From 88556ddf7eabb3958f146329941ec7a0a335c3c4 Mon Sep 17 00:00:00 2001 From: Jesse S Date: Mon, 7 Aug 2023 09:44:06 -0700 Subject: [PATCH] dep: APPS-833 update vulnerable aerospike-java-client to 7.0 (#142) * dep: APPS-833 update vulnerable aerospike-java-client to 7.0 fixes CVE-2023-36480 --- build.gradle | 2 +- .../util/converters/BinConverter.java | 54 ++++++++++++++----- .../converters/BinConverterTests.java | 16 +++--- 3 files changed, 51 insertions(+), 21 deletions(-) diff --git a/build.gradle b/build.gradle index 4335eeea..140e8d8f 100644 --- a/build.gradle +++ b/build.gradle @@ -2,7 +2,7 @@ buildscript { ext { springBootVersion = "2.7.11" httpclientVersion = "4.5.14" - aerospikeClientVersion = findProperty("aerospikeClientVersion") ?: "6.1.9" + aerospikeClientVersion = findProperty("aerospikeClientVersion") ?: "7.0.0" set('snakeyaml.version', '2.0') // Can be removed after upgrading to springboot 3.x } if (findProperty("aerospikeUseLocal")) { diff --git a/src/main/java/com/aerospike/restclient/util/converters/BinConverter.java b/src/main/java/com/aerospike/restclient/util/converters/BinConverter.java index e501f9d2..c2050e13 100644 --- a/src/main/java/com/aerospike/restclient/util/converters/BinConverter.java +++ b/src/main/java/com/aerospike/restclient/util/converters/BinConverter.java @@ -25,6 +25,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import gnu.crypto.util.Base64; +import java.util.List; import java.util.Map; public class BinConverter { @@ -40,9 +41,9 @@ public static Bin[] binsFromMap(Map binMap) { for (Map.Entry entry : binMap.entrySet()) { /* Let the user pass null, to delete a bin */ Object value = entry.getValue(); - if (entry.getValue() == null) { + if (value == null) { binArray[index] = (Bin.asNull(entry.getKey())); - } else if (entry.getValue() instanceof Map) { + } else if (value instanceof Map) { Map mapVal = (Map) value; Value asVal; @@ -58,17 +59,13 @@ public static Bin[] binsFromMap(Map binMap) { (String) mapVal.get(AerospikeAPIConstants.SpecifiedType.Keys.specifiedTypeKey)); byte[] byteArr = Base64.decode( (String) mapVal.get(AerospikeAPIConstants.SpecifiedType.Keys.specifiedValueKey)); - switch (type) { - case BYTE_ARRAY: - asVal = Value.get(byteArr); - break; - case GEO_JSON: + asVal = switch (type) { + case BYTE_ARRAY -> Value.get(byteArr); + case GEO_JSON -> // GEO_JSON is deprecated but only documented here https://stackoverflow.com/questions/70945453/how-to-insert-geojson-using-aerospike-rest-client - asVal = Value.getAsGeoJSON(new String(byteArr)); - break; - default: - asVal = Value.get(mapVal); - } + Value.getAsGeoJSON(new String(byteArr)); + default -> Value.get(mapVal); + }; } catch (Exception e) { throw new RestClientErrors.InvalidBinValue( String.format("Error parsing typed bin parameter: %s", e)); @@ -80,13 +77,44 @@ public static Bin[] binsFromMap(Map binMap) { binArray[index] = new Bin(entry.getKey(), asVal); } else { - binArray[index] = new Bin(entry.getKey(), entry.getValue()); + binArray[index] = binFromObject(entry.getKey(), value); } index++; } return binArray; } + public static Bin binFromObject(String key, Object value) { + if (value instanceof Integer castVal) { + return new Bin(key, castVal); + } else if (value instanceof Short castVal) { + return new Bin(key, castVal); + } else if (value instanceof Long castVal) { + return new Bin(key, castVal); + } else if (value instanceof String castVal) { + return new Bin(key, castVal); + } else if (value instanceof Boolean castVal) { + return new Bin(key, castVal); + } else if (value instanceof Float castVal) { + return new Bin(key, castVal); + } else if (value instanceof Double castVal) { + return new Bin(key, castVal); + } else if (value instanceof List castVal) { + return new Bin(key, castVal); + } else if (value instanceof Map castVal) { + return new Bin(key, castVal); + } else if (value instanceof Byte castVal) { + return new Bin(key, castVal); + } else if (value instanceof byte[] castVal) { + return new Bin(key, castVal); + } else if (value instanceof Value castVal) { + return new Bin(key, castVal); + } else { + throw new RestClientErrors.InvalidBinValue( + String.format("Unsupported bin type for key %s : %s", key, value.getClass().getSimpleName())); + } + } + private static boolean isGeoJSON(Map value) { return (isGeoJSONGeometry(value) && isGeoJSONFeature(value)); } diff --git a/src/test/java/com/aerospike/restclient/converters/BinConverterTests.java b/src/test/java/com/aerospike/restclient/converters/BinConverterTests.java index 230e765f..afc7f14e 100644 --- a/src/test/java/com/aerospike/restclient/converters/BinConverterTests.java +++ b/src/test/java/com/aerospike/restclient/converters/BinConverterTests.java @@ -32,6 +32,8 @@ import java.util.List; import java.util.Map; +import static com.aerospike.restclient.util.converters.BinConverter.binFromObject; + public class BinConverterTests { @Test @@ -49,11 +51,6 @@ public void testFloatBin() { singleObjectBinTest(5l); } - @Test - public void testAryBin() { - singleObjectBinTest(new String[]{"aero", "spike"}); - } - @Test public void testMapBin() { Map testMap = new HashMap<>(); @@ -88,7 +85,12 @@ public void testBytesBin() { @Test public void testGeoJSONBin() { - singleObjectBinTest(new GeoJSONValue("{\"coordinates\": [-122.0, 37.5], \"type\": \"Point\"}")); + Bin testBin = new Bin("bin1", new GeoJSONValue("{\"coordinates\": [-122.0, 37.5], \"type\": \"Point\"}")); + Map binMap = new HashMap<>(); + binMap.put("bin1", new GeoJSONValue("{\"coordinates\": [-122.0, 37.5], \"type\": \"Point\"}")); + Bin[] bins = BinConverter.binsFromMap(binMap); + Assert.assertTrue(binsContain(bins, testBin)); + // singleObjectBinTest(new GeoJSONValue("{\"coordinates\": [-122.0, 37.5], \"type\": \"Point\"}")); } @Test @@ -159,7 +161,7 @@ public void testBase64BytesBin() { } private void singleObjectBinTest(Object binValue) { - Bin testBin = new Bin("bin1", binValue); + Bin testBin = binFromObject("bin1", binValue); Map binMap = new HashMap<>(); binMap.put("bin1", binValue); Bin[] bins = BinConverter.binsFromMap(binMap);