From 522acbc5d5af36fb358d208d769e017825fa05ed Mon Sep 17 00:00:00 2001 From: agrasth Date: Mon, 15 Dec 2025 14:25:06 +0530 Subject: [PATCH 1/4] Fix for Security Violations --- httpClient/build.gradle | 2 +- services/build.gradle | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/httpClient/build.gradle b/httpClient/build.gradle index de6d80c6..b5ca94e0 100644 --- a/httpClient/build.gradle +++ b/httpClient/build.gradle @@ -8,5 +8,5 @@ repositories { dependencies { testImplementation group: 'org.testng', name: 'testng', version: '7.5.1' - testImplementation group: 'com.github.tomakehurst', name: 'wiremock-jre8', version: '2.35.0' + testImplementation group: 'com.github.tomakehurst', name: 'wiremock-jre8', version: '2.35.2' } \ No newline at end of file diff --git a/services/build.gradle b/services/build.gradle index be76d9c8..0d7a2dac 100644 --- a/services/build.gradle +++ b/services/build.gradle @@ -15,7 +15,7 @@ dependencies { * https://github.com/jfrog/artifactory-client-java/issues/43 * https://github.com/jfrog/artifactory-client-java/issues/232 */ - testRuntimeOnly group: 'ch.qos.logback', name: 'logback-classic', version: '1.3.15' + testRuntimeOnly group: 'ch.qos.logback', name: 'logback-classic', version: '1.3.16' } task createReleasePropertiesFile(type: Exec) { From d1e0cdd5da131203629a14d75fa5ff054b18173e Mon Sep 17 00:00:00 2001 From: agrasth Date: Thu, 18 Dec 2025 14:38:40 +0530 Subject: [PATCH 2/4] Fix virtual repository package type mismatch in tests - Virtual repositories now use child repositories with matching package types - Fixes test failures for CustomPropertiesRepositoryTests, P2PackageTypeRepositoryTests, and TerraformPackageTypeRepositoryTests - Resolves issue where virtual repos tried to include Generic repos when they had specific package types (Composer, P2, Terraform) --- .../client/BaseRepositoryTests.groovy | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy b/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy index c495bd5e..be66667a 100644 --- a/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy +++ b/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy @@ -153,10 +153,25 @@ abstract class BaseRepositoryTests extends ArtifactoryTestsBase { } if (prepareVirtualRepo) { - RepositorySettings settings = getRepositorySettings(RepositoryTypeImpl.VIRTUAL) - artifactory.repositories().create(0, genericRepo) + RepositorySettings virtualSettings = getRepositorySettings(RepositoryTypeImpl.VIRTUAL) def repos = new ArrayList() - repos.add(genericRepo.getKey()) + + // Determine which repository to use for the virtual repo + // For package types that don't support local repos (like P2), use remote repo + // Otherwise, create a local repo with matching package type + if (prepareLocalRepo && localRepo != null) { + // Use the existing local repo if it's prepared + artifactory.repositories().create(0, localRepo) + repos.add(localRepo.getKey()) + } else if (prepareRemoteRepo && remoteRepo != null) { + // Use remote repo for package types that don't support local repos (e.g., P2) + artifactory.repositories().create(0, remoteRepo) + repos.add(remoteRepo.getKey()) + } else if (prepareGenericRepo && genericRepo != null) { + // Fallback to generic repo + artifactory.repositories().create(0, genericRepo) + repos.add(genericRepo.getKey()) + } virtualRepo = artifactory.repositories().builders().virtualRepositoryBuilder() .key("$REPO_NAME_PREFIX-virtual-$id") @@ -166,9 +181,9 @@ abstract class BaseRepositoryTests extends ArtifactoryTestsBase { .excludesPattern("org/${rnd.nextInt()}/**") .includesPattern("org/${rnd.nextInt()}/**") .repositories(repos) - .repositorySettings(settings) + .repositorySettings(virtualSettings) .customProperties(customProperties) - .defaultDeploymentRepo(repos.last()) + .defaultDeploymentRepo(repos.isEmpty() ? null : repos.last()) .build() } } From f0361ac8f23b938c4c35e73aafdea1a8548f81a9 Mon Sep 17 00:00:00 2001 From: agrasth Date: Thu, 18 Dec 2025 15:00:19 +0530 Subject: [PATCH 3/4] Fix: Create dedicated repo for virtual instead of reusing localRepo - Creates a separate repository for virtual repos to avoid naming conflicts - Prevents "Case insensitive repository key already exists" error - Repository key is now "rt-client-java-for-virtual-{id}" instead of reusing "rt-client-java-local-{id}" --- .../client/BaseRepositoryTests.groovy | 41 +++++++++++++++---- 1 file changed, 32 insertions(+), 9 deletions(-) diff --git a/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy b/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy index be66667a..db720483 100644 --- a/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy +++ b/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy @@ -155,22 +155,40 @@ abstract class BaseRepositoryTests extends ArtifactoryTestsBase { if (prepareVirtualRepo) { RepositorySettings virtualSettings = getRepositorySettings(RepositoryTypeImpl.VIRTUAL) def repos = new ArrayList() + Repository repoForVirtual = null // Determine which repository to use for the virtual repo // For package types that don't support local repos (like P2), use remote repo - // Otherwise, create a local repo with matching package type - if (prepareLocalRepo && localRepo != null) { - // Use the existing local repo if it's prepared - artifactory.repositories().create(0, localRepo) - repos.add(localRepo.getKey()) + // Otherwise, create a dedicated local repo with matching package type + if (prepareLocalRepo) { + // Create a dedicated local repo for virtual repo with matching package type + RepositorySettings localSettingsForVirtual = getRepositorySettings(RepositoryTypeImpl.LOCAL) + XraySettings virtualXraySettings = new XraySettingsImpl() + repoForVirtual = artifactory.repositories().builders().localRepositoryBuilder() + .key("$REPO_NAME_PREFIX-for-virtual-$id") + .description("for-virtual-$id") + .notes("notes-${rnd.nextInt()}") + .archiveBrowsingEnabled(rnd.nextBoolean()) + .blackedOut(rnd.nextBoolean()) + .excludesPattern("org/${rnd.nextInt()}/**") + .includesPattern("org/${rnd.nextInt()}/**") + .propertySets(Collections.emptyList()) + .repositorySettings(localSettingsForVirtual) + .xraySettings(virtualXraySettings) + .customProperties(customProperties) + .build() + artifactory.repositories().create(0, repoForVirtual) + repos.add(repoForVirtual.getKey()) } else if (prepareRemoteRepo && remoteRepo != null) { // Use remote repo for package types that don't support local repos (e.g., P2) - artifactory.repositories().create(0, remoteRepo) - repos.add(remoteRepo.getKey()) + repoForVirtual = remoteRepo + artifactory.repositories().create(0, repoForVirtual) + repos.add(repoForVirtual.getKey()) } else if (prepareGenericRepo && genericRepo != null) { // Fallback to generic repo - artifactory.repositories().create(0, genericRepo) - repos.add(genericRepo.getKey()) + repoForVirtual = genericRepo + artifactory.repositories().create(0, repoForVirtual) + repos.add(repoForVirtual.getKey()) } virtualRepo = artifactory.repositories().builders().virtualRepositoryBuilder() @@ -185,6 +203,11 @@ abstract class BaseRepositoryTests extends ArtifactoryTestsBase { .customProperties(customProperties) .defaultDeploymentRepo(repos.isEmpty() ? null : repos.last()) .build() + + // Store reference to the repo created for virtual for cleanup + if (!prepareGenericRepo && repoForVirtual != null) { + genericRepo = repoForVirtual + } } } From a962a886936162d9b1b8d00238f9ae8050fa8b32 Mon Sep 17 00:00:00 2001 From: agrasth Date: Thu, 18 Dec 2025 16:15:22 +0530 Subject: [PATCH 4/4] Fix: Use correct package type settings and avoid repo conflicts - When LOCAL settings are null, use VIRTUAL settings to ensure correct package type - Create SEPARATE remote repo for virtual (rt-client-java-remote-for-virtual-*) to avoid conflicts with test methods - Add dedicated repoForVirtual field for proper tracking and cleanup - Fixes TerraformVirtualRepo, P2RemoteRepo, and other package type mismatch issues --- .../client/BaseRepositoryTests.groovy | 56 ++++++++++++++----- 1 file changed, 42 insertions(+), 14 deletions(-) diff --git a/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy b/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy index db720483..e3b982ea 100644 --- a/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy +++ b/services/src/test/groovy/org/jfrog/artifactory/client/BaseRepositoryTests.groovy @@ -43,6 +43,7 @@ abstract class BaseRepositoryTests extends ArtifactoryTestsBase { protected Repository federatedRepo protected Repository remoteRepo protected Repository virtualRepo + protected Repository repoForVirtual // Dedicated repo for virtual repo child protected XraySettings xraySettings protected Map customProperties @@ -155,14 +156,15 @@ abstract class BaseRepositoryTests extends ArtifactoryTestsBase { if (prepareVirtualRepo) { RepositorySettings virtualSettings = getRepositorySettings(RepositoryTypeImpl.VIRTUAL) def repos = new ArrayList() - Repository repoForVirtual = null - // Determine which repository to use for the virtual repo - // For package types that don't support local repos (like P2), use remote repo - // Otherwise, create a dedicated local repo with matching package type + // Create a dedicated child repo for the virtual repo + // Use LOCAL settings if available, otherwise use VIRTUAL settings for package type compatibility if (prepareLocalRepo) { - // Create a dedicated local repo for virtual repo with matching package type RepositorySettings localSettingsForVirtual = getRepositorySettings(RepositoryTypeImpl.LOCAL) + // If LOCAL settings are null, use VIRTUAL settings to ensure correct package type + if (localSettingsForVirtual == null) { + localSettingsForVirtual = virtualSettings + } XraySettings virtualXraySettings = new XraySettingsImpl() repoForVirtual = artifactory.repositories().builders().localRepositoryBuilder() .key("$REPO_NAME_PREFIX-for-virtual-$id") @@ -179,9 +181,39 @@ abstract class BaseRepositoryTests extends ArtifactoryTestsBase { .build() artifactory.repositories().create(0, repoForVirtual) repos.add(repoForVirtual.getKey()) - } else if (prepareRemoteRepo && remoteRepo != null) { - // Use remote repo for package types that don't support local repos (e.g., P2) - repoForVirtual = remoteRepo + } else if (prepareRemoteRepo) { + // For package types that don't support local repos (e.g., P2), create a SEPARATE remote repo + RepositorySettings remoteSettingsForVirtual = getRepositorySettings(RepositoryTypeImpl.REMOTE) + ContentSync contentSync = new ContentSyncImpl() + repoForVirtual = artifactory.repositories().builders().remoteRepositoryBuilder() + .key("$REPO_NAME_PREFIX-remote-for-virtual-$id") + .description("remote-for-virtual-$id") + .notes("notes-${rnd.nextInt()}") + .allowAnyHostAuth(rnd.nextBoolean()) + .archiveBrowsingEnabled(rnd.nextBoolean()) + .assumedOfflinePeriodSecs(rnd.nextLong()) + .enableCookieManagement(rnd.nextBoolean()) + .excludesPattern("org/${rnd.nextInt()}/**") + .failedRetrievalCachePeriodSecs(rnd.nextInt()) + .hardFail(rnd.nextBoolean()) + .includesPattern("org/${rnd.nextInt()}/**") + .missedRetrievalCachePeriodSecs(rnd.nextInt()) + .offline(rnd.nextBoolean()) + .password("password_${rnd.nextInt()}") + .propertySets(Collections.emptyList()) + .retrievalCachePeriodSecs(rnd.nextInt()) + .shareConfiguration(rnd.nextBoolean()) + .socketTimeoutMillis(rnd.nextInt()) + .storeArtifactsLocally(ObjectUtils.defaultIfNull(storeArtifactsLocallyInRemoteRepo, rnd.nextBoolean())) + .synchronizeProperties(rnd.nextBoolean()) + .unusedArtifactsCleanupPeriodHours(Math.abs(rnd.nextInt())) + .url(remoteRepoUrl) + .username("user_${rnd.nextInt()}") + .repositorySettings(remoteSettingsForVirtual) + .xraySettings(xraySettings) + .contentSync(contentSync) + .customProperties(customProperties) + .build() artifactory.repositories().create(0, repoForVirtual) repos.add(repoForVirtual.getKey()) } else if (prepareGenericRepo && genericRepo != null) { @@ -203,18 +235,14 @@ abstract class BaseRepositoryTests extends ArtifactoryTestsBase { .customProperties(customProperties) .defaultDeploymentRepo(repos.isEmpty() ? null : repos.last()) .build() - - // Store reference to the repo created for virtual for cleanup - if (!prepareGenericRepo && repoForVirtual != null) { - genericRepo = repoForVirtual - } } } @AfterMethod protected void tearDown() { // Invoking sequence is important! Delete in reverse dependency order - deleteRepoWithRetry(virtualRepo?.getKey()) // Delete virtual repo first (depends on generic) + deleteRepoWithRetry(virtualRepo?.getKey()) // Delete virtual repo first (depends on others) + deleteRepoWithRetry(repoForVirtual?.getKey()) // Delete the dedicated repo for virtual deleteRepoWithRetry(federatedRepo?.getKey()) deleteRepoWithRetry(remoteRepo?.getKey()) deleteRepoWithRetry(localRepo?.getKey())