Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-34567

repo 2: nuget packages with DOWNLOADCOUNT metadata larger than Integer.MAX_VALUE fail to be proxied

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.14.20
    • Fix Version/s: None
    • Component/s: NuGet
    • Labels:
    • Notability:
      3

      Description

      Create a proxy to the official NuGet gallery in Repository 2.14.20

      Try to download a NuGet package that has a DOWNLOADCOUNT metadata value larger than Java Integer MAX_VALUE. This fails.

      Example package with the problem:

      https://www.nuget.org/api/v2/package/Microsoft.NETCore.Platforms/1.1.1

      Example Repo 2 request to a group repo:

      127.0.0.1 - admin [05/Aug/2022:13:29:38 -0500] "GET /nexus/service/local/nuget/Nuget/Packages(Id='Microsoft.NETCore.Platforms',Version='1.1.1') HTTP/1.1" 404 260 277

      nexus.log WARN message as of time of log message:

      2022-08-05 13:29:38 WARN  [p1930979845-244] - com.sonatype.nexus.plugins.nuget.odata.ODataNugetGallery - Problem updating NuGet package in: Nuget
      java.lang.NumberFormatException: For input string: "2175916659"
        at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
        at java.lang.Integer.parseInt(Integer.java:583)
        at java.lang.Integer.parseInt(Integer.java:615)
        at com.sonatype.nexus.plugins.nuget.odata.ODataNugetGallery.put(ODataNugetGallery.java:435)
        at com.sonatype.nexus.plugins.nuget.passthrough.PassThroughNugetGallery$2.consume(PassThroughNugetGallery.java:190)
        at com.sonatype.nexus.plugins.nuget.odata.FeedSplicer.ended(FeedSplicer.java:108)
        at com.sonatype.nexus.plugins.nuget.odata.XmlSplicer.consume(XmlSplicer.java:81)
        at com.sonatype.nexus.plugins.nuget.odata.FeedSplicer.consumePage(FeedSplicer.java:57)
        at com.sonatype.nexus.plugins.nuget.feed.NugetFeedFetcher.cachePackageFeed(NugetFeedFetcher.java:78)
        at com.sonatype.nexus.plugins.nuget.passthrough.PassThroughNugetGallery.entry(PassThroughNugetGallery.java:186)
        at com.sonatype.nexus.plugins.nuget.rest.NugetGalleryResource.get(NugetGalleryResource.java:161)
        at org.sonatype.plexus.rest.resource.RestletResource.represent(RestletResource.java:233)
        at org.sonatype.nexus.rest.NexusRestletResource.represent(NexusRestletResource.java:39)
        at org.restlet.resource.Resource.getRepresentation(Resource.java:302)
        at org.restlet.resource.Resource.handleGet(Resource.java:464)
        at org.restlet.Finder.handle(Finder.java:353)
      

      The line of code failing does this:

      Integer.parseInt(data.get("DOWNLOADCOUNT"))

      another line of code does this ( which may eventually fail in a similar way )

      Integer.parseInt(data.get("VERSIONDOWNLOADCOUNT"))

      Expected

      NuGet packages with metadata values larger than Integer.MAX_VALUE should be parsed proxied successfully.

      On upgrade to a product version with the fix, ensure the database columns can store values large than Integer.MAX_VALUE

      Possible Workaround

      Upgrade to Repo 3.

      If stuck on Repo 2, NuGet packages affected could be downloaded manually from nuget.org and then uploaded into a hosted NuGet repo. Then put that hosted nuget repo ahead of the proxy repo in the group repository member repo list.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Michael Oliverio Michael Oliverio
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                tigCommentSecurity.panel-title