From 41fa33864d7be92ce3eb5626a0cab7654a67c3cd Mon Sep 17 00:00:00 2001 From: Nate Bauernfeind Date: Mon, 12 Dec 2022 15:10:17 -0700 Subject: [PATCH 1/6] Fix incorrect Table casts of PartitionTables in PartitionedTableService (#3183) --- .../PartitionedTableServiceGrpcImpl.java | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/server/src/main/java/io/deephaven/server/partitionedtable/PartitionedTableServiceGrpcImpl.java b/server/src/main/java/io/deephaven/server/partitionedtable/PartitionedTableServiceGrpcImpl.java index 8d793aa4dde..3f52dbaa7b4 100644 --- a/server/src/main/java/io/deephaven/server/partitionedtable/PartitionedTableServiceGrpcImpl.java +++ b/server/src/main/java/io/deephaven/server/partitionedtable/PartitionedTableServiceGrpcImpl.java @@ -14,8 +14,10 @@ import io.deephaven.proto.backplane.grpc.PartitionByRequest; import io.deephaven.proto.backplane.grpc.PartitionByResponse; import io.deephaven.proto.backplane.grpc.PartitionedTableServiceGrpc; +import io.deephaven.server.auth.AuthorizationProvider; import io.deephaven.server.session.SessionService; import io.deephaven.server.session.SessionState; +import io.deephaven.server.session.TicketResolverBase; import io.deephaven.server.session.TicketRouter; import io.grpc.stub.StreamObserver; @@ -34,17 +36,20 @@ public class PartitionedTableServiceGrpcImpl extends PartitionedTableServiceGrpc private final SessionService sessionService; private final UpdateGraphProcessor updateGraphProcessor; private final PartitionedTableServiceContextualAuthWiring authWiring; + private final TicketResolverBase.AuthTransformation authorizationTransformation; @Inject public PartitionedTableServiceGrpcImpl( TicketRouter ticketRouter, SessionService sessionService, UpdateGraphProcessor updateGraphProcessor, + AuthorizationProvider authorizationProvider, PartitionedTableServiceContextualAuthWiring authWiring) { this.ticketRouter = ticketRouter; this.sessionService = sessionService; this.updateGraphProcessor = updateGraphProcessor; this.authWiring = authWiring; + this.authorizationTransformation = authorizationProvider.getTicketTransformation(); } @Override @@ -86,14 +91,15 @@ public void merge(MergeRequest request, StreamObserver { authWiring.checkPermissionMerge(session.getAuthContext(), request, - Collections.singletonList((Table) partitionedTable.get())); - final Table merged; + Collections.singletonList(partitionedTable.get().table())); + Table merged; if (partitionedTable.get().table().isRefreshing()) { merged = updateGraphProcessor.sharedLock() .computeLocked(partitionedTable.get()::merge); } else { merged = partitionedTable.get().merge(); } + merged = authorizationTransformation.transform(merged); final ExportedTableCreationResponse response = buildTableCreationResponse(request.getResultId(), merged); safelyExecute(() -> { @@ -120,10 +126,10 @@ public void getTable(GetTableRequest request, StreamObserver { - authWiring.checkPermissionGetTable(session.getAuthContext(), request, - List.of((Table) partitionedTable.get(), keys.get())); - final Table table; + Table table; Table keyTable = keys.get(); + authWiring.checkPermissionGetTable(session.getAuthContext(), request, + List.of(partitionedTable.get().table(), keyTable)); if (!keyTable.isRefreshing()) { long keyTableSize = keyTable.size(); if (keyTableSize != 1) { @@ -161,6 +167,7 @@ public void getTable(GetTableRequest request, StreamObserver { From 35bb621f60b24bbeb1d867018442c84b7ec47d1c Mon Sep 17 00:00:00 2001 From: Devin Smith Date: Tue, 13 Dec 2022 09:06:22 -0800 Subject: [PATCH 2/6] Bump jetty to 11.0.13 (#3184) https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.13 --- buildSrc/src/main/groovy/Classpaths.groovy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildSrc/src/main/groovy/Classpaths.groovy b/buildSrc/src/main/groovy/Classpaths.groovy index 1510e2e1469..2c605b1622a 100644 --- a/buildSrc/src/main/groovy/Classpaths.groovy +++ b/buildSrc/src/main/groovy/Classpaths.groovy @@ -119,7 +119,7 @@ class Classpaths { static final String JETTY11_GROUP = 'org.eclipse.jetty' static final String JETTY11_NAME = 'jetty-bom' - static final String JETTY11_VERSION = '11.0.12' + static final String JETTY11_VERSION = '11.0.13' static final String GUAVA_GROUP = 'com.google.guava' static final String GUAVA_NAME = 'guava' From 431c3d8df1413f3d6502e47ffe2852dd32fa34c2 Mon Sep 17 00:00:00 2001 From: Devin Smith Date: Tue, 13 Dec 2022 09:07:00 -0800 Subject: [PATCH 3/6] Bump commons-compress to 1.22 (#3185) https://github.com/apache/commons-compress/blob/rel/1.22/RELEASE-NOTES.txt --- .../main/groovy/io.deephaven.java-classpath-conventions.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildSrc/src/main/groovy/io.deephaven.java-classpath-conventions.gradle b/buildSrc/src/main/groovy/io.deephaven.java-classpath-conventions.gradle index 44e00ef7300..cee91ebcaa9 100644 --- a/buildSrc/src/main/groovy/io.deephaven.java-classpath-conventions.gradle +++ b/buildSrc/src/main/groovy/io.deephaven.java-classpath-conventions.gradle @@ -6,7 +6,7 @@ plugins { // TODO(deephaven-core#1162): Adopt java-platform to manage versions ext { depAnnotations = 'com.intellij:annotations:5.1' - depCommonsCompress = 'org.apache.commons:commons-compress:1.21' + depCommonsCompress = 'org.apache.commons:commons-compress:1.22' depCommonsLang3 = 'org.apache.commons:commons-lang3:3.9' depCommonsIo = 'commons-io:commons-io:2.11.0' depJdom2 = 'org.jdom:jdom2:2.0.6.1' From 0971ab087b0dbc78b82c8df1bd2b3e39770467f6 Mon Sep 17 00:00:00 2001 From: Devin Smith Date: Tue, 13 Dec 2022 09:09:10 -0800 Subject: [PATCH 4/6] Remove httpClient configuration (#3188) --- .../main/groovy/io.deephaven.java-classpath-conventions.gradle | 2 -- 1 file changed, 2 deletions(-) diff --git a/buildSrc/src/main/groovy/io.deephaven.java-classpath-conventions.gradle b/buildSrc/src/main/groovy/io.deephaven.java-classpath-conventions.gradle index cee91ebcaa9..1f6c1d4c7cf 100644 --- a/buildSrc/src/main/groovy/io.deephaven.java-classpath-conventions.gradle +++ b/buildSrc/src/main/groovy/io.deephaven.java-classpath-conventions.gradle @@ -17,7 +17,6 @@ configurations { commonsIo jdom - httpClient math3 jama.extendsFrom math3 dxCompile @@ -48,7 +47,6 @@ dependencies { // First, one-off configurations for stuff we need "here and there" jdom 'org.jdom:jdom2:2.0.6.1' - httpClient 'org.apache.httpcomponents:httpclient:4.5.6' commonsLang3 'org.apache.commons:commons-lang3:3.9' commonsText 'org.apache.commons:commons-text:1.10.0' commonsIo 'commons-io:commons-io:2.11.0' From fd659d5f352d0e3fa499109692b1d0d4b0ff61d3 Mon Sep 17 00:00:00 2001 From: Devin Smith Date: Tue, 13 Dec 2022 09:22:42 -0800 Subject: [PATCH 5/6] Bump woodstox-core to 6.4.0 (#3190) See https://www.cve.org/CVERecord?id=CVE-2022-40152 --- ParquetHadoop/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ParquetHadoop/build.gradle b/ParquetHadoop/build.gradle index 5ee3eba6cfb..5a5f890ef9d 100644 --- a/ParquetHadoop/build.gradle +++ b/ParquetHadoop/build.gradle @@ -48,7 +48,7 @@ dependencies { * lz4-pure-java - note that we can't _easily_ use aircompressor here, as the service loader sees * the copy in hadoop-common. TODO use config instead of service loader */ - runtimeOnly('com.fasterxml.woodstox:woodstox-core:6.3.1') { + runtimeOnly('com.fasterxml.woodstox:woodstox-core:6.4.0') { because 'hadoop-common required dependency for Configuration' } runtimeOnly('org.apache.hadoop.thirdparty:hadoop-shaded-guava:1.1.1') { From 500395fafcdabe4799063fbb96512bef09f8001b Mon Sep 17 00:00:00 2001 From: Devin Smith Date: Tue, 13 Dec 2022 09:23:24 -0800 Subject: [PATCH 6/6] Bump uuid-creator to 5.2.0 (#3191) https://github.com/f4b6a3/uuid-creator/blob/uuid-creator-5.2.0/CHANGELOG.md --- engine/context/build.gradle | 2 +- engine/table/build.gradle | 2 +- server/build.gradle | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/engine/context/build.gradle b/engine/context/build.gradle index d47ea62315b..c07295e33c5 100644 --- a/engine/context/build.gradle +++ b/engine/context/build.gradle @@ -20,7 +20,7 @@ dependencies { implementation project(':table-api') implementation project(':IO') - implementation 'com.github.f4b6a3:uuid-creator:3.6.0' + implementation 'com.github.f4b6a3:uuid-creator:5.2.0' Classpaths.inheritCommonsText(project, 'implementation') diff --git a/engine/table/build.gradle b/engine/table/build.gradle index 49e41db53a1..9b04ba1af96 100644 --- a/engine/table/build.gradle +++ b/engine/table/build.gradle @@ -48,7 +48,7 @@ dependencies { implementation project(':Net') implementation project(':FishUtil') - implementation 'com.github.f4b6a3:uuid-creator:3.6.0' + implementation 'com.github.f4b6a3:uuid-creator:5.2.0' implementation 'com.tdunning:t-digest:3.2' implementation 'com.squareup:javapoet:1.13.0' diff --git a/server/build.gradle b/server/build.gradle index 78de341cbb2..a813ef7f3a6 100644 --- a/server/build.gradle +++ b/server/build.gradle @@ -33,7 +33,7 @@ dependencies { api(project(':application-mode')) { because 'downstream dagger compile, see deephaven-core#1722' } - implementation 'com.github.f4b6a3:uuid-creator:3.6.0' + implementation 'com.github.f4b6a3:uuid-creator:5.2.0' api(project(':Configuration')) { because 'jetty/netty implementations will access the configuration in their main()s'