Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-31601

repository target patterns are migrated to content selectors with leading slash breaking the intended meaning

    Details

    • Story Points:
      3
    • Sprint:
      NXRM Sentinels Sprint 31
    • Notability:
      2
    • InvestmentLayer:
      customer-driven
    • Aha Concept:
      non-concept

      Description

      In Repo 2:

      • create a Maven type Repository Target with the following pattern
        .*/com/example/.*
        
      • create a repository target privilege based on that pattern and assign it to a user

      Use the Standard Migration Process, upgrade Repo 2 to Repo 3.

      The repository target pattern migrated from repo 2 will get converted into the following content selector in repo 3:

      format == "maven2" && path =~ "/.*/com/example/.*"
      

      The result is that in repo 2, this type of operation would have succeeded if the user assigned the privilege had write permission to the releases repo:

      PUT /repository/releases/com/example/artifact/1.2.0/artifact-1-2.0.pom

      In Repo 3 however, the content selector regular expression

      /.*/com/example/.*
      

      ... does not match that example path, therefore any assigned privileges will not take effect and result in 403 response.

      Expected

      Do not insert leading slash in regular expression based content selectors during migration if the repository target regular expression pattern did not include them. The effective translation should remain the same after upgrade.

        Attachments

          Activity

            People

            Assignee:
            orudyk Oleksii Rudyk
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Michael Prescott Michael Prescott
            Team:
            NXRM - Sentinels
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title