mirror of https://github.com/apache/druid.git
Address security vulnerabilities CVSS >= 7 (#8980)
* Address security vulnerabilities CVSS >= 7 Update dependencies to address security vulnerabilities with CVSS scores of 7 or higher. A new Travis CI job is added to prevent new high/critical security vulnerabilities from being added. Updated dependencies: - api-util 1.0.0 -> 1.0.3 - jackson 2.9.10 -> 2.10.1 - kafka 2.1.0 -> 2.1.1 - libthrift 0.10.0 -> 0.13.0 - protobuf 3.2.0 -> 3.11.0 The following high/critical security vulnerabilities are currently suppressed (so that the new Travis CI job can be added now) and are left as future work to fix: - hibernate-validator:5.2.5 - jackson-mapper-asl:1.9.13 - libthrift:0.6.1 - netty:3.10.6 - nimbus-jose-jwt:4.41.1 * Rename EDL1 license file * Fix inspection errors
This commit is contained in:
parent
5ecdf94d83
commit
af74acaa85
12
.travis.yml
12
.travis.yml
|
@ -114,6 +114,18 @@ jobs:
|
||||||
https://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html
|
https://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html
|
||||||
"
|
"
|
||||||
|
|
||||||
|
- name: "security vulnerabilities"
|
||||||
|
install: skip
|
||||||
|
script: ${MVN} dependency-check:check
|
||||||
|
after_failure: |-
|
||||||
|
echo "FAILURE EXPLANATION:
|
||||||
|
|
||||||
|
The OWASP dependency check has found security vulnerabilities. Please use a newer version
|
||||||
|
of the dependency that does not have vulenerabilities. If the analysis has false positives,
|
||||||
|
they can be suppressed by adding entries to owasp-dependency-check-suppressions.xml (for more
|
||||||
|
information, see https://jeremylong.github.io/DependencyCheck/general/suppression.html).
|
||||||
|
"
|
||||||
|
|
||||||
- &package
|
- &package
|
||||||
name: "(openjdk8) packaging check"
|
name: "(openjdk8) packaging check"
|
||||||
install: skip
|
install: skip
|
||||||
|
|
|
@ -216,6 +216,13 @@
|
||||||
</execution>
|
</execution>
|
||||||
</executions>
|
</executions>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.owasp</groupId>
|
||||||
|
<artifactId>dependency-check-maven</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<skip>true</skip>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
<pluginManagement>
|
<pluginManagement>
|
||||||
<plugins>
|
<plugins>
|
||||||
|
|
|
@ -43,7 +43,7 @@ public class JsonIterator<T> implements Iterator<T>, Closeable
|
||||||
{
|
{
|
||||||
private JsonParser jp;
|
private JsonParser jp;
|
||||||
private ObjectCodec objectCodec;
|
private ObjectCodec objectCodec;
|
||||||
private final TypeReference typeRef;
|
private final TypeReference<T> typeRef;
|
||||||
private final InputStream inputStream;
|
private final InputStream inputStream;
|
||||||
private final Closeable resourceCloser;
|
private final Closeable resourceCloser;
|
||||||
private final ObjectMapper objectMapper;
|
private final ObjectMapper objectMapper;
|
||||||
|
@ -55,7 +55,7 @@ public class JsonIterator<T> implements Iterator<T>, Closeable
|
||||||
* @param objectMapper object mapper, used for deserialization
|
* @param objectMapper object mapper, used for deserialization
|
||||||
*/
|
*/
|
||||||
public JsonIterator(
|
public JsonIterator(
|
||||||
TypeReference typeRef,
|
TypeReference<T> typeRef,
|
||||||
InputStream inputStream,
|
InputStream inputStream,
|
||||||
Closeable resourceCloser,
|
Closeable resourceCloser,
|
||||||
ObjectMapper objectMapper
|
ObjectMapper objectMapper
|
||||||
|
|
|
@ -239,6 +239,7 @@ def build_compatible_license_names():
|
||||||
compatible_licenses['The BSD 3-Clause License'] = 'BSD-3-Clause License'
|
compatible_licenses['The BSD 3-Clause License'] = 'BSD-3-Clause License'
|
||||||
compatible_licenses['Revised BSD'] = 'BSD-3-Clause License'
|
compatible_licenses['Revised BSD'] = 'BSD-3-Clause License'
|
||||||
compatible_licenses['New BSD License'] = 'BSD-3-Clause License'
|
compatible_licenses['New BSD License'] = 'BSD-3-Clause License'
|
||||||
|
compatible_licenses['3-Clause BSD License'] = 'BSD-3-Clause License'
|
||||||
|
|
||||||
compatible_licenses['ICU License'] = 'ICU License'
|
compatible_licenses['ICU License'] = 'ICU License'
|
||||||
|
|
||||||
|
@ -254,6 +255,10 @@ def build_compatible_license_names():
|
||||||
compatible_licenses['Eclipse Public License - Version 1.0'] = 'Eclipse Public License 1.0'
|
compatible_licenses['Eclipse Public License - Version 1.0'] = 'Eclipse Public License 1.0'
|
||||||
compatible_licenses['Eclipse Public License, Version 1.0'] = 'Eclipse Public License 1.0'
|
compatible_licenses['Eclipse Public License, Version 1.0'] = 'Eclipse Public License 1.0'
|
||||||
|
|
||||||
|
compatible_licenses['Eclipse Distribution License 1.0'] = 'Eclipse Distribution License 1.0'
|
||||||
|
compatible_licenses['Eclipse Distribution License - v 1.0'] = 'Eclipse Distribution License 1.0'
|
||||||
|
compatible_licenses['EDL 1.0'] = 'Eclipse Distribution License 1.0'
|
||||||
|
|
||||||
compatible_licenses['Mozilla Public License Version 2.0'] = 'Mozilla Public License Version 2.0'
|
compatible_licenses['Mozilla Public License Version 2.0'] = 'Mozilla Public License Version 2.0'
|
||||||
compatible_licenses['Mozilla Public License, Version 2.0'] = 'Mozilla Public License Version 2.0'
|
compatible_licenses['Mozilla Public License, Version 2.0'] = 'Mozilla Public License Version 2.0'
|
||||||
|
|
||||||
|
|
|
@ -98,6 +98,13 @@
|
||||||
</execution>
|
</execution>
|
||||||
</executions>
|
</executions>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.owasp</groupId>
|
||||||
|
<artifactId>dependency-check-maven</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<skip>true</skip>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
</build>
|
</build>
|
||||||
|
|
||||||
|
|
|
@ -69,6 +69,12 @@
|
||||||
</exclusion>
|
</exclusion>
|
||||||
</exclusions>
|
</exclusions>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<!-- transitive dependency of org.apache.amabri:ambari-metrics-common; override version to fix security vulnerabilities -->
|
||||||
|
<groupId>org.apache.hadoop</groupId>
|
||||||
|
<artifactId>hadoop-annotations</artifactId>
|
||||||
|
<version>${hadoop.compile.version}</version>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>commons-io</groupId>
|
<groupId>commons-io</groupId>
|
||||||
<artifactId>commons-io</artifactId>
|
<artifactId>commons-io</artifactId>
|
||||||
|
@ -126,6 +132,22 @@
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-dependency-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<ignoredUnusedDeclaredDependencies>
|
||||||
|
<!-- Transitive dependency but explicitly added to fix security vulnerability -->
|
||||||
|
<ignoredUnusedDeclaredDependency>org.apache.hadoop:hadoop-annotations</ignoredUnusedDeclaredDependency>
|
||||||
|
</ignoredUnusedDeclaredDependencies>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
<repositories>
|
<repositories>
|
||||||
<repository>
|
<repository>
|
||||||
<id>hortonworks</id>
|
<id>hortonworks</id>
|
||||||
|
|
|
@ -41,6 +41,11 @@
|
||||||
<scope>provided</scope>
|
<scope>provided</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
|
<!--
|
||||||
|
~ This library is no longer actively developed and should be migrated to DataStax Java Driver for Apache
|
||||||
|
~ Cassandra. Even the latest version of astyanax (3.10.2) has transitive dependencies with security
|
||||||
|
~ vulenerabilites with CVSS scores greater than 7 (e.g., libthrift 0.9.1).
|
||||||
|
-->
|
||||||
<groupId>com.netflix.astyanax</groupId>
|
<groupId>com.netflix.astyanax</groupId>
|
||||||
<artifactId>astyanax</artifactId>
|
<artifactId>astyanax</artifactId>
|
||||||
<version>1.0.1</version>
|
<version>1.0.1</version>
|
||||||
|
@ -113,6 +118,11 @@
|
||||||
<groupId>com.github.stephenc.high-scale-lib</groupId>
|
<groupId>com.github.stephenc.high-scale-lib</groupId>
|
||||||
<artifactId>high-scale-lib</artifactId>
|
<artifactId>high-scale-lib</artifactId>
|
||||||
</exclusion>
|
</exclusion>
|
||||||
|
<exclusion>
|
||||||
|
<!-- Excluded to remove security vulnerability -->
|
||||||
|
<groupId>org.mortbay.jetty</groupId>
|
||||||
|
<artifactId>jetty</artifactId>
|
||||||
|
</exclusion>
|
||||||
</exclusions>
|
</exclusions>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
|
|
|
@ -38,7 +38,6 @@ import org.apache.druid.client.cache.ForegroundCachePopulator;
|
||||||
import org.apache.druid.client.cache.MapCache;
|
import org.apache.druid.client.cache.MapCache;
|
||||||
import org.apache.druid.client.selector.ServerSelector;
|
import org.apache.druid.client.selector.ServerSelector;
|
||||||
import org.apache.druid.data.input.MapBasedRow;
|
import org.apache.druid.data.input.MapBasedRow;
|
||||||
import org.apache.druid.data.input.Row;
|
|
||||||
import org.apache.druid.guice.DruidProcessingModule;
|
import org.apache.druid.guice.DruidProcessingModule;
|
||||||
import org.apache.druid.guice.GuiceInjectors;
|
import org.apache.druid.guice.GuiceInjectors;
|
||||||
import org.apache.druid.guice.QueryRunnerFactoryModule;
|
import org.apache.druid.guice.QueryRunnerFactoryModule;
|
||||||
|
@ -99,7 +98,7 @@ public class MovingAverageQueryTest extends InitializedNullHandlingTest
|
||||||
private final RetryQueryRunnerConfig retryConfig;
|
private final RetryQueryRunnerConfig retryConfig;
|
||||||
private final ServerConfig serverConfig;
|
private final ServerConfig serverConfig;
|
||||||
|
|
||||||
private final List<Row> groupByResults = new ArrayList<>();
|
private final List<ResultRow> groupByResults = new ArrayList<>();
|
||||||
private final List<Result<TimeseriesResultValue>> timeseriesResults = new ArrayList<>();
|
private final List<Result<TimeseriesResultValue>> timeseriesResults = new ArrayList<>();
|
||||||
|
|
||||||
private final TestConfig config;
|
private final TestConfig config;
|
||||||
|
@ -222,9 +221,9 @@ public class MovingAverageQueryTest extends InitializedNullHandlingTest
|
||||||
return MovingAverageQuery.class;
|
return MovingAverageQuery.class;
|
||||||
}
|
}
|
||||||
|
|
||||||
private TypeReference<?> getExpectedResultType()
|
private TypeReference<List<MapBasedRow>> getExpectedResultType()
|
||||||
{
|
{
|
||||||
return new TypeReference<List<Row>>()
|
return new TypeReference<List<MapBasedRow>>()
|
||||||
{
|
{
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,7 +36,7 @@
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
<thrift.version>0.10.0</thrift.version>
|
<thrift.version>0.13.0</thrift.version>
|
||||||
<elephantbird.version>4.17</elephantbird.version>
|
<elephantbird.version>4.17</elephantbird.version>
|
||||||
<scrooge.version>19.10.0</scrooge.version>
|
<scrooge.version>19.10.0</scrooge.version>
|
||||||
</properties>
|
</properties>
|
||||||
|
|
|
@ -67,32 +67,32 @@ public class BasicAuthUtils
|
||||||
public static final int KEY_LENGTH = 512;
|
public static final int KEY_LENGTH = 512;
|
||||||
public static final String ALGORITHM = "PBKDF2WithHmacSHA512";
|
public static final String ALGORITHM = "PBKDF2WithHmacSHA512";
|
||||||
|
|
||||||
public static final TypeReference AUTHENTICATOR_USER_MAP_TYPE_REFERENCE =
|
public static final TypeReference<Map<String, BasicAuthenticatorUser>> AUTHENTICATOR_USER_MAP_TYPE_REFERENCE =
|
||||||
new TypeReference<Map<String, BasicAuthenticatorUser>>()
|
new TypeReference<Map<String, BasicAuthenticatorUser>>()
|
||||||
{
|
{
|
||||||
};
|
};
|
||||||
|
|
||||||
public static final TypeReference AUTHORIZER_USER_MAP_TYPE_REFERENCE =
|
public static final TypeReference<Map<String, BasicAuthorizerUser>> AUTHORIZER_USER_MAP_TYPE_REFERENCE =
|
||||||
new TypeReference<Map<String, BasicAuthorizerUser>>()
|
new TypeReference<Map<String, BasicAuthorizerUser>>()
|
||||||
{
|
{
|
||||||
};
|
};
|
||||||
|
|
||||||
public static final TypeReference AUTHORIZER_GROUP_MAPPING_MAP_TYPE_REFERENCE =
|
public static final TypeReference<Map<String, BasicAuthorizerGroupMapping>> AUTHORIZER_GROUP_MAPPING_MAP_TYPE_REFERENCE =
|
||||||
new TypeReference<Map<String, BasicAuthorizerGroupMapping>>()
|
new TypeReference<Map<String, BasicAuthorizerGroupMapping>>()
|
||||||
{
|
{
|
||||||
};
|
};
|
||||||
|
|
||||||
public static final TypeReference AUTHORIZER_ROLE_MAP_TYPE_REFERENCE =
|
public static final TypeReference<Map<String, BasicAuthorizerRole>> AUTHORIZER_ROLE_MAP_TYPE_REFERENCE =
|
||||||
new TypeReference<Map<String, BasicAuthorizerRole>>()
|
new TypeReference<Map<String, BasicAuthorizerRole>>()
|
||||||
{
|
{
|
||||||
};
|
};
|
||||||
|
|
||||||
public static final TypeReference AUTHORIZER_USER_AND_ROLE_MAP_TYPE_REFERENCE =
|
public static final TypeReference<UserAndRoleMap> AUTHORIZER_USER_AND_ROLE_MAP_TYPE_REFERENCE =
|
||||||
new TypeReference<UserAndRoleMap>()
|
new TypeReference<UserAndRoleMap>()
|
||||||
{
|
{
|
||||||
};
|
};
|
||||||
|
|
||||||
public static final TypeReference AUTHORIZER_GROUP_MAPPING_AND_ROLE_MAP_TYPE_REFERENCE =
|
public static final TypeReference<GroupMappingAndRoleMap> AUTHORIZER_GROUP_MAPPING_AND_ROLE_MAP_TYPE_REFERENCE =
|
||||||
new TypeReference<GroupMappingAndRoleMap>()
|
new TypeReference<GroupMappingAndRoleMap>()
|
||||||
{
|
{
|
||||||
};
|
};
|
||||||
|
|
|
@ -33,10 +33,6 @@
|
||||||
<relativePath>../../pom.xml</relativePath>
|
<relativePath>../../pom.xml</relativePath>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<properties>
|
|
||||||
<apache.kafka.version>2.1.0</apache.kafka.version>
|
|
||||||
</properties>
|
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.druid</groupId>
|
<groupId>org.apache.druid</groupId>
|
||||||
|
|
|
@ -471,7 +471,7 @@ public class NamespaceLookupExtractorFactoryTest
|
||||||
namespaceLookupExtractorFactory.getExtractionNamespace().getClass()
|
namespaceLookupExtractorFactory.getExtractionNamespace().getClass()
|
||||||
);
|
);
|
||||||
Assert.assertFalse(namespaceLookupExtractorFactory.replaces(mapper.readValue(str, LookupExtractorFactory.class)));
|
Assert.assertFalse(namespaceLookupExtractorFactory.replaces(mapper.readValue(str, LookupExtractorFactory.class)));
|
||||||
final Map<String, Object> map = new HashMap<>(mapper.<Map<String, Object>>readValue(
|
final Map<String, Object> map = new HashMap<>(mapper.readValue(
|
||||||
str,
|
str,
|
||||||
JacksonUtils.TYPE_REFERENCE_MAP_STRING_OBJECT
|
JacksonUtils.TYPE_REFERENCE_MAP_STRING_OBJECT
|
||||||
));
|
));
|
||||||
|
|
|
@ -35,10 +35,6 @@
|
||||||
<relativePath>../../pom.xml</relativePath>
|
<relativePath>../../pom.xml</relativePath>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<properties>
|
|
||||||
<protobuf.version>3.2.0</protobuf.version>
|
|
||||||
</properties>
|
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.druid</groupId>
|
<groupId>org.apache.druid</groupId>
|
||||||
|
@ -111,7 +107,7 @@
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-shade-plugin</artifactId>
|
<artifactId>maven-shade-plugin</artifactId>
|
||||||
<version>3.0.0</version>
|
<version>3.2.1</version>
|
||||||
<configuration>
|
<configuration>
|
||||||
<createDependencyReducedPom>false</createDependencyReducedPom>
|
<createDependencyReducedPom>false</createDependencyReducedPom>
|
||||||
<relocations>
|
<relocations>
|
||||||
|
|
|
@ -1079,7 +1079,7 @@ public abstract class SeekableStreamIndexTaskRunner<PartitionIdType, SequenceOff
|
||||||
final File sequencesPersistFile = getSequencesPersistFile(toolbox);
|
final File sequencesPersistFile = getSequencesPersistFile(toolbox);
|
||||||
if (sequencesPersistFile.exists()) {
|
if (sequencesPersistFile.exists()) {
|
||||||
sequences = new CopyOnWriteArrayList<>(
|
sequences = new CopyOnWriteArrayList<>(
|
||||||
toolbox.getJsonMapper().<List<SequenceMetadata<PartitionIdType, SequenceOffsetType>>>readValue(
|
toolbox.getJsonMapper().readValue(
|
||||||
sequencesPersistFile,
|
sequencesPersistFile,
|
||||||
getSequenceMetadataTypeReference()
|
getSequenceMetadataTypeReference()
|
||||||
)
|
)
|
||||||
|
|
|
@ -31,10 +31,6 @@
|
||||||
<version>0.17.0-incubating-SNAPSHOT</version>
|
<version>0.17.0-incubating-SNAPSHOT</version>
|
||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<properties>
|
|
||||||
<apache.kafka.version>2.1.0</apache.kafka.version>
|
|
||||||
</properties>
|
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.druid</groupId>
|
<groupId>org.apache.druid</groupId>
|
||||||
|
@ -252,6 +248,13 @@
|
||||||
</execution>
|
</execution>
|
||||||
</executions>
|
</executions>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.owasp</groupId>
|
||||||
|
<artifactId>dependency-check-maven</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<skip>true</skip>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
</build>
|
</build>
|
||||||
|
|
||||||
|
|
|
@ -41,7 +41,6 @@ import org.jboss.netty.handler.codec.http.HttpResponseStatus;
|
||||||
import org.joda.time.Interval;
|
import org.joda.time.Interval;
|
||||||
|
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
@ -96,7 +95,7 @@ public class CoordinatorResourceTestClient
|
||||||
// return a list of the segment dates for the specified datasource
|
// return a list of the segment dates for the specified datasource
|
||||||
public List<String> getMetadataSegments(final String dataSource)
|
public List<String> getMetadataSegments(final String dataSource)
|
||||||
{
|
{
|
||||||
ArrayList<String> segments;
|
List<String> segments;
|
||||||
try {
|
try {
|
||||||
StatusResponseHolder response = makeRequest(HttpMethod.GET, getMetadataSegmentsURL(dataSource));
|
StatusResponseHolder response = makeRequest(HttpMethod.GET, getMetadataSegmentsURL(dataSource));
|
||||||
|
|
||||||
|
@ -115,7 +114,7 @@ public class CoordinatorResourceTestClient
|
||||||
// return a list of the segment dates for the specified datasource
|
// return a list of the segment dates for the specified datasource
|
||||||
public List<String> getSegmentIntervals(final String dataSource)
|
public List<String> getSegmentIntervals(final String dataSource)
|
||||||
{
|
{
|
||||||
ArrayList<String> segments;
|
List<String> segments;
|
||||||
try {
|
try {
|
||||||
StatusResponseHolder response = makeRequest(HttpMethod.GET, getIntervalsURL(dataSource));
|
StatusResponseHolder response = makeRequest(HttpMethod.GET, getIntervalsURL(dataSource));
|
||||||
|
|
||||||
|
|
|
@ -74,12 +74,12 @@ public class ITBasicAuthConfigurationTest
|
||||||
{
|
{
|
||||||
private static final Logger LOG = new Logger(ITBasicAuthConfigurationTest.class);
|
private static final Logger LOG = new Logger(ITBasicAuthConfigurationTest.class);
|
||||||
|
|
||||||
private static final TypeReference LOAD_STATUS_TYPE_REFERENCE =
|
private static final TypeReference<Map<String, Boolean>> LOAD_STATUS_TYPE_REFERENCE =
|
||||||
new TypeReference<Map<String, Boolean>>()
|
new TypeReference<Map<String, Boolean>>()
|
||||||
{
|
{
|
||||||
};
|
};
|
||||||
|
|
||||||
private static final TypeReference SYS_SCHEMA_RESULTS_TYPE_REFERENCE =
|
private static final TypeReference<List<Map<String, Object>>> SYS_SCHEMA_RESULTS_TYPE_REFERENCE =
|
||||||
new TypeReference<List<Map<String, Object>>>()
|
new TypeReference<List<Map<String, Object>>>()
|
||||||
{
|
{
|
||||||
};
|
};
|
||||||
|
|
|
@ -196,7 +196,7 @@ name: Jackson
|
||||||
license_category: binary
|
license_category: binary
|
||||||
module: java-core
|
module: java-core
|
||||||
license_name: Apache License version 2.0
|
license_name: Apache License version 2.0
|
||||||
version: 2.9.10
|
version: 2.10.1
|
||||||
libraries:
|
libraries:
|
||||||
- com.fasterxml.jackson.core: jackson-annotations
|
- com.fasterxml.jackson.core: jackson-annotations
|
||||||
- com.fasterxml.jackson.core: jackson-core
|
- com.fasterxml.jackson.core: jackson-core
|
||||||
|
@ -233,6 +233,30 @@ notice: |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
name: JavaBeans Activation Framework API JAR
|
||||||
|
license_category: binary
|
||||||
|
module: java-core
|
||||||
|
license_name: Eclipse Distribution License 1.0
|
||||||
|
version: 1.2.1
|
||||||
|
copyright: Oracle and/or its affiliates.
|
||||||
|
license_file_path: licenses/bin/jakarta.EDL1
|
||||||
|
libraries:
|
||||||
|
- jakarta.activation: jakarta.activation-api
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
name: Jakarta XML Bind API
|
||||||
|
license_category: binary
|
||||||
|
module: java-core
|
||||||
|
license_name: Eclipse Distribution License 1.0
|
||||||
|
version: 2.3.2
|
||||||
|
copyright: Oracle and/or its affiliates.
|
||||||
|
license_file_path: licenses/bin/jakarta.EDL1
|
||||||
|
libraries:
|
||||||
|
- jakarta.xml.bind: jakarta.xml.bind-api
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
name: Caffeine
|
name: Caffeine
|
||||||
license_category: binary
|
license_category: binary
|
||||||
module: java-core
|
module: java-core
|
||||||
|
@ -2744,11 +2768,21 @@ license_name: Apache License version 2.0
|
||||||
version: 1.0.0-M20
|
version: 1.0.0-M20
|
||||||
libraries:
|
libraries:
|
||||||
- org.apache.directory.api: api-asn1-api
|
- org.apache.directory.api: api-asn1-api
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
name: Apache Directory
|
||||||
|
license_category: binary
|
||||||
|
module: hadoop-client
|
||||||
|
license_name: Apache License version 2.0
|
||||||
|
version: 1.0.3
|
||||||
|
libraries:
|
||||||
- org.apache.directory.api: api-util
|
- org.apache.directory.api: api-util
|
||||||
notices:
|
notices:
|
||||||
- api-util: |
|
- api-util: |
|
||||||
Apache Directory LDAP API Utilities
|
Apache Directory LDAP API Utilities
|
||||||
Copyright 2003-2013 The Apache Software Foundation
|
Copyright 2003-2013 The Apache Software Foundation
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
name: Apache Directory Server
|
name: Apache Directory Server
|
||||||
|
@ -3161,7 +3195,7 @@ name: Gson
|
||||||
license_category: binary
|
license_category: binary
|
||||||
module: extensions/protobuf-extensions
|
module: extensions/protobuf-extensions
|
||||||
license_name: Apache License version 2.0
|
license_name: Apache License version 2.0
|
||||||
version: 2.7
|
version: 2.8.6
|
||||||
libraries:
|
libraries:
|
||||||
- com.google.code.gson: gson
|
- com.google.code.gson: gson
|
||||||
|
|
||||||
|
@ -3279,7 +3313,7 @@ name: Protocol Buffers
|
||||||
license_category: binary
|
license_category: binary
|
||||||
module: java-core
|
module: java-core
|
||||||
license_name: BSD-3-Clause License
|
license_name: BSD-3-Clause License
|
||||||
version: 3.1.0
|
version: 3.11.0
|
||||||
copyright: Google, Inc.
|
copyright: Google, Inc.
|
||||||
license_file_path:
|
license_file_path:
|
||||||
- licenses/bin/protobuf-java.BSD3
|
- licenses/bin/protobuf-java.BSD3
|
||||||
|
@ -3444,7 +3478,7 @@ name: Protocol Buffers
|
||||||
license_category: binary
|
license_category: binary
|
||||||
module: extensions/druid-protobuf-extensions
|
module: extensions/druid-protobuf-extensions
|
||||||
license_name: BSD-3-Clause License
|
license_name: BSD-3-Clause License
|
||||||
version: 3.2.0
|
version: 3.11.0
|
||||||
copyright: Google, Inc.
|
copyright: Google, Inc.
|
||||||
license_file_path: licenses/bin/protobuf-java.BSD3
|
license_file_path: licenses/bin/protobuf-java.BSD3
|
||||||
libraries:
|
libraries:
|
||||||
|
@ -3932,7 +3966,7 @@ name: Apache Kafka
|
||||||
license_category: binary
|
license_category: binary
|
||||||
module: extensions/kafka-extraction-namespace
|
module: extensions/kafka-extraction-namespace
|
||||||
license_name: Apache License version 2.0
|
license_name: Apache License version 2.0
|
||||||
version: 2.1.0
|
version: 2.1.1
|
||||||
libraries:
|
libraries:
|
||||||
- org.apache.kafka: kafka_2.12
|
- org.apache.kafka: kafka_2.12
|
||||||
- org.apache.kafka: kafka-clients
|
- org.apache.kafka: kafka-clients
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
Eclipse Distribution License - v 1.0
|
||||||
|
|
||||||
|
Copyright (c) 2007, Eclipse Foundation, Inc. and its licensors.
|
||||||
|
|
||||||
|
All rights reserved.
|
||||||
|
|
||||||
|
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
|
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
||||||
|
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
||||||
|
* Neither the name of the Eclipse Foundation, Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
|
||||||
|
|
||||||
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
@ -0,0 +1,198 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
~ or more contributor license agreements. See the NOTICE file
|
||||||
|
~ distributed with this work for additional information
|
||||||
|
~ regarding copyright ownership. The ASF licenses this file
|
||||||
|
~ to you under the Apache License, Version 2.0 (the
|
||||||
|
~ "License"); you may not use this file except in compliance
|
||||||
|
~ with the License. You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
|
||||||
|
<suppress>
|
||||||
|
<!-- druid-indexing-hadoop.jar is mistaken for hadoop -->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: org.apache.druid:druid-indexing-hadoop:0.17.0-incubating-SNAPSHOT
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/org\.apache\.druid/druid\-indexing\-hadoop@.*$</packageUrl>
|
||||||
|
<cve>CVE-2012-4449</cve>
|
||||||
|
</suppress>
|
||||||
|
<suppress>
|
||||||
|
<!-- druid-indexing-hadoop.jar is mistaken for hadoop -->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: druid-indexing-hadoop-0.17.0-incubating-SNAPSHOT.jar
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/org\.apache\.druid/druid\-indexing\-hadoop@.*$</packageUrl>
|
||||||
|
<cve>CVE-2017-3162</cve>
|
||||||
|
</suppress>
|
||||||
|
<suppress>
|
||||||
|
<!-- druid-processing.jar is mistaken for org.processing:processing -->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: org.apache.druid:druid-processing:0.17.0-incubating-SNAPSHOT
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/org\.apache\.druid/druid\-processing@.*$</packageUrl>
|
||||||
|
<cve>CVE-2018-1000840</cve>
|
||||||
|
</suppress>
|
||||||
|
<suppress>
|
||||||
|
<!-- These CVEs are for the python SDK, but Druid uses the Java SDK -->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: openstack-swift-1.9.3.jar
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/org\.apache\.jclouds\.api/openstack\-swift@.*$</packageUrl>
|
||||||
|
<cve>CVE-2016-0737</cve>
|
||||||
|
<cve>CVE-2016-0738</cve>
|
||||||
|
<cve>CVE-2017-16613</cve>
|
||||||
|
</suppress>
|
||||||
|
<suppress>
|
||||||
|
<!-- These CVEs are for the python SDK, but Druid uses the Java SDK -->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: openstack-keystone-1.9.3.jar
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/org\.apache\.jclouds\.api/openstack\-keystone@.*$</packageUrl>
|
||||||
|
<cve>CVE-2015-7546</cve>
|
||||||
|
</suppress>
|
||||||
|
|
||||||
|
<!-- FIXME: These are suppressed so that CI can enforce that no new vulnerable dependencies are added. -->
|
||||||
|
<suppress>
|
||||||
|
<!--
|
||||||
|
~ TODO: Fix by updating hibernate-validator.
|
||||||
|
|
||||||
|
~ Note hibernate-validator:5.3.1 introduces a change that requires an EL implementation to be in the classpath:
|
||||||
|
~ https://developer.jboss.org/wiki/HibernateValidatorMigrationGuide#jive_content_id_531Final
|
||||||
|
~
|
||||||
|
~ For example, updating hibernate-validator causes hadoop ingestion tasks to fail:
|
||||||
|
~
|
||||||
|
~ Error: com.google.inject.CreationException: Unable to create injector, see the following errors:
|
||||||
|
~
|
||||||
|
~ 1) An exception was caught and reported. Message: HV000183: Unable to initialize 'javax.el.ExpressionFactory'. Check that you have the EL dependencies on the classpath, or use ParameterMessageInterpolator instead
|
||||||
|
~ at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:138)
|
||||||
|
~
|
||||||
|
~ 2) No implementation for javax.validation.Validator was bound.
|
||||||
|
~ at org.apache.druid.guice.ConfigModule.configure(ConfigModule.java:39)
|
||||||
|
~
|
||||||
|
~ 2 errors
|
||||||
|
~ at com.google.inject.internal.Errors.throwCreationExceptionIfErrorsExist(Errors.java:470)
|
||||||
|
~ at com.google.inject.internal.InternalInjectorCreator.initializeStatically(InternalInjectorCreator.java:155)
|
||||||
|
~ at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:107)
|
||||||
|
~ at com.google.inject.Guice.createInjector(Guice.java:99)
|
||||||
|
~ at com.google.inject.Guice.createInjector(Guice.java:73)
|
||||||
|
~ at org.apache.druid.guice.GuiceInjectors.makeStartupInjector(GuiceInjectors.java:56)
|
||||||
|
~ at org.apache.druid.indexer.HadoopDruidIndexerConfig.<clinit>(HadoopDruidIndexerConfig.java:102)
|
||||||
|
~ at org.apache.druid.indexer.HadoopDruidIndexerMapper.setup(HadoopDruidIndexerMapper.java:53)
|
||||||
|
~ at org.apache.druid.indexer.DetermineHashedPartitionsJob$DetermineCardinalityMapper.setup(DetermineHashedPartitionsJob.java:279)
|
||||||
|
~ at org.apache.druid.indexer.DetermineHashedPartitionsJob$DetermineCardinalityMapper.run(DetermineHashedPartitionsJob.java:334)
|
||||||
|
~ at org.apache.hadoop.mapred.MapTask.runNewMapper(MapTask.java:787)
|
||||||
|
~ at org.apache.hadoop.mapred.MapTask.run(MapTask.java:341)
|
||||||
|
~ at org.apache.hadoop.mapred.YarnChild$2.run(YarnChild.java:175)
|
||||||
|
~ at java.security.AccessController.doPrivileged(Native Method)
|
||||||
|
~ at javax.security.auth.Subject.doAs(Subject.java:422)
|
||||||
|
~ at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1844)
|
||||||
|
~ at org.apache.hadoop.mapred.YarnChild.main(YarnChild.java:169)
|
||||||
|
~ Caused by: javax.validation.ValidationException: HV000183: Unable to initialize 'javax.el.ExpressionFactory'. Check that you have the EL dependencies on the classpath, or use ParameterMessageInterpolator instead
|
||||||
|
~ at org.hibernate.validator.messageinterpolation.ResourceBundleMessageInterpolator.buildExpressionFactory(ResourceBundleMessageInterpolator.java:102)
|
||||||
|
~ at org.hibernate.validator.messageinterpolation.ResourceBundleMessageInterpolator.<init>(ResourceBundleMessageInterpolator.java:45)
|
||||||
|
~ at org.hibernate.validator.internal.engine.ConfigurationImpl.getDefaultMessageInterpolator(ConfigurationImpl.java:423)
|
||||||
|
~ at org.hibernate.validator.internal.engine.ConfigurationImpl.getDefaultMessageInterpolatorConfiguredWithClassLoader(ConfigurationImpl.java:575)
|
||||||
|
~ at org.hibernate.validator.internal.engine.ConfigurationImpl.getMessageInterpolator(ConfigurationImpl.java:364)
|
||||||
|
~ at org.hibernate.validator.internal.engine.ValidatorFactoryImpl.<init>(ValidatorFactoryImpl.java:148)
|
||||||
|
~ at org.hibernate.validator.HibernateValidator.buildValidatorFactory(HibernateValidator.java:38)
|
||||||
|
~ at org.hibernate.validator.internal.engine.ConfigurationImpl.buildValidatorFactory(ConfigurationImpl.java:331)
|
||||||
|
~ at javax.validation.Validation.buildDefaultValidatorFactory(Validation.java:110)
|
||||||
|
~ at org.apache.druid.guice.ConfigModule.configure(ConfigModule.java:39)
|
||||||
|
~ at com.google.inject.spi.Elements$RecordingBinder.install(Elements.java:340)
|
||||||
|
~ at com.google.inject.spi.Elements.getElements(Elements.java:110)
|
||||||
|
~ at com.google.inject.internal.InjectorShell$Builder.build(InjectorShell.java:138)
|
||||||
|
~ at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:104)
|
||||||
|
~ ... 14 more
|
||||||
|
~ Caused by: java.lang.NoSuchMethodError: javax.el.ExpressionFactory.newInstance()Ljavax/el/ExpressionFactory;
|
||||||
|
~ at org.hibernate.validator.messageinterpolation.ResourceBundleMessageInterpolator.buildExpressionFactory(ResourceBundleMessageInterpolator.java:98)
|
||||||
|
~ ... 27 more
|
||||||
|
-->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: hibernate-validator-5.2.5.Final.jar
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/org\.hibernate/hibernate\-validator@.*$</packageUrl>
|
||||||
|
<cve>CVE-2017-7536</cve>
|
||||||
|
</suppress>
|
||||||
|
<suppress>
|
||||||
|
<!-- TODO: Fix by updating curator-x-discovery to > 4.2.0 and updating hadoop -->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: jackson-mapper-asl-1.9.13.jar
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$</packageUrl>
|
||||||
|
<cve>CVE-2017-7525</cve>
|
||||||
|
<cve>CVE-2017-15095</cve>
|
||||||
|
<cve>CVE-2017-17485</cve>
|
||||||
|
<cve>CVE-2018-5968</cve>
|
||||||
|
<cve>CVE-2018-7489</cve>
|
||||||
|
<cve>CVE-2018-14718</cve>
|
||||||
|
<cve>CVE-2019-10172</cve>
|
||||||
|
<cve>CVE-2019-14540</cve>
|
||||||
|
<cve>CVE-2019-16335</cve>
|
||||||
|
<cve>CVE-2019-17267</cve>
|
||||||
|
</suppress>
|
||||||
|
<suppress>
|
||||||
|
<!-- TODO: Fix by updating org.apache.druid.java.util.http.client.NettyHttpClient to use netty 4 -->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: netty-3.10.6.Final.jar
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/io\.netty/netty@.*$</packageUrl>
|
||||||
|
<cve>CVE-2019-16869</cve>
|
||||||
|
</suppress>
|
||||||
|
<suppress>
|
||||||
|
<!-- TODO: Fix by upgrading hadoop-auth version -->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: nimbus-jose-jwt-4.41.1.jar
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/com\.nimbusds/nimbus\-jose\-jwt@.*$</packageUrl>
|
||||||
|
<cve>CVE-2019-17195</cve>
|
||||||
|
</suppress>
|
||||||
|
<suppress>
|
||||||
|
<!-- TODO: Fix by using com.datastax.oss:java-driver-core instead of com.netflix.astyanax:astyanax in extensions-contrib/cassandra-stroage -->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: libthrift-0.6.1.jar
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl>
|
||||||
|
<cve>CVE-2016-5397</cve>
|
||||||
|
<cve>CVE-2018-1320</cve>
|
||||||
|
<cve>CVE-2019-0205</cve>
|
||||||
|
</suppress>
|
||||||
|
<suppress>
|
||||||
|
<!--
|
||||||
|
~ TODO: Fix by updating hadoop-common used by extensions-core/parquet-extensions. Possibly need to change
|
||||||
|
~ HdfsStorageDruidModule.configure()->FileSystem.get(conf) as well.
|
||||||
|
-->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: htrace-core4-4.0.1-incubating.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.4.0)
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
|
||||||
|
<cve>CVE-2017-7525</cve>
|
||||||
|
<cve>CVE-2017-15095</cve>
|
||||||
|
<cve>CVE-2017-17485</cve>
|
||||||
|
<cve>CVE-2018-5968</cve>
|
||||||
|
<cve>CVE-2018-7489</cve>
|
||||||
|
<cve>CVE-2018-11307</cve>
|
||||||
|
<cve>CVE-2018-14718</cve>
|
||||||
|
<cve>CVE-2018-14719</cve>
|
||||||
|
<cve>CVE-2018-14720</cve>
|
||||||
|
<cve>CVE-2018-14721</cve>
|
||||||
|
<cve>CVE-2018-19360</cve>
|
||||||
|
<cve>CVE-2018-19361</cve>
|
||||||
|
<cve>CVE-2018-19362</cve>
|
||||||
|
<cve>CVE-2019-14540</cve>
|
||||||
|
<cve>CVE-2019-16335</cve>
|
||||||
|
<cve>CVE-2019-16942</cve>
|
||||||
|
<cve>CVE-2019-16943</cve>
|
||||||
|
<cve>CVE-2019-17267</cve>
|
||||||
|
<cve>CVE-2019-17531</cve>
|
||||||
|
</suppress>
|
||||||
|
</suppressions>
|
25
pom.xml
25
pom.xml
|
@ -78,6 +78,7 @@
|
||||||
<aether.version>0.9.0.M2</aether.version>
|
<aether.version>0.9.0.M2</aether.version>
|
||||||
<apache.curator.version>4.1.0</apache.curator.version>
|
<apache.curator.version>4.1.0</apache.curator.version>
|
||||||
<apache.curator.test.version>2.12.0</apache.curator.test.version>
|
<apache.curator.test.version>2.12.0</apache.curator.test.version>
|
||||||
|
<apache.kafka.version>2.1.1</apache.kafka.version>
|
||||||
<avatica.version>1.15.0</avatica.version>
|
<avatica.version>1.15.0</avatica.version>
|
||||||
<avro.version>1.9.1</avro.version>
|
<avro.version>1.9.1</avro.version>
|
||||||
<calcite.version>1.21.0</calcite.version>
|
<calcite.version>1.21.0</calcite.version>
|
||||||
|
@ -88,7 +89,7 @@
|
||||||
<hamcrest.version>1.3</hamcrest.version>
|
<hamcrest.version>1.3</hamcrest.version>
|
||||||
<jetty.version>9.4.12.v20180830</jetty.version>
|
<jetty.version>9.4.12.v20180830</jetty.version>
|
||||||
<jersey.version>1.19.3</jersey.version>
|
<jersey.version>1.19.3</jersey.version>
|
||||||
<jackson.version>2.9.10</jackson.version>
|
<jackson.version>2.10.1</jackson.version>
|
||||||
<codehaus.jackson.version>1.9.13</codehaus.jackson.version>
|
<codehaus.jackson.version>1.9.13</codehaus.jackson.version>
|
||||||
<log4j.version>2.8.2</log4j.version>
|
<log4j.version>2.8.2</log4j.version>
|
||||||
<netty3.version>3.10.6.Final</netty3.version>
|
<netty3.version>3.10.6.Final</netty3.version>
|
||||||
|
@ -96,6 +97,7 @@
|
||||||
<netty4.version>4.1.42.Final</netty4.version>
|
<netty4.version>4.1.42.Final</netty4.version>
|
||||||
<node.version>v10.14.2</node.version>
|
<node.version>v10.14.2</node.version>
|
||||||
<npm.version>6.5.0</npm.version>
|
<npm.version>6.5.0</npm.version>
|
||||||
|
<protobuf.version>3.11.0</protobuf.version>
|
||||||
<slf4j.version>1.7.12</slf4j.version>
|
<slf4j.version>1.7.12</slf4j.version>
|
||||||
<!-- If compiling with different hadoop version also modify default hadoop coordinates in TaskConfig.java -->
|
<!-- If compiling with different hadoop version also modify default hadoop coordinates in TaskConfig.java -->
|
||||||
<hadoop.compile.version>2.8.5</hadoop.compile.version>
|
<hadoop.compile.version>2.8.5</hadoop.compile.version>
|
||||||
|
@ -758,7 +760,7 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>com.google.protobuf</groupId>
|
<groupId>com.google.protobuf</groupId>
|
||||||
<artifactId>protobuf-java</artifactId>
|
<artifactId>protobuf-java</artifactId>
|
||||||
<version>3.1.0</version>
|
<version>${protobuf.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>io.tesla.aether</groupId>
|
<groupId>io.tesla.aether</groupId>
|
||||||
|
@ -988,7 +990,7 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.directory.api</groupId>
|
<groupId>org.apache.directory.api</groupId>
|
||||||
<artifactId>api-util</artifactId>
|
<artifactId>api-util</artifactId>
|
||||||
<version>1.0.0-M20</version>
|
<version>1.0.3</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.calcite</groupId>
|
<groupId>org.apache.calcite</groupId>
|
||||||
|
@ -1478,6 +1480,23 @@
|
||||||
</execution>
|
</execution>
|
||||||
</executions>
|
</executions>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.owasp</groupId>
|
||||||
|
<artifactId>dependency-check-maven</artifactId>
|
||||||
|
<version>5.2.4</version>
|
||||||
|
<configuration>
|
||||||
|
<cveValidForHours>24</cveValidForHours>
|
||||||
|
<failBuildOnCVSS>7</failBuildOnCVSS>
|
||||||
|
<skipProvidedScope>true</skipProvidedScope>
|
||||||
|
<skipSystemScope>true</skipSystemScope> <!-- avoid error when processing jdk.tools:jdk.tools:jar:1.8:system -->
|
||||||
|
<suppressionFile>owasp-dependency-check-suppressions.xml</suppressionFile>
|
||||||
|
</configuration>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<phase>none</phase> <!-- TODO: Consider enabling so part of dev flow instead of just CI -->
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
<pluginManagement>
|
<pluginManagement>
|
||||||
<plugins>
|
<plugins>
|
||||||
|
|
|
@ -59,10 +59,10 @@ public abstract class SQLMetadataStorageActionHandler<EntryType, StatusType, Log
|
||||||
|
|
||||||
private final SQLMetadataConnector connector;
|
private final SQLMetadataConnector connector;
|
||||||
private final ObjectMapper jsonMapper;
|
private final ObjectMapper jsonMapper;
|
||||||
private final TypeReference entryType;
|
private final TypeReference<EntryType> entryType;
|
||||||
private final TypeReference statusType;
|
private final TypeReference<StatusType> statusType;
|
||||||
private final TypeReference logType;
|
private final TypeReference<LogType> logType;
|
||||||
private final TypeReference lockType;
|
private final TypeReference<LockType> lockType;
|
||||||
|
|
||||||
private final String entryTypeName;
|
private final String entryTypeName;
|
||||||
private final String entryTable;
|
private final String entryTable;
|
||||||
|
@ -107,7 +107,7 @@ public abstract class SQLMetadataStorageActionHandler<EntryType, StatusType, Log
|
||||||
return jsonMapper;
|
return jsonMapper;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected TypeReference getStatusType()
|
protected TypeReference<StatusType> getStatusType()
|
||||||
{
|
{
|
||||||
return statusType;
|
return statusType;
|
||||||
}
|
}
|
||||||
|
@ -127,7 +127,7 @@ public abstract class SQLMetadataStorageActionHandler<EntryType, StatusType, Log
|
||||||
return entryTypeName;
|
return entryTypeName;
|
||||||
}
|
}
|
||||||
|
|
||||||
public TypeReference getEntryType()
|
public TypeReference<EntryType> getEntryType()
|
||||||
{
|
{
|
||||||
return entryType;
|
return entryType;
|
||||||
}
|
}
|
||||||
|
|
|
@ -185,7 +185,7 @@ public class ResultLevelCachingQueryRunner<T> implements QueryRunner<T>
|
||||||
log.error("Cached result set is null");
|
log.error("Cached result set is null");
|
||||||
}
|
}
|
||||||
final Function<Object, T> pullFromCacheFunction = strategy.pullFromCache(true);
|
final Function<Object, T> pullFromCacheFunction = strategy.pullFromCache(true);
|
||||||
final TypeReference<Object> cacheObjectClazz = strategy.getCacheObjectClazz();
|
final TypeReference<T> cacheObjectClazz = strategy.getCacheObjectClazz();
|
||||||
//Skip the resultsetID and its length bytes
|
//Skip the resultsetID and its length bytes
|
||||||
Sequence<T> cachedSequence = Sequences.simple(() -> {
|
Sequence<T> cachedSequence = Sequences.simple(() -> {
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -67,11 +67,13 @@ import java.util.concurrent.atomic.AtomicLong;
|
||||||
*/
|
*/
|
||||||
public class HttpLoadQueuePeon extends LoadQueuePeon
|
public class HttpLoadQueuePeon extends LoadQueuePeon
|
||||||
{
|
{
|
||||||
public static final TypeReference REQUEST_ENTITY_TYPE_REF = new TypeReference<List<DataSegmentChangeRequest>>()
|
public static final TypeReference<List<DataSegmentChangeRequest>> REQUEST_ENTITY_TYPE_REF =
|
||||||
|
new TypeReference<List<DataSegmentChangeRequest>>()
|
||||||
{
|
{
|
||||||
};
|
};
|
||||||
|
|
||||||
public static final TypeReference RESPONSE_ENTITY_TYPE_REF = new TypeReference<List<SegmentLoadDropHandler.DataSegmentChangeRequestAndStatus>>()
|
public static final TypeReference<List<SegmentLoadDropHandler.DataSegmentChangeRequestAndStatus>> RESPONSE_ENTITY_TYPE_REF =
|
||||||
|
new TypeReference<List<SegmentLoadDropHandler.DataSegmentChangeRequestAndStatus>>()
|
||||||
{
|
{
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -226,6 +226,22 @@
|
||||||
</execution>
|
</execution>
|
||||||
</executions>
|
</executions>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-dependency-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<!--
|
||||||
|
~ The analysis gets confused between javax.xml.bind:jaxb-api and jakarta.xml.bind:jakarta.xml.bind-api.
|
||||||
|
~ The former is a direct dependency, and the latter is a transitive dependency of jackson 2.10+.
|
||||||
|
-->
|
||||||
|
<usedDependencies>
|
||||||
|
<dependency>javax.xml.bind:jaxb-api</dependency>
|
||||||
|
</usedDependencies>
|
||||||
|
<ignoredUsedUndeclaredDependencies>
|
||||||
|
<ignoredUsedUndeclaredDependency>jakarta.xml.bind:jakarta.xml.bind-api</ignoredUsedUndeclaredDependency>
|
||||||
|
</ignoredUsedUndeclaredDependencies>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
</build>
|
</build>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue