Details
-
Bug
-
Resolution: Fixed
-
Major
-
3.13.0
-
1
Description
The SelectorManager.create(SelectorConfiguration config) method does not validate the contents passed into it. This allows the creation of invalid content selectors that have no attributes.
These invalid content selectors do not show up in the UI, and therefore cannot be removed by the users. Furthermore, when an upgrade to a new version of Nexus is performed these invalid records cause a failure, the upgraded instance cannot be started.
Expected: The API should protect against invalid content.
Example of invalid record that can be created via API:
{
"@class": "selector_selector",
"@rid": "#40:3",
"@type": "d",
"@version": 1,
"description": "Testing",
"name": "com.no.attributes",
"type": "csel"
},
Example of failure that occurs when this record is encountered during upgrade:
2018-08-26 08:15:32,634-0500 INFO [FelixStartLevel] NexusHDQ-One *SYSTEM org.sonatype.nexus.upgrade.internal.UpgradeServiceImpl - Upgrade rubygems from 1.0 to 1.1
2018-08-26 08:15:32,821-0500 WARN [FelixStartLevel <command>sql.update selector_selector set attributes.expression = attributes.expression.replace('//','/')</command>] NexusHDQ-One *SYSTEM com.orientechnologies.orient.core.serialization.serializer.record.binary.ORecordSerializerBinary - $ANSI{green {db=config}} Error deserializing record with id #39:5 send this data for debugging: ACJzZWxlY3Rvcl9zZWxlY3RvcgEAAAAoJQAAADZvAAAAO3EAAABMABpjb20uYWEuZG9nYWRzCENTRUwgVGVzdGluZyBieSBOaWhhcgIHFGV4cHJlc3Npb24AAABeFLoBY29tLm9yaWVudGVjaG5vbG9naWVzLm9yaWVudC5jb3JlLnNlcmlhbGl6YXRpb24uc2VyaWFsaXplci5yZWNvcmQuYmluYXJ5Lk9TZXJpYWxpemFibGVXcmFwcGVyzgSs7QAFc3IAJ29yZy5jb2RlaGF1cy5ncm9vdnkucnVudGltZS5HU3RyaW5nSW1wbDGzS2f7fekSAgABWwAHc3RyaW5nc3QAE1tMamF2YS9sYW5nL1N0cmluZzt4cgATZ3Jvb3Z5LmxhbmcuR1N0cmluZ9tj3naQywjNAgABWwAGdmFsdWVzdAATW0xqYXZhL2xhbmcvT2JqZWN0O3hwdXIAE1tMamF2YS5sYW5nLk9iamVjdDuQzlifEHMpbAIAAHhwAAAAAXQADS8vLy8vLy8vLy8vLy91cgATW0xqYXZhLmxhbmcuU3RyaW5nO63SVufpHXtHAgAAeHAAAAACdAAhZm9ybWF0ID09ICdtYXZlbjInIGFuZCBwYXRoID1+ICdedAADLion
2018-08-26 08:15:32,835-0500 ERROR [FelixStartLevel <command>sql.update selector_selector set attributes.expression = attributes.expression.replace('//','/')</command>] NexusHDQ-One *SYSTEM com.orientechnologies.orient.core.storage.impl.local.paginated.OLocalPaginatedStorage - Exception `2F976A01` in storage `plocal:/opt/sonatype-work/nexus3/db/config`: 2.2.36 (build d3beb772c02098ceaea89779a7afd4b7305d3788, branch 2.2.x)
com.orientechnologies.orient.core.exception.OCommandExecutionException: Error on execution of command: sql.select from selector_selector
DB name="config"
at com.orientechnologies.orient.core.storage.impl.local.OAbstractPaginatedStorage.executeCommand(OAbstractPaginatedStorage.java:3421)
at com.orientechnologies.orient.core.storage.impl.local.OAbstractPaginatedStorage.command(OAbstractPaginatedStorage.java:3318)
at com.orientechnologies.orient.core.sql.query.OSQLQuery.run(OSQLQuery.java:78)
at com.orientechnologies.orient.core.sql.query.OSQLAsynchQuery.run(OSQLAsynchQuery.java:74)
at com.orientechnologies.orient.core.query.OQueryAbstract.execute(OQueryAbstract.java:33)
at com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx.query(ODatabaseDocumentTx.java:756)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLUpdate.execute(OCommandExecutorSQLUpdate.java:291)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLDelegate.execute(OCommandExecutorSQLDelegate.java:70)
at com.orientechnologies.orient.core.storage.impl.local.OAbstractPaginatedStorage.executeCommand(OAbstractPaginatedStorage.java:3400)
at com.orientechnologies.orient.core.storage.impl.local.OAbstractPaginatedStorage.command(OAbstractPaginatedStorage.java:3318)
at com.orientechnologies.orient.core.command.OCommandRequestTextAbstract.execute(OCommandRequestTextAbstract.java:69)
at org.sonatype.nexus.repository.rubygems.upgrade.RubygemsUpgrade_1_1.updateContentSelectorExpressions(RubygemsUpgrade_1_1.java:115)
at org.sonatype.nexus.repository.rubygems.upgrade.RubygemsUpgrade_1_1.apply(RubygemsUpgrade_1_1.java:79)
at org.sonatype.nexus.upgrade.internal.UpgradeServiceImpl.lambda$3(UpgradeServiceImpl.java:193)
at java.util.ArrayList.forEach(ArrayList.java:1257)
at org.sonatype.nexus.upgrade.internal.UpgradeServiceImpl.doUpgrade(UpgradeServiceImpl.java:135)
at org.sonatype.nexus.upgrade.internal.UpgradeServiceImpl.doStart(UpgradeServiceImpl.java:91)
at org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport.start(StateGuardLifecycleSupport.java:67)
at org.sonatype.nexus.upgrade.internal.UpgradeServiceImpl$$EnhancerByGuice$$dbe05174.CGLIB$start$4(<generated>)
at org.sonatype.nexus.upgrade.internal.UpgradeServiceImpl$$EnhancerByGuice$$dbe05174$$FastClassByGuice$$2ae549d6.invoke(<generated>)
at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)
at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:76)
at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
at org.sonatype.nexus.common.stateguard.StateGuard$TransitionImpl.run(StateGuard.java:191)
at org.sonatype.nexus.common.stateguard.TransitionsInterceptor.invoke(TransitionsInterceptor.java:56)
at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55)
at org.sonatype.nexus.upgrade.internal.UpgradeServiceImpl$$EnhancerByGuice$$dbe05174.start(<generated>)
at org.sonatype.nexus.extender.NexusLifecycleManager.startComponent(NexusLifecycleManager.java:155)
at org.sonatype.nexus.extender.NexusLifecycleManager.to(NexusLifecycleManager.java:95)
at org.sonatype.nexus.extender.NexusContextListener.frameworkEvent(NexusContextListener.java:191)
at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1429)
at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: com.orientechnologies.orient.core.exception.ODatabaseException: Error on deserialization of Serializable
DB name="config"
at com.orientechnologies.orient.core.serialization.serializer.record.binary.ORecordSerializerBinaryV0.deserializeValue(ORecordSerializerBinaryV0.java:497)
at com.orientechnologies.orient.core.serialization.serializer.record.binary.ORecordSerializerBinaryV0.readEmbeddedMap(ORecordSerializerBinaryV0.java:576)
at com.orientechnologies.orient.core.serialization.serializer.record.binary.ORecordSerializerBinaryV0.deserializeValue(ORecordSerializerBinaryV0.java:472)
at com.orientechnologies.orient.core.serialization.serializer.record.binary.ORecordSerializerBinaryV0.deserializePartial(ORecordSerializerBinaryV0.java:148)
at com.orientechnologies.orient.core.serialization.serializer.record.binary.ORecordSerializerBinary.fromStream(ORecordSerializerBinary.java:78)
at com.orientechnologies.orient.core.record.impl.ODocument.deserializeFields(ODocument.java:1854)
at com.orientechnologies.orient.core.record.impl.ODocument.checkForFields(ODocument.java:2626)
at com.orientechnologies.orient.core.record.impl.ODocument.rawField(ODocument.java:773)
at com.orientechnologies.orient.core.sql.filter.OSQLFilterItemField.getValue(OSQLFilterItemField.java:129)
at com.orientechnologies.orient.core.sql.OSQLHelper.resolveFieldValue(OSQLHelper.java:310)
at com.orientechnologies.orient.core.sql.OSQLHelper.bindParameters(OSQLHelper.java:401)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLUpdate.handleSetEntries(OCommandExecutorSQLUpdate.java:614)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLUpdate.result(OCommandExecutorSQLUpdate.java:348)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLResultsetAbstract.pushResult(OCommandExecutorSQLResultsetAbstract.java:279)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLSelect.addResult(OCommandExecutorSQLSelect.java:759)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLSelect.handleResult(OCommandExecutorSQLSelect.java:670)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLSelect.executeSearchRecord(OCommandExecutorSQLSelect.java:627)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLSelect.serialIterator(OCommandExecutorSQLSelect.java:1638)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLSelect.fetchFromTarget(OCommandExecutorSQLSelect.java:1585)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLSelect.executeSearch(OCommandExecutorSQLSelect.java:522)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLSelect.execute(OCommandExecutorSQLSelect.java:485)
at com.orientechnologies.orient.core.sql.OCommandExecutorSQLDelegate.execute(OCommandExecutorSQLDelegate.java:70)
at com.orientechnologies.orient.core.storage.impl.local.OAbstractPaginatedStorage.executeCommand(OAbstractPaginatedStorage.java:3400)
... 33 common frames omitted
Caused by: com.orientechnologies.orient.core.exception.ODatabaseException: Error on deserialization of Serializable
DB name="config"
at com.orientechnologies.orient.core.serialization.serializer.record.binary.OSerializableWrapper.fromStream(OSerializableWrapper.java:48)
at com.orientechnologies.orient.core.serialization.serializer.record.binary.ORecordSerializerBinaryV0.deserializeValue(ORecordSerializerBinaryV0.java:491)
... 55 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.codehaus.groovy.runtime.GStringImpl
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at org.apache.felix.framework.BundleWiringImpl.doImplicitBootDelegation(BundleWiringImpl.java:1764)
at org.apache.felix.framework.BundleWiringImpl.searchDynamicImports(BundleWiringImpl.java:1693)
at org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDelegation(BundleWiringImpl.java:1528)
at org.apache.felix.framework.BundleWiringImpl.access$200(BundleWiringImpl.java:79)
at org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadClass(BundleWiringImpl.java:1958)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:683)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1863)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1746)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:2037)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1568)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:428)
Attachments
Issue Links
- is related to
-
-
- Closed
-
