Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-9557

Rubygems proxy does not understand URL encoded QUERY_STRING

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 2.11.4
    • Fix Version/s: None
    • Component/s: RubyGems
    • Labels:
      None
    • Environment:
      RHEL 5, EXT4 FS

      Description

      Recent Ruby gem bundler ( >= 1.11.0 ) uses URL encoding for QUERY_STRINGs, which forces NEXUS OSS to throw 404 exceptions for the long (more than 255 bytes ) URIs.

      Example:
      Before bundler 1.11 the GET request looked like this:

      http://nexus1.local/content/groups/rubygems/api/v1/dependencies?gems=needle,jruby-pageant,echoe,net-ssh,spruz,hoe,json,net-scp,json_pure,minitest,ZenTest,termios,gemcutter,rubyforge,allison,rdoc,rake,highline,rcov,RubyInline,visionmedia-commander

      Nexus OSS rubygems plugin used "," character to split the QUERY_STRINGS into distinct gems and stored them one by one on a filesystem.

      After bundler 1.11.0 the GET request is URL encoded like
      http://nexus1.local/content/groups/rubygems/api/v1/dependencies?gems=needle%2Cjruby-pageant%2Cechoe%2Cnet-ssh%2Cspruz%2Choe%2Cjson%2Cnet-scp%2Cjson_pure%2Cminitest%2CZenTest%2Ctermios%2Cgemcutter%2Crubyforge%2Callison%2Crdoc%2Crake%2Chighline%2Crcov%2CRubyInline%2Cvisionmedia-commander

      Nexus OSS rubygems plugin does not decode the QUERY_STRING, and tries to store the whole QUERY_STRING as a long file, which is not allowed by a file system filename length constraint ( 255 bytes)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              timtkachenko@nbnco.com.au Artyom Tkachenko
              CC:
              Christian Meier
              Last Updated By:
              Peter Lynch
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title