Closed qweeah closed 4 months ago
Below code is expected to panic but can parse the invalid reference /oras
/oras
package main import ( "fmt" _ "crypto/sha256" "oras.land/oras-go/v2/registry" ) func main() { rawRef := "/oras" ref, err := registry.ParseReference(rawRef) if err != nil { panic(err) } fmt.Println("Registry:", ref.Registry) fmt.Println("Repository:", ref.Repository) }
Version: oras.land/oras-go/v2 v2.4.0
The root cause is url.ParseRequestURI allows empty domain name, ORAS-go should enforce the non-empty checking.
Below code is expected to panic but can parse the invalid reference
/oras
Version: oras.land/oras-go/v2 v2.4.0
The root cause is url.ParseRequestURI allows empty domain name, ORAS-go should enforce the non-empty checking.