Do the isMultiImage decision already on an UnparsedImage, not an Image

mtrmac · mtrmac · commit b5e202ef59e4 · 2017-11-15T19:34:25.000+01:00
We don't actually need to parse the image to make this decision.

Also, we are going to do signature checking on the individual images in the list
in the future, so the list/non-list decision needs to happen before
signature checking.

Signed-off-by: Miloslav Trmač &lt;mitr@redhat.com&gt;
diff --git a/copy/copy.go b/copy/copy.go
@@ -142,8 +142,17 @@ func Image(policyContext *signature.PolicyContext, destRef, srcRef types.ImageRe
 			}
 		}
 	}()
+	multiImage, err := isMultiImage(unparsedImage)
+	if err != nil {
+		return errors.Wrapf(err, "Error determining manifest MIME type for %s", transports.ImageName(srcRef))
+	}
+	if multiImage {
+		return errors.Errorf("can not copy %s: manifest contains multiple images", transports.ImageName(srcRef))
+	}
 
 	// Please keep this policy check BEFORE reading any other information about the image.
+	// (the multiImage check above only matches the MIME type, which we have received anyway.
+	// Actual parsing of anything should be deferred.)
 	if allowed, err := policyContext.IsRunningImageAllowed(unparsedImage); !allowed || err != nil { // Be paranoid and fail if either return value indicates so.
 		return errors.Wrap(err, "Source image rejected")
 	}
@@ -162,14 +171,6 @@ func Image(policyContext *signature.PolicyContext, destRef, srcRef types.ImageRe
 		return err
 	}
 
-	multiImage, err := isMultiImage(src)
-	if err != nil {
-		return errors.Wrapf(err, "Error determining manifest MIME type for %s", transports.ImageName(srcRef))
-	}
-	if multiImage {
-		return errors.Errorf("can not copy %s: manifest contains multiple images", transports.ImageName(srcRef))
-	}
-
 	var sigs [][]byte
 	if options.RemoveSignatures {
 		sigs = [][]byte{}
