Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-23487

PyPI repository returns 500 error response if remote returns an invalid response.

    XMLWordPrintable

Details

    • 2
    • 2

    Description

      Create a PyPi group repository with a hosted repository, and a proxy to http://pypi.org, and also a PyPi proxy to https://anaconda.org (yes, I know that isn't valid).

      Now send a request for an index file to the group repository for an index that doesn't exist, e.g. "/simple/notthere".

      Observe that a 500 response is received. The logs show:

      2020-04-13 08:09:49,027-0500 WARN  [qtp63401444-255] admin org.sonatype.nexus.repository.httpbridge.internal.ViewServlet - Failure servicing: GET /repository/pypi-group/simple/notthere/
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
	at java.lang.String.substring(String.java:1967)
	at org.sonatype.nexus.repository.pypi.internal.PyPiFileUtils.extractVersionFromFilename(PyPiFileUtils.java:99)
	at org.sonatype.nexus.repository.pypi.internal.PyPiIndexUtils.lambda$2(PyPiIndexUtils.java:170)
	at org.sonatype.nexus.repository.pypi.internal.PyPiIndexUtils.makeLinksRelative(PyPiIndexUtils.java:144)
	at org.sonatype.nexus.repository.pypi.internal.PyPiIndexUtils.makePackageLinksNexusPaths(PyPiIndexUtils.java:168)
	at org.sonatype.nexus.repository.pypi.internal.PyPiIndexUtils.makeIndexLinksNexusPaths(PyPiIndexUtils.java:158)
	at org.sonatype.nexus.repository.pypi.internal.PyPiProxyFacetImpl.rewriteIndex(PyPiProxyFacetImpl.java:358)
	at org.sonatype.nexus.repository.pypi.internal.PyPiProxyFacetImpl.store(PyPiProxyFacetImpl.java:143)
	at org.sonatype.nexus.repository.proxy.ProxyFacetSupport.doGet(ProxyFacetSupport.java:271)
	at org.sonatype.nexus.repository.proxy.ProxyFacetSupport.lambda$1(ProxyFacetSupport.java:245)
	at org.sonatype.nexus.common.io.CooperatingFuture.performCall(CooperatingFuture.java:122)

      Expected: An invalid response from a proxy's remote should not result in a 500 response from a group or proxy repository. It should result in a 404 response.

      This is a regression, and it is causing breakage in existing systems that used to work after upgrade. Additionally, this 500 response seems to abort processing of other members in a repository group.
       

      Attachments

        Issue Links

          testing discovered

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-23673 Non-existant group index 200s not 404s

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • New

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-23671 index file header has a character cutoff

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • New

          Activity

            People

              mpiggott Matthew Piggott
              rseddon Rich Seddon
              Michael Oliverio Michael Oliverio
              NXRM - Groot
              Votes:
              2 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                tigCommentSecurity.panel-title