Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-25605

NuGet proxy repos to github package registry can fail query requests when accessed in a group repository

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.26.1
    • Fix Version/s: 3.29.0
    • Component/s: nuget-v3
    • Labels:
    • Notability:
      3

      Description

      Github Package Registry can serve NuGet Packages using the NuGet V3 protocol. That registry apparently enforces a query limit of 100 and will respond with a 400 status code if an attempt is made to exceed that limit. In certain cases, NXRM will modify the requested query limit to exceed 100 and thus trigger query failures. If the proxy repo is a group repo member, further group member processing will stop and the build making the request will fail.

      https://docs.github.com/en/free-pro-team@latest/packages/using-github-packages-with-your-projects-ecosystem/configuring-dotnet-cli-for-use-with-github-packages

      Reproduce

      Configure an NXRM NuGet proxy repository to a github package registry endpoint.
      If your dotnet client sends a request direct to NXRM proxy repository and includes a "take parameter value, that take value will get passed to the remote as is unaltered. If the value is <= 100, the query will work:

      Example where take=26 is sent into NXRM proxy repo:

      Example dotnet client originating inbound NXRM direct proxy repo request
      /repository/github-registry-proxy/v3/query/beta?q=asd&skip=0&take=26&prerelease=true&supportedFramework=.NETFramework,Version=v4.5.2
      

      However if you put that proxy repo into a group repo, and send the client request to the group repository, NXRM will modify the outbound request it sends to the proxy remote with a take parameter value = 250

      Example NXRM modified outbound proxy repo request when inbound was to a group repo
      /OWNER/query?skip=0&q=asd&take=250&prerelease=true&supportedFramework=.NETFramework%2CVersion%3Dv4.5.2
      

      The Github Package Registry will respond with a 400 status code and a response header of:

      X-Nuget-Warning: BAD_REQUEST:requested results size 250 exceeds max results per page 100.
      

      The error response code is ignored by NXRM and the response is attempted to be parsed as a valid query result. This results in a NullPointerException and the NuGet client will eventually receive a 500 status code failure from NXRM:

      2020-10-19 10:39:19,438-0700 WARN  [qtp1103545988-20693]  *UNKNOWN org.sonatype.nexus.repository.httpbridge.internal.ViewServlet - Failure servicing: GET /repository/nuget-v3-group/v3/query/beta?q=asd&skip=0&take=26&prerelease=true&supportedFramework=.NETFramework,Version=v4.5.2
      java.lang.NullPointerException: null
       at com.sonatype.nexus.repository.nuget.internal.v3.NugetProxySearchHandler.rewriteRegistrationUrls(NugetProxySearchHandler.java:108)
       at com.sonatype.nexus.repository.nuget.internal.v3.NugetProxySearchHandler.createPayload(NugetProxySearchHandler.java:87)
       at com.sonatype.nexus.repository.nuget.internal.v3.NugetProxySearchHandler.handle(NugetProxySearchHandler.java:79)
       at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
       at com.sonatype.nexus.repository.nuget.internal.v3.NugetServicesHandler.handle(NugetServicesHandler.java:34)
       at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
       at org.sonatype.nexus.repository.storage.UnitOfWorkHandler.handle(UnitOfWorkHandler.java:39)
       at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
       at org.sonatype.nexus.repository.routing.internal.RoutingRuleHandler.handle(RoutingRuleHandler.java:52)
       at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
       at org.sonatype.nexus.repository.security.SecurityHandler.handle(SecurityHandler.java:51)
       at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
       at com.sonatype.analytics.internal.handler.AnalyticsMeteringHandler.handle(AnalyticsMeteringHandler.java:69)
       at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
       at org.sonatype.nexus.repository.view.handlers.TimingHandler.handle(TimingHandler.java:58)
       at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
       at org.sonatype.nexus.repository.view.Context.start(Context.java:114)
       at org.sonatype.nexus.repository.view.Router.dispatch(Router.java:65)
       at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:52)
       at org.sonatype.nexus.repository.group.GroupHandler.getFirst(GroupHandler.java:134)
       at com.sonatype.nexus.repository.nuget.internal.v3.NugetV3GroupAbstractHandler.getFromRepository(NugetV3GroupAbstractHandler.java:132)
       at com.sonatype.nexus.repository.nuget.internal.v3.NugetV3GroupAbstractHandler.getRepositoryPayloads(NugetV3GroupAbstractHandler.java:65)
       at com.sonatype.nexus.repository.nuget.internal.v3.NugetV3GroupSearchHandler.doGet(NugetV3GroupSearchHandler.java:67)
       at org.sonatype.nexus.repository.group.GroupHandler.handle(GroupHandler.java:95)
       at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
       at com.sonatype.nexus.repository.nuget.internal.NugetSimpleHandlers.lambda$1(NugetSimpleHandlers.java:33)
       at org.sonatype.nexus.repository.view.Context.proceed(Context.java:80)
       at com.sonatype.nexus.repository.nuget.internal.NugetGroupVersionHandler.handle(NugetGroupVersionHandler.java:71)
      
      10.31.72.219 - - [19/Oct/2020:10:39:19 -0700] "GET /repository/nuget-v3-group/v3/query/beta?q=asd&skip=0&take=26&prerelease=true&supportedFramework=.NETFramework,Version=v4.5.2 HTTP/1.1" 500 - 1999 720 "NuGet Client V3/3.4.4.0 (Microsoft Windows NT 10.0.17134.0, VS Professional/14.0)" [qtp1103545988-20693]
      

      Workaround 1

      NEXUS-23597 introduced a property that can be used to alter the default 250 take value to some maximum the remote will accept without error:

      Edit etc/nexus.properties and add a line like this:

      nexus.nuget.v3.search.maxBucketSize=100
      

      Restart NXRM for changes to take effect.

      Workaround 2

      Alternately keep the affected proxy repos out of the group repository, and instead configure the dotnet sources to include both the group and the proxy repo individually.

      Expected

      • Do not send modified take values to the remote which will break the remote query. If altering the take values is required for internal NXRM technical reasons, document those reasons and provide a serviceable workaround not requiring a global all NuGet v3 proxy repos configuration change and NXRM restart for effect to allow the proxy repo to be made a working member of a group repo, or alter the implementation. ( this issue: NEXUS-25605 )
      • Proxy repos which work with direct requests should also work similarly with equivalent inbound requests through the group repo. ( this issue: NEXUS-25605 )

      Other Expectations

      • Always examine the remote registry response code and and react gracefully to parse any error payload ( handled by NEXUS-25608 ) or X-NuGet-Warning headers - log these with a summary log statement at WARN level. If DEBUG level is enabled, log the full stack trace. ( handled by NEXUS-25606 )
      • Do not block further group member repo processing if a single group repository encounters an Exception ( handled by NEXUS-25609 )

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              aishchenko Artem Ishchenko
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Joe Tom Joe Tom
              Team:
              NXRM - Trinity
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title