From 23369fad935ae2a61e1b2e8daa83f3ceab21f00f Mon Sep 17 00:00:00 2001 From: Samikshya Chand Date: Wed, 6 Nov 2024 21:38:56 +0530 Subject: [PATCH] Fix vulnerabilities --- .../com/databricks/sdk/core/ConfigLoader.java | 39 ++++++++++--------- pom.xml | 4 +- 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/ConfigLoader.java b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/ConfigLoader.java index 933fa50ac..4504d0890 100644 --- a/databricks-sdk-java/src/main/java/com/databricks/sdk/core/ConfigLoader.java +++ b/databricks-sdk-java/src/main/java/com/databricks/sdk/core/ConfigLoader.java @@ -1,16 +1,17 @@ package com.databricks.sdk.core; import com.databricks.sdk.core.utils.Environment; -import java.io.File; import java.io.FileNotFoundException; +import java.io.FileReader; import java.io.IOException; import java.lang.reflect.Field; import java.net.MalformedURLException; import java.net.URL; import java.nio.file.Paths; import java.util.*; -import org.ini4j.Ini; -import org.ini4j.Profile; +import org.apache.commons.configuration2.INIConfiguration; +import org.apache.commons.configuration2.SubnodeConfiguration; +import org.apache.commons.configuration2.ex.ConfigurationException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -59,14 +60,14 @@ static void loadFromEnvironmentVariables(DatabricksConfig cfg) throws IllegalAcc } } catch (DatabricksException e) { String msg = - String.format("%s auth: %s", cfg.getCredentialsProvider().authType(), e.getMessage()); + String.format("%s auth: %s", cfg.getCredentialsProvider().authType(), e.getMessage()); throw new DatabricksException(msg, e); } } static void loadFromConfig(DatabricksConfig cfg) throws IllegalAccessException { if (isNullOrEmpty(cfg.getProfile()) - && (isAnyAuthConfigured(cfg) + && (isAnyAuthConfigured(cfg) || !isNullOrEmpty(cfg.getHost()) || !isNullOrEmpty(cfg.getAzureWorkspaceResourceId()))) { return; @@ -86,7 +87,7 @@ static void loadFromConfig(DatabricksConfig cfg) throws IllegalAccessException { configFile = configFile.replaceFirst("^~", userHome); } - Ini ini = parseDatabricksCfg(configFile, isDefaultConfig); + INIConfiguration ini = parseDatabricksCfg(configFile, isDefaultConfig); if (ini == null) return; String profile = cfg.getProfile(); boolean hasExplicitProfile = !isNullOrEmpty(profile); @@ -94,7 +95,7 @@ static void loadFromConfig(DatabricksConfig cfg) throws IllegalAccessException { profile = "DEFAULT"; } - Profile.Section section = ini.get(profile); + SubnodeConfiguration section = ini.getSection(profile); if (section == null && !hasExplicitProfile) { LOG.info("{} has no {} profile configured", configFile, profile); return; @@ -106,7 +107,7 @@ static void loadFromConfig(DatabricksConfig cfg) throws IllegalAccessException { } for (ConfigAttributeAccessor accessor : accessors) { - String value = section.get(accessor.getName()); + String value = section.getString(accessor.getName()); if (!isNullOrEmpty(accessor.getValueFromConfig(cfg))) { continue; } @@ -114,18 +115,18 @@ static void loadFromConfig(DatabricksConfig cfg) throws IllegalAccessException { } } - private static Ini parseDatabricksCfg(String configFile, boolean isDefaultConfig) { - Ini ini = new Ini(); - try { - ini.load(new File(configFile)); + private static INIConfiguration parseDatabricksCfg(String configFile, boolean isDefaultConfig) { + INIConfiguration iniConfig = new INIConfiguration(); + try (FileReader reader = new FileReader(configFile)) { + iniConfig.read(reader); } catch (FileNotFoundException e) { if (isDefaultConfig) { return null; } - } catch (IOException e) { + } catch (IOException | ConfigurationException e) { throw new DatabricksException("Cannot load " + configFile, e); } - return ini; + return iniConfig; } public static void fixHostIfNeeded(DatabricksConfig cfg) { @@ -166,21 +167,21 @@ static void validate(DatabricksConfig cfg) throws DatabricksException { if (authSet.size() <= 1) return; String names = String.join(" and ", authSet); throw new DatabricksException( - String.format("validate: more than one authorization method configured: %s", names)); + String.format("validate: more than one authorization method configured: %s", names)); } catch (IllegalAccessException e) { throw new DatabricksException("Cannot create default config", e); } } public static DatabricksException makeNicerError( - String message, Exception e, DatabricksConfig cfg) { + String message, Exception e, DatabricksConfig cfg) { return makeNicerError(message, e, 200, cfg); } public static DatabricksException makeNicerError( - String message, Exception e, Integer statusCode, DatabricksConfig cfg) { + String message, Exception e, Integer statusCode, DatabricksConfig cfg) { boolean isHttpUnauthorizedOrForbidden = - true; // TODO - pass status code with exception, default this to false + true; // TODO - pass status code with exception, default this to false if (statusCode == 401 || statusCode == 402) isHttpUnauthorizedOrForbidden = true; String debugString = ""; if (cfg.getEnv() != null) { @@ -264,4 +265,4 @@ public static boolean isAnyAuthConfigured(DatabricksConfig cfg) throws IllegalAc } return false; } -} +} \ No newline at end of file diff --git a/pom.xml b/pom.xml index 789662edd..c0b84a720 100644 --- a/pom.xml +++ b/pom.xml @@ -1,6 +1,6 @@ + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 com.databricks databricks-sdk-parent @@ -291,4 +291,4 @@ - + \ No newline at end of file