diff --git a/cmd/podman/parse/net.go b/cmd/podman/parse/net.go index a5c7a0d956..147991791b 100644 --- a/cmd/podman/parse/net.go +++ b/cmd/podman/parse/net.go @@ -10,6 +10,7 @@ import ( "os" "regexp" "strings" + "sync" ) const ( @@ -22,8 +23,9 @@ const ( var ( whiteSpaces = " \t" - alphaRegexp = regexp.MustCompile(`[a-zA-Z]`) - domainRegexp = regexp.MustCompile(`^(:?(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]))(:?\.(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])))*)\.?\s*$`) + alphaRegexp *regexp.Regexp + domainRegexp *regexp.Regexp + onceRegex sync.Once ) // validateExtraHost validates that the specified string is a valid extrahost and returns it. @@ -52,6 +54,10 @@ func validateIPAddress(val string) (string, error) { } func ValidateDomain(val string) (string, error) { + onceRegex.Do(func() { + alphaRegexp = regexp.MustCompile(`[a-zA-Z]`) + domainRegexp = regexp.MustCompile(`^(:?(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9]))(:?\.(:?[a-zA-Z0-9]|(:?[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])))*)\.?\s*$`) + }) if alphaRegexp.FindString(val) == "" { return "", fmt.Errorf("%s is not a valid domain", val) } diff --git a/libpod/define/config.go b/libpod/define/config.go index 0427206edb..7295f1425e 100644 --- a/libpod/define/config.go +++ b/libpod/define/config.go @@ -3,7 +3,6 @@ package define import ( "bufio" "io" - "regexp" "github.com/containers/common/libnetwork/types" ) @@ -20,8 +19,6 @@ var ( NameRegex = types.NameRegex // RegexError is thrown in presence of an invalid container/pod name. RegexError = types.RegexError - // UmaskRegex is a regular expression to validate Umask. - UmaskRegex = regexp.MustCompile(`^[0-7]{1,4}$`) ) const ( diff --git a/libpod/options.go b/libpod/options.go index 373cf5aada..99ee39a640 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -6,7 +6,9 @@ import ( "net" "os" "path/filepath" + "regexp" "strings" + "sync" "syscall" "github.com/containers/buildah/pkg/parse" @@ -28,6 +30,11 @@ import ( "github.com/sirupsen/logrus" ) +var ( + umaskRegex *regexp.Regexp + onceRegex sync.Once +) + // WithStorageConfig uses the given configuration to set up container storage. // If this is not specified, the system default configuration will be used // instead. @@ -1790,11 +1797,14 @@ func WithTimezone(path string) CtrCreateOption { // WithUmask sets the umask in the container func WithUmask(umask string) CtrCreateOption { + onceRegex.Do(func() { + umaskRegex = regexp.MustCompile(`^[0-7]{1,4}$`) + }) return func(ctr *Container) error { if ctr.valid { return define.ErrCtrFinalized } - if !define.UmaskRegex.MatchString(umask) { + if !umaskRegex.MatchString(umask) { return fmt.Errorf("invalid umask string %s: %w", umask, define.ErrInvalidArg) } ctr.config.Umask = umask diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index 4dcfb8e167..1ea74f3154 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -17,6 +17,7 @@ import ( "runtime" "strconv" "strings" + "sync" "github.com/containers/buildah/define" "github.com/containers/image/v5/types" @@ -37,11 +38,16 @@ type devino struct { } var ( - iidRegex = regexp.MustCompile(`^[0-9a-f]{12}`) + iidRegex *regexp.Regexp + onceRegex sync.Once ) // Build creates an image using a containerfile reference func Build(ctx context.Context, containerFiles []string, options entities.BuildOptions) (*entities.BuildReport, error) { + onceRegex.Do(func() { + iidRegex = regexp.MustCompile(`^[0-9a-f]{12}`) + }) + if options.CommonBuildOpts == nil { options.CommonBuildOpts = new(define.CommonBuildOptions) } diff --git a/pkg/systemd/quadlet/quadlet.go b/pkg/systemd/quadlet/quadlet.go index 05f8be6648..d7545b32c6 100644 --- a/pkg/systemd/quadlet/quadlet.go +++ b/pkg/systemd/quadlet/quadlet.go @@ -5,6 +5,7 @@ import ( "path/filepath" "regexp" "strings" + "sync" "github.com/containers/podman/v4/pkg/systemd/parser" ) @@ -29,8 +30,6 @@ const ( XNetworkGroup = "X-Network" ) -var validPortRange = regexp.MustCompile(`\d+(-\d+)?(/udp|/tcp)?$`) - // All the supported quadlet keys const ( KeyContainerName = "ContainerName" @@ -75,70 +74,75 @@ const ( KeyConfigMap = "ConfigMap" ) -// Supported keys in "Container" group -var supportedContainerKeys = map[string]bool{ - KeyContainerName: true, - KeyImage: true, - KeyEnvironment: true, - KeyEnvironmentFile: true, - KeyEnvironmentHost: true, - KeyExec: true, - KeyNoNewPrivileges: true, - KeyDropCapability: true, - KeyAddCapability: true, - KeyReadOnly: true, - KeyRemapUsers: true, - KeyRemapUID: true, - KeyRemapGID: true, - KeyRemapUIDSize: true, - KeyNotify: true, - KeyExposeHostPort: true, - KeyPublishPort: true, - KeyUser: true, - KeyGroup: true, - KeyVolume: true, - KeyPodmanArgs: true, - KeyLabel: true, - KeyAnnotation: true, - KeyRunInit: true, - KeyVolatileTmp: true, - KeyTimezone: true, - KeySeccompProfile: true, - KeyAddDevice: true, - KeyNetwork: true, -} - -// Supported keys in "Volume" group -var supportedVolumeKeys = map[string]bool{ - KeyUser: true, - KeyGroup: true, - KeyLabel: true, -} - -// Supported keys in "Volume" group -var supportedNetworkKeys = map[string]bool{ - KeyNetworkDisableDNS: true, - KeyNetworkDriver: true, - KeyNetworkGateway: true, - KeyNetworkInternal: true, - KeyNetworkIPRange: true, - KeyNetworkIPAMDriver: true, - KeyNetworkIPv6: true, - KeyNetworkOptions: true, - KeyNetworkSubnet: true, - KeyLabel: true, -} - -// Supported keys in "Kube" group -var supportedKubeKeys = map[string]bool{ - KeyYaml: true, - KeyRemapUID: true, - KeyRemapGID: true, - KeyRemapUsers: true, - KeyRemapUIDSize: true, - KeyNetwork: true, - KeyConfigMap: true, -} +var ( + onceRegex sync.Once + validPortRange *regexp.Regexp + + // Supported keys in "Container" group + supportedContainerKeys = map[string]bool{ + KeyContainerName: true, + KeyImage: true, + KeyEnvironment: true, + KeyEnvironmentFile: true, + KeyEnvironmentHost: true, + KeyExec: true, + KeyNoNewPrivileges: true, + KeyDropCapability: true, + KeyAddCapability: true, + KeyReadOnly: true, + KeyRemapUsers: true, + KeyRemapUID: true, + KeyRemapGID: true, + KeyRemapUIDSize: true, + KeyNotify: true, + KeyExposeHostPort: true, + KeyPublishPort: true, + KeyUser: true, + KeyGroup: true, + KeyVolume: true, + KeyPodmanArgs: true, + KeyLabel: true, + KeyAnnotation: true, + KeyRunInit: true, + KeyVolatileTmp: true, + KeyTimezone: true, + KeySeccompProfile: true, + KeyAddDevice: true, + KeyNetwork: true, + } + + // Supported keys in "Volume" group + supportedVolumeKeys = map[string]bool{ + KeyUser: true, + KeyGroup: true, + KeyLabel: true, + } + + // Supported keys in "Volume" group + supportedNetworkKeys = map[string]bool{ + KeyNetworkDisableDNS: true, + KeyNetworkDriver: true, + KeyNetworkGateway: true, + KeyNetworkInternal: true, + KeyNetworkIPRange: true, + KeyNetworkIPAMDriver: true, + KeyNetworkIPv6: true, + KeyNetworkOptions: true, + KeyNetworkSubnet: true, + KeyLabel: true, + } + + // Supported keys in "Kube" group + supportedKubeKeys = map[string]bool{ + KeyYaml: true, + KeyRemapUID: true, + KeyRemapGID: true, + KeyRemapUsers: true, + KeyRemapUIDSize: true, + KeyNetwork: true, + KeyConfigMap: true, + } +) func replaceExtension(name string, extension string, extraPrefix string, extraSuffix string) string { baseName := name @@ -152,6 +156,9 @@ func replaceExtension(name string, extension string, extraPrefix string, extraSu } func isPortRange(port string) bool { + onceRegex.Do(func() { + validPortRange = regexp.MustCompile(`\d+(-\d+)?(/udp|/tcp)?$`) + }) return validPortRange.MatchString(port) }