From 9fa047af195c152939b68ccb95940f1a5102cd81 Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 2 Jun 2025 10:37:45 +0200 Subject: [PATCH 1/7] #74: Upgrade dependencies --- .github/workflows/broken_links_checker.yml | 51 ++++++++----- .github/workflows/ci-build.yml | 13 +++- .github/workflows/dependencies_check.yml | 6 +- .project-keeper.yml | 2 +- .settings/org.eclipse.jdt.core.prefs | 4 +- SECURITY.md | 25 ++++++ dependencies.md | 89 +++++++++++----------- doc/changes/changelog.md | 1 + doc/changes/changes_0.6.16.md | 48 ++++++++++++ pk_generated_parent.pom | 61 ++++++++++----- pom.xml | 22 +++--- src/test/resources/logging.properties | 2 +- 12 files changed, 221 insertions(+), 103 deletions(-) create mode 100644 SECURITY.md create mode 100644 doc/changes/changes_0.6.16.md diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index 90488ca..09e4bac 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -1,35 +1,44 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/broken_links_checker.yml +# This file was generated by Project Keeper. name: Broken Links Checker - on: schedule: - - cron: "0 5 * * 0" - + - { + cron: 0 5 * * 0 + } + workflow_dispatch: null jobs: linkChecker: runs-on: ubuntu-latest - permissions: + permissions: { contents: read + } defaults: - run: - shell: "bash" - concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + run: { + shell: bash + } + concurrency: { + group: '${{ github.workflow }}-${{ github.ref }}', cancel-in-progress: true + } steps: - - uses: actions/checkout@v4 - - name: Configure broken links checker + - { + id: checkout, + uses: actions/checkout@v4 + } + - id: configure-broken-links-checker + name: Configure broken links checker run: | mkdir -p ./target echo '{"aliveStatusCodes": [429, 200], "ignorePatterns": [' \ - '{"pattern": "^https?://(www|dev).mysql.com/"},' \ - '{"pattern": "^https?://(www.)?opensource.org"}' \ - '{"pattern": "^https?://(www.)?eclipse.org"}' \ - '{"pattern": "^https?://projects.eclipse.org"}' \ - ']}' > ./target/broken_links_checker.json - - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-quiet-mode: "yes" - use-verbose-mode: "yes" + '{"pattern": "^https?://(www|dev).mysql.com/"},' \ + '{"pattern": "^https?://(www.)?opensource.org"}' \ + '{"pattern": "^https?://(www.)?eclipse.org"}' \ + '{"pattern": "^https?://projects.eclipse.org"}' \ + ']}' > ./target/broken_links_checker.json + - id: run-broken-links-checker + uses: gaurav-nelson/github-action-markdown-link-check@v1 + with: { + use-quiet-mode: yes, + use-verbose-mode: yes, config-file: ./target/broken_links_checker.json + } diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 463b863..7c7bdf7 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -6,7 +6,14 @@ on: main ] - pull_request: null + pull_request: + types: [ + opened, + synchronize, + reopened, + ready_for_review + ] + jobs: matrix-build: runs-on: ubuntu-20.04 @@ -25,12 +32,12 @@ jobs: fail-fast: false matrix: exasol_db_version: [ - 8.32.0, + 8.34.0, 7.1.30 ] env: { - DEFAULT_EXASOL_DB_VERSION: 8.32.0 + DEFAULT_EXASOL_DB_VERSION: 8.34.0 } steps: - name: Free Disk Space diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index 02c5aa0..0832e80 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -46,9 +46,9 @@ jobs: org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \ -Dossindex.reportFile=$(pwd)/ossindex-report.json \ -Dossindex.fail=false - - name: Report Security Issues - id: security-issues - uses: exasol/python-toolbox/.github/actions/security-issues@main + - name: Create GitHub Issues + id: create-security-issues + uses: exasol/python-toolbox/.github/actions/security-issues@1.1.0 with: { format: maven, command: cat ossindex-report.json, diff --git a/.project-keeper.yml b/.project-keeper.yml index 850a718..5f5ad38 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -8,5 +8,5 @@ build: # UDFs in Exasol 7.1 require Ubuntu 20.04 runnerOs: ubuntu-20.04 exasolDbVersions: - - "8.32.0" + - "8.34.0" - "7.1.30" diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs index 6d0c568..7644ed3 100644 --- a/.settings/org.eclipse.jdt.core.prefs +++ b/.settings/org.eclipse.jdt.core.prefs @@ -241,7 +241,7 @@ org.eclipse.jdt.core.formatter.indent_empty_lines=false org.eclipse.jdt.core.formatter.indent_statements_compare_to_block=true org.eclipse.jdt.core.formatter.indent_statements_compare_to_body=true org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_cases=true -org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=false +org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=true org.eclipse.jdt.core.formatter.indentation.size=4 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_enum_constant=insert org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_field=insert @@ -447,7 +447,7 @@ org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_enum_constan org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_invocation=do not insert org.eclipse.jdt.core.formatter.join_lines_in_comments=true -org.eclipse.jdt.core.formatter.join_wrapped_lines=true +org.eclipse.jdt.core.formatter.join_wrapped_lines=false org.eclipse.jdt.core.formatter.keep_annotation_declaration_on_one_line=one_line_never org.eclipse.jdt.core.formatter.keep_anonymous_type_declaration_on_one_line=one_line_never org.eclipse.jdt.core.formatter.keep_code_block_on_one_line=one_line_never diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..f0edc21 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,25 @@ +# Security + +If you believe you have found a new security vulnerability in this repository, please report it to us as follows. + +## Reporting Security Issues + +* Please do **not** report security vulnerabilities through public GitHub issues. + +* Please create a draft security advisory on the Github page: the reporting form is under `> Security > Advisories`. The URL is https://github.com/exasol/udf-debugging-java/security/advisories/new. + +* If you prefer to email, please send your report to `infosec@exasol.com`. + +## Guidelines + +* When reporting a vulnerability, please include as much information as possible, including the complete steps to reproduce the issue. + +* Avoid sending us executables. + +* Feel free to include any script you wrote and used but avoid sending us scripts that download and run binaries. + +* We will prioritise reports that show how the exploits work in realistic environments. + +* We prefer all communications to be in English. + +* We do not offer financial rewards. We are happy to acknowledge your research publicly when possible. diff --git a/dependencies.md b/dependencies.md index 8e4a0e0..3778478 100644 --- a/dependencies.md +++ b/dependencies.md @@ -11,7 +11,7 @@ | [BucketFS Java][7] | [MIT License][8] | | [exasol-test-setup-abstraction-java][9] | [MIT License][10] | | [Apache Commons Compress][11] | [Apache-2.0][12] | -| [SLF4J JDK14 Provider][13] | [MIT License][14] | +| [SLF4J JDK14 Provider][13] | [MIT][14] | ## Test Dependencies @@ -35,33 +35,34 @@ ## Plugin Dependencies -| Dependency | License | -| ------------------------------------------------------- | --------------------------------- | -| [Apache Maven Clean Plugin][30] | [Apache-2.0][12] | -| [Apache Maven Install Plugin][31] | [Apache-2.0][12] | -| [Apache Maven Resources Plugin][32] | [Apache-2.0][12] | -| [Apache Maven Site Plugin][33] | [Apache-2.0][12] | -| [SonarQube Scanner for Maven][34] | [GNU LGPL 3][35] | -| [Apache Maven Toolchains Plugin][36] | [Apache-2.0][12] | -| [Apache Maven Dependency Plugin][37] | [Apache-2.0][12] | -| [Project Keeper Maven plugin][38] | [The MIT License][39] | -| [Apache Maven Compiler Plugin][40] | [Apache-2.0][12] | -| [Apache Maven Enforcer Plugin][41] | [Apache-2.0][12] | -| [Maven Flatten Plugin][42] | [Apache Software Licenese][12] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][43] | [ASL2][44] | -| [Maven Surefire Plugin][45] | [Apache-2.0][12] | -| [Versions Maven Plugin][46] | [Apache License, Version 2.0][12] | -| [duplicate-finder-maven-plugin Maven Mojo][47] | [Apache License 2.0][48] | -| [Apache Maven Deploy Plugin][49] | [Apache-2.0][12] | -| [Apache Maven GPG Plugin][50] | [Apache-2.0][12] | -| [Apache Maven Source Plugin][51] | [Apache License, Version 2.0][12] | -| [Apache Maven Javadoc Plugin][52] | [Apache-2.0][12] | -| [Nexus Staging Maven Plugin][53] | [Eclipse Public License][54] | -| [Maven Failsafe Plugin][55] | [Apache-2.0][12] | -| [JaCoCo :: Maven Plugin][56] | [EPL-2.0][6] | -| [Quality Summarizer Maven Plugin][57] | [MIT License][58] | -| [error-code-crawler-maven-plugin][59] | [MIT License][60] | -| [Reproducible Build Maven Plugin][61] | [Apache 2.0][44] | +| Dependency | License | +| ------------------------------------------------------- | ------------------------------------------- | +| [Apache Maven Clean Plugin][30] | [Apache-2.0][12] | +| [Apache Maven Install Plugin][31] | [Apache-2.0][12] | +| [Apache Maven Resources Plugin][32] | [Apache-2.0][12] | +| [Apache Maven Site Plugin][33] | [Apache-2.0][12] | +| [SonarQube Scanner for Maven][34] | [GNU LGPL 3][35] | +| [Apache Maven Toolchains Plugin][36] | [Apache-2.0][12] | +| [Apache Maven Dependency Plugin][37] | [Apache-2.0][12] | +| [Project Keeper Maven plugin][38] | [The MIT License][39] | +| [Apache Maven Compiler Plugin][40] | [Apache-2.0][12] | +| [Apache Maven Enforcer Plugin][41] | [Apache-2.0][12] | +| [Maven Flatten Plugin][42] | [Apache Software Licenese][12] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][43] | [ASL2][44] | +| [Maven Surefire Plugin][45] | [Apache-2.0][12] | +| [Versions Maven Plugin][46] | [Apache License, Version 2.0][12] | +| [duplicate-finder-maven-plugin Maven Mojo][47] | [Apache License 2.0][48] | +| [Apache Maven Artifact Plugin][49] | [Apache-2.0][12] | +| [Apache Maven Deploy Plugin][50] | [Apache-2.0][12] | +| [Apache Maven GPG Plugin][51] | [Apache-2.0][12] | +| [Apache Maven Source Plugin][52] | [Apache License, Version 2.0][12] | +| [Apache Maven Javadoc Plugin][53] | [Apache-2.0][12] | +| [Nexus Staging Maven Plugin][54] | [Eclipse Public License][55] | +| [Maven Failsafe Plugin][56] | [Apache-2.0][12] | +| [JaCoCo :: Maven Plugin][57] | [EPL-2.0][6] | +| [Quality Summarizer Maven Plugin][58] | [MIT License][59] | +| [error-code-crawler-maven-plugin][60] | [MIT License][61] | +| [Git Commit Id Maven Plugin][62] | [GNU Lesser General Public License 3.0][63] | [0]: https://github.com/eclipse-ee4j/jsonp [1]: https://projects.eclipse.org/license/epl-2.0 @@ -77,7 +78,7 @@ [11]: https://commons.apache.org/proper/commons-compress/ [12]: https://www.apache.org/licenses/LICENSE-2.0.txt [13]: http://www.slf4j.org -[14]: http://www.opensource.org/licenses/mit-license.php +[14]: https://opensource.org/license/mit [15]: https://junit.org/junit5/ [16]: https://www.eclipse.org/legal/epl-v20.html [17]: https://github.com/mockito/mockito @@ -97,7 +98,7 @@ [31]: https://maven.apache.org/plugins/maven-install-plugin/ [32]: https://maven.apache.org/plugins/maven-resources-plugin/ [33]: https://maven.apache.org/plugins/maven-site-plugin/ -[34]: http://docs.sonarqube.org/display/PLUG/Plugin+Library/sonar-maven-plugin +[34]: http://docs.sonarqube.org/display/PLUG/Plugin+Library/sonar-scanner-maven/sonar-maven-plugin [35]: http://www.gnu.org/licenses/lgpl.txt [36]: https://maven.apache.org/plugins/maven-toolchains-plugin/ [37]: https://maven.apache.org/plugins/maven-dependency-plugin/ @@ -112,16 +113,18 @@ [46]: https://www.mojohaus.org/versions/versions-maven-plugin/ [47]: https://basepom.github.io/duplicate-finder-maven-plugin [48]: http://www.apache.org/licenses/LICENSE-2.0.html -[49]: https://maven.apache.org/plugins/maven-deploy-plugin/ -[50]: https://maven.apache.org/plugins/maven-gpg-plugin/ -[51]: https://maven.apache.org/plugins/maven-source-plugin/ -[52]: https://maven.apache.org/plugins/maven-javadoc-plugin/ -[53]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ -[54]: http://www.eclipse.org/legal/epl-v10.html -[55]: https://maven.apache.org/surefire/maven-failsafe-plugin/ -[56]: https://www.jacoco.org/jacoco/trunk/doc/maven.html -[57]: https://github.com/exasol/quality-summarizer-maven-plugin/ -[58]: https://github.com/exasol/quality-summarizer-maven-plugin/blob/main/LICENSE -[59]: https://github.com/exasol/error-code-crawler-maven-plugin/ -[60]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE -[61]: http://zlika.github.io/reproducible-build-maven-plugin +[49]: https://maven.apache.org/plugins/maven-artifact-plugin/ +[50]: https://maven.apache.org/plugins/maven-deploy-plugin/ +[51]: https://maven.apache.org/plugins/maven-gpg-plugin/ +[52]: https://maven.apache.org/plugins/maven-source-plugin/ +[53]: https://maven.apache.org/plugins/maven-javadoc-plugin/ +[54]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ +[55]: http://www.eclipse.org/legal/epl-v10.html +[56]: https://maven.apache.org/surefire/maven-failsafe-plugin/ +[57]: https://www.jacoco.org/jacoco/trunk/doc/maven.html +[58]: https://github.com/exasol/quality-summarizer-maven-plugin/ +[59]: https://github.com/exasol/quality-summarizer-maven-plugin/blob/main/LICENSE +[60]: https://github.com/exasol/error-code-crawler-maven-plugin/ +[61]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE +[62]: https://github.com/git-commit-id/git-commit-id-maven-plugin +[63]: http://www.gnu.org/licenses/lgpl-3.0.txt diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index c34054b..39e84a8 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [0.6.16](changes_0.6.16.md) * [0.6.15](changes_0.6.15.md) * [0.6.14](changes_0.6.14.md) * [0.6.13](changes_0.6.13.md) diff --git a/doc/changes/changes_0.6.16.md b/doc/changes/changes_0.6.16.md new file mode 100644 index 0000000..6d9069e --- /dev/null +++ b/doc/changes/changes_0.6.16.md @@ -0,0 +1,48 @@ +# Udf Debugging Java 0.6.16, released 2025-??-?? + +Code name: Security updates on top of 0.6.15 + +## Summary + +This release is a security update. We updated the dependencies of the project to fix transitive security issues. + +We also added an exception for the OSSIndex for CVE-2024-55551, which is a false positive in Exasol's JDBC driver. +This issue has been fixed quite a while back now, but the OSSIndex unfortunately does not contain the fix version of 24.2.1 (2024-12-10) set. + +## Security + +* #74: Fix CVE-2024-55551 in com.exasol:exasol-jdbc:jar:24.2.1 + +## Dependency Updates + +### Compile Dependency Updates + +* Updated `org.jacoco:org.jacoco.core:0.8.12` to `0.8.13` +* Updated `org.slf4j:slf4j-jdk14:2.0.16` to `2.0.17` + +### Test Dependency Updates + +* Updated `com.exasol:exasol-testcontainers:7.1.3` to `7.1.5` +* Updated `com.exasol:test-db-builder-java:3.6.0` to `3.6.1` +* Updated `org.jacoco:org.jacoco.agent:0.8.12` to `0.8.13` +* Updated `org.junit.jupiter:junit-jupiter-engine:5.11.4` to `5.13.0` +* Updated `org.junit.jupiter:junit-jupiter-params:5.11.4` to `5.13.0` +* Updated `org.mockito:mockito-junit-jupiter:5.15.2` to `5.18.0` +* Updated `org.testcontainers:junit-jupiter:1.20.4` to `1.21.1` + +### Plugin Dependency Updates + +* Updated `com.exasol:project-keeper-maven-plugin:4.5.0` to `5.1.0` +* Added `io.github.git-commit-id:git-commit-id-maven-plugin:9.0.1` +* Removed `io.github.zlika:reproducible-build-maven-plugin:0.17` +* Added `org.apache.maven.plugins:maven-artifact-plugin:3.6.0` +* Updated `org.apache.maven.plugins:maven-clean-plugin:3.4.0` to `3.4.1` +* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.13.0` to `3.14.0` +* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.1.3` to `3.1.4` +* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.5.2` to `3.5.3` +* Updated `org.apache.maven.plugins:maven-install-plugin:3.1.3` to `3.1.4` +* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.11.1` to `3.11.2` +* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.5.2` to `3.5.3` +* Updated `org.codehaus.mojo:flatten-maven-plugin:1.6.0` to `1.7.0` +* Updated `org.jacoco:jacoco-maven-plugin:0.8.12` to `0.8.13` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:5.0.0.4389` to `5.1.0.4751` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index b7e005e..26ca8c2 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,11 +3,12 @@ 4.0.0 com.exasol udf-debugging-java-generated-parent - 0.6.15 + 0.6.16 pom UTF-8 UTF-8 + ${git.commit.time} 11 exasol https://sonarcloud.io @@ -50,12 +51,12 @@ org.apache.maven.plugins maven-clean-plugin - 3.4.0 + 3.4.1 org.apache.maven.plugins maven-install-plugin - 3.1.3 + 3.1.4 org.apache.maven.plugins @@ -70,7 +71,7 @@ org.sonarsource.scanner.maven sonar-maven-plugin - 5.0.0.4389 + 5.1.0.4751 org.apache.maven.plugins @@ -94,7 +95,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.13.0 + 3.14.0 ${java.version} ${java.version} @@ -118,7 +119,7 @@ - 3.6.3 + 3.8.7 17 @@ -131,7 +132,7 @@ org.codehaus.mojo flatten-maven-plugin - 1.6.0 + 1.7.0 true oss @@ -170,7 +171,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.5.2 + 3.5.3 @@ -185,7 +186,7 @@ display-updates - package + verify display-plugin-updates display-dependency-updates @@ -202,6 +203,7 @@ true true true + false false true true @@ -232,10 +234,24 @@ false + + org.apache.maven.plugins + maven-artifact-plugin + 3.6.0 + + + check-build-plan + verify + + check-buildplan + + + + org.apache.maven.plugins maven-deploy-plugin - 3.1.3 + 3.1.4 true @@ -279,7 +295,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.11.1 + 3.11.2 attach-javadocs @@ -322,7 +338,7 @@ org.apache.maven.plugins maven-failsafe-plugin - 3.5.2 + 3.5.3 -Djava.util.logging.config.file=src/test/resources/logging.properties ${argLine} @@ -342,7 +358,7 @@ org.jacoco jacoco-maven-plugin - 0.8.12 + 0.8.13 prepare-agent @@ -407,18 +423,25 @@ - io.github.zlika - reproducible-build-maven-plugin - 0.17 + io.github.git-commit-id + git-commit-id-maven-plugin + 9.0.1 - strip-jar - package + get-the-git-infos - strip-jar + revision + initialize + + true + UTC + + git.commit.time + + diff --git a/pom.xml b/pom.xml index 07c4024..b55779c 100644 --- a/pom.xml +++ b/pom.xml @@ -2,13 +2,13 @@ 4.0.0 udf-debugging-java - 0.6.15 + 0.6.16 udf-debugging-java Utilities for debugging, profiling and code coverage measure for UDFs. https://github.com/exasol/udf-debugging-java/ - 5.11.4 - 0.8.12 + 5.13.0 + 0.8.13 @@ -75,7 +75,7 @@ org.mockito mockito-junit-jupiter - 5.15.2 + 5.18.0 test @@ -88,19 +88,19 @@ com.exasol exasol-testcontainers - 7.1.3 + 7.1.5 test org.testcontainers junit-jupiter - 1.20.4 + 1.21.1 test com.exasol test-db-builder-java - 3.6.0 + 3.6.1 test @@ -113,7 +113,7 @@ org.slf4j slf4j-jdk14 - 2.0.16 + 2.0.17 @@ -139,7 +139,7 @@ com.exasol project-keeper-maven-plugin - 4.5.0 + 5.1.0 @@ -168,6 +168,8 @@ CVE-2017-10355 + + CVE-2024-55551 @@ -176,7 +178,7 @@ udf-debugging-java-generated-parent com.exasol - 0.6.15 + 0.6.16 pk_generated_parent.pom diff --git a/src/test/resources/logging.properties b/src/test/resources/logging.properties index 8c97abe..8d41bf2 100644 --- a/src/test/resources/logging.properties +++ b/src/test/resources/logging.properties @@ -2,5 +2,5 @@ handlers=java.util.logging.ConsoleHandler .level=INFO java.util.logging.ConsoleHandler.level=ALL java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter -java.util.logging.SimpleFormatter.format=%1$tF %1$tT.%1$tL [%4$-7s] %5$s %n +java.util.logging.SimpleFormatter.format=%1$tF %1$tT.%1$tL [%4$-7s] %5$s %6$s%n com.exasol.level=ALL From 16f44444665d608d7ef92b14084284d88f257ceb Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 2 Jun 2025 10:38:45 +0200 Subject: [PATCH 2/7] Fix release date --- doc/changes/changes_0.6.16.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changes/changes_0.6.16.md b/doc/changes/changes_0.6.16.md index 6d9069e..f085995 100644 --- a/doc/changes/changes_0.6.16.md +++ b/doc/changes/changes_0.6.16.md @@ -1,4 +1,4 @@ -# Udf Debugging Java 0.6.16, released 2025-??-?? +# Udf Debugging Java 0.6.16, released 2025-06-02 Code name: Security updates on top of 0.6.15 From 010a05f98318507c81b6820f671f59fe551f36cf Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 2 Jun 2025 10:44:00 +0200 Subject: [PATCH 3/7] Fix Ubuntu version --- .github/workflows/ci-build.yml | 5 ++--- .project-keeper.yml | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 7c7bdf7..56fdc7f 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -16,7 +16,7 @@ on: jobs: matrix-build: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 defaults: run: { shell: bash @@ -32,8 +32,7 @@ jobs: fail-fast: false matrix: exasol_db_version: [ - 8.34.0, - 7.1.30 + 8.34.0 ] env: { diff --git a/.project-keeper.yml b/.project-keeper.yml index 5f5ad38..19e7712 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -5,8 +5,8 @@ sources: - maven_central - integration_tests build: - # UDFs in Exasol 7.1 require Ubuntu 20.04 - runnerOs: ubuntu-20.04 + runnerOs: ubuntu-24.04 exasolDbVersions: - "8.34.0" - - "7.1.30" + # UDFs in Exasol 7.1 with Ubuntu 20.04 will be fixed in the next Docker-DB release + # - "7.1.30" From cfa6315400da54c560284ba72b9eaca9641e8c8b Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 2 Jun 2025 10:50:09 +0200 Subject: [PATCH 4/7] Fix sonar warnings --- .../exasol/udfdebugging/PushDownTesting.java | 3 +++ .../modules/coverage/CoverageModule.java | 3 +-- .../modules/coverage/CoverageModuleTest.java | 19 +++++++++++-------- 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/src/main/java/com/exasol/udfdebugging/PushDownTesting.java b/src/main/java/com/exasol/udfdebugging/PushDownTesting.java index 2ac6488..f09f147 100644 --- a/src/main/java/com/exasol/udfdebugging/PushDownTesting.java +++ b/src/main/java/com/exasol/udfdebugging/PushDownTesting.java @@ -9,6 +9,9 @@ * This class contains helper functions for testing virtual schema push down queries. */ public class PushDownTesting { + private PushDownTesting() { + // Not instanciable + } /** * Get the push-down SQL query generated by a Virtual Schema adapter call. diff --git a/src/main/java/com/exasol/udfdebugging/modules/coverage/CoverageModule.java b/src/main/java/com/exasol/udfdebugging/modules/coverage/CoverageModule.java index 2f3672c..055bd1a 100644 --- a/src/main/java/com/exasol/udfdebugging/modules/coverage/CoverageModule.java +++ b/src/main/java/com/exasol/udfdebugging/modules/coverage/CoverageModule.java @@ -1,7 +1,6 @@ package com.exasol.udfdebugging.modules.coverage; import java.io.FileNotFoundException; -import java.io.IOException; import java.net.InetSocketAddress; import java.nio.file.Path; import java.util.concurrent.TimeoutException; @@ -63,7 +62,7 @@ private void uploadAgentToBucketFs(final Bucket bucket) { } @Override - public void close() throws IOException { + public void close() { // nothing to close } } diff --git a/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java b/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java index 40129a8..c015237 100644 --- a/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java +++ b/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java @@ -20,9 +20,11 @@ class CoverageModuleTest { @Test void testUpload() throws BucketAccessException, TimeoutException, FileNotFoundException { final Bucket bucket = mock(Bucket.class); - new CoverageModule((port) -> new InetSocketAddress("1.2.3.4", port), bucket); - verify(bucket).uploadFile(Path.of("target", "jacoco-agent", "org.jacoco.agent-runtime.jar"), - "org.jacoco.agent-runtime.jar"); + try (CoverageModule coverageModule = new CoverageModule(port -> new InetSocketAddress("1.2.3.4", port), + bucket)) { + verify(bucket).uploadFile(Path.of("target", "jacoco-agent", "org.jacoco.agent-runtime.jar"), + "org.jacoco.agent-runtime.jar"); + } } @Test @@ -30,9 +32,10 @@ void testGetJvmOptions() { final Bucket bucket = mock(Bucket.class); when(bucket.getBucketFsName()).thenReturn("my_bucketfs"); when(bucket.getBucketName()).thenReturn("my_bucket"); - final CoverageModule coverageModule = new CoverageModule((port) -> new InetSocketAddress("1.2.3.4", port), - bucket); - assertThat(coverageModule.getJvmOptions().collect(Collectors.toList()), contains( - "-javaagent:/buckets/my_bucketfs/my_bucket/org.jacoco.agent-runtime.jar=output=tcpclient,address=1.2.3.4,port=3002")); + try (final CoverageModule coverageModule = new CoverageModule(port -> new InetSocketAddress("1.2.3.4", port), + bucket)) { + assertThat(coverageModule.getJvmOptions().collect(Collectors.toList()), contains( + "-javaagent:/buckets/my_bucketfs/my_bucket/org.jacoco.agent-runtime.jar=output=tcpclient,address=1.2.3.4,port=3002")); + } } -} \ No newline at end of file +} From 936e7e33b02ba33097eac881ff1c0aba886f35e6 Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 2 Jun 2025 10:53:19 +0200 Subject: [PATCH 5/7] Fix VM crash in UDFs --- .github/workflows/ci-build.yml | 5 +++++ .project-keeper.yml | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 56fdc7f..63f3e50 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -73,6 +73,11 @@ jobs: id: enable-testcontainer-reuse, run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" } + - { + name: Fix VM Crash in UDFs, + id: fix-vm-crash, + run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 + } - name: Run tests and build with Maven id: build-pk-verify run: | diff --git a/.project-keeper.yml b/.project-keeper.yml index 19e7712..bab3287 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -10,3 +10,13 @@ build: - "8.34.0" # UDFs in Exasol 7.1 with Ubuntu 20.04 will be fixed in the next Docker-DB release # - "7.1.30" + workflows: + - name: ci-build.yml + stepCustomizations: + - action: INSERT_AFTER + job: matrix-build + stepId: enable-testcontainer-reuse + content: + name: Fix VM Crash in UDFs + id: fix-vm-crash + run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 From 5bd1322b084a51ff12e138d663a1e5eab2273d58 Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 2 Jun 2025 11:37:21 +0200 Subject: [PATCH 6/7] Fix compiler warning --- .../exasol/udfdebugging/modules/coverage/CoverageModuleTest.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java b/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java index c015237..7d09754 100644 --- a/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java +++ b/src/test/java/com/exasol/udfdebugging/modules/coverage/CoverageModuleTest.java @@ -18,6 +18,7 @@ class CoverageModuleTest { @Test + @SuppressWarnings("try") // auto-closeable resource coverageModule is never referenced in body of try statement void testUpload() throws BucketAccessException, TimeoutException, FileNotFoundException { final Bucket bucket = mock(Bucket.class); try (CoverageModule coverageModule = new CoverageModule(port -> new InetSocketAddress("1.2.3.4", port), From b77535d4316717eebc31b75b4b3c2fe27ce32d44 Mon Sep 17 00:00:00 2001 From: Christoph Pirkl Date: Mon, 2 Jun 2025 11:39:27 +0200 Subject: [PATCH 7/7] Mark file as generated --- .gitattributes | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitattributes b/.gitattributes index be0dddc..fd991dc 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,3 +1,4 @@ +SECURITY.md linguist-generated=true dependencies.md linguist-generated=true doc/changes/changelog.md linguist-generated=true pk_generated_parent.pom linguist-generated=true