From f4ad0fbf00df8f9ae2d48829b414fb48480c0e07 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wenkai=20Yin=28=E5=B0=B9=E6=96=87=E5=BC=80=29?=
 <yinw@vmware.com>
Date: Fri, 27 Mar 2020 10:33:20 +0800
Subject: [PATCH] Use the same logic to parse the registry URL (#11320)

Use the same logic to parse the registry URL to fix #11274

Signed-off-by: Wenkai Yin <yinw@vmware.com>
---
 src/core/api/registry.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/core/api/registry.go b/src/core/api/registry.go
index ad4b34986..2af9ebb7a 100644
--- a/src/core/api/registry.go
+++ b/src/core/api/registry.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"net/http"
 	"strconv"
-	"strings"
 
 	common_http "github.com/goharbor/harbor/src/common/http"
 	"github.com/goharbor/harbor/src/common/utils"
@@ -208,10 +207,13 @@ func (t *RegistryAPI) Post() {
 		t.SendConflictError(fmt.Errorf("name '%s' is already used", r.Name))
 		return
 	}
-	i := strings.Index(r.URL, "://")
-	if i == -1 {
-		r.URL = fmt.Sprintf("http://%s", r.URL)
+	url, err := utils.ParseEndpoint(r.URL)
+	if err != nil {
+		t.SendBadRequestError(err)
+		return
 	}
+	// Prevent SSRF security issue #3755
+	r.URL = url.Scheme + "://" + url.Host + url.Path
 
 	status, err := registry.CheckHealthStatus(r)
 	if err != nil {