From 55c17837fcc7e2bf345e7519d0493cbc1a353ed3 Mon Sep 17 00:00:00 2001
From: chlins <chenyuzh@vmware.com>
Date: Mon, 28 Mar 2022 15:06:27 +0800
Subject: [PATCH] fix: validate project metadata public value

Signed-off-by: chlins <chenyuzh@vmware.com>
---
 src/server/v2.0/handler/project.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/server/v2.0/handler/project.go b/src/server/v2.0/handler/project.go
index 9ab8345d7..b0f3323a9 100644
--- a/src/server/v2.0/handler/project.go
+++ b/src/server/v2.0/handler/project.go
@@ -147,6 +147,13 @@ func (a *projectAPI) CreateProject(ctx context.Context, params operation.CreateP
 		req.Metadata.Public = strconv.FormatBool(false)
 	}
 
+	// validate metadata.public value, should only be "true" or "false"
+	if p := req.Metadata.Public; p != "" {
+		if p != "true" && p != "false" {
+			return a.SendError(ctx, errors.BadRequestError(nil).WithMessage(fmt.Sprintf("metadata.public should only be 'true' or 'false', but got: '%s'", p)))
+		}
+	}
+
 	// ignore enable_content_trust metadata for proxy cache project
 	// see https://github.com/goharbor/harbor/issues/12940 to get more info
 	if req.RegistryID != nil {