* #67: Updated to the latest version of Exasol dialect containing a s… (

#68)

* #67: Updated to the latest version of Exasol dialect containing a security update.

.github/workflows/github_release.yml

@@ -1,7 +1,7 @@
 name: GitHub Release
 
 on:
- workflow_dispatch:
+  workflow_dispatch:
     inputs:
       upload_url:
         description: 'Upload URL'
@@ -17,19 +17,19 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
-    - name: Set up JDK 11
-      uses: actions/setup-java@v1
-      with:
-        java-version: 11
-    - name: Build with Maven
-      run: mvn -B clean package --file pom.xml
- 
-    - name: Upload Release Asset
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
+      - uses: actions/checkout@v2
+      - name: Set up JDK 11
+        uses: actions/setup-java@v1
+        with:
+          java-version: 11
+      - name: Build with Maven
+        run: mvn -B clean package --file pom.xml
+
+      - name: Upload Release Asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
           upload_url: ${{ github.event.inputs.upload_url }}
           asset_path: ${{ github.event.inputs.asset_path }}
           asset_name: ${{ github.event.inputs.asset_name }}

.github/workflows/maven.yml

@@ -5,17 +5,17 @@ name: Dependencies Check
 
 on:
   schedule:
-  - cron: "0 2 * * *"
+    - cron: "0 2 * * *"
 
 jobs:
   build:
     runs-on: ubuntu-latest
-    
+
     steps:
       - uses: actions/checkout@v2
       - name: Set up JDK 11
         uses: actions/setup-java@v1
         with:
           java-version: 11
       - name: Checking dependencies for vulnerabilities
-        run: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml
+        run: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml

doc/changes/changelog.md

@@ -1,5 +1,6 @@
 # Changes
 
+* [1.2.1](changes_1.2.1.md)
 * [1.2.0](changes_1.2.0.md)
 * [1.1.2](changes_1.1.2.md)
 * [1.1.1](changes_1.1.1.md)

doc/changes/changes_1.2.1.md

@@ -0,0 +1,33 @@
+# Exasol Row Level Security 1.2.1, released 2020-11-17
+
+Code name: Security Update
+
+## Summary
+
+Classification: High
+
+Please update your adapters as soon as possible!
+
+This release fixes several SQL injection vulnerabilities on the remote database of the virtual schema. 
+The local Exasol database defining the virtual schema is not affected.
+
+## Refactoring
+
+* #67: Updated to the latest version of Exasol dialect containing a security update.
+
+## Dependency updates
+
+ * Added org.junit.jupiter:junit-jupiter:5.7.0
+ * Updated com.exasol:exasol-jdbc:6.2.5 to version 7.0.3
+ * Updated com.exasol:hamcrest-resultset-matcher:1.2.0 to version 1.2.1
+ * Updated org.mockito:mockito-junit-jupiter:3.3.3 to version 3.6.0
+ * Updated org.testcontainers:junit-jupiter:1.14.3 to version 1.15.0
+ * Updated com.exasol:exasol-virtual-schema:3.0.2 to version 3.1.0
+ * Updated com.exasol:exasol-testcontainers:2.0.3 to version 3.3.1
+ * Updated com.exasol:test-db-builder-java:1.0.1 to version 2.0.0
+ * Updated nl.jqno.equalsverifier:equalsverifier:3.4.1 to version 3.5
+ * Updated org.codehaus.mojo:versions-maven-plugin:2.7 to version 2.8.1
+ * Updated org.jacoco:jacoco-maven-plugin:0.8.5 to version 0.8.6
+ * Removed org.junit.jupiter:junit-jupiter-engine
+ * Removed org.junit.jupiter:junit-jupiter-params
+ * Removed org.junit.platform:junit-platform-runner

doc/user_guide/tutorial.md

@@ -359,7 +359,7 @@ CREATE SCHEMA RLS_VSADAPTER_SCHEMA;
 
 CREATE OR REPLACE JAVA ADAPTER SCRIPT RLS_VSADAPTER_SCHEMA.RLS_VSADAPTER AS
     %scriptclass com.exasol.adapter.RequestDispatcher;
-    %jar /buckets/bfsdefault/jars/row-level-security-dist-1.2.0.jar;
+    %jar /buckets/bfsdefault/jars/row-level-security-dist-1.2.1.jar;
 /
 ;
 

doc/user_guide/user_guide.md

@@ -294,7 +294,7 @@ The SQL statement below creates the adapter script, defines the Java class that
 ```sql
 CREATE OR REPLACE JAVA ADAPTER SCRIPT RLS_SCHEMA.RLS_VS_ADAPTER AS
     %scriptclass com.exasol.adapter.RequestDispatcher;
-    %jar /buckets/<BFS service>/<bucket>/row-level-security-dist-1.2.0.jar;
+    %jar /buckets/<BFS service>/<bucket>/row-level-security-dist-1.2.1.jar;
 /
 ;
 ```

pom.xml

@@ -4,15 +4,13 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.exasol</groupId>
     <artifactId>row-level-security</artifactId>
-    <version>1.2.0</version>
+    <version>1.2.1</version>
     <name>Exasol Row Level Security</name>
     <description>This projects provides a plug-in to the Exasol database that adds per-row access control.</description>
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <java.version>11</java.version>
-        <junit.version>5.6.2</junit.version>
-        <junit.platform.version>1.6.2</junit.platform.version>
         <surefire.and.failsafe.plugin.version>3.0.0-M4</surefire.and.failsafe.plugin.version>
         <sonar.coverage.jacoco.xmlReportPaths>target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml
         </sonar.coverage.jacoco.xmlReportPaths>
@@ -43,23 +41,23 @@
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>exasol-virtual-schema</artifactId>
-            <version>3.0.2</version>
+            <version>3.1.0</version>
         </dependency>
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>exasol-jdbc</artifactId>
-            <version>6.2.5</version>
+            <version>7.0.3</version>
         </dependency>
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>exasol-testcontainers</artifactId>
-            <version>2.0.3</version>
+            <version>3.3.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
             <artifactId>junit-jupiter</artifactId>
-            <version>1.14.3</version>
+            <version>1.15.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -71,31 +69,19 @@
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>hamcrest-resultset-matcher</artifactId>
-            <version>1.2.0</version>
+            <version>1.2.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter-engine</artifactId>
-            <version>${junit.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.junit.platform</groupId>
-            <artifactId>junit-platform-runner</artifactId>
-            <version>${junit.platform.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.junit.jupiter</groupId>
-            <artifactId>junit-jupiter-params</artifactId>
-            <version>${junit.version}</version>
+            <artifactId>junit-jupiter</artifactId>
+            <version>5.7.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-junit-jupiter</artifactId>
-            <version>3.3.3</version>
+            <version>3.6.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -107,13 +93,13 @@
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>test-db-builder-java</artifactId>
-            <version>1.0.1</version>
+            <version>2.0.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>nl.jqno.equalsverifier</groupId>
             <artifactId>equalsverifier</artifactId>
-            <version>3.4.1</version>
+            <version>3.5</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
@@ -126,15 +112,13 @@
                 <configuration>
                     <!-- Set the highest log level for coverage testing, so that we have a chance to 
                         reach branches in the logging lambdas too. -->
-                    <argLine>-Djava.util.logging.config.file=src/test/resources/logging.properties
-                        ${argLine}
-                    </argLine>
+                    <argLine>-Djava.util.logging.config.file=src/test/resources/logging.properties ${argLine}</argLine>
                 </configuration>
             </plugin>
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.8.5</version>
+                <version>0.8.6</version>
                 <executions>
                     <execution>
                         <id>prepare-agent</id>
@@ -200,9 +184,7 @@
                 <configuration>
                     <!-- Set the highest log level for coverage testing, so that we have a chance to 
                         reach branches in the logging lambdas too. -->
-                    <argLine>-Djava.util.logging.config.file=src/test/resources/logging.properties
-                        ${argLine}
-                    </argLine>
+                    <argLine>-Djava.util.logging.config.file=src/test/resources/logging.properties ${argLine}</argLine>
                 </configuration>
                 <executions>
                     <execution>
@@ -244,20 +226,6 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
-                <groupId>org.sonatype.ossindex.maven</groupId>
-                <artifactId>ossindex-maven-plugin</artifactId>
-                <version>3.1.0</version>
-                <executions>
-                    <execution>
-                        <id>audit-dependencies</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>audit</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
             <plugin>
                 <groupId>org.itsallcode</groupId>
                 <artifactId>openfasttrace-maven-plugin</artifactId>
@@ -303,11 +271,18 @@
                         </goals>
                     </execution>
                 </executions>
+                <configuration>
+                    <excludeVulnerabilityIds>
+                        <!-- Ignores CVE-2020-15250, because we use Java 11 and junit 4.13.1 which contains a fix:
+                        https://ossindex.sonatype.org/vuln/7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1 -->
+                        <exclude>7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1</exclude>
+                    </excludeVulnerabilityIds>
+                </configuration>
             </plugin>
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>2.7</version>
+                <version>2.8.1</version>
                 <executions>
                     <execution>
                         <phase>package</phase>
@@ -317,7 +292,9 @@
                         </goals>
                     </execution>
                 </executions>
-            </plugin>
+            <configuration>
+        <rulesUri>file:///${project.basedir}/versionsMavenPluginRules.xml</rulesUri>
+    </configuration></plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-enforcer-plugin</artifactId>
@@ -377,7 +354,7 @@
                                         </goals>
                                     </pluginExecutionFilter>
                                     <action>
-                                        <execute />
+                                        <execute/>
                                     </action>
                                 </pluginExecution>
                             </pluginExecutions>

src/main/java/com/exasol/adapter/dialects/rls/RowLevelSecurityQueryRewriter.java

@@ -189,7 +189,7 @@ private SqlNode createRolesNode(final UserInformation userInformation) {
     private SqlNode createRoleCheckPredicate(final String exaRoleMask) {
         final List<SqlNode> operands = List.of(createColumn(EXA_ROW_ROLES_COLUMN_NAME, MASK_TYPE),
                 new SqlLiteralExactnumeric(new BigDecimal(exaRoleMask)));
-        return new SqlFunctionScalar(ScalarFunction.BIT_AND, operands, true, false);
+        return new SqlFunctionScalar(ScalarFunction.BIT_AND, operands);
     }
 
     private SqlColumn createColumn(final String name, final DataType type) {

src/test/java/com/exasol/adapter/dialects/rls/AbstractRowLevelSecurityIT.java

@@ -2,6 +2,7 @@
 
 import static com.exasol.dbbuilder.dialects.exasol.ExasolObjectPrivilege.SELECT;
 import static com.exasol.matcher.ResultSetStructureMatcher.table;
+import static com.exasol.tools.TestsConstants.EXASOL_DOCKER_IMAGE_REFERENCE;
 import static com.exasol.tools.TestsConstants.ROW_LEVEL_SECURITY_JAR_NAME_AND_VERSION;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.*;
@@ -29,7 +30,8 @@
 @Testcontainers
 abstract class AbstractRowLevelSecurityIT {
     @Container
-    private static final ExasolContainer<? extends ExasolContainer<?>> container = new ExasolContainer<>();
+    private static final ExasolContainer<? extends ExasolContainer<?>> container = new ExasolContainer<>(
+            EXASOL_DOCKER_IMAGE_REFERENCE);
     private static AdapterScript adapterScript = null;
     private static ConnectionDefinition connectionDefinition = null;
     private static ExasolObjectFactory factory = null;

src/test/java/com/exasol/tools/TestsConstants.java

@@ -3,7 +3,8 @@
 import java.nio.file.Path;
 
 public final class TestsConstants {
-    public static final String ROW_LEVEL_SECURITY_JAR_NAME_AND_VERSION = "row-level-security-dist-1.2.0.jar";
+    public static final String ROW_LEVEL_SECURITY_JAR_NAME_AND_VERSION = "row-level-security-dist-1.2.1.jar";
+    public static final String EXASOL_DOCKER_IMAGE_REFERENCE = "exasol/docker-db:6.2.11-d1";
     private static final Path ADMIN_SCRIPT_BASE_PATH = Path.of("src/main/lua/");
     public static final Path PATH_TO_EXA_RLS_BASE = ADMIN_SCRIPT_BASE_PATH.resolve("exa_rls_base.lua");
     public static final Path PATH_TO_EXA_IDENTIFIER = ADMIN_SCRIPT_BASE_PATH.resolve("exa_identifier.lua");

versionsMavenPluginRules.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0" comparisonMethod="maven"
+         xsi:schemaLocation="http://mojo.codehaus.org/versions-maven-plugin/rule/2.0.0 http://mojo.codehaus.org/versions-maven-plugin/xsd/rule-2.0.0.xsd">
+    <ignoreVersions>
+        <!-- Ignore Alpha's, Beta's, release candidates and milestones -->
+        <ignoreVersion type="regex">(?i).*Alpha(?:-?\d+)?</ignoreVersion>
+        <ignoreVersion type="regex">(?i).*a(?:-?\d+)?</ignoreVersion>
+        <ignoreVersion type="regex">(?i).*Beta(?:-?\d+)?</ignoreVersion>
+        <ignoreVersion type="regex">(?i).*-B(?:-?\d+)?</ignoreVersion>
+        <ignoreVersion type="regex">(?i).*RC(?:-?\d+)?</ignoreVersion>
+        <ignoreVersion type="regex">(?i).*CR(?:-?\d+)?</ignoreVersion>
+        <ignoreVersion type="regex">(?i).*M(?:-?\d+)?</ignoreVersion>
+    </ignoreVersions>
+    <rules>
+    </rules>
+</ruleset>