From c4b6a43c5c547971fa3e6ac0752942ede322ebeb Mon Sep 17 00:00:00 2001
From: a6dulaleem <95267696+a6dulaleem@users.noreply.github.com>
Date: Wed, 27 Sep 2023 01:18:02 -0700
Subject: [PATCH] Issue-281: Updates guava version to fix CVE-2023-2976 (#282)

* [Issue-281]: Update lib dependencies to fix CVE-2023-2976

Signed-off-by: a6dulaleem <abdul.aleem1@dell.com>
---
 checkstyle/checkstyle.xml                              | 10 +---------
 gradle.properties                                      |  8 ++++----
 .../serializer/json/schemas/JSONSchema.java            |  6 +++---
 .../pravega/schemaregistry/serializers/WithSchema.java |  2 +-
 .../schemaregistry/storage/StoreExceptions.java        |  2 +-
 .../storage/client/WireCommandClient.java              |  1 +
 .../storage/impl/group/InMemoryGroupTable.java         |  2 +-
 .../storage/impl/group/records/TableRecords.java       |  8 +++++++-
 .../storage/impl/schemas/SchemaRecords.java            |  8 +++++++-
 9 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/checkstyle/checkstyle.xml b/checkstyle/checkstyle.xml
index 24f85afd3..19a4ad34c 100644
--- a/checkstyle/checkstyle.xml
+++ b/checkstyle/checkstyle.xml
@@ -110,7 +110,6 @@
     <module name="AvoidNestedBlocks"/>
     <module name="InvalidJavadocPosition"/>
     <module name="JavadocStyle">
-      <property name="scope" value="protected"/>
       <property name="checkFirstSentence" value="true"/>
       <property name="checkEmptyJavadoc" value="true"/>
       <property name="checkHtml" value="true"/>
@@ -124,16 +123,9 @@
         <property name="tokens" value="VARIABLE_DEF"/>
     </module>
     <module name="JavadocMethod">
-      <property name="scope" value="protected"/>
-      <property name="validateThrows" value="true"/>
-      <property name="allowUndeclaredRTE" value="true"/>
-      <property name="allowMissingThrowsTags" value="false"/>
+      <property name="validateThrows" value="false"/>
       <property name="allowMissingParamTags" value="false"/>
       <property name="allowMissingReturnTag" value="true"/>
-      <property name="allowMissingJavadoc" value="true"/> <!--TODO: this should be enabled at one point. -->
-      <property name="ignoreMethodNamesRegex" value="^get.*$"/> <!--It would be nice if we could allow checking that the doc exists without also verifying the @returns is there also, but checkstyle does not allow that. -->
-      <property name="ignoreMethodNamesRegex" value="^has.*$"/> <!-- accessor for boolean e.g. hasVersion -->
-      <property name="suppressLoadErrors" value="false"/>
     </module>
   </module>
 </module>
diff --git a/gradle.properties b/gradle.properties
index 39075f100..edc192ee1 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -13,7 +13,7 @@ dockerExecutable=/usr/bin/docker
 #3rd party Versions
 apacheCommonsCsvVersion=1.5
 apacheCommonsCompressVersion=1.21
-checkstyleToolVersion=8.23
+checkstyleToolVersion=10.12.3
 commonsBeanutilsVersion=1.9.4
 commonsioVersion=2.11.0
 commonsLang3Version=3.7
@@ -24,7 +24,7 @@ spotbugsPluginVersion=4.4.4
 gradleDockerPlugin=3.1.0
 gradleLombokPluginVersion=4.0.0
 gradleSshPluginVersion=2.9.0
-guavaVersion=30.1-jre
+guavaVersion=32.0.1-jre
 javaxServletApiVersion=4.0.0
 jacksonVersion=2.14.1
 everitVersion=1.12.1
@@ -39,10 +39,10 @@ nettyBoringSSLVersion=2.0.54.Final
 jacocoVersion=0.8.5
 protobufGradlePlugin=0.8.15
 protobufProtocVersion=3.21.7
-protobufUtilVersion=3.19.4
+protobufUtilVersion=3.24.3
 qosLogbackVersion=1.2.10
 shadowGradlePlugin=4.0.2
-swaggerJersey2JaxrsVersion=1.6.2
+swaggerJersey2JaxrsVersion=1.6.11
 slf4jApiVersion=1.7.25
 gradleGitPluginVersion=4.1.1
 avroVersion=1.11.1
diff --git a/serializers/json/src/main/java/io/pravega/schemaregistry/serializer/json/schemas/JSONSchema.java b/serializers/json/src/main/java/io/pravega/schemaregistry/serializer/json/schemas/JSONSchema.java
index 6c489bcef..424ede9b2 100644
--- a/serializers/json/src/main/java/io/pravega/schemaregistry/serializer/json/schemas/JSONSchema.java
+++ b/serializers/json/src/main/java/io/pravega/schemaregistry/serializer/json/schemas/JSONSchema.java
@@ -74,7 +74,7 @@ private JSONSchema(SchemaInfo schemaInfo, String schemaString, Class<T> derived)
      *
      * @param tClass Class whose object's schema is used.
      * @param <T> Type of the Java class. 
-     * @return {@link JSONSchema} with generic type T that extracts and captures the json schema. 
+     * @return {@link JSONSchema} with generic type T that extracts and captures the json schema.
      */
     public static <T> JSONSchema<T> of(Class<T> tClass) {
         Preconditions.checkNotNull(tClass);
@@ -96,7 +96,7 @@ public static <T> JSONSchema<T> of(Class<T> tClass) {
      * @param schema Schema to use. 
      * @param tClass class for the type of object
      * @param <T> Type of object
-     * @return Returns an JSONSchema with {@link Object} type. 
+     * @return Returns an JSONSchema with {@link Object} type.
      */
     public static <T> JSONSchema<T> of(String type, JsonSchema schema, Class<T> tClass) {
         Preconditions.checkNotNull(type);
@@ -132,7 +132,7 @@ public static <T> JSONSchema<T> of(String type, String schemaString, Class<T> tC
      *
      * @param tBase Base class whose type is used in the JSON schema object.
      * @param tDerived Class whose schema should be used.
-     * @param <T> Type of base class. 
+     * @param <T> Type of base class.
      * @return Returns an JsonSchema of type T. 
      */
     public static <T> JSONSchema<T> ofBaseType(Class<? extends T> tDerived, Class<T> tBase) {
diff --git a/serializers/src/main/java/io/pravega/schemaregistry/serializers/WithSchema.java b/serializers/src/main/java/io/pravega/schemaregistry/serializers/WithSchema.java
index a95564ee9..ef7547b99 100644
--- a/serializers/src/main/java/io/pravega/schemaregistry/serializers/WithSchema.java
+++ b/serializers/src/main/java/io/pravega/schemaregistry/serializers/WithSchema.java
@@ -153,7 +153,7 @@ public org.everit.json.schema.Schema getJsonSchema() {
     /**
      * Applies the transform on the deserialized object. 
      * 
-     * @return Transformed object of type T. 
+     * @return Transformed object of type T.
      */
     public T getTransformed() {
         if (schema == null) {
diff --git a/server/src/main/java/io/pravega/schemaregistry/storage/StoreExceptions.java b/server/src/main/java/io/pravega/schemaregistry/storage/StoreExceptions.java
index 72cf17634..06715010c 100644
--- a/server/src/main/java/io/pravega/schemaregistry/storage/StoreExceptions.java
+++ b/server/src/main/java/io/pravega/schemaregistry/storage/StoreExceptions.java
@@ -75,7 +75,7 @@ public static StoreExceptions create(final Type type, final String errorMessage)
      * @return Instance of type of StoreException.
      */
     public static StoreExceptions create(final Type type, final Throwable cause, final String errorMessage) {
-        Preconditions.checkArgument(cause != null || (errorMessage != null && !errorMessage.isEmpty()),
+        Preconditions.checkArgument(cause != null || errorMessage != null && !errorMessage.isEmpty(),
                 "Either cause or errorMessage should be non-empty");
         StoreExceptions exception;
         switch (type) {
diff --git a/server/src/main/java/io/pravega/schemaregistry/storage/client/WireCommandClient.java b/server/src/main/java/io/pravega/schemaregistry/storage/client/WireCommandClient.java
index 0080bfa0a..45fd369ca 100644
--- a/server/src/main/java/io/pravega/schemaregistry/storage/client/WireCommandClient.java
+++ b/server/src/main/java/io/pravega/schemaregistry/storage/client/WireCommandClient.java
@@ -372,6 +372,7 @@ private <T extends Request & WireCommand> CompletableFuture<Reply> sendRequest(R
      * @param client              RawClient for sending request
      * @param qualifiedStreamSegmentName StreamSegmentName
      * @param requestType         request which reply need to be transformed
+     * @param type                Wire command Type
      */
     private void handleReply(Reply reply,
                              RawClient client,
diff --git a/server/src/main/java/io/pravega/schemaregistry/storage/impl/group/InMemoryGroupTable.java b/server/src/main/java/io/pravega/schemaregistry/storage/impl/group/InMemoryGroupTable.java
index 111d6a15a..5a27f902f 100644
--- a/server/src/main/java/io/pravega/schemaregistry/storage/impl/group/InMemoryGroupTable.java
+++ b/server/src/main/java/io/pravega/schemaregistry/storage/impl/group/InMemoryGroupTable.java
@@ -86,7 +86,7 @@ public CompletableFuture<Void> updateEntries(List<Entry<Integer>> updates) {
             TableKey key = update.getKey();
             Integer version = update.getVersion();
             Value<TableValue, Integer> val = table.get(key);
-            return version == null || (val != null && version.equals(val.getVersion()));
+            return version == null || val != null && version.equals(val.getVersion());
         });
 
         if (isValid) {
diff --git a/server/src/main/java/io/pravega/schemaregistry/storage/impl/group/records/TableRecords.java b/server/src/main/java/io/pravega/schemaregistry/storage/impl/group/records/TableRecords.java
index 4650f3268..687172763 100644
--- a/server/src/main/java/io/pravega/schemaregistry/storage/impl/group/records/TableRecords.java
+++ b/server/src/main/java/io/pravega/schemaregistry/storage/impl/group/records/TableRecords.java
@@ -13,6 +13,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import io.pravega.common.ObjectBuilder;
+import io.pravega.common.io.SerializationException;
 import io.pravega.common.io.serialization.RevisionDataInput;
 import io.pravega.common.io.serialization.RevisionDataOutput;
 import io.pravega.common.io.serialization.VersionedSerializer;
@@ -27,6 +28,7 @@
 import lombok.Data;
 import lombok.Getter;
 import lombok.SneakyThrows;
+import lombok.val;
 
 import java.io.DataInput;
 import java.io.DataOutput;
@@ -1244,6 +1246,10 @@ private void read00(RevisionDataInput source, SchemaIdValue.SchemaIdValueBuilder
     @SneakyThrows(IOException.class)
     @SuppressWarnings("unchecked")
     static <T extends TableValue> T fromBytes(Class<? extends TableKey> keyClass, byte[] bytes, Class<T> valueClass) {
-        return (T) SERIALIZERS_BY_KEY_TYPE.get(keyClass).deserialize(bytes);
+        val versionSerializer = SERIALIZERS_BY_KEY_TYPE.get(keyClass);
+        if (versionSerializer == null) {
+            throw new SerializationException(String.format("No serializer found for the class %s", keyClass.toGenericString()));
+        }
+        return (T) versionSerializer.deserialize(bytes);
     }
 }
diff --git a/server/src/main/java/io/pravega/schemaregistry/storage/impl/schemas/SchemaRecords.java b/server/src/main/java/io/pravega/schemaregistry/storage/impl/schemas/SchemaRecords.java
index fd0e82f5e..822bf5ac0 100644
--- a/server/src/main/java/io/pravega/schemaregistry/storage/impl/schemas/SchemaRecords.java
+++ b/server/src/main/java/io/pravega/schemaregistry/storage/impl/schemas/SchemaRecords.java
@@ -12,6 +12,7 @@
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.Lists;
 import io.pravega.common.ObjectBuilder;
+import io.pravega.common.io.SerializationException;
 import io.pravega.common.io.serialization.RevisionDataInput;
 import io.pravega.common.io.serialization.RevisionDataOutput;
 import io.pravega.common.io.serialization.VersionedSerializer;
@@ -25,6 +26,7 @@
 import lombok.Data;
 import lombok.Getter;
 import lombok.SneakyThrows;
+import lombok.val;
 
 import java.io.DataInput;
 import java.io.DataOutput;
@@ -421,7 +423,11 @@ private void read00(RevisionDataInput source, SchemaGroupsList.SchemaGroupsListB
     @SneakyThrows(IOException.class)
     @SuppressWarnings("unchecked")
     static <T extends Value> T fromBytes(Class<? extends Key> keyClass, byte[] bytes, Class<T> valueClass) {
-        return (T) SERIALIZERS_BY_KEY_TYPE.get(keyClass).deserialize(bytes);
+        val versionSerializer = SERIALIZERS_BY_KEY_TYPE.get(keyClass);
+        if ( versionSerializer == null ) {
+            throw new SerializationException(String.format("No serializer found for the class %s", keyClass.toGenericString()));
+        }
+        return (T) versionSerializer.deserialize(bytes);
     }
 
     public class KeySerializer extends VersionedSerializer.MultiType<Key> {