Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-18487

Scripting API allows invalid Roles

    Details

    • Story Points:
      1
    • Notability:
      3

      Description

      The addRole() method in security scripting API allows for creation of a role that contains itself.  This is not valid, and causes stack overflows in Nexus when the role is traversed.

       

      The API should validate that no cycles are created in roles, and ensure that any other required validation is applied regardless of whether the input comes from REST/UI/etc.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Rich Seddon Rich Seddon
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title