Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-7604

Nexus requests checksums for a file even when the original file fails content validation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.10
    • Fix Version/s: None
    • Component/s: Maven, Proxy Repository
    • Labels:
      None

      Description

      Request a not-locally cached file through a Maven 2 proxy repository which fails content validation. Nexus still requests the sha1 for the file.

      The good news is that the sha1/attributes file does not appear to be persisted in local storage.

      jvm 1    | 2014-10-22 09:26:42,864-0300 DEBUG [qtp1935993203-108]  org.eclipse.jetty.server.Server - REQUEST /nexus/content/repositories/atlassian/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar on AsyncHttpConnection@2c58a5fb,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-5,l=10,c=0},r=53
      jvm 1    | 2014-10-22 09:26:42,868-0300 DEBUG [qtp1935993203-108] admin org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: ignoreCookies
      jvm 1    | 2014-10-22 09:26:42,868-0300 DEBUG [qtp1935993203-108] admin org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
      jvm 1    | 2014-10-22 09:26:42,868-0300 DEBUG [qtp1935993203-108] admin org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://maven.atlassian.com:443
      jvm 1    | 2014-10-22 09:26:42,869-0300 DEBUG [qtp1935993203-108] admin org.apache.http.impl.conn.HttpClientConnectionOperator - Connecting to maven.atlassian.com/131.103.28.6:443
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.impl.conn.HttpClientConnectionOperator - Connection established 192.168.2.97:61156<->131.103.28.6:443
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.impl.execchain.MainClientExec - Executing request GET /content/groups/public/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar HTTP/1.1
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> GET /content/groups/public/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar HTTP/1.1
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Accept: */*
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Accept-Language: en-us
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Accept-Encoding: gzip,deflate,identity
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Cache-Control: no-cache
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Host: maven.atlassian.com
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Connection: Keep-Alive
      jvm 1    | 2014-10-22 09:26:42,936-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> User-Agent: Nexus/2.10.0-02 (PRO; Mac OS X; 10.10; x86_64; 1.8.0_25) apacheHttpClient4x/2.10.0-02
      jvm 1    | 2014-10-22 09:26:43,112-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << HTTP/1.1 200 OK
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Server: nginx
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Date: Wed, 22 Oct 2014 12:26:43 GMT
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Content-Type: application/java-archive
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Content-Length: 35343
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Connection: keep-alive
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << X-Frame-Options: SAMEORIGIN
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << X-Content-Type-Options: nosniff
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Accept-Ranges: bytes
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << ETag: "{SHA1{3e0363261d29f60fef9f1cfb3fe3c50735820ff5}}"
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Last-Modified: Thu, 16 Oct 2014 04:10:43 GMT
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 21-Oct-2014 12:26:42 GMT
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Strict-Transport-Security: max-age=31536000
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive for 30000 MILLISECONDS
      jvm 1    | 2014-10-22 09:26:43,113-0300 DEBUG [qtp1935993203-108] admin remote.storage.outbound - [atlassian] GET https://maven.atlassian.com/content/groups/public/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar - 245.3 ms
      jvm 1    | 2014-10-22 09:26:43,192-0300 INFO  [qtp1935993203-108] admin org.sonatype.nexus.proxy.maven.MavenFileTypeValidator - StorageFileItem atlassian:/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar MIME-magic validation failed: expected MIME types: [application/java-archive], detected MIME types: [application/x-msdownload, application/x-msdownload, application/octet-stream]
      jvm 1    | 2014-10-22 09:26:43,192-0300 INFO  [qtp1935993203-108] admin org.sonatype.nexus.proxy.repository.validator.DefaultFileTypeValidatorHub - File item atlassian:/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar evaluated as INVALID during file type validation (validator=maven)
      jvm 1    | 2014-10-22 09:26:43,193-0300 INFO  [qtp1935993203-108] admin org.sonatype.nexus.proxy.maven.maven2.M2Repository - Proxied item atlassian:/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar evaluated as INVALID during content validation (validator=filetypevalidator, sourceUrl=https://maven.atlassian.com/content/groups/public/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar)
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: ignoreCookies
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.impl.execchain.MainClientExec - Executing request GET /content/groups/public/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar.sha1 HTTP/1.1
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> GET /content/groups/public/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar.sha1 HTTP/1.1
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Accept: */*
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Accept-Language: en-us
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Accept-Encoding: gzip,deflate,identity
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Cache-Control: no-cache
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Host: maven.atlassian.com
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> Connection: Keep-Alive
      jvm 1    | 2014-10-22 09:26:43,193-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 >> User-Agent: Nexus/2.10.0-02 (PRO; Mac OS X; 10.10; x86_64; 1.8.0_25) apacheHttpClient4x/2.10.0-02
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << HTTP/1.1 200 OK
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Server: nginx
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Date: Wed, 22 Oct 2014 12:26:43 GMT
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Content-Type: text/plain
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Content-Length: 56
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Connection: keep-alive
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << X-Frame-Options: SAMEORIGIN
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << X-Content-Type-Options: nosniff
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Accept-Ranges: bytes
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Last-Modified: Thu, 16 Oct 2014 04:10:43 GMT
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 21-Oct-2014 12:26:43 GMT
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Vary: Accept-Encoding
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Content-Encoding: gzip
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.headers - http-outgoing-12 << Strict-Transport-Security: max-age=31536000
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive for 30000 MILLISECONDS
      jvm 1    | 2014-10-22 09:26:43,228-0300 DEBUG [qtp1935993203-108] admin remote.storage.outbound - [atlassian] GET https://maven.atlassian.com/content/groups/public/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar.sha1 - 35.14 ms
      jvm 1    | 2014-10-22 09:26:43,249-0300 DEBUG [qtp1935993203-108]  org.eclipse.jetty.server.Server - RESPONSE /nexus/content/repositories/atlassian/com/atlassian/support/healthcheck/support-healthcheck-plugin/1.0.3/support-healthcheck-plugin-1.0.3.jar  404 handled=true
      jvm 1    | 2014-10-22 09:27:13,979-0300 DEBUG [HC4x-EvictingThread] *SYSTEM org.apache.http.impl.conn.CPool - Connection [id:12][route:{s}->https://maven.atlassian.com:443][state:null] expired @ Wed Oct 22 09:27:13 ADT 2014
      jvm 1    | 2014-10-22 09:27:13,980-0300 DEBUG [HC4x-EvictingThread] *SYSTEM org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-12: Close connection
      jvm 1    | 2014-10-22 09:37:29,503-0300 DEBUG [qtp1935993203-108]  org.eclipse.jetty.server.Server - REQUEST /nexus/service/local/status on AsyncHttpConnection@70fc5455,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-5,l=10,c=0},r=1
      jvm 1    | 2014-10-22 09:37:29,510-0300 DEBUG [qtp1935993203-108]  org.eclipse.jetty.server.Server - RESPONSE /nexus/service/local/status  200 handled=true
      j
      

      Expected: if content validation fails, do not then go request sha1/md5 files - this is uneeded overhead and there appears to be no valid reason to do this

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Joe Tom Joe Tom
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title