Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-8032

Setting a bad S3 endpoint can delete filestore if eventual/_add symlink is set

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 3.9.4, 4.0.2
    • Fix Version/s: 4.2.0
    • Component/s: Filestore
    • Labels:
      None

      Description

      If you set an S3 endpoint in your storage.properties file and that endpoint goes to a page that returns 200 (like standard HTML like a login page) then Artifactory will see the 200 when checking if a file exists on the bucket, take that as confirmed file exists, skip uploading and delete it from the filestore. This has the effect of deleting the whole filestore. If no backup was made this could cause a serious situation.

      We need to check that the endpoint is valid before performing any filesync or some other logical way to prevent this.

        Attachments

          Activity

            People

            • Assignee:
              gidis Gidi Shabat
              Reporter:
              aaronr Aaron Rhodes
              Assigned QA:
              Dima Nevelev (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: