Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-21818

File content validation does not detect invalid repomd.xml files in yum proxy repositories.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.19.1
    • Fix Version/s: None
    • Component/s: Yum
    • Labels:

      Description

      Create a yum proxy repository with this remote:

      http://download.fedoraproject.org/pub/epel/7/SRPMS

      Try downloading the repodata/repomd.xml file through it. The remote will return 200 with a plain text response. This should be blocked by file content validation, since the return is not an XML file, but instead we get an exception because we try to parse the plain text as XML:

      2019-11-15 19:26:05,764+0000 DEBUG [qtp2101147842-545] node2 csreporo org.sonatype.nexus.httpclient.outbound - http://download.fedoraproject.org/pub/epel/7/SRPMS/kafka/repodata/repomd.xml > GET /pub/epel/7/SRPMS/kafka/repodata/repomd.xml HTTP/1.1
      2019-11-15 19:26:09,247+0000 WARN [qtp2101147842-545] node2 csreporo org.sonatype.nexus.repository.httpbridge.internal.ViewServlet - Failure servicing: GET /repository/yum-all/kafka/repodata/repomd.xml
      java.lang.RuntimeException: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in prolog.
      at org.sonatype.nexus.repository.yum.internal.proxy.YumProxyFacetImpl.processRepomd(YumProxyFacetImpl.java:181)

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            rseddon Rich Seddon
            Last Updated By:
            Joe Tom Joe Tom
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title