Mistype audit attibutes mapping

[aborche]

Hello everyone!

Type for "attributes" in GlobalAuditWebhook mistype AuditData class

https://github.com/sonatype/nexus-public/blob/release-3.58.1-02/plugins/nexus-audit-plugin/src/main/java/org/sonatype/nexus/audit/internal/GlobalAuditWebhook.groovy#L78

https://github.com/sonatype/nexus-public/blob/release-3.58.1-02/components/nexus-audit/src/main/java/org/sonatype/nexus/audit/AuditData.java#L78

in GlobalAuditWebhook.groovy

    static class Audit
    {
      String domain

      String type

      String context

      Map<String, String> attributes
    }

in AuditData.java

private Map<String, Object> attributes = new LinkedHashMap<>();

In this case nexus throws error in some cases

{"timestamp":"2023-08-02 07:41:12,567+0000","nodeId":"215A3FE8-AF875DE8-7B9D8FA2-22818B4C-6F0AC91F","initiator":"*UNKNOWN/10.122.101.26","domain":"security.user","type":"authentication","thread":"qtp26727801-918","attributes":{"failureReasons":["INCORRECT_CREDENTIALS"],"wasSuccessful":false,"userId":"webdev_ci_user@corp.me","remoteIp":"10.122.101.26","userAgent":"docker/20.10.18 go/go1.18.6 git-commit/e42327a kernel/5.4.0-125-generic os/linux arch/amd64","path":"/repository/webdev-docker-snapshot/v2/webdev/me-site-ssr/manifests/sha256:ae3de7be501980f2e89567db2c6d3362c8155e2fc653396f69e2cdfc23e79ce7"}}

Error

2023-08-02 07:41:12,568+0000 ERROR [webhookService-3-thread-101]  *SYSTEM org.sonatype.nexus.internal.webhooks.WebhookServiceImpl - Failed to send webhook request:WebhookRequest{id='4f504bbf-e0e4-4b14-a8dd-2583b9a8ca92', webhook=rm:global:audit, payload=org.sonatype.nexus.audit.internal.GlobalAuditWebhook$AuditWebhookPayload@6eaf6002, url=http://gitlab-webhook-catcher.corp.me:8183/nexus-global-webhook}
com.fasterxml.jackson.databind.JsonMappingException: com.google.common.collect.Sets$2 cannot be cast to java.lang.String (through reference chain: org.sonatype.nexus.audit.internal.GlobalAuditWebhook$AuditWebhookPayload["audit"]->org.sonatype.nexus.audit.internal.GlobalAuditWebhook$AuditWebhookPayload$Audit["attributes"]->java.util.LinkedHashMap["failureReasons"])
    at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:402)
    at com.fasterxml.jackson.databind.JsonMappingException.wrapWithPath(JsonMappingException.java:361)
    at com.fasterxml.jackson.databind.ser.std.StdSerializer.wrapAndThrow(StdSerializer.java:316)
    at com.fasterxml.jackson.databind.ser.std.MapSerializer.serializeOptionalFields(MapSerializer.java:871)
    at com.fasterxml.jackson.databind.ser.std.MapSerializer.serializeWithoutTypeInfo(MapSerializer.java:760)
    at com.fasterxml.jackson.databind.ser.std.MapSerializer.serialize(MapSerializer.java:720)
    at com.fasterxml.jackson.databind.ser.std.MapSerializer.serialize(MapSerializer.java:35)
    at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:733)
    at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:774)
    at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:178)
    at com.fasterxml.jackson.databind.ser.BeanPropertyWriter.serializeAsField(BeanPropertyWriter.java:733)
    at com.fasterxml.jackson.databind.ser.std.BeanSerializerBase.serializeFields(BeanSerializerBase.java:774)
    at com.fasterxml.jackson.databind.ser.BeanSerializer.serialize(BeanSerializer.java:178)
    at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider._serialize(DefaultSerializerProvider.java:480)
    at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider.serializeValue(DefaultSerializerProvider.java:319)
    at com.fasterxml.jackson.databind.ObjectMapper._writeValueAndClose(ObjectMapper.java:4624)
    at com.fasterxml.jackson.databind.ObjectMapper.writeValueAsString(ObjectMapper.java:3869)
    at org.sonatype.nexus.internal.webhooks.WebhookServiceImpl.send(WebhookServiceImpl.java:188)
    at org.sonatype.nexus.internal.webhooks.WebhookServiceImpl.lambda$0(WebhookServiceImpl.java:161)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.ClassCastException: com.google.common.collect.Sets$2 cannot be cast to java.lang.String
    at com.fasterxml.jackson.databind.ser.std.StringSerializer.serialize(StringSerializer.java:41)
    at com.fasterxml.jackson.databind.ser.std.MapSerializer.serializeOptionalFields(MapSerializer.java:869)
    ... 18 common frames omitted

After changing the "attributes" type in Audit class to Map<String, Object> and rebuilding the audit plugin, the problem disappeared.

[Anupam2528]

Hi @aborche can I work on this?

[aborche]

Hi @aborche can I work on this?

yep. sure

[mrprescott]

Thanks for filing this, hopefully it's as simple as it appears. Thanks for investigating.

[nblair]

While auditing our backlog, it appears this issue was addressed in release 3.60, my apologies for the delay in closing the loop here. Thanks for reporting!.