add: fail on bad http response instead of writing to container

Adding sources from URL using `ADD` instruction adds reponse to build container even if it receives bad HTTP response, following behaviour is not in parity with `docker` or `buildkit`. Following commit ensures that `ADD` where source is external URL fails on build step if we get bad HTTP response. Example: Following containerfile should fail while building ```Dockerfile FROM registry.fedoraproject.org/fedora:36 ADD https://mirror.init7.net/fedora/fedora/linux/releases/36/Server/x86_64/iso/Fedora-Server-netinst-x86_64-36-1.5.foo / ``` **Fixes: BZ#2102140** Signed-off-by: Aditya R <arajan@redhat.com>
2022-07-01 15:51:11 +05:30 · 2022-07-01 15:51:11 +05:30 · 62e47e7b0d
parent a6b60474d1
commit 62e47e7b0d
2 changed files with 17 additions and 0 deletions
--- a/add.go
+++ b/add.go
@ -88,6 +88,11 @@ func getURL(src string, chown *idtools.IDPair, mountpoint, renameTarget string,
 		return err
 	}
 	defer response.Body.Close()
+
+	if response.StatusCode < http.StatusOK || response.StatusCode >= http.StatusBadRequest {
+		return fmt.Errorf("invalid response status %d", response.StatusCode)
+	}
+
 	// Figure out what to name the new content.
 	name := renameTarget
 	if name == "" {
--- a/tests/bud.bats
+++ b/tests/bud.bats
@ -202,6 +202,18 @@ _EOF
  expect_output --substring $targetarch
 }

+@test "build with add resolving to invalid HTTP status code" {
+  mkdir -p ${TEST_SCRATCH_DIR}/bud/platform
+
+  cat > ${TEST_SCRATCH_DIR}/bud/platform/Dockerfile << _EOF
+FROM alpine
+ADD https://google.com/test /
+_EOF
+
+  run_buildah 125 build $WITH_POLICY_JSON -t source -f ${TEST_SCRATCH_DIR}/bud/platform/Dockerfile
+  expect_output --substring "invalid response status"
+}
+
@test "bud with --layers and --no-cache flags" {
  cp -a $BUDFILES/use-layers ${TEST_SCRATCH_DIR}/use-layers