Skip to content

Commit

Permalink
chore: Upgrading spring to 3.3.3 to resolve vulnerable dependencies (#…
Browse files Browse the repository at this point in the history 
…36266)

Co-authored-by: Nidhi Nair <nidhi@appsmith.com>
  • Loading branch information
@mohanarpit @nidhi-nair
mohanarpit and nidhi-nair authored Oct 1, 2024
1 parent 05d3822 commit 17d5d6e
Show file tree
Hide file tree
Showing 16 changed files with 90 additions and 33 deletions.
2 changes: 1 addition & 1 deletion app/client/cypress/fixtures/gitImport.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -743,7 +743,7 @@
"userPermissions": [],
"name": "DEFAULT_REST_DATASOURCE",
"pluginId": "restapi-plugin",
"datasourceConfiguration": { "url": "hhttp://host.docker.internal:5001/v1/mock-api" },
"datasourceConfiguration": { "url": "http://host.docker.internal:5001/v1/mock-api" },
"invalids": [],
"messages": [],
"isValid": true,
Expand Down
5 changes: 2 additions & 3 deletions app/server/appsmith-interfaces/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,7 @@
<dependency>
<groupId>org.springframework.data</groupId>
<artifactId>spring-data-mongodb</artifactId>
<version>4.0.0</version>
<scope>compile</scope>
<scope>provided</scope>
</dependency>

<dependency>
Expand Down Expand Up @@ -127,7 +126,7 @@
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.7</version>
<version>2.13.0</version>
<scope>compile</scope>
</dependency>
<dependency>
Expand Down
1 change: 0 additions & 1 deletion app/server/appsmith-plugins/anthropicPlugin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${spring-boot.version}</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
1 change: 0 additions & 1 deletion app/server/appsmith-plugins/appsmithAiPlugin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${spring-boot.version}</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
1 change: 0 additions & 1 deletion app/server/appsmith-plugins/googleAiPlugin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${spring-boot.version}</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
1 change: 0 additions & 1 deletion app/server/appsmith-plugins/googleSheetsPlugin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${spring-boot.version}</version>
<scope>test</scope>
</dependency>

Expand Down
1 change: 0 additions & 1 deletion app/server/appsmith-plugins/graphqlPlugin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${spring-boot.version}</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
26 changes: 25 additions & 1 deletion ...ppsmith-plugins/mongoPlugin/src/test/java/com/external/plugins/MongoPluginErrorsTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,13 @@
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.mongodb.MongoCommandException;
import com.mongodb.MongoSecurityException;
import com.mongodb.reactivestreams.client.ListCollectionNamesPublisher;
import com.mongodb.reactivestreams.client.MongoClient;
import com.mongodb.reactivestreams.client.MongoDatabase;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.reactivestreams.Subscriber;
import org.reactivestreams.Subscription;
import org.testcontainers.containers.MongoDBContainer;
import org.testcontainers.junit.jupiter.Container;
import org.testcontainers.junit.jupiter.Testcontainers;
Expand Down Expand Up @@ -54,6 +57,7 @@
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.spy;
Expand Down Expand Up @@ -236,8 +240,28 @@ public void testGetStructureReadPermissionError() {
when(mockConnection.getDatabase(any())).thenReturn(mockDatabase);

MongoCommandException mockMongoCmdException = mock(MongoCommandException.class);
when(mockDatabase.listCollectionNames()).thenReturn(Mono.error(mockMongoCmdException));
// Mock the ListCollectionNamesPublisher
ListCollectionNamesPublisher mockPublisher = mock(ListCollectionNamesPublisher.class);

// Create a mock subscription
Subscription mockSubscription = mock(Subscription.class);

// Simulate an error when calling listCollectionNames
when(mockDatabase.listCollectionNames()).thenReturn(mockPublisher);
when(mockMongoCmdException.getErrorCode()).thenReturn(13);
// Mock the subscribe method to simulate an error
doAnswer(invocation -> {
// Extract the Subscriber passed to the subscribe method
Subscriber<?> subscriber = invocation.getArgument(0);

subscriber.onSubscribe(mockSubscription); // Provide a subscription
// Call the Subscriber's onError method to simulate an error
subscriber.onError(mockMongoCmdException);

return null; // Since subscribe returns void
})
.when(mockPublisher)
.subscribe(any());

DatasourceConfiguration dsConfig = createDatasourceConfiguration();
Mono<DatasourceStructure> structureMono = pluginExecutor
Expand Down
52 changes: 48 additions & 4 deletions ...mith-plugins/mongoPlugin/src/test/java/com/external/plugins/MongoPluginStaleConnTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,13 @@
import com.appsmith.external.models.Endpoint;
import com.appsmith.external.models.SSLDetails;
import com.mongodb.MongoSocketWriteException;
import com.mongodb.reactivestreams.client.ListCollectionNamesPublisher;
import com.mongodb.reactivestreams.client.MongoClient;
import com.mongodb.reactivestreams.client.MongoDatabase;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.reactivestreams.Subscriber;
import org.reactivestreams.Subscription;
import org.testcontainers.containers.MongoDBContainer;
import org.testcontainers.junit.jupiter.Container;
import org.testcontainers.junit.jupiter.Testcontainers;
Expand All @@ -30,8 +33,11 @@
import static com.external.plugins.constants.FieldName.SMART_SUBSTITUTION;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.when;

/**
* Unit tests for MongoPlugin
Expand Down Expand Up @@ -125,7 +131,27 @@ public void testStaleConnectionOnIllegalStateExceptionOnGetStructure() {
MongoClient spyMongoClient = spy(MongoClient.class);
MongoDatabase spyMongoDatabase = spy(MongoDatabase.class);
doReturn(spyMongoDatabase).when(spyMongoClient).getDatabase(anyString());
doReturn(Mono.error(new IllegalStateException())).when(spyMongoDatabase).listCollectionNames();
// Mock the ListCollectionNamesPublisher
ListCollectionNamesPublisher mockPublisher = mock(ListCollectionNamesPublisher.class);

// Create a mock subscription
Subscription mockSubscription = mock(Subscription.class);

// Simulate an error when calling listCollectionNames
when(spyMongoDatabase.listCollectionNames()).thenReturn(mockPublisher);
// Mock the subscribe method to simulate an error
doAnswer(invocation -> {
// Extract the Subscriber passed to the subscribe method
Subscriber<?> subscriber = invocation.getArgument(0);

subscriber.onSubscribe(mockSubscription); // Provide a subscription
// Call the Subscriber's onError method to simulate an error
subscriber.onError(new IllegalStateException());

return null; // Since subscribe returns void
})
.when(mockPublisher)
.subscribe(any());

DatasourceConfiguration dsConfig = createDatasourceConfiguration();
Mono<DatasourceStructure> structureMono = pluginExecutor.getStructure(spyMongoClient, dsConfig, null);
Expand All @@ -139,9 +165,27 @@ public void testStaleConnectionOnMongoSocketWriteExceptionOnGetStructure() {
MongoClient spyMongoClient = spy(MongoClient.class);
MongoDatabase spyMongoDatabase = spy(MongoDatabase.class);
doReturn(spyMongoDatabase).when(spyMongoClient).getDatabase(anyString());
doReturn(Mono.error(new MongoSocketWriteException("", null, null)))
.when(spyMongoDatabase)
.listCollectionNames();
// Mock the ListCollectionNamesPublisher
ListCollectionNamesPublisher mockPublisher = mock(ListCollectionNamesPublisher.class);

// Create a mock subscription
Subscription mockSubscription = mock(Subscription.class);

// Simulate an error when calling listCollectionNames
when(spyMongoDatabase.listCollectionNames()).thenReturn(mockPublisher);
// Mock the subscribe method to simulate an error
doAnswer(invocation -> {
// Extract the Subscriber passed to the subscribe method
Subscriber<?> subscriber = invocation.getArgument(0);

subscriber.onSubscribe(mockSubscription); // Provide a subscription
// Call the Subscriber's onError method to simulate an error
subscriber.onError(new MongoSocketWriteException("", null, null));

return null; // Since subscribe returns void
})
.when(mockPublisher)
.subscribe(any());

DatasourceConfiguration dsConfig = createDatasourceConfiguration();
Mono<DatasourceStructure> structureMono = pluginExecutor.getStructure(spyMongoClient, dsConfig, null);
Expand Down
1 change: 0 additions & 1 deletion app/server/appsmith-plugins/openAiPlugin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${spring-boot.version}</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
1 change: 0 additions & 1 deletion app/server/appsmith-plugins/restApiPlugin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${spring-boot.version}</version>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
1 change: 0 additions & 1 deletion app/server/appsmith-plugins/snowflakePlugin/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${spring-boot.version}</version>
<scope>test</scope>
</dependency>

Expand Down
21 changes: 11 additions & 10 deletions app/server/appsmith-server/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${spring-boot.version}</version>
</dependency>
<dependency>
<groupId>io.projectreactor</groupId>
Expand Down Expand Up @@ -202,7 +201,7 @@
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.7</version>
<version>2.13.0</version>
</dependency>
<dependency>
<groupId>commons-validator</groupId>
Expand All @@ -221,13 +220,13 @@
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-tracing-bridge-brave</artifactId>
<version>1.0.0</version>
<version>1.3.4</version>
</dependency>
<dependency>
<groupId>io.zipkin.reporter2</groupId>
<artifactId>zipkin-reporter-brave</artifactId>
</dependency>
<!-- Commented oout Loki dependency for now, since we haven't fixed associating logs to traces-->
<!-- Commented out Loki dependency for now, since we haven't fixed associating logs to traces-->
<!-- <dependency>-->
<!-- <groupId>com.github.loki4j</groupId>-->
<!-- <artifactId>loki-logback-appender</artifactId>-->
Expand Down Expand Up @@ -315,7 +314,7 @@
<dependency>
<groupId>org.springdoc</groupId>
<artifactId>springdoc-openapi-starter-webflux-ui</artifactId>
<version>2.0.0</version>
<version>2.6.0</version>
</dependency>

<dependency>
Expand Down Expand Up @@ -368,11 +367,7 @@
<groupId>org.mockito</groupId>
<artifactId>mockito-inline</artifactId>
<version>${mockito.version}</version>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>${mockito.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jgrapht</groupId>
Expand All @@ -390,6 +385,12 @@
<version>1.10.0</version>
</dependency>

<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.17.1</version>
</dependency>

<dependency>
<groupId>com.appsmith</groupId>
<artifactId>reactiveCaching</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion ...rver/appsmith-server/src/main/java/com/appsmith/server/configurations/InstanceConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
@Slf4j
@RequiredArgsConstructor
@Component
@Observed(name = "Server startup")
@Observed(name = "serverStartup")
public class InstanceConfig implements ApplicationListener<ApplicationReadyEvent> {

private final ConfigService configService;
Expand Down
6 changes: 2 additions & 4 deletions app/server/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.0.9</version>
<version>3.3.3</version>
<relativePath/>
<!-- lookup parent from repository -->
</parent>
Expand All @@ -31,7 +31,6 @@
<jackson.version>2.17.0</jackson.version>
<java.version>17</java.version>
<javadoc.disabled>true</javadoc.disabled>
<logback.version>1.4.14</logback.version>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
<mockito.version>4.4.0</mockito.version>
Expand All @@ -48,8 +47,7 @@
<snakeyaml.version>2.0</snakeyaml.version>
<source.disabled>true</source.disabled>
<spotless.version>2.36.0</spotless.version>
<spring-boot.version>3.0.9</spring-boot.version>
<testcontainers.version>1.19.3</testcontainers.version>
<testcontainers.version>1.20.1</testcontainers.version>
</properties>

<build>
Expand Down
1 change: 0 additions & 1 deletion app/server/reactive-caching/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-webflux</artifactId>
<version>${spring-boot.version}</version>
</dependency>

<dependency>
Expand Down

0 comments on commit 17d5d6e

Please sign in to comment.