fix: prevent network name ambiguity

`NetworkInspect` will match a network ID by prefix. While rare, it's possible that users might use a network name that is also a valid network ID prefix for a pre-existing Docker network. (In the reported case, the network was named `db`, for example.) Fixes #9496. Signed-off-by: Milas Bowman <milas@tilt.dev>
2025-07-23 05:34:36 +02:00 · 2022-06-01 15:28:42 -04:00 · 2022-06-01 15:28:42 -04:00 · 7f32f02817
commit 7f32f02817
parent 335decceda
1 changed files with 74 additions and 67 deletions
--- a/pkg/compose/create.go
+++ b/pkg/compose/create.go
@ -31,6 +31,7 @@ import (
 	moby "github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/blkiodev"
 	"github.com/docker/docker/api/types/container"
+	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/mount"
 	"github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/api/types/strslice"
@ -1001,9 +1002,17 @@ func getAliases(s types.ServiceConfig, c *types.ServiceNetworkConfig) []string {
 }

 func (s *composeService) ensureNetwork(ctx context.Context, n types.NetworkConfig) error {
-	_, err := s.apiClient().NetworkInspect(ctx, n.Name, moby.NetworkInspectOptions{})
+	// NetworkInspect will match on ID prefix, so NetworkList with a name
+	// filter is used to look for an exact match to prevent e.g. a network
+	// named `db` from getting erroneously matched to a network with an ID
+	// like `db9086999caf`
+	networks, err := s.apiClient().NetworkList(ctx, moby.NetworkListOptions{
+		Filters: filters.NewArgs(filters.Arg("name", n.Name)),
+	})
 	if err != nil {
-		if errdefs.IsNotFound(err) {
+		return err
+	}
+	if len(networks) == 0 {
 		if n.External.External {
 			if n.Driver == "overlay" {
 				// Swarm nodes do not register overlay networks that were
@ -1069,8 +1078,6 @@ func (s *composeService) ensureNetwork(ctx context.Context, n types.NetworkConfi
 		w.Event(progress.CreatedEvent(networkEventName))
 		return nil
 	}
-		return err
-	}
 	return nil
 }