Skip to content

Commit

Permalink
Upgrade Jackson & its dependencies to resolve CVEs
Browse files Browse the repository at this point in the history 
If applied, this will:
Upgrade Jackson Core, Databind, and other dependencies to version 2.15.4.
Address security vulnerabilities, including PRISMA-2023-0067.
  • Loading branch information
@Mariamalmesfer
Mariamalmesfer authored and Mariam Almesfer committed Nov 27, 2024
1 parent 0ee4687 commit 74b39c6
Show file tree
Hide file tree
Showing 16 changed files with 104 additions and 43 deletions.
66 changes: 64 additions & 2 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@
<dep.ratis.version>2.2.0</dep.ratis.version>
<dep.errorprone.version>2.18.0</dep.errorprone.version>
<dep.guava.version>32.1.0-jre</dep.guava.version>
<dep.jackson.version>2.11.0</dep.jackson.version>
<dep.jackson.version>2.15.4</dep.jackson.version>
<dep.j2objc.version>2.8</dep.j2objc.version>
<dep.avro.version>1.11.4</dep.avro.version>
<dep.commons.compress.version>1.26.2</dep.commons.compress.version>
Expand Down Expand Up @@ -211,7 +211,7 @@
<artifactId>netty-handler</artifactId>
<version>4.1.107.Final</version>
</dependency>

<dependency>
<groupId>com.facebook.presto</groupId>
<artifactId>presto-testing-docker</artifactId>
Expand Down Expand Up @@ -797,6 +797,36 @@
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-smile</artifactId>
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-yaml</artifactId>
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${dep.jackson.version}</version>
</dependency>

<dependency>
<groupId>com.jayway.jsonpath</groupId>
<artifactId>json-path</artifactId>
Expand Down Expand Up @@ -1702,6 +1732,10 @@
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
</exclusion>
<exclusion>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</exclusion>
</exclusions>
</dependency>

Expand Down Expand Up @@ -2286,6 +2320,14 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.3.0</version>
<dependencies>
<dependency>
<groupId>org.codehaus.mojo</groupId>
<artifactId>extra-enforcer-rules</artifactId>
<version>1.6.2</version>
</dependency>
</dependencies>
<configuration>
<rules>
<requireUpperBoundDeps>
Expand Down Expand Up @@ -2347,6 +2389,26 @@
<version>0.5.1</version>
</plugin>

<plugin>
<groupId>org.basepom.maven</groupId>
<artifactId>duplicate-finder-maven-plugin</artifactId>
<version>1.2.1</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
<phase>verify</phase>
</execution>
</executions>
<configuration>
<ignoredClassPatterns combine.children="append">
<ignoredClassPattern>module-info</ignoredClassPattern>
<ignoredClassPattern>META-INF.versions.9.module-info</ignoredClassPattern>
</ignoredClassPatterns>
</configuration>
</plugin>

</plugins>
</pluginManagement>

Expand Down
1 change: 1 addition & 0 deletions presto-bigquery/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -353,6 +353,7 @@
<exclude>com.fasterxml.jackson.core:jackson-core</exclude>
<exclude>javax.annotation:javax.annotation-api</exclude>
<exclude>com.fasterxml.jackson.core:jackson-databind</exclude>
<exclude>com.google.api.grpc:proto-google-common-protos</exclude>
</excludes>
</requireUpperBoundDeps>
</rules>
Expand Down
10 changes: 5 additions & 5 deletions presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryColumnHandle.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,14 +56,14 @@ public BigQueryColumnHandle(
this.description = description;
}

@JsonProperty
@JsonProperty(value = "name")
public String getName()
{
return name;
}

@Override
@JsonProperty
@JsonProperty(value = "bigQueryType")
public BigQueryType getBigQueryType()
{
return bigQueryType;
Expand All @@ -76,19 +76,19 @@ public Map<String, Adaptor> getBigQuerySubTypes()
}

@Override
@JsonProperty
@JsonProperty(value = "mode")
public Mode getMode()
{
return mode;
}

@JsonProperty
@JsonProperty(value = "subColumns")
public List<BigQueryColumnHandle> getSubColumns()
{
return subColumns;
}

@JsonProperty
@JsonProperty(value = "description")
public String description()
{
return description;
Expand Down
8 changes: 4 additions & 4 deletions presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQuerySplit.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,25 +65,25 @@ static BigQuerySplit emptyProjection(long numberOfRows)
return new BigQuerySplit("", "", ImmutableList.of(), numberOfRows);
}

@JsonProperty
@JsonProperty(value = "streamName")
public String getStreamName()
{
return streamName;
}

@JsonProperty
@JsonProperty(value = "avroSchema")
public String getAvroSchema()
{
return avroSchema;
}

@JsonProperty
@JsonProperty(value = "columns")
public List<ColumnHandle> getColumns()
{
return columns;
}

@JsonProperty
@JsonProperty(value = "emptyRowsToGenerate")
public long getEmptyRowsToGenerate()
{
return emptyRowsToGenerate;
Expand Down
14 changes: 7 additions & 7 deletions presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryTableHandle.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,43 +66,43 @@ public static BigQueryTableHandle from(TableInfo tableInfo)
return new BigQueryTableHandle(tableId.getProject(), tableId.getDataset(), tableId.getTable(), type, TupleDomain.none(), Optional.empty(), OptionalLong.empty());
}

@JsonProperty
@JsonProperty (value = "projectId")
public String getProjectId()
{
return projectId;
}

@JsonProperty
@JsonProperty(value = "schemaName")
public String getSchemaName()
{
return schemaName;
}

@JsonProperty
@JsonProperty (value = "tableName")
public String getTableName()
{
return tableName;
}

@JsonProperty
@JsonProperty (value = "type")
public String getType()
{
return type;
}

@JsonProperty
@JsonProperty (value = "constraint")
public TupleDomain<ColumnHandle> getConstraint()
{
return constraint;
}

@JsonProperty
@JsonProperty (value = "projectedColumns")
public Optional<List<ColumnHandle>> getProjectedColumns()
{
return projectedColumns;
}

@JsonProperty
@JsonProperty (value = "limit")
public OptionalLong getLimit()
{
return limit;
Expand Down
4 changes: 2 additions & 2 deletions ...bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryTableLayoutHandle.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,13 +41,13 @@ public BigQueryTableLayoutHandle(
this(table, TupleDomain.none());
}

@JsonProperty
@JsonProperty (value = "table")
public BigQueryTableHandle getTable()
{
return table;
}

@JsonProperty
@JsonProperty (value = "tupleDomain")
public TupleDomain<ColumnHandle> getTupleDomain()
{
return tupleDomain;
Expand Down
1 change: 0 additions & 1 deletion presto-hudi/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,6 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.10.2</version>
<scope>provided</scope>
</dependency>

Expand Down
1 change: 0 additions & 1 deletion presto-iceberg/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -459,7 +459,6 @@
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.10.2</version>
<scope>provided</scope>
</dependency>

Expand Down
4 changes: 2 additions & 2 deletions presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxColumnHandle.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,13 +39,13 @@ public JmxColumnHandle(
this.columnType = requireNonNull(columnType, "columnType is null");
}

@JsonProperty
@JsonProperty (value = "columnName")
public String getColumnName()
{
return columnName;
}

@JsonProperty
@JsonProperty (value = "columnType")
public Type getColumnType()
{
return columnType;
Expand Down
4 changes: 2 additions & 2 deletions presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxSplit.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ public JmxSplit(
this.addresses = ImmutableList.copyOf(requireNonNull(addresses, "addresses is null"));
}

@JsonProperty
@JsonProperty(value = "tableHandle")
public JmxTableHandle getTableHandle()
{
return tableHandle;
Expand All @@ -53,7 +53,7 @@ public NodeSelectionStrategy getNodeSelectionStrategy()
return HARD_AFFINITY;
}

@JsonProperty
@JsonProperty(value = "addresses")
public List<HostAddress> getAddresses()
{
return addresses;
Expand Down
8 changes: 4 additions & 4 deletions presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxTableHandle.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,25 +51,25 @@ public JmxTableHandle(
checkArgument(!objectNames.isEmpty(), "objectsNames is empty");
}

@JsonProperty
@JsonProperty(value = "tableName")
public SchemaTableName getTableName()
{
return tableName;
}

@JsonProperty
@JsonProperty (value = "objectNames")
public List<String> getObjectNames()
{
return objectNames;
}

@JsonProperty
@JsonProperty(value = "columnHandles")
public List<JmxColumnHandle> getColumnHandles()
{
return columnHandles;
}

@JsonProperty
@JsonProperty(value = "liveData")
public boolean isLiveData()
{
return liveData;
Expand Down
4 changes: 2 additions & 2 deletions presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxTableLayoutHandle.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,13 @@ public JmxTableLayoutHandle(
this.constraint = requireNonNull(constraint, "constraint is null");
}

@JsonProperty
@JsonProperty(value = "table")
public JmxTableHandle getTable()
{
return table;
}

@JsonProperty
@JsonProperty(value = "constraint")
public TupleDomain<ColumnHandle> getConstraint()
{
return constraint;
Expand Down
2 changes: 1 addition & 1 deletion presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsSplit.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public LarkSheetsSplit(@JsonProperty("table") LarkSheetsTableHandle table)
this.table = requireNonNull(table, "table is null");
}

@JsonProperty
@JsonProperty(value = "table")
public LarkSheetsTableHandle getTable()
{
return table;
Expand Down
Loading

0 comments on commit 74b39c6

Please sign in to comment.