Skip to content

Commit e277790

Browse files
author
Nikolai Kolesnikov
committed
Fixed Arbitrary code execution in Apache Commons Text
1 parent b2b36cf commit e277790

File tree

4 files changed

+15
-7
lines changed

4 files changed

+15
-7
lines changed

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
55
<modelVersion>4.0.0</modelVersion>
66
<groupId>groupId</groupId>
7-
<artifactId>LightweightQueryAggregator</artifactId>
7+
<artifactId>amazon-aggregation-query-proxy</artifactId>
88
<version>1.0-SNAPSHOT</version>
99
<dependencies>
1010
<dependency>

query-app/pom.xml

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,12 @@
33
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
44
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
55
<modelVersion>4.0.0</modelVersion>
6+
67
<groupId>groupId</groupId>
78
<artifactId>query-app</artifactId>
89
<version>1.0-SNAPSHOT</version>
910
<properties>
10-
<picocli.version>4.6.1</picocli.version>
11-
<datastax.version>4.14.0</datastax.version>
11+
<datastax.version>4.15.0</datastax.version>
1212
<dropwizard.version>2.0.29</dropwizard.version>
1313
<kotlin.version>1.7.0</kotlin.version>
1414
<partiql.version>0.7.0</partiql.version>
@@ -19,7 +19,7 @@
1919
<dropwizard-auth.version>2.0.29</dropwizard-auth.version>
2020
<okta.version>0.3.0</okta.version>
2121
<unirest.version>3.13.6</unirest.version>
22-
<commons-text.version>1.9</commons-text.version>
22+
<commons-text.version>1.10.0</commons-text.version>
2323
</properties>
2424
<build>
2525
<plugins>
@@ -155,6 +155,11 @@
155155
<artifactId>jackson-annotations</artifactId>
156156
<version>${jackson.version}</version>
157157
</dependency>
158+
<dependency>
159+
<groupId>com.fasterxml.jackson.core</groupId>
160+
<artifactId>jackson-core</artifactId>
161+
<version>${jackson.version}</version>
162+
</dependency>
158163
<dependency>
159164
<groupId>software.amazon.awssdk</groupId>
160165
<artifactId>dynamodb</artifactId>

query-app/src/main/java/com/aws/aqp/application/App.java

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,13 +43,17 @@ public void run(AppConfiguration appConfiguration, Environment environment) {
4343

4444
if (appConfiguration.getServiceName().equals(DatabaseType.KEYSPACES.toString())) {
4545
environment.healthChecks().register("keyspaces-tcp-dependency", new ConnectionHealthCheck(appConfiguration));
46-
extractor = new CassandraExtractor(appConfiguration);
46+
if (environment.healthChecks().runHealthCheck("keyspaces-tcp-dependency").isHealthy()) {
47+
extractor = new CassandraExtractor(appConfiguration);
48+
}
4749
}
4850
if (appConfiguration.getServiceName().equals(DatabaseType.DYNAMODB.toString())) {
4951
String ddbEndpoint = System.getProperty("dynamodb-endpoint",String.format("https://dynamodb.%s.amazonaws.com", appConfiguration.getAwsRegion().toLowerCase()));
5052
environment.healthChecks().register("ddb-http-dependency",
5153
new HttpHealthCheck(ddbEndpoint));
52-
extractor = new DynamodbExtractor(appConfiguration);
54+
if (environment.healthChecks().runHealthCheck("dynamodb-endpoint").isHealthy()) {
55+
extractor = new DynamodbExtractor(appConfiguration);
56+
}
5357
}
5458

5559
environment.jersey().register(new AuthDynamicFeature(new BasicCredentialAuthFilter.Builder<AqpUser>()

query-app/src/main/java/com/aws/aqp/connectors/ConnectionKeyspacesFactory.java

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,6 @@ public class ConnectionKeyspacesFactory {
2626

2727
public ConnectionKeyspacesFactory(AppConfiguration appConfiguration) {
2828
this.appConfiguration = appConfiguration;
29-
3029
}
3130

3231
public CqlSession buildSession() {

0 commit comments

Comments
 (0)