Skip to content

Commit

Permalink
fix: backports to core 5.0 (#115)
Browse files Browse the repository at this point in the history
* fix: vulnerability fix

* fix: pagination query

* fix: changelog

* fix: update deps
  • Loading branch information
sattvikc authored Apr 3, 2024
1 parent deaa20f commit f7955f2
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 16 deletions.
5 changes: 5 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

## [3.0.1] - 2024-04-02

- Fixes vulnerabilities in dependencies
- Fixes user pagination queries

## [3.0.0] - 2023-04-05

- Adds `use_static_key` `BOOLEAN` column into `session_info`
Expand Down
16 changes: 8 additions & 8 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ plugins {
id 'java-library'
}

version = "3.0.0"
version = "3.0.1"

repositories {
mavenCentral()
Expand All @@ -20,7 +20,7 @@ dependencies {
implementation group: 'org.mariadb.jdbc', name: 'mariadb-java-client', version: '2.6.0'

// https://mvnrepository.com/artifact/ch.qos.logback/logback-classic
compileOnly group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.3'
compileOnly group: 'ch.qos.logback', name: 'logback-classic', version: '1.4.14'

// https://mvnrepository.com/artifact/com.google.code.gson/gson
compileOnly group: 'com.google.code.gson', name: 'gson', version: '2.3.1'
Expand All @@ -32,32 +32,32 @@ dependencies {
compileOnly group: 'org.jetbrains', name: 'annotations', version: '13.0'

// https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml
compileOnly group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.14.0'
compileOnly group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.16.1'

// https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core
compileOnly group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.14.0'
compileOnly group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.16.1'

testImplementation 'junit:junit:4.12'

// https://mvnrepository.com/artifact/org.mockito/mockito-core
testImplementation group: 'org.mockito', name: 'mockito-core', version: '3.1.0'

// https://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-core
testImplementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '10.1.1'
testImplementation group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '10.1.18'

// https://mvnrepository.com/artifact/ch.qos.logback/logback-classic
testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.3'
testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.4.14'

// https://mvnrepository.com/artifact/com.google.code.gson/gson
testImplementation group: 'com.google.code.gson', name: 'gson', version: '2.3.1'

testImplementation 'com.tngtech.archunit:archunit-junit4:0.22.0'

// https://mvnrepository.com/artifact/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml
testImplementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.14.0'
testImplementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.16.1'

// https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core
testImplementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.14.0'
testImplementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.16.1'
}

jar {
Expand Down
6 changes: 3 additions & 3 deletions implementationDependencies.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@
"src": "https://repo1.maven.org/maven2/com/zaxxer/HikariCP/3.4.1/HikariCP-3.4.1-sources.jar"
},
{
"jar": "https://repo1.maven.org/maven2/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jar",
"name": "SLF4j API 1.7.25",
"src": "https://repo1.maven.org/maven2/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25-sources.jar"
"jar": "https://repo1.maven.org/maven2/org/slf4j/slf4j-api/2.0.7/slf4j-api-2.0.7.jar",
"name": "SLF4j API 2.0.7",
"src": "https://repo1.maven.org/maven2/org/slf4j/slf4j-api/2.0.7/slf4j-api-2.0.7-sources.jar"
}
]
}
Original file line number Diff line number Diff line change
Expand Up @@ -486,9 +486,11 @@ public static AuthRecipeUserInfo[] getUsers(Start start, @NotNull Integer limit,
if (USER_SEARCH_TAG_CONDITION.toString().length() == 0) {
usersFromQuery = new ArrayList<>();
} else {

// This query is slightly different from one in postgres because we want to use same ordering for
// primary_or_recipe_user_time_joined and primary_or_recipe_user_id because mysql 5.7 does not support
// different ordering for different columns using an index
String finalQuery = "SELECT * FROM ( " + USER_SEARCH_TAG_CONDITION.toString() + " ) AS finalResultTable"
+ " ORDER BY time_joined " + timeJoinedOrder + ", user_id DESC ";
+ " ORDER BY time_joined " + timeJoinedOrder + ", user_id " + timeJoinedOrder;
usersFromQuery = execute(start, finalQuery, pst -> {
for (int i = 1; i <= queryList.size(); i++) {
pst.setString(i, queryList.get(i - 1));
Expand Down Expand Up @@ -524,11 +526,15 @@ public static AuthRecipeUserInfo[] getUsers(Start start, @NotNull Integer limit,
if (!recipeIdCondition.equals("")) {
recipeIdCondition = recipeIdCondition + " AND";
}

// This query is slightly different from one in postgres because we want to use same ordering for
// primary_or_recipe_user_time_joined and primary_or_recipe_user_id because mysql 5.7 does not support
// different ordering for different columns using an index
String timeJoinedOrderSymbol = timeJoinedOrder.equals("ASC") ? ">" : "<";
String QUERY = "SELECT user_id, recipe_id FROM " + Config.getConfig(start).getUsersTable() + " WHERE "
+ recipeIdCondition + " (time_joined " + timeJoinedOrderSymbol
+ " ? OR (time_joined = ? AND user_id <= ?)) ORDER BY time_joined " + timeJoinedOrder
+ ", user_id DESC LIMIT ?";
+ " ? OR (time_joined = ? AND user_id " + timeJoinedOrderSymbol + "= ?)) ORDER BY time_joined " + timeJoinedOrder
+ ", user_id " + timeJoinedOrder + " LIMIT ?";
usersFromQuery = execute(start, QUERY, pst -> {
pst.setLong(1, timeJoined);
pst.setLong(2, timeJoined);
Expand All @@ -548,8 +554,12 @@ public static AuthRecipeUserInfo[] getUsers(Start start, @NotNull Integer limit,
if (!recipeIdCondition.equals("")) {
recipeIdCondition = " WHERE " + recipeIdCondition;
}
// This query is slightly different from one in postgres because we want to use same ordering for
// primary_or_recipe_user_time_joined and primary_or_recipe_user_id because mysql 5.7 does not support
// different ordering for different columns using an index
String QUERY = "SELECT user_id, recipe_id FROM " + Config.getConfig(start).getUsersTable()
+ recipeIdCondition + " ORDER BY time_joined " + timeJoinedOrder + ", user_id DESC LIMIT ?";
+ recipeIdCondition + " ORDER BY time_joined " + timeJoinedOrder + ", user_id "
+ timeJoinedOrder + " LIMIT ?";
usersFromQuery = execute(start, QUERY, pst -> pst.setInt(1, limit), result -> {
List<UserInfoPaginationResultHolder> temp = new ArrayList<>();
while (result.next()) {
Expand Down

0 comments on commit f7955f2

Please sign in to comment.