diff --git a/.github/workflows/github_release.yml b/.github/workflows/github_release.yml index 6d10f50..3afc904 100644 --- a/.github/workflows/github_release.yml +++ b/.github/workflows/github_release.yml @@ -1,7 +1,7 @@ name: GitHub Release on: - workflow_dispatch: + workflow_dispatch: inputs: upload_url: description: 'Upload URL' @@ -17,19 +17,19 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 11 - - name: Build with Maven - run: mvn -B clean package --file pom.xml - - - name: Upload Release Asset - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: + - uses: actions/checkout@v2 + - name: Set up JDK 11 + uses: actions/setup-java@v1 + with: + java-version: 11 + - name: Build with Maven + run: mvn -B clean package --file pom.xml + + - name: Upload Release Asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: upload_url: ${{ github.event.inputs.upload_url }} asset_path: ${{ github.event.inputs.asset_path }} asset_name: ${{ github.event.inputs.asset_name }} diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index 11c1b09..2a4f4d9 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -5,12 +5,12 @@ name: Dependencies Check on: schedule: - - cron: "0 2 * * *" + - cron: "0 2 * * *" jobs: build: runs-on: ubuntu-latest - + steps: - uses: actions/checkout@v2 - name: Set up JDK 11 @@ -18,4 +18,4 @@ jobs: with: java-version: 11 - name: Checking dependencies for vulnerabilities - run: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml + run: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml \ No newline at end of file diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 7cd8517..5a48638 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [1.2.1](changes_1.2.1.md) * [1.2.0](changes_1.2.0.md) * [1.1.2](changes_1.1.2.md) * [1.1.1](changes_1.1.1.md) diff --git a/doc/changes/changes_1.2.1.md b/doc/changes/changes_1.2.1.md new file mode 100644 index 0000000..877939b --- /dev/null +++ b/doc/changes/changes_1.2.1.md @@ -0,0 +1,33 @@ +# Exasol Row Level Security 1.2.1, released 2020-11-17 + +Code name: Security Update + +## Summary + +Classification: High + +Please update your adapters as soon as possible! + +This release fixes several SQL injection vulnerabilities on the remote database of the virtual schema. +The local Exasol database defining the virtual schema is not affected. + +## Refactoring + +* #67: Updated to the latest version of Exasol dialect containing a security update. + +## Dependency updates + + * Added org.junit.jupiter:junit-jupiter:5.7.0 + * Updated com.exasol:exasol-jdbc:6.2.5 to version 7.0.3 + * Updated com.exasol:hamcrest-resultset-matcher:1.2.0 to version 1.2.1 + * Updated org.mockito:mockito-junit-jupiter:3.3.3 to version 3.6.0 + * Updated org.testcontainers:junit-jupiter:1.14.3 to version 1.15.0 + * Updated com.exasol:exasol-virtual-schema:3.0.2 to version 3.1.0 + * Updated com.exasol:exasol-testcontainers:2.0.3 to version 3.3.1 + * Updated com.exasol:test-db-builder-java:1.0.1 to version 2.0.0 + * Updated nl.jqno.equalsverifier:equalsverifier:3.4.1 to version 3.5 + * Updated org.codehaus.mojo:versions-maven-plugin:2.7 to version 2.8.1 + * Updated org.jacoco:jacoco-maven-plugin:0.8.5 to version 0.8.6 + * Removed org.junit.jupiter:junit-jupiter-engine + * Removed org.junit.jupiter:junit-jupiter-params + * Removed org.junit.platform:junit-platform-runner \ No newline at end of file diff --git a/doc/user_guide/tutorial.md b/doc/user_guide/tutorial.md index 3b81ea4..d3d5479 100644 --- a/doc/user_guide/tutorial.md +++ b/doc/user_guide/tutorial.md @@ -359,7 +359,7 @@ CREATE SCHEMA RLS_VSADAPTER_SCHEMA; CREATE OR REPLACE JAVA ADAPTER SCRIPT RLS_VSADAPTER_SCHEMA.RLS_VSADAPTER AS %scriptclass com.exasol.adapter.RequestDispatcher; - %jar /buckets/bfsdefault/jars/row-level-security-dist-1.2.0.jar; + %jar /buckets/bfsdefault/jars/row-level-security-dist-1.2.1.jar; / ; diff --git a/doc/user_guide/user_guide.md b/doc/user_guide/user_guide.md index 1be5ccf..9950790 100644 --- a/doc/user_guide/user_guide.md +++ b/doc/user_guide/user_guide.md @@ -294,7 +294,7 @@ The SQL statement below creates the adapter script, defines the Java class that ```sql CREATE OR REPLACE JAVA ADAPTER SCRIPT RLS_SCHEMA.RLS_VS_ADAPTER AS %scriptclass com.exasol.adapter.RequestDispatcher; - %jar /buckets///row-level-security-dist-1.2.0.jar; + %jar /buckets///row-level-security-dist-1.2.1.jar; / ; ``` diff --git a/pom.xml b/pom.xml index 7174f8e..3f7236b 100644 --- a/pom.xml +++ b/pom.xml @@ -4,15 +4,13 @@ 4.0.0 com.exasol row-level-security - 1.2.0 + 1.2.1 Exasol Row Level Security This projects provides a plug-in to the Exasol database that adds per-row access control. UTF-8 UTF-8 11 - 5.6.2 - 1.6.2 3.0.0-M4 target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml @@ -43,23 +41,23 @@ com.exasol exasol-virtual-schema - 3.0.2 + 3.1.0 com.exasol exasol-jdbc - 6.2.5 + 7.0.3 com.exasol exasol-testcontainers - 2.0.3 + 3.3.1 test org.testcontainers junit-jupiter - 1.14.3 + 1.15.0 test @@ -71,31 +69,19 @@ com.exasol hamcrest-resultset-matcher - 1.2.0 + 1.2.1 test org.junit.jupiter - junit-jupiter-engine - ${junit.version} - test - - - org.junit.platform - junit-platform-runner - ${junit.platform.version} - test - - - org.junit.jupiter - junit-jupiter-params - ${junit.version} + junit-jupiter + 5.7.0 test org.mockito mockito-junit-jupiter - 3.3.3 + 3.6.0 test @@ -107,13 +93,13 @@ com.exasol test-db-builder-java - 1.0.1 + 2.0.0 test nl.jqno.equalsverifier equalsverifier - 3.4.1 + 3.5 test @@ -126,15 +112,13 @@ - -Djava.util.logging.config.file=src/test/resources/logging.properties - ${argLine} - + -Djava.util.logging.config.file=src/test/resources/logging.properties ${argLine} org.jacoco jacoco-maven-plugin - 0.8.5 + 0.8.6 prepare-agent @@ -200,9 +184,7 @@ - -Djava.util.logging.config.file=src/test/resources/logging.properties - ${argLine} - + -Djava.util.logging.config.file=src/test/resources/logging.properties ${argLine} @@ -244,20 +226,6 @@ - - org.sonatype.ossindex.maven - ossindex-maven-plugin - 3.1.0 - - - audit-dependencies - package - - audit - - - - org.itsallcode openfasttrace-maven-plugin @@ -303,11 +271,18 @@ + + + + 7ea56ad4-8a8b-4e51-8ed9-5aad83d8efb1 + + org.codehaus.mojo versions-maven-plugin - 2.7 + 2.8.1 package @@ -317,7 +292,9 @@ - + + file:///${project.basedir}/versionsMavenPluginRules.xml + org.apache.maven.plugins maven-enforcer-plugin @@ -377,7 +354,7 @@ - + diff --git a/src/main/java/com/exasol/adapter/dialects/rls/RowLevelSecurityQueryRewriter.java b/src/main/java/com/exasol/adapter/dialects/rls/RowLevelSecurityQueryRewriter.java index 9a8227c..abe6aef 100644 --- a/src/main/java/com/exasol/adapter/dialects/rls/RowLevelSecurityQueryRewriter.java +++ b/src/main/java/com/exasol/adapter/dialects/rls/RowLevelSecurityQueryRewriter.java @@ -189,7 +189,7 @@ private SqlNode createRolesNode(final UserInformation userInformation) { private SqlNode createRoleCheckPredicate(final String exaRoleMask) { final List operands = List.of(createColumn(EXA_ROW_ROLES_COLUMN_NAME, MASK_TYPE), new SqlLiteralExactnumeric(new BigDecimal(exaRoleMask))); - return new SqlFunctionScalar(ScalarFunction.BIT_AND, operands, true, false); + return new SqlFunctionScalar(ScalarFunction.BIT_AND, operands); } private SqlColumn createColumn(final String name, final DataType type) { diff --git a/src/test/java/com/exasol/adapter/dialects/rls/AbstractRowLevelSecurityIT.java b/src/test/java/com/exasol/adapter/dialects/rls/AbstractRowLevelSecurityIT.java index e82855b..5a89eb5 100644 --- a/src/test/java/com/exasol/adapter/dialects/rls/AbstractRowLevelSecurityIT.java +++ b/src/test/java/com/exasol/adapter/dialects/rls/AbstractRowLevelSecurityIT.java @@ -2,6 +2,7 @@ import static com.exasol.dbbuilder.dialects.exasol.ExasolObjectPrivilege.SELECT; import static com.exasol.matcher.ResultSetStructureMatcher.table; +import static com.exasol.tools.TestsConstants.EXASOL_DOCKER_IMAGE_REFERENCE; import static com.exasol.tools.TestsConstants.ROW_LEVEL_SECURITY_JAR_NAME_AND_VERSION; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.*; @@ -29,7 +30,8 @@ @Testcontainers abstract class AbstractRowLevelSecurityIT { @Container - private static final ExasolContainer> container = new ExasolContainer<>(); + private static final ExasolContainer> container = new ExasolContainer<>( + EXASOL_DOCKER_IMAGE_REFERENCE); private static AdapterScript adapterScript = null; private static ConnectionDefinition connectionDefinition = null; private static ExasolObjectFactory factory = null; diff --git a/src/test/java/com/exasol/tools/TestsConstants.java b/src/test/java/com/exasol/tools/TestsConstants.java index 2fa3210..8e77e1d 100644 --- a/src/test/java/com/exasol/tools/TestsConstants.java +++ b/src/test/java/com/exasol/tools/TestsConstants.java @@ -3,7 +3,8 @@ import java.nio.file.Path; public final class TestsConstants { - public static final String ROW_LEVEL_SECURITY_JAR_NAME_AND_VERSION = "row-level-security-dist-1.2.0.jar"; + public static final String ROW_LEVEL_SECURITY_JAR_NAME_AND_VERSION = "row-level-security-dist-1.2.1.jar"; + public static final String EXASOL_DOCKER_IMAGE_REFERENCE = "exasol/docker-db:6.2.11-d1"; private static final Path ADMIN_SCRIPT_BASE_PATH = Path.of("src/main/lua/"); public static final Path PATH_TO_EXA_RLS_BASE = ADMIN_SCRIPT_BASE_PATH.resolve("exa_rls_base.lua"); public static final Path PATH_TO_EXA_IDENTIFIER = ADMIN_SCRIPT_BASE_PATH.resolve("exa_identifier.lua"); diff --git a/versionsMavenPluginRules.xml b/versionsMavenPluginRules.xml new file mode 100644 index 0000000..c566b42 --- /dev/null +++ b/versionsMavenPluginRules.xml @@ -0,0 +1,17 @@ + + + + + (?i).*Alpha(?:-?\d+)? + (?i).*a(?:-?\d+)? + (?i).*Beta(?:-?\d+)? + (?i).*-B(?:-?\d+)? + (?i).*RC(?:-?\d+)? + (?i).*CR(?:-?\d+)? + (?i).*M(?:-?\d+)? + + + + \ No newline at end of file