Issue-281: Updates guava version to fix CVE-2023-2976 (#282)

* [Issue-281]: Update lib dependencies to fix CVE-2023-2976

Signed-off-by: a6dulaleem <[email protected]>

checkstyle/checkstyle.xml

@@ -110,7 +110,6 @@
     <module name="AvoidNestedBlocks"/>
     <module name="InvalidJavadocPosition"/>
     <module name="JavadocStyle">
-      <property name="scope" value="protected"/>
       <property name="checkFirstSentence" value="true"/>
       <property name="checkEmptyJavadoc" value="true"/>
       <property name="checkHtml" value="true"/>
@@ -124,16 +123,9 @@
         <property name="tokens" value="VARIABLE_DEF"/>
     </module>
     <module name="JavadocMethod">
-      <property name="scope" value="protected"/>
-      <property name="validateThrows" value="true"/>
-      <property name="allowUndeclaredRTE" value="true"/>
-      <property name="allowMissingThrowsTags" value="false"/>
+      <property name="validateThrows" value="false"/>
       <property name="allowMissingParamTags" value="false"/>
       <property name="allowMissingReturnTag" value="true"/>
-      <property name="allowMissingJavadoc" value="true"/> <!--TODO: this should be enabled at one point. -->
-      <property name="ignoreMethodNamesRegex" value="^get.*$"/> <!--It would be nice if we could allow checking that the doc exists without also verifying the @returns is there also, but checkstyle does not allow that. -->
-      <property name="ignoreMethodNamesRegex" value="^has.*$"/> <!-- accessor for boolean e.g. hasVersion -->
-      <property name="suppressLoadErrors" value="false"/>
     </module>
   </module>
 </module>

gradle.properties

@@ -13,7 +13,7 @@ dockerExecutable=/usr/bin/docker
 #3rd party Versions
 apacheCommonsCsvVersion=1.5
 apacheCommonsCompressVersion=1.21
-checkstyleToolVersion=8.23
+checkstyleToolVersion=10.12.3
 commonsBeanutilsVersion=1.9.4
 commonsioVersion=2.11.0
 commonsLang3Version=3.7
@@ -24,7 +24,7 @@ spotbugsPluginVersion=4.4.4
 gradleDockerPlugin=3.1.0
 gradleLombokPluginVersion=4.0.0
 gradleSshPluginVersion=2.9.0
-guavaVersion=30.1-jre
+guavaVersion=32.0.1-jre
 javaxServletApiVersion=4.0.0
 jacksonVersion=2.14.1
 everitVersion=1.12.1
@@ -39,10 +39,10 @@ nettyBoringSSLVersion=2.0.54.Final
 jacocoVersion=0.8.5
 protobufGradlePlugin=0.8.15
 protobufProtocVersion=3.21.7
-protobufUtilVersion=3.19.4
+protobufUtilVersion=3.24.3
 qosLogbackVersion=1.2.10
 shadowGradlePlugin=4.0.2
-swaggerJersey2JaxrsVersion=1.6.2
+swaggerJersey2JaxrsVersion=1.6.11
 slf4jApiVersion=1.7.25
 gradleGitPluginVersion=4.1.1
 avroVersion=1.11.1

serializers/json/src/main/java/io/pravega/schemaregistry/serializer/json/schemas/JSONSchema.java

@@ -74,7 +74,7 @@ private JSONSchema(SchemaInfo schemaInfo, String schemaString, Class<T> derived)
      *
      * @param tClass Class whose object's schema is used.
      * @param <T> Type of the Java class. 
-     * @return {@link JSONSchema} with generic type T that extracts and captures the json schema. 
+     * @return {@link JSONSchema} with generic type T that extracts and captures the json schema.
      */
     public static <T> JSONSchema<T> of(Class<T> tClass) {
         Preconditions.checkNotNull(tClass);
@@ -96,7 +96,7 @@ public static <T> JSONSchema<T> of(Class<T> tClass) {
      * @param schema Schema to use. 
      * @param tClass class for the type of object
      * @param <T> Type of object
-     * @return Returns an JSONSchema with {@link Object} type. 
+     * @return Returns an JSONSchema with {@link Object} type.
      */
     public static <T> JSONSchema<T> of(String type, JsonSchema schema, Class<T> tClass) {
         Preconditions.checkNotNull(type);
@@ -132,7 +132,7 @@ public static <T> JSONSchema<T> of(String type, String schemaString, Class<T> tC
      *
      * @param tBase Base class whose type is used in the JSON schema object.
      * @param tDerived Class whose schema should be used.
-     * @param <T> Type of base class. 
+     * @param <T> Type of base class.
      * @return Returns an JsonSchema of type T. 
      */
     public static <T> JSONSchema<T> ofBaseType(Class<? extends T> tDerived, Class<T> tBase) {

serializers/src/main/java/io/pravega/schemaregistry/serializers/WithSchema.java

@@ -153,7 +153,7 @@ public org.everit.json.schema.Schema getJsonSchema() {
     /**
      * Applies the transform on the deserialized object. 
      * 
-     * @return Transformed object of type T. 
+     * @return Transformed object of type T.
      */
     public T getTransformed() {
         if (schema == null) {

server/src/main/java/io/pravega/schemaregistry/storage/StoreExceptions.java

@@ -75,7 +75,7 @@ public static StoreExceptions create(final Type type, final String errorMessage)
      * @return Instance of type of StoreException.
      */
     public static StoreExceptions create(final Type type, final Throwable cause, final String errorMessage) {
-        Preconditions.checkArgument(cause != null || (errorMessage != null && !errorMessage.isEmpty()),
+        Preconditions.checkArgument(cause != null || errorMessage != null && !errorMessage.isEmpty(),
                 "Either cause or errorMessage should be non-empty");
         StoreExceptions exception;
         switch (type) {

server/src/main/java/io/pravega/schemaregistry/storage/client/WireCommandClient.java

@@ -372,6 +372,7 @@ private <T extends Request & WireCommand> CompletableFuture<Reply> sendRequest(R
      * @param client              RawClient for sending request
      * @param qualifiedStreamSegmentName StreamSegmentName
      * @param requestType         request which reply need to be transformed
+     * @param type                Wire command Type
      */
     private void handleReply(Reply reply,
                              RawClient client,

server/src/main/java/io/pravega/schemaregistry/storage/impl/group/InMemoryGroupTable.java

@@ -86,7 +86,7 @@ public CompletableFuture<Void> updateEntries(List<Entry<Integer>> updates) {
             TableKey key = update.getKey();
             Integer version = update.getVersion();
             Value<TableValue, Integer> val = table.get(key);
-            return version == null || (val != null && version.equals(val.getVersion()));
+            return version == null || val != null && version.equals(val.getVersion());
         });
 
         if (isValid) {

server/src/main/java/io/pravega/schemaregistry/storage/impl/group/records/TableRecords.java

@@ -13,6 +13,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import io.pravega.common.ObjectBuilder;
+import io.pravega.common.io.SerializationException;
 import io.pravega.common.io.serialization.RevisionDataInput;
 import io.pravega.common.io.serialization.RevisionDataOutput;
 import io.pravega.common.io.serialization.VersionedSerializer;
@@ -27,6 +28,7 @@
 import lombok.Data;
 import lombok.Getter;
 import lombok.SneakyThrows;
+import lombok.val;
 
 import java.io.DataInput;
 import java.io.DataOutput;
@@ -1244,6 +1246,10 @@ private void read00(RevisionDataInput source, SchemaIdValue.SchemaIdValueBuilder
     @SneakyThrows(IOException.class)
     @SuppressWarnings("unchecked")
     static <T extends TableValue> T fromBytes(Class<? extends TableKey> keyClass, byte[] bytes, Class<T> valueClass) {
-        return (T) SERIALIZERS_BY_KEY_TYPE.get(keyClass).deserialize(bytes);
+        val versionSerializer = SERIALIZERS_BY_KEY_TYPE.get(keyClass);
+        if (versionSerializer == null) {
+            throw new SerializationException(String.format("No serializer found for the class %s", keyClass.toGenericString()));
+        }
+        return (T) versionSerializer.deserialize(bytes);
     }
 }

server/src/main/java/io/pravega/schemaregistry/storage/impl/schemas/SchemaRecords.java

@@ -12,6 +12,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Lists;
 import io.pravega.common.ObjectBuilder;
+import io.pravega.common.io.SerializationException;
 import io.pravega.common.io.serialization.RevisionDataInput;
 import io.pravega.common.io.serialization.RevisionDataOutput;
 import io.pravega.common.io.serialization.VersionedSerializer;
@@ -25,6 +26,7 @@
 import lombok.Data;
 import lombok.Getter;
 import lombok.SneakyThrows;
+import lombok.val;
 
 import java.io.DataInput;
 import java.io.DataOutput;
@@ -421,7 +423,11 @@ private void read00(RevisionDataInput source, SchemaGroupsList.SchemaGroupsListB
     @SneakyThrows(IOException.class)
     @SuppressWarnings("unchecked")
     static <T extends Value> T fromBytes(Class<? extends Key> keyClass, byte[] bytes, Class<T> valueClass) {
-        return (T) SERIALIZERS_BY_KEY_TYPE.get(keyClass).deserialize(bytes);
+        val versionSerializer = SERIALIZERS_BY_KEY_TYPE.get(keyClass);
+        if ( versionSerializer == null ) {
+            throw new SerializationException(String.format("No serializer found for the class %s", keyClass.toGenericString()));
+        }
+        return (T) versionSerializer.deserialize(bytes);
     }
 
     public class KeySerializer extends VersionedSerializer.MultiType<Key> {