From e0aa7cd692def63dcad76c2d2b4bd04e22f09e62 Mon Sep 17 00:00:00 2001 From: Hazmi Date: Thu, 12 Dec 2024 05:47:05 +0300 Subject: [PATCH] Bump async-http-client to 3.0.1 Bump async-http-client to 3.0.1 to resolve CVE-2024-53990 _. --- pom.xml | 3 +-- .../apache/druid/java/util/emitter/core/HttpPostEmitter.java | 4 ++-- .../apache/druid/java/util/emitter/core/HttpEmitterTest.java | 5 +++-- .../druid/java/util/http/client/AsyncHttpClientTest.java | 5 +++-- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/pom.xml b/pom.xml index 3ee7600d5437..40236a2b479d 100644 --- a/pom.xml +++ b/pom.xml @@ -1010,8 +1010,7 @@ org.asynchttpclient async-http-client - - 2.5.3 + 3.0.1 net.java.dev.jna diff --git a/processing/src/main/java/org/apache/druid/java/util/emitter/core/HttpPostEmitter.java b/processing/src/main/java/org/apache/druid/java/util/emitter/core/HttpPostEmitter.java index f70b7e7d3fd8..5bce984f9b6d 100644 --- a/processing/src/main/java/org/apache/druid/java/util/emitter/core/HttpPostEmitter.java +++ b/processing/src/main/java/org/apache/druid/java/util/emitter/core/HttpPostEmitter.java @@ -23,7 +23,6 @@ import com.google.common.annotations.VisibleForTesting; import com.google.common.base.Preconditions; import com.google.common.base.Predicate; -import com.google.common.primitives.Ints; import io.netty.handler.codec.http.HttpHeaders; import org.apache.druid.concurrent.ConcurrentAwaitableCounter; import org.apache.druid.java.util.common.ISE; @@ -45,6 +44,7 @@ import java.net.URL; import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; +import java.time.Duration; import java.util.ArrayDeque; import java.util.concurrent.ConcurrentLinkedDeque; import java.util.concurrent.ConcurrentLinkedQueue; @@ -773,7 +773,7 @@ private void send(byte[] buffer, int length) throws Exception request.setHeader(HttpHeaders.Names.AUTHORIZATION, "Basic " + encoded); } - request.setRequestTimeout(Ints.saturatedCast(timeoutMillis)); + request.setRequestTimeout(Duration.ofMillis(timeoutMillis)); ListenableFuture future = client.executeRequest(request); Response response; diff --git a/processing/src/test/java/org/apache/druid/java/util/emitter/core/HttpEmitterTest.java b/processing/src/test/java/org/apache/druid/java/util/emitter/core/HttpEmitterTest.java index 384b3a0a8eaa..624ad8ab50b4 100644 --- a/processing/src/test/java/org/apache/druid/java/util/emitter/core/HttpEmitterTest.java +++ b/processing/src/test/java/org/apache/druid/java/util/emitter/core/HttpEmitterTest.java @@ -30,6 +30,7 @@ import org.junit.Test; import java.io.IOException; +import java.time.Duration; import java.util.concurrent.atomic.AtomicLong; public class HttpEmitterTest @@ -56,8 +57,8 @@ public void setup() @Override protected ListenableFuture go(Request request) { - int timeout = request.getRequestTimeout(); - timeoutUsed.set(timeout); + Duration timeout = request.getRequestTimeout(); + timeoutUsed.set(timeout.toMillis()); return GoHandlers.immediateFuture(EmitterTest.okResponse()); } }); diff --git a/processing/src/test/java/org/apache/druid/java/util/http/client/AsyncHttpClientTest.java b/processing/src/test/java/org/apache/druid/java/util/http/client/AsyncHttpClientTest.java index aa20c0eaf84e..817eeb5a8d18 100644 --- a/processing/src/test/java/org/apache/druid/java/util/http/client/AsyncHttpClientTest.java +++ b/processing/src/test/java/org/apache/druid/java/util/http/client/AsyncHttpClientTest.java @@ -30,6 +30,7 @@ import java.net.ServerSocket; import java.net.Socket; import java.nio.charset.StandardCharsets; +import java.time.Duration; import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; @@ -81,7 +82,7 @@ public void run() requestStart = System.currentTimeMillis(); Future future = client .prepareGet(StringUtils.format("http://localhost:%d/", serverSocket.getLocalPort())) - .setRequestTimeout(2000) + .setRequestTimeout(Duration.ofMillis(2000)) .execute(); System.out.println("created future in: " + (System.currentTimeMillis() - requestStart)); future.get(3000, TimeUnit.MILLISECONDS); @@ -103,7 +104,7 @@ private void warmUp(ServerSocket serverSocket, DefaultAsyncHttpClient client) try { Future future = client .prepareGet(StringUtils.format("http://localhost:%d/", serverSocket.getLocalPort())) - .setRequestTimeout(100) + .setRequestTimeout(Duration.ofMillis(100)) .execute(); future.get(); }