Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-27125

npm proxy repo audit requests may trigger IllegalStateException Missing org.sonatype.nexus.repository.view.matchers.token.TokenMatcher$State while getting cached content

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.29.2
    • Fix Version/s: None
    • Component/s: npm-audit
    • Labels:
    • Notability:
      n/a

      Description

      Audit requests to a npm proxy repo running 3.29.2 was noticed to cause 500 responses from NXRM and these messages in the nexus.log:

      2021-03-24 19:02:24,606+0000 ERROR [qtp890273202-2550366]  *UNKNOWN org.sonatype.nexus.repository.npm.internal.NpmAuditErrorHandler - java.util.concurrent.ExecutionException: java.lang.IllegalStateException: Missing: org.sonatype.nexus.repository.view.matchers.token.TokenMatcher$State
      java.lang.RuntimeException: java.util.concurrent.ExecutionException: java.lang.IllegalStateException: Missing: org.sonatype.nexus.repository.view.matchers.token.TokenMatcher$State
      	at org.sonatype.nexus.repository.npm.internal.NpmAuditTarballFacet.download(NpmAuditTarballFacet.java:115)
      	at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.getAuditRepositoryComponents(NpmAuditFacet.java:313)
      	at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.getComponentsVulnerabilityFromRemoteServer(NpmAuditFacet.java:254)
      	at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.analyzeComponents(NpmAuditFacet.java:224)
      	at org.sonatype.nexus.repository.npm.internal.NpmAuditFacet.audit(NpmAuditFacet.java:163)
      	at org.sonatype.nexus.repository.npm.internal.NpmAuditQuickHandler.handle(NpmAuditQuickHandler.java:41)
      	at org.sonatype.nexus.repository.view.Context.proceed(Context.java:88)
      	at org.sonatype.nexus.repository.npm.internal.NpmAuditErrorHandler.handle(NpmAuditErrorHandler.java:67)
      	at org.sonatype.nexus.repository.view.Context.proceed(Context.java:88)
      	at org.sonatype.nexus.repository.storage.UnitOfWorkHandler.handle(UnitOfWorkHandler.java:39)
      	at org.sonatype.nexus.repository.view.Context.proceed(Context.java:88)
      	at org.sonatype.nexus.repository.security.SecurityHandler.handle(SecurityHandler.java:51)
      	at org.sonatype.nexus.repository.view.Context.proceed(Context.java:88)
      	at com.sonatype.analytics.internal.handler.AnalyticsMeteringHandler.handle(AnalyticsMeteringHandler.java:69)
      	at org.sonatype.nexus.repository.view.Context.proceed(Context.java:88)
      	at org.sonatype.nexus.repository.view.handlers.TimingHandler.handle(TimingHandler.java:58)
      	at org.sonatype.nexus.repository.view.Context.proceed(Context.java:88)
      	at org.sonatype.nexus.repository.view.Context.start(Context.java:179)
      	at org.sonatype.nexus.repository.view.Router.dispatch(Router.java:65)
      	at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:52)
      	at org.sonatype.nexus.repository.view.ConfigurableViewFacet.dispatch(ConfigurableViewFacet.java:43)
      ...
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: java.util.concurrent.ExecutionException: java.lang.IllegalStateException: Missing: org.sonatype.nexus.repository.view.matchers.token.TokenMatcher$State
      	at java.util.concurrent.FutureTask.report(FutureTask.java:122)
      	at java.util.concurrent.FutureTask.get(FutureTask.java:192)
      	at org.sonatype.nexus.repository.npm.internal.NpmAuditTarballFacet.download(NpmAuditTarballFacet.java:111)
      	... 109 common frames omitted
      Caused by: java.lang.IllegalStateException: Missing: org.sonatype.nexus.repository.view.matchers.token.TokenMatcher$State
      	at com.google.common.base.Preconditions.checkState(Preconditions.java:508)
      	at org.sonatype.nexus.common.collect.AttributesMap.require(AttributesMap.java:223)
      	at org.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet.matcherState(OrientNpmProxyFacet.java:481)
      	at org.sonatype.nexus.repository.npm.internal.orient.OrientNpmProxyFacet.getCachedContent(OrientNpmProxyFacet.java:143)
      	at org.sonatype.nexus.repository.proxy.ProxyFacetSupport.maybeGetCachedContent(ProxyFacetSupport.java:375)
      	at org.sonatype.nexus.repository.proxy.ProxyFacetSupport.get(ProxyFacetSupport.java:235)
      	at org.sonatype.nexus.repository.npm.internal.NpmAuditTarballFacet.getComponentHashsum(NpmAuditTarballFacet.java:167)
      	at org.sonatype.nexus.repository.npm.internal.orient.OrientNpmAuditTarballFacet.getComponentHashsumForProxyRepo(OrientNpmAuditTarballFacet.java:61)
      	at org.sonatype.nexus.repository.npm.internal.NpmAuditTarballFacet.download(NpmAuditTarballFacet.java:147)
      	at org.sonatype.nexus.repository.npm.internal.NpmAuditTarballFacet.lambda$2(NpmAuditTarballFacet.java:102)
      	at org.sonatype.nexus.thread.internal.MDCAwareCallable.call(MDCAwareCallable.java:41)
      	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
      	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	... 1 common frames omitted
      

      The exact reproduce is not known yet and we only have one report of this. this issue filed for tracking and investigation.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Joe Tom Joe Tom
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title