Handle failed DNS case for Go 1.20+

Go 1.20 introduced DNS/CNAME handling changes. This can cause an
IP address represented in hex, oct, etc to be looked up as DNS and
fail. This change introduces a mock DNS resolver.

Note, with the mock resolver, we don't need to use 0x7f000001 any
longer. Keeping because it was already there.

Signed-off-by: Matt Farina <matt.farina@suse.com>

go.mod

@@ -14,6 +14,7 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.3
 	github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2
 	github.com/evanphx/json-patch v5.6.0+incompatible
+	github.com/foxcpp/go-mockdns v1.0.0
 	github.com/gobwas/glob v0.2.3
 	github.com/gofrs/flock v0.8.1
 	github.com/gosuri/uitable v0.0.4
@@ -107,6 +108,7 @@ require (
 	github.com/mattn/go-isatty v0.0.17 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/miekg/dns v1.1.25 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/locker v1.0.1 // indirect

pkg/registry/client_tls_test.go

@@ -36,6 +36,7 @@ func (suite *TLSRegistryClientTestSuite) SetupSuite() {
 }
 
 func (suite *TLSRegistryClientTestSuite) TearDownSuite() {
+	teardown(&suite.TestSuite)
 	os.RemoveAll(suite.WorkspaceDir)
 }
 

pkg/registry/utils_test.go

@@ -22,6 +22,7 @@ import (
 	"crypto/tls"
 	"fmt"
 	"io"
+	"net"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -34,6 +35,7 @@ import (
 	"github.com/distribution/distribution/v3/registry"
 	_ "github.com/distribution/distribution/v3/registry/auth/htpasswd"
 	_ "github.com/distribution/distribution/v3/registry/storage/driver/inmemory"
+	"github.com/foxcpp/go-mockdns"
 	"github.com/phayes/freeport"
 	"github.com/stretchr/testify/suite"
 	"golang.org/x/crypto/bcrypt"
@@ -63,6 +65,9 @@ type TestSuite struct {
 	CompromisedRegistryHost string
 	WorkspaceDir            string
 	RegistryClient          *Client
+
+	// A mock DNS server needed for TLS connection testing.
+	srv *mockdns.Server
 }
 
 func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry {
@@ -122,6 +127,15 @@ func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry
 		// That function does not handle matching of ip addresses in octal,
 		// decimal or hex form.
 		suite.DockerRegistryHost = fmt.Sprintf("0x7f000001:%d", port)
+
+		// As of Go 1.20, Go may lookup "0x7f000001" as a DNS entry and fail.
+		// Using a mock DNS server to handle the address.
+		suite.srv, _ = mockdns.NewServer(map[string]mockdns.Zone{
+			"0x7f000001.": {
+				A: []string{"127.0.0.1"},
+			},
+		}, false)
+		suite.srv.PatchNet(net.DefaultResolver)
 	} else {
 		suite.DockerRegistryHost = fmt.Sprintf("localhost:%d", port)
 	}
@@ -152,6 +166,13 @@ func setup(suite *TestSuite, tlsEnabled bool, insecure bool) *registry.Registry
 	return dockerRegistry
 }
 
+func teardown(suite *TestSuite) {
+	if suite.srv != nil {
+		mockdns.UnpatchNet(net.DefaultResolver)
+		suite.srv.Close()
+	}
+}
+
 func initCompromisedRegistryTestServer() string {
 	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		if strings.Contains(r.URL.Path, "manifests") {