Fix Jackson and Scala vulnerabilities (#373)

* fix jackson and scala vulnerabilities * fix * fix * lint
oap-project · Aug 11, 2023 · bdb7a4d · bdb7a4d
1 parent 0b353cb
commit bdb7a4d
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 15 deletions.
diff --git a/core/pom.xml b/core/pom.xml
@@ -29,7 +29,7 @@
  <maven.compiler.source>1.8</maven.compiler.source>
  <maven.compiler.target>1.8</maven.compiler.target>
  <scala.version>2.12.15</scala.version>
- <jackson.version>2.13.4</jackson.version>
+ <jackson.version>2.13.5</jackson.version>
  <scala.binary.version>2.12</scala.binary.version>
  </properties>
 
@@ -153,7 +153,7 @@
  <dependency>
  <groupId>com.fasterxml.jackson.core</groupId>
  <artifactId>jackson-databind</artifactId>
- <version>2.13.4.2</version>
+ <version>${jackson.version}</version>
  </dependency>
  <dependency>
  <groupId>com.fasterxml.jackson.core</groupId>

diff --git a/core/raydp-main/pom.xml b/core/raydp-main/pom.xml
@@ -240,23 +240,20 @@
  <artifactId>maven-assembly-plugin</artifactId>
  <version>3.0.0</version>
  <configuration>
- <!--<descriptors>-->
- <!--<decriptor>src/main/assembly/assembly.xml</decriptor>-->
- <!--</descriptors>-->
  <appendAssemblyId>false</appendAssemblyId>
  <descriptorRefs>
  <descriptorRef>jar-with-dependencies</descriptorRef>
  </descriptorRefs>
  </configuration>
- <executions>
+ <!-- <executions>
  <execution>
  <id>assembly</id>
  <phase>package</phase>
  <goals>
  <goal>single</goal>
  </goals>
  </execution>
- </executions>
+ </executions> -->
  </plugin>
 
  <plugin>

diff --git a/core/raydp-main/src/main/scala/org/apache/spark/deploy/raydp/RayAppMaster.scala b/core/raydp-main/src/main/scala/org/apache/spark/deploy/raydp/RayAppMaster.scala
@@ -119,9 +119,14 @@ class RayAppMaster(host: String,
  val id = PlacementGroupId.fromBytes(DatatypeConverter.parseHexBinary(hex))
  PlacementGroups.getPlacementGroup(id)
  }.orNull
- private val bundleIndexes: List[Int] = conf.getOption("spark.ray.bundle_indexes")
- .map(_.split(",").map(_.toInt).toList)
- .getOrElse(List.empty)
+ private val bundleIndexesOpt: Option[Array[Int]] = conf.getOption("spark.ray.bundle_indexes")
+ .map(_.split(",").map(_.toInt))
+
+ private val bundleIndexesNum: Int = bundleIndexesOpt match {
+ case Some(n) => n.size
+ case None => 0
+ }
+
  private var currentBundleIndex: Int = 0
 
  override def receive: PartialFunction[Any, Unit] = {
@@ -316,9 +321,9 @@ class RayAppMaster(host: String,
  }
 
  private def getNextBundleIndex: Int = {
- if (placementGroup != null && bundleIndexes.nonEmpty) {
+ if (placementGroup != null && bundleIndexesNum != 0) {
  val previous = currentBundleIndex
- currentBundleIndex = (currentBundleIndex + 1) % bundleIndexes.size
+ currentBundleIndex = (currentBundleIndex + 1) % bundleIndexesNum
  previous
  } else {
  -1

diff --git a/core/shims/spark322/pom.xml b/core/shims/spark322/pom.xml
@@ -17,7 +17,7 @@
 
  <properties>
  <scala.version>2.12.15</scala.version>
- <jackson.version>2.12.0</jackson.version>
+ <jackson.version>2.13.5</jackson.version>
  </properties>
 
  <build>

diff --git a/core/shims/spark330/pom.xml b/core/shims/spark330/pom.xml
@@ -17,7 +17,7 @@
 
  <properties>
  <scala.version>2.12.15</scala.version>
- <jackson.version>2.13.3</jackson.version>
+ <jackson.version>2.13.5</jackson.version>
  </properties>
 
  <build>

diff --git a/core/shims/spark340/pom.xml b/core/shims/spark340/pom.xml
@@ -17,7 +17,7 @@
 
  <properties>
  <scala.version>2.12.15</scala.version>
- <jackson.version>2.13.3</jackson.version>
+ <jackson.version>2.13.5</jackson.version>
  </properties>
 
  <build>