Describe the bug

Running crane commands with typos leaks data to docker.io

To Reproduce

Run crane ls secretprojectname

Expected behavior

crane does not submit secretprojectname to docker.io

Actual behavior

Error: reading tags for secretprojectname: GET [https://index.docker.io/v2/library/secretprojectname/tags/list?n=1000](https://www.google.com/url?q=https://index.docker.io/v2/library/secretprojectname/tags/list?n%3D1000&sa=D&source=buganizer&usg=AOvVaw3EOpvge9bXCmcd-c9Kw34y): UNAUTHORIZED: authentication required; [map[Action:pull Class: Name:library/secretprojectname Type:repository]]

Additional context

It is common for CI/CD systems to use variables in place of hostnames. Should one of these variables be misconfigured, then sensitive internal project names may be sent to docker.io without the users knowledge. Additionally, the hostnames themselves could be sensitive and a misconfiguration on the part of the project name could lead to the hostname leaking to docker.io.

This maps directly to OWASP M4: Unintended Data Leakage

Proposed Solution:

Ensure that the user must specify a default repository on all operations. Supporting a configuration file would be ideal.

• Output of crane version: v0.8.0
• Registry used: Internal