From 802a3e76e4e4b1b5f2d93c63b12306a345ce6c0d Mon Sep 17 00:00:00 2001
From: aman-bansal <bansalaman2905@gmail.com>
Date: Wed, 22 Nov 2023 22:10:42 +0530
Subject: [PATCH] chore | evaluate all entity types in interaction filters

---
 .trivyignore                                         |  1 +
 gateway-service-factory/build.gradle.kts             |  2 +-
 gateway-service-impl/build.gradle.kts                |  4 ++--
 .../datafetcher/EntityInteractionsFetcher.java       | 11 +++++------
 gateway-service/build.gradle.kts                     |  2 +-
 owasp-suppressions.xml                               | 12 ++++++++++++
 6 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/.trivyignore b/.trivyignore
index e69de29b..5fb05e73 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -0,0 +1 @@
+CVE-2023-5678 exp:2023-11-30
\ No newline at end of file
diff --git a/gateway-service-factory/build.gradle.kts b/gateway-service-factory/build.gradle.kts
index 73f30503..5f106949 100644
--- a/gateway-service-factory/build.gradle.kts
+++ b/gateway-service-factory/build.gradle.kts
@@ -3,7 +3,7 @@ plugins {
 }
 
 dependencies {
-  api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.58")
+  api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.62")
 
   implementation(project(":gateway-service-impl"))
 }
diff --git a/gateway-service-impl/build.gradle.kts b/gateway-service-impl/build.gradle.kts
index 71ece3b8..2caa403d 100644
--- a/gateway-service-impl/build.gradle.kts
+++ b/gateway-service-impl/build.gradle.kts
@@ -18,8 +18,8 @@ dependencies {
   implementation("org.hypertrace.core.query.service:query-service-client:0.8.0")
   implementation("org.hypertrace.core.attribute.service:attribute-service-client:0.14.25")
 
-  implementation("org.hypertrace.entity.service:entity-service-client:0.8.56")
-  implementation("org.hypertrace.entity.service:entity-service-api:0.8.56")
+  implementation("org.hypertrace.entity.service:entity-service-client:0.8.87")
+  implementation("org.hypertrace.entity.service:entity-service-api:0.8.87")
   implementation("org.hypertrace.core.grpcutils:grpc-context-utils:0.12.5")
   implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.12.5")
   implementation("org.hypertrace.core.serviceframework:platform-metrics:0.1.58")
diff --git a/gateway-service-impl/src/main/java/org/hypertrace/gateway/service/common/datafetcher/EntityInteractionsFetcher.java b/gateway-service-impl/src/main/java/org/hypertrace/gateway/service/common/datafetcher/EntityInteractionsFetcher.java
index 8572094a..bd5fde1a 100644
--- a/gateway-service-impl/src/main/java/org/hypertrace/gateway/service/common/datafetcher/EntityInteractionsFetcher.java
+++ b/gateway-service-impl/src/main/java/org/hypertrace/gateway/service/common/datafetcher/EntityInteractionsFetcher.java
@@ -364,13 +364,12 @@ private List<EntityInteractionQueryRequest> prepareQueryRequests(
         .collect(Collectors.toList());
   }
 
-  private Set<String> getOtherEntityTypes(org.hypertrace.gateway.service.v1.common.Filter filter) {
+  protected Set<String> getOtherEntityTypes(
+      org.hypertrace.gateway.service.v1.common.Filter filter) {
+    Set<String> result = new HashSet<>();
     if (filter.getChildFilterCount() > 0) {
       for (org.hypertrace.gateway.service.v1.common.Filter child : filter.getChildFilterList()) {
-        Set<String> result = getOtherEntityTypes(child);
-        if (!result.isEmpty()) {
-          return result;
-        }
+        result.addAll(getOtherEntityTypes(child));
       }
     } else if (ExpressionReader.isSimpleAttributeSelection(filter.getLhs())) {
       String attributeId =
@@ -382,7 +381,7 @@ private Set<String> getOtherEntityTypes(org.hypertrace.gateway.service.v1.common
       }
     }
 
-    return Collections.emptySet();
+    return Collections.unmodifiableSet(result);
   }
 
   private Filter convertToQueryFilter(
diff --git a/gateway-service/build.gradle.kts b/gateway-service/build.gradle.kts
index 53bffb27..5448a416 100644
--- a/gateway-service/build.gradle.kts
+++ b/gateway-service/build.gradle.kts
@@ -9,7 +9,7 @@ dependencies {
   implementation(project(":gateway-service-factory"))
 
   implementation("org.hypertrace.core.grpcutils:grpc-server-utils:0.12.5")
-  implementation("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.58")
+  implementation("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.62")
   implementation("org.slf4j:slf4j-api:1.7.30")
   implementation("com.typesafe:config:1.4.1")
 
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
index 6f07f0cd..d3486420 100644
--- a/owasp-suppressions.xml
+++ b/owasp-suppressions.xml
@@ -17,4 +17,16 @@
     <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
     <vulnerabilityName>CVE-2023-35116</vulnerabilityName>
   </suppress>
+  <suppress until="2023-11-30Z">
+    <notes><![CDATA[
+  This vulnerability is disputed, with the argument that SSL configuration is the responsibility of the client rather
+  than the transport. The change in default is under consideration for the next major Netty release, revisit then.
+  Regardless, our client (which is what brings in this dependency) enables the concerned feature, hostname verification
+  Ref:
+  https://github.com/grpc/grpc-java/issues/10033
+  https://github.com/netty/netty/issues/8537#issuecomment-1527896917
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/io\.netty/netty.*@.*$</packageUrl>
+    <vulnerabilityName>CVE-2023-4586</vulnerabilityName>
+  </suppress>
 </suppressions>