From 4d661bf63b8251861348b88ce73f69e12b001bd1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?nils=20m=C3=A5s=C3=A9n?= <nils@piksel.se>
Date: Wed, 12 Apr 2023 08:18:00 +0200
Subject: [PATCH] fix(registry): ignore empty challenge fields (#1626)

Co-authored-by: caotian <caotian@users.noreply.github.com>
---
 pkg/registry/auth/auth.go      |  7 +++----
 pkg/registry/auth/auth_test.go | 17 +++++++++++++++--
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/pkg/registry/auth/auth.go b/pkg/registry/auth/auth.go
index 23aef60..5056cb3 100644
--- a/pkg/registry/auth/auth.go
+++ b/pkg/registry/auth/auth.go
@@ -123,10 +123,9 @@ func GetAuthURL(challenge string, img string) (*url.URL, error) {
 
 	for _, pair := range pairs {
 		trimmed := strings.Trim(pair, " ")
-		kv := strings.Split(trimmed, "=")
-		key := kv[0]
-		val := strings.Trim(kv[1], "\"")
-		values[key] = val
+		if key, val, ok := strings.Cut(trimmed, "="); ok {
+			values[key] = strings.Trim(val, `"`)
+		}
 	}
 	logrus.WithFields(logrus.Fields{
 		"realm":   values["realm"],
diff --git a/pkg/registry/auth/auth_test.go b/pkg/registry/auth/auth_test.go
index 6ad2307..e276dda 100644
--- a/pkg/registry/auth/auth_test.go
+++ b/pkg/registry/auth/auth_test.go
@@ -2,13 +2,14 @@ package auth_test
 
 import (
 	"fmt"
-	"github.com/containrrr/watchtower/internal/actions/mocks"
-	"github.com/containrrr/watchtower/pkg/registry/auth"
 	"net/url"
 	"os"
 	"testing"
 	"time"
 
+	"github.com/containrrr/watchtower/internal/actions/mocks"
+	"github.com/containrrr/watchtower/pkg/registry/auth"
+
 	wtTypes "github.com/containrrr/watchtower/pkg/types"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
@@ -79,6 +80,18 @@ var _ = Describe("the auth module", func() {
 			Expect(err).To(HaveOccurred())
 			Expect(res).To(BeNil())
 		})
+		It("should not crash when an empty field is recieved", func() {
+			input := `bearer realm="https://ghcr.io/token",service="ghcr.io",scope="repository:user/image:pull",`
+			res, err := auth.GetAuthURL(input, "containrrr/watchtower")
+			Expect(err).NotTo(HaveOccurred())
+			Expect(res).NotTo(BeNil())
+		})
+		It("should not crash when a field without a value is recieved", func() {
+			input := `bearer realm="https://ghcr.io/token",service="ghcr.io",scope="repository:user/image:pull",valuelesskey`
+			res, err := auth.GetAuthURL(input, "containrrr/watchtower")
+			Expect(err).NotTo(HaveOccurred())
+			Expect(res).NotTo(BeNil())
+		})
 	})
 	When("getting a challenge url", func() {
 		It("should create a valid challenge url object based on the image ref supplied", func() {