Some false positives from gosec (G602: slice index out of range)
integration-cli/daemon/daemon.go:109:1: deprecatedComment: `Deprecated: ` notices should be in a dedicated paragraph, separated from the rest (gocritic)
// Deprecated: use cli.WaitCmd instead
^
integration-cli/docker_cli_build_test.go:562:3: dupOption: function argument `build.WithFile("test_file3", "test3")` is duplicated (gocritic)
build.WithFile("test_file3", "test3"),
^
integration-cli/docker_utils_test.go:250:1: deprecatedComment: `Deprecated: ` notices should be in a dedicated paragraph, separated from the rest (gocritic)
// Deprecated: use cli.WaitFor
^
daemon/libnetwork/ipams/defaultipam/address_space.go:45:39: G602: slice index out of range (gosec)
if predefined[j].Overlaps(predefined[i].Base) {
^
daemon/libnetwork/ipams/defaultipam/address_space.go:49:29: G602: slice index out of range (gosec)
predefined[j] = predefined[i]
^
daemon/libnetwork/libnetwork_linux_test.go:1492:9: G602: slice index out of range (gosec)
sboxes[thd-1], err = controller.NewSandbox(context.Background(), fmt.Sprintf("%drace", thd))
^
daemon/libnetwork/networkdb/cluster_test.go:111:21: G602: slice index out of range (gosec)
mean, stdev := nf[0], nf[1]
^
daemon/libnetwork/osl/interface_linux.go:586:54: G602: slice index out of range (gosec)
log.G(ctx).WithField("portState", stateFileContent[0]).Debug("waiting for bridge port to be forwarding")
^
daemon/libnetwork/osl/interface_linux.go:594:32: G602: slice index out of range (gosec)
"portState": stateFileContent[0],
^
daemon/libnetwork/portallocator/osallocator_linux_test.go:358:13: G602: slice index out of range (gosec)
if payload[0] != 0x1 {
^
daemon/libnetwork/portallocator/osallocator_linux_test.go:359:68: G602: slice index out of range (gosec)
readCh <- fmt.Errorf("expected payload 0x1, but got %x", payload[0])
^
daemon/logger/gelf/gelf_test.go:197:9: nilness: impossible condition: nil != nil (govet)
if err != nil {
^
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 6aea8c2591 updated this part of the
test to account for BuildKit now being used as default, which doesn't use
regular containers to "commit" to an image, and therefore doesn't produce
events as part of the build.
However, it changed it to filter for `build` type events, which .. don't
exist. The test passed because it only checked for number of events produced,
which is approximated by checking the number of lines in the output. In
this case, the output would be empty, so "events" was a slice of strings
with length 1; an empty string.
Given that BuildKit doesn't produce meaningful events to test for, we could
either disable BuildKit, to test the legacy builder, or just remove this
part of the test. Let's do the latter.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These tests used intermediate images (as produced by the classic builder)
as part of the test. When using BuildKit, such images are not produced,
and will only be in the build-cache.
From the tests, it looks like the extra checks were not critical to
verify the behavior, so let's simplify them to not depend on this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Make sure the error is the one we expected, and slightly clarify
the behavior (named volumes not having a meaning in VOLUME, so will
be used as-is).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was only testing behavior of the CLI itself (or even basic
functionality provided by Cobra).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Migrated TestAPIImagesDelete from the legacy integration-cli suite
(docker_api_images_test.go) to the new integration test framework under
integration/image/remove_test.go.
This update:
- Fixes ENV instruction syntax to use "ENV FOO=bar"
- Adds error type check using errdefs.IsNotFound for cleaner assertions
- Ensures consistent cleanup handling
Signed-off-by: Aditya Mishra <mishraaditya675@gmail.com>
Add WithAPIVersion and WithAPIVersionFromEnv to be more clear on
the intent, and to align with other related options and fields.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These tests were failing because the "docker run" did not print the
ID of the container, and instead detached immediately without printing;
```
=== Failed
=== FAIL: amd64.integration-cli TestDockerCLICommitSuite/TestCommitAfterContainerIsDone (0.27s)
docker_cli_commit_test.go:32: assertion failed:
Command: /usr/local/cli-integration/docker wait
ExitCode: 1
Error: exit status 1
Stdout:
Stderr: invalid container name or ID: value is empty
Failures:
ExitCode was 1 expected 0
Expected no error
--- FAIL: TestDockerCLICommitSuite/TestCommitAfterContainerIsDone (0.27s)
=== FAIL: amd64.integration-cli TestDockerCLICommitSuite/TestCommitWithoutPause (0.20s)
docker_cli_commit_test.go:47: assertion failed:
Command: /usr/local/cli-integration/docker wait
ExitCode: 1
Error: exit status 1
Stdout:
Stderr: invalid container name or ID: value is empty
Failures:
ExitCode was 1 expected 0
Expected no error
--- FAIL: TestDockerCLICommitSuite/TestCommitWithoutPause (0.20s)
```
What happens is that it starts a container with only `stdin` attached, but
no `stdout`, and the behavior changed between versions of the CLI, which
may be either a bugfix or a regression;
docker 28 cli doesn't stay attached:
```bash
Status: Downloaded newer image for docker:28-cli
/ # docker run -i -a stdin busybox echo foo
/ #
```
docker 27 cli stays attached, but has the "three strikes, you're out" handling:
```bash
docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock docker:27-cli sh
Status: Downloaded newer image for docker:27-cli
/ # docker run -i -a stdin busybox echo foo
9dbb29080a72225593885bc4880d8f4f22f36803100179f9725468bda1d52b4f
^C^C^C
got 3 SIGTERM/SIGINTs, forcefully exiting
/ # ^C
```
docker 26 cli (and older) don't forward the signal to the container, and detach-keys don't work (or in this case, are handled by the CLI container)?:
```bash
docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock docker:26-cli sh
Status: Downloaded newer image for docker:26-cli
/ # docker run -i -a stdin busybox echo foo
21963ce1b9a7bb7eccef3618693b09a106fb29084b484e31c69cd4a26ee44777
^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C^C
<CTRL>p,q
```
As these tests were not testing that part, I simplified the tests, but
we should probably look into the change of behavior to see if it was
intentional (and if it was correct).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use a cancelReadCloser to automatically close the reader when the context
is cancelled. Consumers are still recommended to manually close the reader,
but the cancelReadCloser makes the Close idempotent.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Migrate TestAPIStatsContainerNotFound from the deprecated integration-cli
test suite to the modern integration test framework in integration/container.
The test verifies that the container stats API returns a NotFound error
for non-existent containers, testing both streaming and non-streaming modes.
Changes made:
- Migrated test to integration/container/stats_test.go using standard
Go testing patterns
- Refactored to use test array pattern for better test organization
- Removed test from integration-cli/docker_api_stats_test.go
- Removed unused imports from integration-cli file
- Removed Windows skip as it may not be necessary
Signed-off-by: Salim Dohri <dohri.salim@gmail.com>
Now that we're raising the minimum API version, we can also update
the CLI used in our integration-cli tests.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use a more idiomatic name so that it can be used as `client.New()`.
We should look if we want `New()` to have different / updated defaults
i.e., enable `WithEnv` as default, and have an opt-out and have API-
version negotiation enabled by default (with an opt-out option).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
