[RTFACT-8032] Setting a bad S3 endpoint can delete filestore if eventual/_add symlink is set Created: 26/Aug/15  Updated: 14/Nov/17  Resolved: 15/Oct/15

Status: Resolved
Project: Artifactory Binary Repository
Component/s: Filestore
Affects Version/s: 3.9.4, 4.0.2
Fix Version/s: 4.2.0

Type: Bug Priority: Critical
Reporter: Aaron Rhodes Assignee: Gidi Shabat
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Duplicate
Assigned QA: Dima Nevelev (Inactive)

 Description   

If you set an S3 endpoint in your storage.properties file and that endpoint goes to a page that returns 200 (like standard HTML like a login page) then Artifactory will see the 200 when checking if a file exists on the bucket, take that as confirmed file exists, skip uploading and delete it from the filestore. This has the effect of deleting the whole filestore. If no backup was made this could cause a serious situation.

We need to check that the endpoint is valid before performing any filesync or some other logical way to prevent this.



 Comments   
Comment by Daniel Keler [ 15/Oct/15 ]

Fixed
Exception is thrown in Runtime. No files excluded. Folder s3-startup is created for the transaction.

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'webAddonsImpl': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: org.artifactory.api.config.CentralConfigService org.artifactory.addon.web.WebAddonsImpl.centralConfigService; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'centralConfig': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private org.artifactory.api.security.AuthorizationService org.artifactory.config.CentralConfigServiceImpl.authService; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityServiceImpl': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private org.artifactory.repo.service.InternalRepositoryService org.artifactory.security.SecurityServiceImpl.repositoryService; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'repositoryServiceImpl': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private org.artifactory.api.request.UploadService org.artifactory.repo.service.RepositoryServiceImpl.uploadService; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'uploadServiceImpl': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private org.artifactory.storage.binstore.service.BinaryStore org.artifactory.engine.UploadServiceImpl.binaryStore; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'binaryStoreImpl': Invocation of init method failed; nested exception is java.lang.RuntimeException: Failed to test connection with s3.
Generated at Tue Jan 21 12:29:49 UTC 2020 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.