diff --git a/pkg/registry/auth/auth.go b/pkg/registry/auth/auth.go index 23aef60ef..5056cb3f6 100644 --- a/pkg/registry/auth/auth.go +++ b/pkg/registry/auth/auth.go @@ -123,10 +123,9 @@ func GetAuthURL(challenge string, img string) (*url.URL, error) { for _, pair := range pairs { trimmed := strings.Trim(pair, " ") - kv := strings.Split(trimmed, "=") - key := kv[0] - val := strings.Trim(kv[1], "\"") - values[key] = val + if key, val, ok := strings.Cut(trimmed, "="); ok { + values[key] = strings.Trim(val, `"`) + } } logrus.WithFields(logrus.Fields{ "realm": values["realm"], diff --git a/pkg/registry/auth/auth_test.go b/pkg/registry/auth/auth_test.go index 6ad2307aa..e276ddaf9 100644 --- a/pkg/registry/auth/auth_test.go +++ b/pkg/registry/auth/auth_test.go @@ -2,13 +2,14 @@ package auth_test import ( "fmt" - "github.com/containrrr/watchtower/internal/actions/mocks" - "github.com/containrrr/watchtower/pkg/registry/auth" "net/url" "os" "testing" "time" + "github.com/containrrr/watchtower/internal/actions/mocks" + "github.com/containrrr/watchtower/pkg/registry/auth" + wtTypes "github.com/containrrr/watchtower/pkg/types" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -79,6 +80,18 @@ var _ = Describe("the auth module", func() { Expect(err).To(HaveOccurred()) Expect(res).To(BeNil()) }) + It("should not crash when an empty field is recieved", func() { + input := `bearer realm="https://ghcr.io/token",service="ghcr.io",scope="repository:user/image:pull",` + res, err := auth.GetAuthURL(input, "containrrr/watchtower") + Expect(err).NotTo(HaveOccurred()) + Expect(res).NotTo(BeNil()) + }) + It("should not crash when a field without a value is recieved", func() { + input := `bearer realm="https://ghcr.io/token",service="ghcr.io",scope="repository:user/image:pull",valuelesskey` + res, err := auth.GetAuthURL(input, "containrrr/watchtower") + Expect(err).NotTo(HaveOccurred()) + Expect(res).NotTo(BeNil()) + }) }) When("getting a challenge url", func() { It("should create a valid challenge url object based on the image ref supplied", func() {