Skip to content

Commit

Permalink
dep: APPS-833 update vulnerable aerospike-java-client to 7.0 (#142)
Browse files Browse the repository at this point in the history 
* dep: APPS-833 update vulnerable aerospike-java-client to 7.0
fixes CVE-2023-36480
  • Loading branch information
Jesse S authored Aug 7, 2023
1 parent bd9ac8a commit 88556dd
Show file tree
Hide file tree
Showing 3 changed files with 51 additions and 21 deletions.
2 changes: 1 addition & 1 deletion build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ buildscript {
ext {
springBootVersion = "2.7.11"
httpclientVersion = "4.5.14"
aerospikeClientVersion = findProperty("aerospikeClientVersion") ?: "6.1.9"
aerospikeClientVersion = findProperty("aerospikeClientVersion") ?: "7.0.0"
set('snakeyaml.version', '2.0') // Can be removed after upgrading to springboot 3.x
}
if (findProperty("aerospikeUseLocal")) {
Expand Down
54 changes: 41 additions & 13 deletions src/main/java/com/aerospike/restclient/util/converters/BinConverter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
import com.fasterxml.jackson.databind.ObjectMapper;
import gnu.crypto.util.Base64;

import java.util.List;
import java.util.Map;

public class BinConverter {
Expand All @@ -40,9 +41,9 @@ public static Bin[] binsFromMap(Map<String, Object> binMap) {
for (Map.Entry<String, Object> entry : binMap.entrySet()) {
/* Let the user pass null, to delete a bin */
Object value = entry.getValue();
if (entry.getValue() == null) {
if (value == null) {
binArray[index] = (Bin.asNull(entry.getKey()));
} else if (entry.getValue() instanceof Map) {
} else if (value instanceof Map) {
Map<String, Object> mapVal = (Map<String, Object>) value;
Value asVal;

Expand All @@ -58,17 +59,13 @@ public static Bin[] binsFromMap(Map<String, Object> binMap) {
(String) mapVal.get(AerospikeAPIConstants.SpecifiedType.Keys.specifiedTypeKey));
byte[] byteArr = Base64.decode(
(String) mapVal.get(AerospikeAPIConstants.SpecifiedType.Keys.specifiedValueKey));
switch (type) {
case BYTE_ARRAY:
asVal = Value.get(byteArr);
break;
case GEO_JSON:
asVal = switch (type) {
case BYTE_ARRAY -> Value.get(byteArr);
case GEO_JSON ->
// GEO_JSON is deprecated but only documented here https://stackoverflow.com/questions/70945453/how-to-insert-geojson-using-aerospike-rest-client
asVal = Value.getAsGeoJSON(new String(byteArr));
break;
default:
asVal = Value.get(mapVal);
}
Value.getAsGeoJSON(new String(byteArr));
default -> Value.get(mapVal);
};
} catch (Exception e) {
throw new RestClientErrors.InvalidBinValue(
String.format("Error parsing typed bin parameter: %s", e));
Expand All @@ -80,13 +77,44 @@ public static Bin[] binsFromMap(Map<String, Object> binMap) {
binArray[index] = new Bin(entry.getKey(), asVal);

} else {
binArray[index] = new Bin(entry.getKey(), entry.getValue());
binArray[index] = binFromObject(entry.getKey(), value);
}
index++;
}
return binArray;
}

public static Bin binFromObject(String key, Object value) {
if (value instanceof Integer castVal) {
return new Bin(key, castVal);
} else if (value instanceof Short castVal) {
return new Bin(key, castVal);
} else if (value instanceof Long castVal) {
return new Bin(key, castVal);
} else if (value instanceof String castVal) {
return new Bin(key, castVal);
} else if (value instanceof Boolean castVal) {
return new Bin(key, castVal);
} else if (value instanceof Float castVal) {
return new Bin(key, castVal);
} else if (value instanceof Double castVal) {
return new Bin(key, castVal);
} else if (value instanceof List<?> castVal) {
return new Bin(key, castVal);
} else if (value instanceof Map<?, ?> castVal) {
return new Bin(key, castVal);
} else if (value instanceof Byte castVal) {
return new Bin(key, castVal);
} else if (value instanceof byte[] castVal) {
return new Bin(key, castVal);
} else if (value instanceof Value castVal) {
return new Bin(key, castVal);
} else {
throw new RestClientErrors.InvalidBinValue(
String.format("Unsupported bin type for key %s : %s", key, value.getClass().getSimpleName()));
}
}

private static boolean isGeoJSON(Map<String, Object> value) {
return (isGeoJSONGeometry(value) && isGeoJSONFeature(value));
}
Expand Down
16 changes: 9 additions & 7 deletions src/test/java/com/aerospike/restclient/converters/BinConverterTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@
import java.util.List;
import java.util.Map;

import static com.aerospike.restclient.util.converters.BinConverter.binFromObject;

public class BinConverterTests {

@Test
Expand All @@ -49,11 +51,6 @@ public void testFloatBin() {
singleObjectBinTest(5l);
}

@Test
public void testAryBin() {
singleObjectBinTest(new String[]{"aero", "spike"});
}

@Test
public void testMapBin() {
Map<String, Object> testMap = new HashMap<>();
Expand Down Expand Up @@ -88,7 +85,12 @@ public void testBytesBin() {

@Test
public void testGeoJSONBin() {
singleObjectBinTest(new GeoJSONValue("{\"coordinates\": [-122.0, 37.5], \"type\": \"Point\"}"));
Bin testBin = new Bin("bin1", new GeoJSONValue("{\"coordinates\": [-122.0, 37.5], \"type\": \"Point\"}"));
Map<String, Object> binMap = new HashMap<>();
binMap.put("bin1", new GeoJSONValue("{\"coordinates\": [-122.0, 37.5], \"type\": \"Point\"}"));
Bin[] bins = BinConverter.binsFromMap(binMap);
Assert.assertTrue(binsContain(bins, testBin));
// singleObjectBinTest(new GeoJSONValue("{\"coordinates\": [-122.0, 37.5], \"type\": \"Point\"}"));
}

@Test
Expand Down Expand Up @@ -159,7 +161,7 @@ public void testBase64BytesBin() {
}

private void singleObjectBinTest(Object binValue) {
Bin testBin = new Bin("bin1", binValue);
Bin testBin = binFromObject("bin1", binValue);
Map<String, Object> binMap = new HashMap<>();
binMap.put("bin1", binValue);
Bin[] bins = BinConverter.binsFromMap(binMap);
Expand Down

0 comments on commit 88556dd

Please sign in to comment.