Add an API test for docker build -f Dockerfile

I noticed that while we have tests to make sure that people don't
specify a Dockerfile (via -f) that's outside of the build context
when using the docker cli, we don't check on the server side to make
sure that API users have the same check done. This would be a security
risk.

While in there I had to add a new util func for the tests to allow us to
send content to the server that isn't json encoded - in this case a tarball

Signed-off-by: Doug Davis <dug@us.ibm.com>

integration-cli/docker_api_containers_test.go

@@ -299,3 +299,35 @@ func TestGetContainerStats(t *testing.T) {
 	}
 	logDone("container REST API - check GET containers/stats")
 }
+
+func TestBuildApiDockerfilePath(t *testing.T) {
+	// Test to make sure we stop people from trying to leave the
+	// build context when specifying the path to the dockerfile
+	buffer := new(bytes.Buffer)
+	tw := tar.NewWriter(buffer)
+	defer tw.Close()
+
+	if err := tw.WriteHeader(&tar.Header{
+		Name: "Dockerfile",
+		Size: 11,
+	}); err != nil {
+		t.Fatalf("failed to write tar file header: %v", err)
+	}
+	if _, err := tw.Write([]byte("FROM ubuntu")); err != nil {
+		t.Fatalf("failed to write tar file content: %v", err)
+	}
+	if err := tw.Close(); err != nil {
+		t.Fatalf("failed to close tar archive: %v", err)
+	}
+
+	out, err := sockRequestRaw("POST", "/build?dockerfile=../Dockerfile", buffer, "application/x-tar")
+	if err == nil {
+		t.Fatalf("Build was supposed to fail")
+	}
+
+	if !strings.Contains(string(out), "must be within the build context") {
+		t.Fatalf("Didn't complain about leaving build context")
+	}
+
+	logDone("container REST API - check build w/bad Dockerfile path")
+}