Uploaded image for project: 'FlightPath'
  1. FlightPath
  2. FLPATH-2264

[m5] " InstallException('Zip bomb detected in " for backstage-plugin-orchestrator-1.5.0-rc.3.tgz

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Critical

      Description of the problem:

      Attempting to install Orchestrator operator v1.5.0-rc2 , rhdh backstage pod is failing to install backstage-plugin-orchestrator-1.5.0-rc.3.tgz with error 

       File "/opt/app-root/src/install-dynamic-plugins.py", line 465, in main
    raise InstallException('Zip bomb detected in ' + member.name)

      How reproducible:

      3 times so far - 2 different environments with clean pvs (one env tried twice).

      Steps to reproduce:

      1. Install Orchestrator   v1.5.0-rc2

      2. Use orchestrator sample cr

      3. Watch rhdh backstage pod

      Actual results:

      backstage pod fails - container install-dynamic-plugin logs show:

      ======= Installing dynamic plugin https://github.com/rhdhorchestrator/orchestrator-plugins-internal-release/releases/download/v1.5.0-rc.3/backstage-plugin-orchestrator-backend-dynamic-1.5.0-rc.3.tgz
        ==> Grabbing package archive through `npm pack`
        ==> Verifying package integrity
        ==> Extracting package archive /dynamic-plugins-root/redhat-backstage-plugin-orchestrator-backend-dynamic-1.5.0-rc.3.tgz
        ==> Removing package archive /dynamic-plugins-root/redhat-backstage-plugin-orchestrator-backend-dynamic-1.5.0-rc.3.tgz
        ==> Merging plugin-specific configuration
        ==> Successfully installed dynamic plugin https://github.com/rhdhorchestrator/orchestrator-plugins-internal-release/releases/download/v1.5.0-rc.3/backstage-plugin-orchestrator-backend-dynamic-1.5.0-rc.3.tgz======= Installing dynamic plugin https://github.com/rhdhorchestrator/orchestrator-plugins-internal-release/releases/download/v1.5.0-rc.3/backstage-plugin-orchestrator-1.5.0-rc.3.tgz
        ==> Grabbing package archive through `npm pack`
        ==> Verifying package integrity
        ==> Extracting package archive /dynamic-plugins-root/redhat-backstage-plugin-orchestrator-1.5.0-rc.3.tgz
Traceback (most recent call last):
  File "/opt/app-root/src/install-dynamic-plugins.py", line 523, in <module>
    main()
  File "/opt/app-root/src/install-dynamic-plugins.py", line 465, in main
    raise InstallException('Zip bomb detected in ' + member.name)
InstallException: Zip bomb detected in package/dist-scalprum/static/8440.2181676a.chunk.js.map
======= Removed lock file: /dynamic-plugins-root/install-dynamic-plugins.lock

      Expected results:

              jubah@redhat.com Jennifer Ubah
              chadcrum Chad Crum
              Chad Crum Chad Crum
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: