Patched security vulnerability by updating Ranger libraries to the ne… (#15363)

Patched security vulnerability by updating Ranger libraries to the newest available version.
2025-02-23 03:03:02 +00:00 · 2023-11-22 02:17:18 -08:00 · 2023-11-22 02:17:18 -08:00 · c14cfc2a86
commit c14cfc2a86
parent 2f269fe065
5 changed files with 195 additions and 115 deletions
--- a/distribution/bin/check-licenses.py
+++ b/distribution/bin/check-licenses.py
@ -289,6 +289,7 @@ def build_compatible_license_names():

    compatible_licenses['Creative Commons CC0'] = 'Creative Commons CC0'
    compatible_licenses['CC0'] = 'Creative Commons CC0'
+    compatible_licenses['Public Domain, per Creative Commons CC0'] = 'Creative Commons CC0'

    compatible_licenses['The MIT License'] = 'MIT License'
    compatible_licenses['MIT License'] = 'MIT License'
--- a/extensions-core/druid-ranger-security/src/main/java/org/apache/druid/security/ranger/authorizer/RangerAuthorizer.java
+++ b/extensions-core/druid-ranger-security/src/main/java/org/apache/druid/security/ranger/authorizer/RangerAuthorizer.java
@ -134,7 +134,7 @@ class RangerDruidAccessRequest extends RangerAccessRequestImpl
 {
  public RangerDruidAccessRequest(RangerDruidResource resource, String user, Set<String> userGroups, Action action)
  {
-    super(resource, action.name().toLowerCase(Locale.ENGLISH), user, userGroups);
+    super(resource, action.name().toLowerCase(Locale.ENGLISH), user, userGroups, null);
    setAccessTime(new Date());
  }
 }
--- a/extensions-core/druid-ranger-security/src/test/java/org/apache/druid/security/ranger/authorizer/RangerAdminClientImpl.java
+++ b/extensions-core/druid-ranger-security/src/test/java/org/apache/druid/security/ranger/authorizer/RangerAdminClientImpl.java
@ -22,6 +22,7 @@ package org.apache.druid.security.ranger.authorizer;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 import org.apache.druid.java.util.common.logger.Logger;
+import org.apache.hadoop.conf.Configuration;
 import org.apache.ranger.admin.client.AbstractRangerAdminClient;
 import org.apache.ranger.plugin.util.ServicePolicies;

@ -39,9 +40,9 @@ public class RangerAdminClientImpl extends AbstractRangerAdminClient
  protected Gson gson;

  @Override
-  public void init(String serviceName, String appId, String configPropertyPrefix)
+  public void init(String serviceName, String appId, String configPropertyPrefix, Configuration config)
  {
-    super.init(serviceName, appId, configPropertyPrefix);
+    super.init(serviceName, appId, configPropertyPrefix, config);

    try {
      gson = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").setPrettyPrinting().create();
@ -52,7 +53,8 @@ public class RangerAdminClientImpl extends AbstractRangerAdminClient
  }

  @Override
-  public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis) throws Exception
+  public ServicePolicies getServicePoliciesIfUpdated(long lastKnownVersion, long lastActivationTimeInMillis)
+      throws Exception
  {

    String basedir = System.getProperty("basedir");
--- a/licenses.yaml
+++ b/licenses.yaml
@ -3173,6 +3173,16 @@ libraries:

 ---

+name: org.codehaus.woodstox stax2-api
+license_category: binary
+version: 4.2.1
+module: druid-kerberos
+license_name: BSD-3-Clause License
+libraries:
+  - org.codehaus.woodstox: stax2-api
+
+---
+
 name: Kafka clients
 version: 5.5.12-ccs
 license_category: binary
@ -4557,7 +4567,7 @@ libraries:

 name: org.apache.ranger ranger-plugins-audit
 license_category: binary
-version: 2.0.0
+version: 2.4.0
 module: druid-ranger-security
 license_name: Apache License version 2.0
 libraries:
@ -4567,7 +4577,7 @@ libraries:

 name: org.apache.ranger ranger-plugins-common
 license_category: binary
-version: 2.0.0
+version: 2.4.0
 module: druid-ranger-security
 license_name: Apache License version 2.0
 libraries:
@ -4575,19 +4585,9 @@ libraries:

 ---

-name: com.101tec zkclient
-license_category: binary
-version: '0.10'
-module: druid-ranger-security
-license_name: Apache License version 2.0
-libraries:
-  - com.101tec: zkclient
-
---
-
 name: com.kstruct gethostname4j
 license_category: binary
-version: 0.0.2
+version: 1.0.0
 module: druid-ranger-security
 license_name: MIT License
 libraries:
@ -4595,6 +4595,36 @@ libraries:

 ---

+name: com.amazonaws aws-java-sdk-bundle
+license_category: binary
+version: 1.12.125
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - com.amazonaws: aws-java-sdk-bundle
+
+---
+
+name: com.carrotsearch hppc
+license_category: binary
+version: 0.8.0
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - com.carrotsearch: hppc
+
+---
+
+name: org.locationtech.spatial4j spatial4j
+license_category: binary
+version: 0.7
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - org.locationtech.spatial4j: spatial4j
+
+---
+
 name: com.sun.jersey jersey-bundle
 license_category: binary
 version: 1.19.3
@ -4617,7 +4647,7 @@ libraries:

 name: JOpt Simple
 license_category: binary
-version: 5.0.4
+version: 5.0.2
 module: druid-ranger-security
 license_name: MIT License
 libraries:
@ -4628,7 +4658,7 @@ copyright: Paul R. Holser, Jr.

 name: org.apache.httpcomponents httpmime
 license_category: binary
-version: 4.5.3
+version: 4.5.6
 module: druid-ranger-security
 license_name: Apache License version 2.0
 libraries:
@ -4636,9 +4666,95 @@ libraries:

 ---

+name: org.apache.httpcomponents httpasyncclient
+license_category: binary
+version: 4.1.3
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - org.apache.httpcomponents: httpasyncclient
+
+---
+
+name: org.elasticsearch securesm
+license_category: binary
+version: 2.1.9
+module: druid-ranger-security
+license_name: Creative Commons CC0
+libraries:
+  - org.hdrhistogram: HdrHistogram
+
+---
+
+name: Apache Lucene 
+license_category: binary
+version: 8.4.0
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - org.apache.lucene: lucene-analyzers-common
+  - org.apache.lucene: lucene-backward-codecs
+  - org.apache.lucene: lucene-core
+  - org.apache.lucene: lucene-grouping
+  - org.apache.lucene: lucene-highlighter
+  - org.apache.lucene: lucene-join
+  - org.apache.lucene: lucene-memory
+  - org.apache.lucene: lucene-misc
+  - org.apache.lucene: lucene-queries
+  - org.apache.lucene: lucene-queryparser
+  - org.apache.lucene: lucene-sandbox
+  - org.apache.lucene: lucene-spatial
+  - org.apache.lucene: lucene-spatial-extras
+  - org.apache.lucene: lucene-spatial3d
+  - org.apache.lucene: lucene-suggest
+
+---
+
+name: org.elasticsearch securesm
+license_category: binary
+version: 1.2
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - org.elasticsearch: securesm
+
+---
+
+name: Elastic Search
+license_category: binary
+version: 7.10.2
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - org.elasticsearch: elasticsearch
+  - org.elasticsearch: elasticsearch-cli
+  - org.elasticsearch: elasticsearch-core
+  - org.elasticsearch: elasticsearch-geo
+  - org.elasticsearch: elasticsearch-secure-sm
+  - org.elasticsearch: elasticsearch-x-content
+  - org.elasticsearch.client: elasticsearch-rest-client
+  - org.elasticsearch.client: elasticsearch-rest-high-level-client
+  - org.elasticsearch.plugin: aggs-matrix-stats-client
+  - org.elasticsearch.plugin: lang-mustache-client
+  - org.elasticsearch.plugin: mapper-extras-client
+  - org.elasticsearch.plugin: parent-join-client
+  - org.elasticsearch.plugin: rank-eval-client
+
+---
+
+name: org.apache.httpcomponents httpcore-nio
+license_category: binary
+version: 4.4.6
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - org.apache.httpcomponents: httpcore-nio
+
+---
+
 name: Apache Kafka
 license_category: binary
-version: 2.0.0
+version: 2.8.1
 module: druid-ranger-security
 license_name: Apache License version 2.0
 libraries:
@ -4651,29 +4767,70 @@ the CDDL License. The source code of jersey can be found at https://github.com/j

 ---

-name: org.apache.kafka kafka_2.11
+name: org.apache.ranger ranger-plugins
 license_category: binary
-version: 2.0.0
-module: druid-ranger-security
-license_name: Apache License version 2.0
-libraries:
-  - org.apache.kafka: kafka_2.11
-
---
-
-name: org.apache.ranger ranger-plugins-cred
-license_category: binary
-version: 2.0.0
+version: 2.4.0
 module: druid-ranger-security
 license_name: Apache License version 2.0
 libraries:
  - org.apache.ranger: ranger-plugins-cred
+  - org.apache.ranger: ranger-plugin-classloader
+
+---
+
+name: Woodstox
+license_category: binary
+version: 6.2.4
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - com.fasterxml.woodstox: woodstox-core
+
+---
+
+name: com.github.spullara.mustache.java
+license_category: binary
+version: 0.9.6
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - com.github.spullara.mustache.java: compiler
+
+---
+
+name: com.tdunning t-digest
+license_category: binary
+version: 3.2
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - com.tdunning: t-digest
+
+---
+
+name: io.sgr s2-geometry-library-java
+license_category: binary
+version: 1.0.0
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - io.sgr: s2-geometry-library-java
+
+---
+
+name: org.apache.orc orc-core
+license_category: binary
+version: 1.5.8
+module: druid-ranger-security
+license_name: Apache License version 2.0
+libraries:
+  - org.apache.orc: orc-core

 ---

 name: org.apache.solr solr-solrj
 license_category: binary
-version: 7.7.1
+version: 8.11.2
 module: druid-ranger-security
 license_name: Apache License version 2.0
 libraries:
@ -4681,76 +4838,6 @@ libraries:

 ---

-name: org.codehaus.woodstox stax2-api
-license_category: binary
-version: 3.1.4
-module: druid-ranger-security
-license_name: BSD-3-Clause License
-libraries:
-  - org.codehaus.woodstox: stax2-api
-
---
-
-name: org.codehaus.woodstox stax2-api
-license_category: binary
-version: 4.2.1
-module: druid-ranger-security
-license_name: BSD-3-Clause License
-libraries:
-  - org.codehaus.woodstox: stax2-api
-
---
-
-name: org.codehaus.woodstox woodstox-core-asl
-license_category: binary
-version: 4.4.1
-module: druid-ranger-security
-license_name: Apache License version 2.0
-libraries:
-  - org.codehaus.woodstox: woodstox-core-asl
-
---
-
-name: org.eclipse.persistence commonj.sdo
-license_category: binary
-version: 2.1.1
-module: druid-ranger-security
-license_name: Eclipse Distribution License 1.0
-libraries:
-  - org.eclipse.persistence: commonj.sdo
-
---
-
-name: org.eclipse.persistence eclipselink
-license_category: binary
-version: 2.5.2
-module: druid-ranger-security
-license_name: Eclipse Distribution License 1.0
-libraries:
-  - org.eclipse.persistence: eclipselink
-
---
-
-name: org.eclipse.persistence javax.persistence
-license_category: binary
-version: 2.1.0
-module: druid-ranger-security
-license_name: Eclipse Distribution License 1.0
-libraries:
-  - org.eclipse.persistence: javax.persistence
-
---
-
-name: org.noggit noggit
-license_category: binary
-version: '0.8'
-module: druid-ranger-security
-license_name: Apache License version 2.0
-libraries:
-  - org.noggit: noggit
-
---
-
 name: Scala Library
 license_category: binary
 version: 2.11.12
@ -4762,19 +4849,9 @@ copyright: LAMP/EPFL and Lightbend, Inc.

 ---

-name: org.scala-lang scala-reflect
-license_category: binary
-version: 2.11.12
-module: druid-ranger-security
-license_name: BSD-3-Clause License
-libraries:
-  - org.scala-lang: scala-reflect
-
---
-
 name: snappy-java
 license_category: binary
-version: 1.1.8.4
+version: 1.1.10.4
 module: druid-ranger-security
 license_name: Apache License version 2.0
 libraries:
--- a/pom.xml
+++ b/pom.xml
@ -77,7 +77,7 @@
        <aether.version>0.9.0.M2</aether.version>
        <apache.curator.version>5.5.0</apache.curator.version>
        <apache.kafka.version>3.6.0</apache.kafka.version>
-        <apache.ranger.version>2.0.0</apache.ranger.version>
+        <apache.ranger.version>2.4.0</apache.ranger.version>
        <apache.ranger.gson.version>2.2.4</apache.ranger.gson.version>
        <scala.library.version>2.13.11</scala.library.version>
        <avatica.version>1.23.0</avatica.version>