From 74b39c68ae4fa612f91cd3c4f95f18483a0a5b81 Mon Sep 17 00:00:00 2001 From: MariamAlmesfer Date: Mon, 30 Sep 2024 17:28:58 +0300 Subject: [PATCH] Upgrade Jackson & its dependencies to resolve CVEs If applied, this will: Upgrade Jackson Core, Databind, and other dependencies to version 2.15.4. Address security vulnerabilities, including PRISMA-2023-0067. --- pom.xml | 66 ++++++++++++++++++- presto-bigquery/pom.xml | 1 + .../plugin/bigquery/BigQueryColumnHandle.java | 10 +-- .../presto/plugin/bigquery/BigQuerySplit.java | 8 +-- .../plugin/bigquery/BigQueryTableHandle.java | 14 ++-- .../bigquery/BigQueryTableLayoutHandle.java | 4 +- presto-hudi/pom.xml | 1 - presto-iceberg/pom.xml | 1 - .../presto/connector/jmx/JmxColumnHandle.java | 4 +- .../presto/connector/jmx/JmxSplit.java | 4 +- .../presto/connector/jmx/JmxTableHandle.java | 8 +-- .../connector/jmx/JmxTableLayoutHandle.java | 4 +- .../presto/lark/sheets/LarkSheetsSplit.java | 2 +- .../lark/sheets/LarkSheetsTableHandle.java | 12 ++-- .../sheets/LarkSheetsTableLayoutHandle.java | 2 +- .../spi/MaterializedViewDefinition.java | 6 +- 16 files changed, 104 insertions(+), 43 deletions(-) diff --git a/pom.xml b/pom.xml index fde9885f52e0..af3960819967 100644 --- a/pom.xml +++ b/pom.xml @@ -77,7 +77,7 @@ 2.2.0 2.18.0 32.1.0-jre - 2.11.0 + 2.15.4 2.8 1.11.4 1.26.2 @@ -211,7 +211,7 @@ netty-handler 4.1.107.Final - + com.facebook.presto presto-testing-docker @@ -797,6 +797,36 @@ ${dep.jackson.version} + + com.fasterxml.jackson.core + jackson-core + ${dep.jackson.version} + + + + com.fasterxml.jackson.core + jackson-annotations + ${dep.jackson.version} + + + + com.fasterxml.jackson.dataformat + jackson-dataformat-smile + ${dep.jackson.version} + + + + com.fasterxml.jackson.dataformat + jackson-dataformat-yaml + ${dep.jackson.version} + + + + com.fasterxml.jackson.core + jackson-databind + ${dep.jackson.version} + + com.jayway.jsonpath json-path @@ -1702,6 +1732,10 @@ joda-time joda-time + + com.fasterxml.jackson.core + jackson-databind + @@ -2286,6 +2320,14 @@ org.apache.maven.plugins maven-enforcer-plugin + 3.3.0 + + + org.codehaus.mojo + extra-enforcer-rules + 1.6.2 + + @@ -2347,6 +2389,26 @@ 0.5.1 + + org.basepom.maven + duplicate-finder-maven-plugin + 1.2.1 + + + + check + + verify + + + + + module-info + META-INF.versions.9.module-info + + + + diff --git a/presto-bigquery/pom.xml b/presto-bigquery/pom.xml index 81f83280d064..4622d9dc8b73 100644 --- a/presto-bigquery/pom.xml +++ b/presto-bigquery/pom.xml @@ -353,6 +353,7 @@ com.fasterxml.jackson.core:jackson-core javax.annotation:javax.annotation-api com.fasterxml.jackson.core:jackson-databind + com.google.api.grpc:proto-google-common-protos diff --git a/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryColumnHandle.java b/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryColumnHandle.java index 07a58af7e10f..198b372cd01b 100644 --- a/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryColumnHandle.java +++ b/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryColumnHandle.java @@ -56,14 +56,14 @@ public BigQueryColumnHandle( this.description = description; } - @JsonProperty + @JsonProperty(value = "name") public String getName() { return name; } @Override - @JsonProperty + @JsonProperty(value = "bigQueryType") public BigQueryType getBigQueryType() { return bigQueryType; @@ -76,19 +76,19 @@ public Map getBigQuerySubTypes() } @Override - @JsonProperty + @JsonProperty(value = "mode") public Mode getMode() { return mode; } - @JsonProperty + @JsonProperty(value = "subColumns") public List getSubColumns() { return subColumns; } - @JsonProperty + @JsonProperty(value = "description") public String description() { return description; diff --git a/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQuerySplit.java b/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQuerySplit.java index 44585eca2dff..1e20400f14e6 100644 --- a/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQuerySplit.java +++ b/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQuerySplit.java @@ -65,25 +65,25 @@ static BigQuerySplit emptyProjection(long numberOfRows) return new BigQuerySplit("", "", ImmutableList.of(), numberOfRows); } - @JsonProperty + @JsonProperty(value = "streamName") public String getStreamName() { return streamName; } - @JsonProperty + @JsonProperty(value = "avroSchema") public String getAvroSchema() { return avroSchema; } - @JsonProperty + @JsonProperty(value = "columns") public List getColumns() { return columns; } - @JsonProperty + @JsonProperty(value = "emptyRowsToGenerate") public long getEmptyRowsToGenerate() { return emptyRowsToGenerate; diff --git a/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryTableHandle.java b/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryTableHandle.java index 1a7c194cf21b..fb5b267cea27 100644 --- a/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryTableHandle.java +++ b/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryTableHandle.java @@ -66,43 +66,43 @@ public static BigQueryTableHandle from(TableInfo tableInfo) return new BigQueryTableHandle(tableId.getProject(), tableId.getDataset(), tableId.getTable(), type, TupleDomain.none(), Optional.empty(), OptionalLong.empty()); } - @JsonProperty + @JsonProperty (value = "projectId") public String getProjectId() { return projectId; } - @JsonProperty + @JsonProperty(value = "schemaName") public String getSchemaName() { return schemaName; } - @JsonProperty + @JsonProperty (value = "tableName") public String getTableName() { return tableName; } - @JsonProperty + @JsonProperty (value = "type") public String getType() { return type; } - @JsonProperty + @JsonProperty (value = "constraint") public TupleDomain getConstraint() { return constraint; } - @JsonProperty + @JsonProperty (value = "projectedColumns") public Optional> getProjectedColumns() { return projectedColumns; } - @JsonProperty + @JsonProperty (value = "limit") public OptionalLong getLimit() { return limit; diff --git a/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryTableLayoutHandle.java b/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryTableLayoutHandle.java index 607d0b293a76..4db47ea559dd 100644 --- a/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryTableLayoutHandle.java +++ b/presto-bigquery/src/main/java/com/facebook/presto/plugin/bigquery/BigQueryTableLayoutHandle.java @@ -41,13 +41,13 @@ public BigQueryTableLayoutHandle( this(table, TupleDomain.none()); } - @JsonProperty + @JsonProperty (value = "table") public BigQueryTableHandle getTable() { return table; } - @JsonProperty + @JsonProperty (value = "tupleDomain") public TupleDomain getTupleDomain() { return tupleDomain; diff --git a/presto-hudi/pom.xml b/presto-hudi/pom.xml index a8206b4fdd5b..4cc363a9f6e4 100644 --- a/presto-hudi/pom.xml +++ b/presto-hudi/pom.xml @@ -217,7 +217,6 @@ com.fasterxml.jackson.core jackson-annotations - 2.10.2 provided diff --git a/presto-iceberg/pom.xml b/presto-iceberg/pom.xml index 9287d6640631..7372a8956f93 100644 --- a/presto-iceberg/pom.xml +++ b/presto-iceberg/pom.xml @@ -459,7 +459,6 @@ com.fasterxml.jackson.core jackson-annotations - 2.10.2 provided diff --git a/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxColumnHandle.java b/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxColumnHandle.java index 0c6511a21a9c..3e061fe10476 100644 --- a/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxColumnHandle.java +++ b/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxColumnHandle.java @@ -39,13 +39,13 @@ public JmxColumnHandle( this.columnType = requireNonNull(columnType, "columnType is null"); } - @JsonProperty + @JsonProperty (value = "columnName") public String getColumnName() { return columnName; } - @JsonProperty + @JsonProperty (value = "columnType") public Type getColumnType() { return columnType; diff --git a/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxSplit.java b/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxSplit.java index b5dadf72dd70..c097fda36ca2 100644 --- a/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxSplit.java +++ b/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxSplit.java @@ -41,7 +41,7 @@ public JmxSplit( this.addresses = ImmutableList.copyOf(requireNonNull(addresses, "addresses is null")); } - @JsonProperty + @JsonProperty(value = "tableHandle") public JmxTableHandle getTableHandle() { return tableHandle; @@ -53,7 +53,7 @@ public NodeSelectionStrategy getNodeSelectionStrategy() return HARD_AFFINITY; } - @JsonProperty + @JsonProperty(value = "addresses") public List getAddresses() { return addresses; diff --git a/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxTableHandle.java b/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxTableHandle.java index 9a5474bcd39a..70954e37df8a 100644 --- a/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxTableHandle.java +++ b/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxTableHandle.java @@ -51,25 +51,25 @@ public JmxTableHandle( checkArgument(!objectNames.isEmpty(), "objectsNames is empty"); } - @JsonProperty + @JsonProperty(value = "tableName") public SchemaTableName getTableName() { return tableName; } - @JsonProperty + @JsonProperty (value = "objectNames") public List getObjectNames() { return objectNames; } - @JsonProperty + @JsonProperty(value = "columnHandles") public List getColumnHandles() { return columnHandles; } - @JsonProperty + @JsonProperty(value = "liveData") public boolean isLiveData() { return liveData; diff --git a/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxTableLayoutHandle.java b/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxTableLayoutHandle.java index 28598d90d445..08931d247393 100644 --- a/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxTableLayoutHandle.java +++ b/presto-jmx/src/main/java/com/facebook/presto/connector/jmx/JmxTableLayoutHandle.java @@ -36,13 +36,13 @@ public JmxTableLayoutHandle( this.constraint = requireNonNull(constraint, "constraint is null"); } - @JsonProperty + @JsonProperty(value = "table") public JmxTableHandle getTable() { return table; } - @JsonProperty + @JsonProperty(value = "constraint") public TupleDomain getConstraint() { return constraint; diff --git a/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsSplit.java b/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsSplit.java index c988ac48bea6..b11e01a22412 100644 --- a/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsSplit.java +++ b/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsSplit.java @@ -37,7 +37,7 @@ public LarkSheetsSplit(@JsonProperty("table") LarkSheetsTableHandle table) this.table = requireNonNull(table, "table is null"); } - @JsonProperty + @JsonProperty(value = "table") public LarkSheetsTableHandle getTable() { return table; diff --git a/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsTableHandle.java b/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsTableHandle.java index b76ab2beb82d..79b1c28171d8 100644 --- a/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsTableHandle.java +++ b/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsTableHandle.java @@ -49,37 +49,37 @@ public LarkSheetsTableHandle( this.rowCount = rowCount; } - @JsonProperty + @JsonProperty(value = "spreadsheetToken") public String getSpreadsheetToken() { return spreadsheetToken; } - @JsonProperty + @JsonProperty(value = "sheetId") public String getSheetId() { return sheetId; } - @JsonProperty + @JsonProperty(value = "sheetTitle") public String getSheetTitle() { return sheetTitle; } - @JsonProperty + @JsonProperty(value = "sheetIndex") public int getSheetIndex() { return sheetIndex; } - @JsonProperty + @JsonProperty(value = "columnCount") public int getColumnCount() { return columnCount; } - @JsonProperty + @JsonProperty(value = "rowCount") public int getRowCount() { return rowCount; diff --git a/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsTableLayoutHandle.java b/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsTableLayoutHandle.java index f2386d96f5a3..f71238a32df8 100644 --- a/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsTableLayoutHandle.java +++ b/presto-lark-sheets/src/main/java/com/facebook/presto/lark/sheets/LarkSheetsTableLayoutHandle.java @@ -33,7 +33,7 @@ public LarkSheetsTableLayoutHandle(@JsonProperty("table") LarkSheetsTableHandle this.table = requireNonNull(table, "table is null"); } - @JsonProperty + @JsonProperty(value = "table") public LarkSheetsTableHandle getTable() { return table; diff --git a/presto-spi/src/main/java/com/facebook/presto/spi/MaterializedViewDefinition.java b/presto-spi/src/main/java/com/facebook/presto/spi/MaterializedViewDefinition.java index b5762854f727..29f357aa3d35 100644 --- a/presto-spi/src/main/java/com/facebook/presto/spi/MaterializedViewDefinition.java +++ b/presto-spi/src/main/java/com/facebook/presto/spi/MaterializedViewDefinition.java @@ -258,19 +258,19 @@ public TableColumn( this(tableName, columnName, Optional.of(isDirectMapped)); } - @JsonProperty + @JsonProperty(value = "tableName") public SchemaTableName getTableName() { return tableName; } - @JsonProperty + @JsonProperty(value = "columnName") public String getColumnName() { return columnName; } - @JsonProperty + @JsonProperty(value = "isDirectMapped") public Optional isDirectMapped() { return isDirectMapped;