moby--moby/integration/image/import_test.go

package image // import "github.com/docker/docker/integration/image"

import (
	"archive/tar"
	"bytes"
	"context"
	"io"
	"runtime"
	"testing"

	"github.com/docker/docker/api/types"
	"github.com/docker/docker/integration/internal/request"
	"github.com/docker/docker/internal/testutil"
)

// Ensure we don't regress on CVE-2017-14992.
func TestImportExtremelyLargeImageWorks(t *testing.T) {
	if runtime.GOARCH == "arm64" {
		t.Skip("effective test will be time out")
	}

	client := request.NewAPIClient(t)

	// Construct an empty tar archive with about 8GB of junk padding at the
	// end. This should not cause any crashes (the padding should be mostly
	// ignored).
	var tarBuffer bytes.Buffer

	tw := tar.NewWriter(&tarBuffer)
	if err := tw.Close(); err != nil {
		t.Fatal(err)
	}
	imageRdr := io.MultiReader(&tarBuffer, io.LimitReader(testutil.DevZero, 8*1024*1024*1024))

	_, err := client.ImageImport(context.Background(),
		types.ImageImportSource{Source: imageRdr, SourceName: "-"},
		"test1234:v42",
		types.ImageImportOptions{})
	if err != nil {
		t.Fatal(err)
	}
}
Add canonical import comment Signed-off-by: Daniel Nephin <dnephin@docker.com> 2018-02-05 16:05:59 -05:00			`package image // import "github.com/docker/docker/integration/image"`
image: add import test for CVE-2017-14992 To ensure that we don't revert CVE-2017-14992, add a test that is quite similar to that upstream tar-split test (create an empty archive with lots of junk and make sure the daemon doesn't crash). Signed-off-by: Aleksa Sarai <asarai@suse.de> 2017-11-08 03:30:47 +11:00
			`import (`
			`"archive/tar"`
			`"bytes"`
			`"context"`
			`"io"`
image: skip the import test on AArch64 The commit '0a13f827a10d3bf61744d9b3f7165c5885a39c5d' introduces an import test for CVE-2017-14992, it uses a 8GB image to make sure we don't revert CVE-2017-14992, but unfortunately this test can't finish in 5-min on AArch64, as a fact, in most cases we have to crate a very big image to make the test effective on AArch64, but this will result in a test panic, so now we skip it order to avoid termination of others tests followed. Signed-off-by: Dennis Chen <dennis.chen@arm.com> 2017-11-22 10:42:58 +00:00			`"runtime"`
image: add import test for CVE-2017-14992 To ensure that we don't revert CVE-2017-14992, add a test that is quite similar to that upstream tar-split test (create an empty archive with lots of junk and make sure the daemon doesn't crash). Signed-off-by: Aleksa Sarai <asarai@suse.de> 2017-11-08 03:30:47 +11:00			`"testing"`

			`"github.com/docker/docker/api/types"`
Rename integration/util to integration/internal Both names have no real sense, but one allows to make sure these packages aren't used outside of `integration`. Signed-off-by: Vincent Demeester <vincent@sbr.pm> 2018-02-09 19:13:26 +01:00			`"github.com/docker/docker/integration/internal/request"`
image: add import test for CVE-2017-14992 To ensure that we don't revert CVE-2017-14992, add a test that is quite similar to that upstream tar-split test (create an empty archive with lots of junk and make sure the daemon doesn't crash). Signed-off-by: Aleksa Sarai <asarai@suse.de> 2017-11-08 03:30:47 +11:00			`"github.com/docker/docker/internal/testutil"`
			`)`

			`// Ensure we don't regress on CVE-2017-14992.`
			`func TestImportExtremelyLargeImageWorks(t *testing.T) {`
image: skip the import test on AArch64 The commit '0a13f827a10d3bf61744d9b3f7165c5885a39c5d' introduces an import test for CVE-2017-14992, it uses a 8GB image to make sure we don't revert CVE-2017-14992, but unfortunately this test can't finish in 5-min on AArch64, as a fact, in most cases we have to crate a very big image to make the test effective on AArch64, but this will result in a test panic, so now we skip it order to avoid termination of others tests followed. Signed-off-by: Dennis Chen <dennis.chen@arm.com> 2017-11-22 10:42:58 +00:00			`if runtime.GOARCH == "arm64" {`
			`t.Skip("effective test will be time out")`
			`}`

image: add import test for CVE-2017-14992 To ensure that we don't revert CVE-2017-14992, add a test that is quite similar to that upstream tar-split test (create an empty archive with lots of junk and make sure the daemon doesn't crash). Signed-off-by: Aleksa Sarai <asarai@suse.de> 2017-11-08 03:30:47 +11:00			`client := request.NewAPIClient(t)`

			`// Construct an empty tar archive with about 8GB of junk padding at the`
			`// end. This should not cause any crashes (the padding should be mostly`
			`// ignored).`
			`var tarBuffer bytes.Buffer`
image: skip the import test on AArch64 The commit '0a13f827a10d3bf61744d9b3f7165c5885a39c5d' introduces an import test for CVE-2017-14992, it uses a 8GB image to make sure we don't revert CVE-2017-14992, but unfortunately this test can't finish in 5-min on AArch64, as a fact, in most cases we have to crate a very big image to make the test effective on AArch64, but this will result in a test panic, so now we skip it order to avoid termination of others tests followed. Signed-off-by: Dennis Chen <dennis.chen@arm.com> 2017-11-22 10:42:58 +00:00
image: add import test for CVE-2017-14992 To ensure that we don't revert CVE-2017-14992, add a test that is quite similar to that upstream tar-split test (create an empty archive with lots of junk and make sure the daemon doesn't crash). Signed-off-by: Aleksa Sarai <asarai@suse.de> 2017-11-08 03:30:47 +11:00			`tw := tar.NewWriter(&tarBuffer)`
			`if err := tw.Close(); err != nil {`
			`t.Fatal(err)`
			`}`
			`imageRdr := io.MultiReader(&tarBuffer, io.LimitReader(testutil.DevZero, 810241024*1024))`

			`_, err := client.ImageImport(context.Background(),`
			`types.ImageImportSource{Source: imageRdr, SourceName: "-"},`
			`"test1234:v42",`
			`types.ImageImportOptions{})`
			`if err != nil {`
			`t.Fatal(err)`
			`}`
			`}`