Dependency confusion attack from looking for manifest in docker.io first

[DrewDevereux]

This block of code assumes that any image name with only one slash in it cannot possibly be a fully qualified image name, and therefore prepends docker.io/ to the name.

Thus, if I specify a Dockerfile with

FROM artefact.example.com/my_image:1.2.3

then this CLI first looks for a manifest at docker.io/artefact.example.com/my_image:1.2.3.

This concerns me. It feels like an invitation to a dependency confusion attack. Someone could create an "artefact.example.com" organization on docker.io, publish a malicious image named "my_image:1.2.3", and this CLI would pull that instead of what I specified.

[chrmarti]

@joshspicer Do you know if there is a specific way to detect if the first segment is a hostname?

We recently used the heuristic of checking if the first segment has a dot or is 'localhost' to detect this. That might be better than the code referred to here:

cli/src/spec-node/containerFeatures.ts

Line 449 in be1f203

function hasRegistryHostname(imageName: string) {

[joshspicer]

I did a quick scan of the moby repo and found this, which seems to also be using the segment and dot trick:
https://github.com/moby/moby/blob/4554d871d70bd055a0faa3ed595419ec4dc50406/registry/search.go#L145-L155