registry: always treat 127.0.0.1 as insecure for all cases anytime anywhere

Docker-DCO-1.1-Signed-off-by: Erik Hollensbe <github@hollensbe.org> (github: erikh)
2014-11-12 09:08:45 -08:00 · 2014-11-12 09:08:45 -08:00 · 11380a109e
parent 28ee373e19
commit 11380a109e
2 changed files with 19 additions and 25 deletions
--- a/registry/endpoint.go
+++ b/registry/endpoint.go
@ -152,19 +152,25 @@ func (e Endpoint) Ping() (RegistryInfo, error) {
 // IsSecure returns false if the provided hostname is part of the list of insecure registries.
 // Insecure registries accept HTTP and/or accept HTTPS with certificates from unknown CAs.
 func IsSecure(hostname string, insecureRegistries []string) bool {
+
 	if hostname == IndexServerAddress() {
 		return true
 	}
+
+	host, _, err := net.SplitHostPort(hostname)
+
+	if err != nil {
+		host = hostname
+	}
+
+	if host == "127.0.0.1" || host == "localhost" {
+		return false
+	}
+
 	if len(insecureRegistries) == 0 {
-		host, _, err := net.SplitHostPort(hostname)
-		if err != nil {
-			host = hostname
-		}
-		if host == "127.0.0.1" || host == "localhost" {
-			return false
-		}
 		return true
 	}
+
 	for _, h := range insecureRegistries {
 		if hostname == h {
 			return false
--- a/registry/registry_test.go
+++ b/registry/registry_test.go
@ -328,31 +328,19 @@ func TestIsSecure(t *testing.T) {
 	}{
 		{"example.com", []string{}, true},
 		{"example.com", []string{"example.com"}, false},
-		{"localhost", []string{"localhost:5000"}, true},
+		{"localhost", []string{"localhost:5000"}, false},
 		{"localhost:5000", []string{"localhost:5000"}, false},
-		{"localhost", []string{"example.com"}, true},
+		{"localhost", []string{"example.com"}, false},
 		{"127.0.0.1:5000", []string{"127.0.0.1:5000"}, false},
-	}
-	for _, tt := range tests {
-		if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {
-			t.Errorf("IsSecure failed for %q %v, expected %v got %v", tt.addr, tt.insecureRegistries, tt.expected, sec)
-		}
-	}
-}
-
-func TestIsSecure(t *testing.T) {
-	tests := []struct {
-		addr               string
-		insecureRegistries []string
-		expected           bool
-	}{
 		{"localhost", []string{}, false},
 		{"localhost:5000", []string{}, false},
 		{"127.0.0.1", []string{}, false},
-		{"localhost", []string{"example.com"}, true},
-		{"127.0.0.1", []string{"example.com"}, true},
+		{"localhost", []string{"example.com"}, false},
+		{"127.0.0.1", []string{"example.com"}, false},
 		{"example.com", []string{}, true},
 		{"example.com", []string{"example.com"}, false},
+		{"127.0.0.1", []string{"example.com"}, false},
+		{"127.0.0.1:5000", []string{"example.com"}, false},
 	}
 	for _, tt := range tests {
 		if sec := IsSecure(tt.addr, tt.insecureRegistries); sec != tt.expected {