Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-29192

Better means for preventing information leakage of internal artifact names?

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None

      Description

      Information leakage is a known problem with nexus and other repository-proxies: the queries of company or other secure domain artifacts get easily proxied to external repositories, which may reveal secrets:

       

      Could there be any better means to prevent this information leakage than the "Routing rules" or other sorts of manually configured filtering rules? The problem with "Routing rules" are: it requires manual configuration, it requires naming policy and it requires that users know and remember to follow the naming policy.

       

      For example:

      A sort of "Download Remote Indexes"-feature (which was dropped in Nexus3) could make it possible to not let any of the artifact-queries leave the secure domain and hit the external repositories - the artifacts could be queried against the local index only. Secondly, there could be an option that any artifacts found in the hosted(internal) repositories would never be requested from any external repositories. Together these two features could make a pretty easily configurable secure setup with no policy following required by the users. The first one would prevent alll direct artifact queries (including any typo-containing, or non-released, or snapshot ) against the external repositories, but would still leave a supply chain attack by someone uploading an evil artifact with a known internal artifact name. The second feature would prevent that supply chain attack, by serving the internal artifacts(releases/snapshots) only from the internal hosted repository.

       

      Would that example seem viable to implement? Or would there be any better ideas to have a more secure by default configuration, that would not require manual filters/rules and setting&following naming policies?

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              karniemi Kari J. Niemi
              Last Updated By:
              Michael Prescott Michael Prescott
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title