Commit Graph

22 Commits

Author SHA1 Message Date
Sebastiaan van Stijn e628209d9b
linting: ignore some "G101: Potential hardcoded credentials" warnings
cli/config/credentials/native_store.go:10:2: G101: Potential hardcoded credentials (gosec)
        remoteCredentialsPrefix = "docker-credential-"
        ^
    cli/command/service/opts.go:917:2: G101: Potential hardcoded credentials (gosec)
        flagCredentialSpec          = "credential-spec"
        ^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d7c1fb9112)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-18 19:16:38 +02:00
Sebastiaan van Stijn 80f673bf9e
gofmt with go1.17
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a0f0578299)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-04-14 16:40:46 +02:00
Sebastiaan van Stijn c98e9c47ca
Use designated test domains (RFC2606) in tests
Some tests were using domain names that were intended to be "fake", but are
actually registered domain names (such as mycorp.com).

Even though we were not actually making connections to these domains, it's
better to use domains that are designated for testing/examples in RFC2606:
https://tools.ietf.org/html/rfc2606

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f3886f354a)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-07-29 12:10:38 +02:00
Tibor Vass 48d30b5b32 Use golang.org/x/sys/execabs
On Windows, the os/exec.{Command,CommandContext,LookPath} functions
resolve command names that have neither path separators nor file extension
(e.g., "git") by first looking in the current working directory before
looking in the PATH environment variable.
Go maintainers intended to match cmd.exe's historical behavior.

However, this is pretty much never the intended behavior and as an abundance of precaution
this patch prevents that when executing commands.
Example of commands that docker.exe may execute: `git`, `docker-buildx` (or other cli plugin), `docker-credential-wincred`, `docker`.

Note that this was prompted by the [Go 1.15.7 security fixes](https://blog.golang.org/path-security), but unlike in `go.exe`,
the windows path lookups in docker are not in a code path allowing remote code execution, thus there is no security impact on docker.

Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 8d199d5bba)
Signed-off-by: Tibor Vass <tibor@docker.com>
2021-01-28 22:27:59 +00:00
Sebastiaan van Stijn 2c0e93063b
bump gotest.tools v3.0.1 for compatibility with Go 1.14
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-02-23 00:28:55 +01:00
Tonis Tiigi 27b2797f7d Remove docker api dependency from cli/config
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Tibor Vass <tibor@docker.com>
2019-01-31 21:25:43 +00:00
Euan Kemp 056015c3d8 config/credentials: don't run 'pass' to detect it
'CheckInitialized' in the credential-helper library actually invokes
`pass`, which isn't desirable (see #699).

This moves the check to be simpler, and then pass will only be invoked
when it's needed (such as for `docker login` or when pulling from a
private registry).

This logic could also reasonably live in the credential-helper library,
but it's simple enough it seems fine in either location.

Signed-off-by: Euan Kemp <euank@euank.com>
2018-06-29 11:38:39 -07:00
Vincent Demeester d9741fc96b
Update docker-credential-helpers dependency
This is mainly for the `pass` helper ; `pass` shouldn't be called
every docker command anymore ;).

Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-28 14:44:53 +02:00
Vincent Demeester 2c4de4fb5e
Update tests to use gotest.tools 👼
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2018-06-08 18:24:26 +02:00
Vincent Demeester 4290df3958 print a big warning about cleartext passwords
Signed-off-by: Tycho Andersen <tycho@docker.com>
2018-03-26 16:18:32 +02:00
Daniel Nephin baf65a5502 Convert to assert.NilError
Using:

  git grep -l '^\s\+assert\.Check(t, err)$' | \
    xargs sed -i -e 's/^\(\s\+assert\)\.Check(t, err)$/\1.NilError(t, err)/'

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-03-06 15:27:34 -05:00
Daniel Nephin 681c921528 Remove testutil
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-03-06 14:38:35 -05:00
Daniel Nephin 39c2ca57c1 Automated migration
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2018-03-05 19:41:17 -05:00
Ivan Markin 57c51c8af3 Fix compilation of defaultCredentialStore() on unsupported platforms
Signed-off-by: Ivan Markin <sw@nogoegst.net>
2018-02-10 15:30:32 +00:00
Tycho Andersen 713e87e780 prefer `pass` backend if it is available
Signed-off-by: Tycho Andersen <tycho@docker.com>
2017-09-20 11:15:49 -06:00
Tycho Andersen 4cf1849418 defaultCredentialStore: make this a function
In the next patch, we'll use this to implement some logic about which
password backend to use.

Signed-off-by: Tycho Andersen <tycho@docker.com>
2017-09-20 11:14:27 -06:00
Daniel Nephin 846a31aa50 Use new internal testutil.ErrorContains()
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-08-22 10:14:25 -04:00
Daniel Nephin 33cbb70270
Cleanup config/credentials, remove dependency on config file.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-27 13:45:50 +02:00
Daniel Nephin a8c70e43a3
Move config file loading to more appropriate packages.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-27 13:45:50 +02:00
Daniel Nephin 3724fb7f37 Add gosimple lint
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-06-14 16:55:08 -07:00
Daniel Nephin 10641c2aae Update imports.
Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-04-17 18:07:56 -04:00
Daniel Nephin 1630fc40f8 Import docker/docker/cli
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2017-04-17 17:40:59 -04:00