You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Where there is nothing in the Username and Password fields and only the Auth field of authn.AuthConfig is filled, custom json marshalling fails to produce proper output.
Running the example above produces a JSON object with only the auth field as expected. However, the contents of this field will always be Og==, which is base64 for :.
This is due to the encodeDockerConfigFieldAuth function in pkg/authn/auth.go always overwriting contents of the Auth field with a concatenation of username + ":" + password, which leads to data corruption when there is only the auth string and no username and password is provided.
Expected behavior
Zero values of authn.AuthConfig are expected to marshal to {}, not {"auth": "Og=="} and values with only Auth fields filled are expected to either only produce JSON objects with this field and its contents or produce an object with both auth and username+password pair decoded from auth.
Additional context
Add any other context about the problem here.
Version of the module - v0.17.0
Registry used (e.g., GCR, ECR, Quay) - irrelevant
The text was updated successfully, but these errors were encountered:
This issue is stale because it has been open for 90 days with no
activity. It will automatically close after 30 more days of
inactivity. Keep fresh with the 'lifecycle/frozen' label.
Describe the bug
Where there is nothing in the
Username
andPassword
fields and only theAuth
field ofauthn.AuthConfig
is filled, custom json marshalling fails to produce proper output.To Reproduce
Running the example above produces a JSON object with only the
auth
field as expected. However, the contents of this field will always beOg==
, which is base64 for:
.This is due to the
encodeDockerConfigFieldAuth
function inpkg/authn/auth.go
always overwriting contents of theAuth
field with a concatenation ofusername + ":" + password
, which leads to data corruption when there is only the auth string and no username and password is provided.Expected behavior
Zero values of
authn.AuthConfig
are expected to marshal to{}
, not{"auth": "Og=="}
and values with onlyAuth
fields filled are expected to either only produce JSON objects with this field and its contents or produce an object with both auth and username+password pair decoded from auth.Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: