stijn 5c97f5c918 cli/command/image: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d14b5bff80)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn 8d0c8ef081 cli/command/context: remove deprecated io/ioutil and use t.TempDir()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 76b47359cb)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn b4d152f7ad cli/command/container: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit e946bf0804)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn 54b7933016 cli/command/config: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit bc1790c5c2)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn 0a3d9c3e14 cli/command/checkpoint: remove deprecated io/ioutil
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 8dc53344e0)
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-27 16:27:36 -05:00
Sebastiaan van Stijn 715524332f
Merge pull request #3979 from thaJeztah/20.10_backport_docs_ps_size
[20.10 backport Fix section docker ps --size
2023-01-18 21:42:16 +01:00
Ali Rostami e75544f9a7
Fix section docker ps --size
Remove the extra item "Size"

Signed-off-by: Ali Rostami <rostami.ali@gmail.com>
(cherry picked from commit be30cb370e)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-18 21:29:44 +01:00