Fix High/Critical CVEs (#1492)

* Fixes issues with tests since Dropwizard upgrade * Addresses CVEs from #1491
thelastpickle · Apr 16, 2024 · e50c083 · e50c083
1 parent bb99e2d
commit e50c083
Show file tree

Hide file tree

Showing 8 changed files with 21 additions and 11 deletions.
diff --git a/src/server/pom.xml b/src/server/pom.xml
@@ -31,7 +31,7 @@
     <properties>
         <dropwizard.version>2.1.12</dropwizard.version>
         <jersey.version>2.35</jersey.version>
-        <logback.version>1.2.9</logback.version>
+        <logback.version>1.3.14</logback.version>
         <cxf.version>3.4.5</cxf.version>
         <shiro.version>1.12.0</shiro.version>
         <prometheus.version>0.12.0</prometheus.version>
@@ -244,7 +244,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-configuration2</artifactId>
-            <version>2.1</version>
+            <version>2.10.1</version>
         </dependency>
         <dependency>
             <groupId>io.jsonwebtoken</groupId>
@@ -288,9 +288,9 @@
         <!--test scope -->
 
         <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>4.13.2</version>
+            <groupId>org.junit.vintage</groupId>
+            <artifactId>junit-vintage-engine</artifactId>
+            <version>5.9.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -662,7 +662,7 @@
             <plugin>
               <groupId>org.apache.maven.plugins</groupId>
               <artifactId>maven-surefire-plugin</artifactId>
-              <version>2.22.2</version>
+              <version>3.2.5</version>
               <inherited>true</inherited>
               <configuration>
                   <systemPropertyVariables>

diff --git a/src/server/src/main/java/io/cassandrareaper/service/RepairRunner.java b/src/server/src/main/java/io/cassandrareaper/service/RepairRunner.java
@@ -67,6 +67,7 @@
 import com.google.common.util.concurrent.FutureCallback;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
+import com.google.common.util.concurrent.MoreExecutors;
 import org.apache.cassandra.repair.RepairParallelism;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.tuple.Pair;
@@ -744,7 +745,8 @@ public void onSuccess(Object ignored) {
             public void onFailure(Throwable throwable) {
               LOG.error("Executing SegmentRunner failed", throwable);
             }
-          });
+          },
+          MoreExecutors.directExecutor());
     } catch (ReaperException ex) {
       LOG.error("Executing SegmentRunner failed", ex);
     }

diff --git a/src/server/src/main/java/io/cassandrareaper/storage/events/CassandraEventsDao.java b/src/server/src/main/java/io/cassandrareaper/storage/events/CassandraEventsDao.java
@@ -56,7 +56,7 @@ static DiagEventSubscription createDiagEventSubscription(Row row) {
     return new DiagEventSubscription(
         Optional.of(row.getUUID("id")),
         row.getString("cluster"),
-        Optional.of(row.getString("description")),
+        Optional.ofNullable(row.getString("description")),
         row.getSet("nodes", String.class),
         row.getSet("events", String.class),
         row.getBool("export_sse"),

diff --git a/src/server/src/test/java/io/cassandrareaper/acceptance/BasicSteps.java b/src/server/src/test/java/io/cassandrareaper/acceptance/BasicSteps.java
@@ -2424,7 +2424,7 @@ public void theReturnedListOfSubscriptionsIs(List<Map<String, String>> subscript
               new DiagEventSubscription(
                   Optional.empty(),
                   s.getCluster(),
-                  Optional.of(s.getDescription()),
+                  Optional.ofNullable(s.getDescription()),
                   s.getNodes(),
                   s.getEvents(),
                   s.getExportSse(),

diff --git a/src/server/src/test/resources/cassandra-reaper-access-control-enabled-at.yaml b/src/server/src/test/resources/cassandra-reaper-access-control-enabled-at.yaml
@@ -77,3 +77,5 @@ accessControl:
 cryptograph:
   type: symmetric
   systemPropertySecret: REAPER_ENCRYPTION_KEY
+
+persistenceStoragePath: /tmp/reaper/storage/
diff --git a/src/server/src/test/resources/cassandra-reaper-at.yaml b/src/server/src/test/resources/cassandra-reaper-at.yaml
@@ -76,4 +76,6 @@ metrics:
 
 cryptograph:
   type: symmetric
-  systemPropertySecret: REAPER_ENCRYPTION_KEY
+  systemPropertySecret: REAPER_ENCRYPTION_KEY
+
+persistenceStoragePath: /tmp/reaper/storage/
diff --git a/src/server/src/test/resources/cassandra-reaper-metrics-test.yaml b/src/server/src/test/resources/cassandra-reaper-metrics-test.yaml
@@ -78,3 +78,5 @@ metrics:
 cryptograph:
   type: symmetric
   systemPropertySecret: REAPER_ENCRYPTION_KEY
+
+persistenceStoragePath: /tmp/reaper/storage/
diff --git a/src/server/src/test/resources/cassandra-reaper.yaml b/src/server/src/test/resources/cassandra-reaper.yaml
@@ -112,4 +112,6 @@ metrics:
 
 cryptograph:
   type: symmetric
-  systemPropertySecret: REAPER_ENCRYPTION_KEY
+  systemPropertySecret: REAPER_ENCRYPTION_KEY
+
+persistenceStoragePath: /tmp/reaper/storage/