Fix snakeyaml CVEs

snakeyaml 1.x version causing mend scan CVEs.

Cherry-pick of trinodb/trino#2377

Co-authored-by: Yuya Ebihara <[email protected]>

pom.xml

@@ -82,6 +82,7 @@
         <dep.avro.version>1.11.4</dep.avro.version>
         <dep.commons.compress.version>1.26.2</dep.commons.compress.version>
         <dep.protobuf-java.version>3.25.5</dep.protobuf-java.version>
+        <dep.snakeyaml.version>2.0</dep.snakeyaml.version>
 
         <!--
           America/Bahia_Banderas has:
@@ -2057,22 +2058,6 @@
                 <version>1.1.3</version>
             </dependency>
 
-            <dependency>
-                <groupId>com.facebook.presto.cassandra</groupId>
-                <artifactId>cassandra-server</artifactId>
-                <version>2.1.16-1</version>
-                <exclusions>
-                    <exclusion>
-                        <groupId>com.googlecode.json-simple</groupId>
-                        <artifactId>json-simple</artifactId>
-                    </exclusion>
-                    <exclusion>
-                        <groupId>io.netty</groupId>
-                        <artifactId>netty-all</artifactId>
-                    </exclusion>
-                </exclusions>
-            </dependency>
-
             <dependency>
                 <groupId>com.facebook.presto</groupId>
                 <artifactId>presto-delta</artifactId>
@@ -2218,6 +2203,12 @@
                 <artifactId>cassandra-driver-core</artifactId>
                 <version>3.11.5</version>
             </dependency>
+
+            <dependency>
+                <groupId>org.yaml</groupId>
+                <artifactId>snakeyaml</artifactId>
+                <version>${dep.snakeyaml.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 

presto-cassandra/pom.xml

@@ -156,8 +156,8 @@
         </dependency>
 
         <dependency>
-            <groupId>com.facebook.presto.cassandra</groupId>
-            <artifactId>cassandra-server</artifactId>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>testcontainers</artifactId>
             <scope>test</scope>
         </dependency>
 
@@ -185,6 +185,16 @@
         </dependency>
     </dependencies>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.slf4j</groupId>
+                <artifactId>slf4j-api</artifactId>
+                <version>1.7.36</version>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
     <build>
         <plugins>
             <plugin>

presto-cassandra/src/test/java/com/facebook/presto/cassandra/CassandraQueryRunner.java

@@ -34,30 +34,25 @@ private CassandraQueryRunner()
 
     private static boolean tpchLoaded;
 
-    public static synchronized DistributedQueryRunner createCassandraQueryRunner()
+    public static DistributedQueryRunner createCassandraQueryRunner(CassandraServer server)
             throws Exception
     {
-        EmbeddedCassandra.start();
-
         DistributedQueryRunner queryRunner = new DistributedQueryRunner(createCassandraSession("tpch"), 4);
 
         queryRunner.installPlugin(new TpchPlugin());
         queryRunner.createCatalog("tpch", "tpch");
 
         queryRunner.installPlugin(new CassandraPlugin());
         queryRunner.createCatalog("cassandra", "cassandra", ImmutableMap.of(
-                "cassandra.contact-points", EmbeddedCassandra.getHost(),
-                "cassandra.native-protocol-port", Integer.toString(EmbeddedCassandra.getPort()),
+                "cassandra.contact-points", server.getHost(),
+                "cassandra.native-protocol-port", Integer.toString(server.getPort()),
                 "cassandra.allow-drop-table", "true"));
 
-        if (!tpchLoaded) {
-            createKeyspace(EmbeddedCassandra.getSession(), "tpch");
-            List<TpchTable<?>> tables = TpchTable.getTables();
-            copyTpchTables(queryRunner, "tpch", TINY_SCHEMA_NAME, createCassandraSession("tpch"), tables);
-            for (TpchTable table : tables) {
-                EmbeddedCassandra.refreshSizeEstimates("tpch", table.getTableName());
-            }
-            tpchLoaded = true;
+        createKeyspace(server.getSession(), "tpch");
+        List<TpchTable<?>> tables = TpchTable.getTables();
+        copyTpchTables(queryRunner, "tpch", TINY_SCHEMA_NAME, createCassandraSession("tpch"), tables);
+        for (TpchTable<?> table : tables) {
+            server.refreshSizeEstimates("tpch", table.getTableName());
         }
 
         return queryRunner;

presto-cassandra/src/test/java/com/facebook/presto/cassandra/EmbeddedCassandra.java → presto-cassandra/src/test/java/com/facebook/presto/cassandra/CassandraServer.java

@@ -21,21 +21,18 @@
 import com.google.common.collect.ImmutableList;
 import com.google.common.io.Resources;
 import io.airlift.units.Duration;
-import org.apache.cassandra.service.CassandraDaemon;
-
-import javax.management.ObjectName;
+import org.testcontainers.containers.GenericContainer;
 
+import java.io.Closeable;
 import java.io.File;
 import java.io.IOException;
-import java.lang.management.ManagementFactory;
 import java.net.InetSocketAddress;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.List;
 import java.util.concurrent.TimeoutException;
 
 import static com.datastax.driver.core.ProtocolVersion.V3;
-import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.io.Files.createTempDir;
 import static com.google.common.io.Files.write;
 import static com.google.common.io.Resources.getResource;
@@ -45,43 +42,38 @@
 import static java.util.concurrent.TimeUnit.MINUTES;
 import static java.util.concurrent.TimeUnit.NANOSECONDS;
 import static java.util.concurrent.TimeUnit.SECONDS;
+import static org.testcontainers.utility.MountableFile.forHostPath;
 import static org.testng.Assert.assertEquals;
 
-public final class EmbeddedCassandra
+public class CassandraServer
+        implements Closeable
+
 {
-    private static Logger log = Logger.get(EmbeddedCassandra.class);
+    private static Logger log = Logger.get(CassandraServer.class);
 
-    private static final String HOST = "127.0.0.1";
     private static final int PORT = 9142;
 
     private static final Duration REFRESH_SIZE_ESTIMATES_TIMEOUT = new Duration(1, MINUTES);
 
-    private static CassandraSession session;
-    private static boolean initialized;
+    private final GenericContainer<?> dockerContainer;
 
-    private EmbeddedCassandra() {}
+    private final CassandraSession session;
 
-    public static synchronized void start()
+    public CassandraServer()
             throws Exception
     {
-        if (initialized) {
-            return;
-        }
-
         log.info("Starting cassandra...");
 
-        System.setProperty("cassandra.config", "file:" + prepareCassandraYaml());
-        System.setProperty("cassandra-foreground", "true");
-        System.setProperty("cassandra.native.epoll.enabled", "false");
-
-        CassandraDaemon cassandraDaemon = new CassandraDaemon();
-        cassandraDaemon.activate();
+        this.dockerContainer = new GenericContainer<>("cassandra:2.1.16")
+                .withExposedPorts(PORT)
+                .withCopyFileToContainer(forHostPath(prepareCassandraYaml()), "/etc/cassandra/cassandra.yaml");
+        this.dockerContainer.start();
 
         Cluster.Builder clusterBuilder = Cluster.builder()
                 .withProtocolVersion(V3)
                 .withClusterName("TestCluster")
                 .addContactPointsWithPorts(ImmutableList.of(
-                        new InetSocketAddress(HOST, PORT)))
+                        new InetSocketAddress(this.dockerContainer.getContainerIpAddress(), this.dockerContainer.getMappedPort(PORT))))
                 .withMaxSchemaAgreementWaitSeconds(30);
 
         ReopeningCluster cluster = new ReopeningCluster(clusterBuilder::build);
@@ -96,12 +88,11 @@ public static synchronized void start()
         }
         catch (RuntimeException e) {
             cluster.close();
-            cassandraDaemon.deactivate();
+            this.dockerContainer.stop();
             throw e;
         }
 
-        EmbeddedCassandra.session = session;
-        initialized = true;
+        this.session = session;
     }
 
     private static String prepareCassandraYaml()
@@ -115,35 +106,25 @@ private static String prepareCassandraYaml()
         Path dataDir = tmpDirPath.resolve("data");
         Files.createDirectory(dataDir);
 
-        String modified = original.replaceAll("\\$\\{data_directory\\}", dataDir.toAbsolutePath().toString());
-
         Path yamlLocation = tmpDirPath.resolve("cu-cassandra.yaml");
-        write(modified, yamlLocation.toFile(), UTF_8);
+        write(original, yamlLocation.toFile(), UTF_8);
 
         return yamlLocation.toAbsolutePath().toString();
     }
 
-    public static synchronized CassandraSession getSession()
+    public CassandraSession getSession()
     {
-        checkIsInitialized();
         return requireNonNull(session, "cluster is null");
     }
 
-    public static synchronized String getHost()
+    public String getHost()
     {
-        checkIsInitialized();
-        return HOST;
+        return dockerContainer.getContainerIpAddress();
     }
 
-    public static synchronized int getPort()
+    public int getPort()
     {
-        checkIsInitialized();
-        return PORT;
-    }
-
-    private static void checkIsInitialized()
-    {
-        checkState(initialized, "EmbeddedCassandra must be started with #start() method before retrieving the cluster retrieval");
+        return dockerContainer.getMappedPort(PORT);
     }
 
     private static void checkConnectivity(CassandraSession session)
@@ -155,7 +136,7 @@ private static void checkConnectivity(CassandraSession session)
         log.info("Cassandra version: %s", version);
     }
 
-    public static void refreshSizeEstimates(String keyspace, String table)
+    public void refreshSizeEstimates(String keyspace, String table)
             throws Exception
     {
         long deadline = System.nanoTime() + REFRESH_SIZE_ESTIMATES_TIMEOUT.roundTo(NANOSECONDS);
@@ -173,27 +154,21 @@ public static void refreshSizeEstimates(String keyspace, String table)
         throw new TimeoutException(format("Attempting to refresh size estimates for table %s.%s has timed out after %s", keyspace, table, REFRESH_SIZE_ESTIMATES_TIMEOUT));
     }
 
-    private static void flushTable(String keyspace, String table)
+    private void flushTable(String keyspace, String table)
             throws Exception
     {
-        ManagementFactory
-                .getPlatformMBeanServer()
-                .invoke(
-                        new ObjectName("org.apache.cassandra.db:type=StorageService"),
-                        "forceKeyspaceFlush",
-                        new Object[] {keyspace, new String[] {table}},
-                        new String[] {"java.lang.String", "[Ljava.lang.String;"});
+        dockerContainer.execInContainer("nodetool", "flush", keyspace, table);
     }
 
-    private static void refreshSizeEstimates()
+    private void refreshSizeEstimates()
             throws Exception
     {
-        ManagementFactory
-                .getPlatformMBeanServer()
-                .invoke(
-                        new ObjectName("org.apache.cassandra.db:type=StorageService"),
-                        "refreshSizeEstimates",
-                        new Object[] {},
-                        new String[] {});
+        dockerContainer.execInContainer("nodetool", "refreshsizeestimates");
+    }
+
+    @Override
+    public void close()
+    {
+        dockerContainer.close();
     }
 }

presto-cassandra/src/test/java/com/facebook/presto/cassandra/CassandraTestingUtils.java

@@ -75,12 +75,12 @@ public static void createTableClusteringKeys(CassandraSession session, SchemaTab
 
     public static void insertIntoTableClusteringKeys(CassandraSession session, SchemaTableName table, int rowsCount)
     {
-        for (Integer rowNumber = 1; rowNumber <= rowsCount; rowNumber++) {
+        for (int rowNumber = 1; rowNumber <= rowsCount; rowNumber++) {
             Insert insert = QueryBuilder.insertInto(table.getSchemaName(), table.getTableName())
-                    .value("key", "key_" + rowNumber.toString())
+                    .value("key", "key_" + rowNumber)
                     .value("clust_one", "clust_one")
-                    .value("clust_two", "clust_two_" + rowNumber.toString())
-                    .value("clust_three", "clust_three_" + rowNumber.toString());
+                    .value("clust_two", "clust_two_" + rowNumber)
+                    .value("clust_three", "clust_three_" + rowNumber);
             session.execute(insert);
         }
         assertEquals(session.execute("SELECT COUNT(*) FROM " + table).all().get(0).getLong(0), rowsCount);
@@ -103,13 +103,13 @@ public static void createTableMultiPartitionClusteringKeys(CassandraSession sess
 
     public static void insertIntoTableMultiPartitionClusteringKeys(CassandraSession session, SchemaTableName table)
     {
-        for (Integer rowNumber = 1; rowNumber < 10; rowNumber++) {
+        for (int rowNumber = 1; rowNumber < 10; rowNumber++) {
             Insert insert = QueryBuilder.insertInto(table.getSchemaName(), table.getTableName())
-                    .value("partition_one", "partition_one_" + rowNumber.toString())
-                    .value("partition_two", "partition_two_" + rowNumber.toString())
+                    .value("partition_one", "partition_one_" + rowNumber)
+                    .value("partition_two", "partition_two_" + rowNumber)
                     .value("clust_one", "clust_one")
-                    .value("clust_two", "clust_two_" + rowNumber.toString())
-                    .value("clust_three", "clust_three_" + rowNumber.toString());
+                    .value("clust_two", "clust_two_" + rowNumber)
+                    .value("clust_three", "clust_three_" + rowNumber);
             session.execute(insert);
         }
         assertEquals(session.execute("SELECT COUNT(*) FROM " + table).all().get(0).getLong(0), 9);
@@ -131,7 +131,7 @@ public static void createTableClusteringKeysInequality(CassandraSession session,
 
     public static void insertIntoTableClusteringKeysInequality(CassandraSession session, SchemaTableName table, Date date, int rowsCount)
     {
-        for (Integer rowNumber = 1; rowNumber <= rowsCount; rowNumber++) {
+        for (int rowNumber = 1; rowNumber <= rowsCount; rowNumber++) {
             Insert insert = QueryBuilder.insertInto(table.getSchemaName(), table.getTableName())
                     .value("key", "key_1")
                     .value("clust_one", "clust_one")
@@ -222,12 +222,12 @@ public static void createTableAllTypesPartitionKey(CassandraSession session, Sch
 
     private static void insertTestData(CassandraSession session, SchemaTableName table, Date date, int rowsCount)
     {
-        for (Integer rowNumber = 1; rowNumber <= rowsCount; rowNumber++) {
+        for (int rowNumber = 1; rowNumber <= rowsCount; rowNumber++) {
             Insert insert = QueryBuilder.insertInto(table.getSchemaName(), table.getTableName())
-                    .value("key", "key " + rowNumber.toString())
+                    .value("key", "key " + rowNumber)
                     .value("typeuuid", UUID.fromString(String.format("00000000-0000-0000-0000-%012d", rowNumber)))
                     .value("typeinteger", rowNumber)
-                    .value("typelong", rowNumber.longValue() + 1000)
+                    .value("typelong", rowNumber + 1000)
                     .value("typebytes", ByteBuffer.wrap(Ints.toByteArray(rowNumber)).asReadOnlyBuffer())
                     .value("typetimestamp", date)
                     .value("typeansi", "ansi " + rowNumber)