From 6b445634ed5bb02b33917bb4f874cdc496f25d53 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Tue, 25 Jun 2024 16:47:15 +0900 Subject: [PATCH] Disallow `ADD --checksum= ` Discussed in a comment in PR 5064 Signed-off-by: Akihiro Suda --- frontend/dockerfile/dockerfile2llb/convert.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/frontend/dockerfile/dockerfile2llb/convert.go b/frontend/dockerfile/dockerfile2llb/convert.go index 39eaecfeed77..5c7aff52669f 100644 --- a/frontend/dockerfile/dockerfile2llb/convert.go +++ b/frontend/dockerfile/dockerfile2llb/convert.go @@ -2117,7 +2117,14 @@ func commonImageNames() []string { } func isHTTPSource(src string) bool { - return strings.HasPrefix(src, "http://") || strings.HasPrefix(src, "https://") + if !strings.HasPrefix(src, "http://") && !strings.HasPrefix(src, "https://") { + return false + } + // https://github.com/ORG/REPO.git is a git source, not an http source + if gitRef, gitErr := gitutil.ParseGitRef(src); gitRef != nil && gitErr == nil { + return false + } + return true } func isEnabledForStage(stage string, value string) bool {