Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-19791

Npm audit fails with 500 response in case artifactory didn't got response from Xray in time.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: 2 - Critical
    • Resolution: Done
    • Affects Version/s: 6.11.3
    • Fix Version/s: 6.13.0
    • Component/s: NPM
    • Labels:
      None
    • Severity:
      Critical

      Description

      In case Artifactory didn't get response in time from Xray and the socket connection have been closed, the client will receive 500 response and not partial results in case of existence (for example from npmjs).

      Steps to reproduce the issue:

      1. Install Artifactory with connection to Xray.
      2. Create npm package (package.json file) with a lot of dependencies. 
      3. Install the package from step 2.
      4. Execute npm audit on the package from step 2.

      Workaround:

      Increase the Xray Artifactory connection socket timeout, in the following line with higher value (5000 is the default) to the $ART_HOME/etc/artifactory.system.properties file and restart the server:

      artifactory.xray.client.normal.socket.timeout.millis=5000

       

      2019-07-30 15:13:17,736 [http-nio-8081-exec-5] [DEBUG] (o.j.x.c.a.XrayNpmAuditHandlerImpl:34) - fetching npm full audit report from Xray
2019-07-30 15:13:22,747 [http-nio-8081-exec-5] [ERROR] (o.j.x.c.a.XrayNpmAuditHandlerImpl:53) - Failed to retrieve npm audit from Xray : Read timed out
2019-07-30 15:13:22,765 [http-nio-8081-exec-5] [DEBUG] (o.j.x.c.a.XrayNpmAuditHandlerImpl:54) - Failed to retrieve npm audit from Xray
java.net.SocketTimeoutException: Read timed out
  at java.base/java.net.SocketInputStream.socketRead0(Native Method)
  at java.base/java.net.SocketInputStream.socketRead(SocketInputStream.java:115)
  at java.base/java.net.SocketInputStream.read(SocketInputStream.java:168)
  at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140)
  at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:139)
  at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:155)
  at org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:284)
  at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
  at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
  at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:261)
  at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:165)
  at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:167)
  at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:272)
  at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:124)
  at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:271)
  at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
  at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
  at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
  at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71)
  at org.jfrog.client.http.CloseableHttpClientDecorator.doExecute(CloseableHttpClientDecorator.java:107)
  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
  at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
  at org.jfrog.xray.client.http.XrayHttpClientImpl.executeRequest(XrayHttpClientImpl.java:204)
  at org.jfrog.xray.client.http.XrayHttpClientImpl.postWithDirectResponse(XrayHttpClientImpl.java:101)
  at org.jfrog.xray.client.audit.XrayNpmAuditHandlerImpl.audit(XrayNpmAuditHandlerImpl.java:45)
  at org.artifactory.addon.xray.XrayServiceImpl.npmAuditReport(XrayServiceImpl.java:412)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.base/java.lang.reflect.Method.invoke(Method.java:566)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:201)
  at com.sun.proxy.$Proxy272.npmAuditReport(Unknown Source)
  at org.artifactory.addon.xray.XrayAddonImpl.npmAuditReport(XrayAddonImpl.java:529)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.base/java.lang.reflect.Method.invoke(Method.java:566)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:201)
  at com.sun.proxy.$Proxy274.npmAuditReport(Unknown Source)
  at org.artifactory.addon.npm.repo.audit.NpmAuditFetcher.fetchAuditFromXray(NpmAuditFetcher.java:57)
  at org.artifactory.addon.npm.repo.audit.NpmAuditHandler.handleRemoteAndXray(NpmAuditHandler.java:174)
  at org.artifactory.addon.npm.repo.audit.NpmAuditHandler.fetchAndCache(NpmAuditHandler.java:135)
  at org.artifactory.addon.npm.repo.audit.NpmAuditHandler.handle(NpmAuditHandler.java:91)
  at org.artifactory.addon.npm.rest.NpmRequestHelper.audits(NpmRequestHelper.java:178)
  at org.artifactory.addon.npm.rest.NpmResource.audits(NpmResource.java:117)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.base/java.lang.reflect.Method.invoke(Method.java:566)
  at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
  at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
  at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
  at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
  at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:103)
  at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:493)
  at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:415)
  at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:104)
  at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:277)
  at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272)
  at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268)
  at org.glassfish.jersey.internal.Errors.process(Errors.java:316)
  at org.glassfish.jersey.internal.Errors.process(Errors.java:298)
  at org.glassfish.jersey.internal.Errors.process(Errors.java:268)
  at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:289)
  at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:256)
  at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:703)
  at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:416)
  at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:370)
  at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:389)
  at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:342)
  at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:229)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at org.artifactory.webapp.servlet.RepoFilter.execute(RepoFilter.java:122)
  at org.artifactory.webapp.servlet.RepoFilter.doFilter(RepoFilter.java:97)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at org.artifactory.webapp.servlet.authentication.ArtifactoryAuthenticationFilterChain.lambda$doFilter$1(ArtifactoryAuthenticationFilterChain.java:135)
  at org.artifactory.webapp.servlet.authentication.PropsAuthenticationFilter.doFilter(PropsAuthenticationFilter.java:131)
  at org.artifactory.webapp.servlet.authentication.ArtifactoryAuthenticationFilterChain.doFilter(ArtifactoryAuthenticationFilterChain.java:171)
  at org.artifactory.webapp.servlet.AccessFilter.authenticateAndExecute(AccessFilter.java:311)
  at org.artifactory.webapp.servlet.AccessFilter.doFilterInternal(AccessFilter.java:208)
  at org.artifactory.webapp.servlet.AccessFilter.doFilter(AccessFilter.java:167)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at org.artifactory.webapp.servlet.RequestFilter.doFilter(RequestFilter.java:77)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at org.artifactory.webapp.servlet.ArtifactoryCsrfFilter.doFilter(ArtifactoryCsrfFilter.java:85)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at org.springframework.session.web.http.SessionRepositoryFilter.doFilterInternal(SessionRepositoryFilter.java:164)
  at org.springframework.session.web.http.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:80)
  at org.artifactory.webapp.servlet.SessionFilter.doFilter(SessionFilter.java:62)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at org.artifactory.webapp.servlet.ArtifactoryFilter.doFilter(ArtifactoryFilter.java:124)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
  at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
  at org.apache.catalina.valves.rewrite.RewriteValve.invoke(RewriteValve.java:279)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
  at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
  at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
  at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
  at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
  at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
  at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
  at java.base/java.lang.Thread.run(Thread.java:834)
2019-07-30 15:13:22,767 [http-nio-8081-exec-5] [ERROR] (o.a.a.n.r.a.NpmAuditFetcher:60) - Failed to retrieve npm audit report from Xray
2019-07-30 15:13:22,768 [http-nio-8081-exec-5] [ERROR] (o.a.a.n.r.a.NpmAuditHandler:176) - Managed to fetch full npm audit report from https://registry.npmjs.org but not from Xray - status: 500 error: Failed to retrieve npm audit report from Xray
2019-07-30 15:13:22,768 [http-nio-8081-exec-5] [ERROR] (o.a.a.n.r.NpmRequestHelper:183) - Failed to fetch audit report for repo npm. status: 500 cause: Failed to retrieve npm audit report from Xray

        Attachments

          Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task RTFACT-19790 Increase the Xray socket timeout from the default 5000 milliseconds.

          • 3 - High - Impacts behavior significantly with no easy workaround provided
          • Done

            Activity

              People

              Assignee:
              Dudim Dudi Morad (Inactive)
              Reporter:
              yehudah Yehuda Hadad
              Votes:
              2 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Sync Status

                  Connection: RTFACT Sync
                  RTMID-19791 -
                  SYNCHRONIZED
                  • Last Sync Date: