truncate Trino query error message to 2K (#210)

* truncate Trino query error message to 2K * fix vulnerabilities
hypertrace · Oct 25, 2023 · 40fc51e · 40fc51e
1 parent 9e5f0e8
commit 40fc51e
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 12 deletions.
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
@@ -18,14 +18,15 @@
     <cve>CVE-2020-13956</cve>
   </suppress>
 
-  <suppress until="2023-10-31Z">
+  <suppress until="2023-11-30Z">
     <notes><![CDATA[
-   file name: zookeeper-api-1.2.0.jar
+   file name: zookeeper-api-1.3.0.jar
    ]]></notes>
     <packageUrl regex="true">^pkg:maven/org\.apache\.helix/zookeeper\-api@.*$</packageUrl>
     <cve>CVE-2016-5017</cve>
     <cve>CVE-2018-8012</cve>
     <cve>CVE-2019-0201</cve>
+    <cve>CVE-2023-44981</cve>
   </suppress>
   <suppress until="2023-10-31Z">
     <notes><![CDATA[

diff --git a/query-service-client/build.gradle.kts b/query-service-client/build.gradle.kts
@@ -7,7 +7,7 @@ plugins {
 
 dependencies {
   api(project(":query-service-api"))
-  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.12.1")
+  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.12.6")
 
   // Logging
   implementation("org.slf4j:slf4j-api:1.7.32")

diff --git a/query-service-factory/build.gradle.kts b/query-service-factory/build.gradle.kts
@@ -3,7 +3,7 @@ plugins {
 }
 
 dependencies {
-  api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.60")
+  api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.62")
 
   implementation(project(":query-service-impl"))
   implementation("com.google.inject:guice:5.0.1")

diff --git a/query-service-impl/build.gradle.kts b/query-service-impl/build.gradle.kts
@@ -54,12 +54,15 @@ dependencies {
     implementation("com.squareup.okio:okio:3.4.0") {
       because("CVE-2023-3635")
     }
+    implementation("org.apache.zookeeper:zookeeper:3.7.2") {
+      because("CVE-2023-44981")
+    }
   }
   api(project(":query-service-api"))
   api("com.typesafe:config:1.4.1")
-  implementation("org.hypertrace.core.grpcutils:grpc-context-utils:0.12.1")
-  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.12.1")
-  implementation("org.hypertrace.core.grpcutils:grpc-server-rx-utils:0.12.1")
+  implementation("org.hypertrace.core.grpcutils:grpc-context-utils:0.12.6")
+  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.12.6")
+  implementation("org.hypertrace.core.grpcutils:grpc-server-rx-utils:0.12.6")
   implementation("org.hypertrace.core.attribute.service:attribute-service-api:0.14.26")
   implementation("org.hypertrace.core.attribute.service:attribute-projection-registry:0.14.26")
   implementation("org.hypertrace.core.attribute.service:caching-attribute-service-client:0.14.26")
@@ -71,7 +74,7 @@ dependencies {
   }
   implementation("org.slf4j:slf4j-api:1.7.32")
   implementation("commons-codec:commons-codec:1.15")
-  implementation("org.hypertrace.core.serviceframework:platform-metrics:0.1.60")
+  implementation("org.hypertrace.core.serviceframework:platform-metrics:0.1.62")
   implementation("com.google.protobuf:protobuf-java-util:3.22.0")
   implementation("com.google.guava:guava:32.1.2-jre")
   implementation("io.reactivex.rxjava3:rxjava:3.0.11")

diff --git a/...-impl/src/main/java/org/hypertrace/core/query/service/trino/TrinoBasedRequestHandler.java b/...-impl/src/main/java/org/hypertrace/core/query/service/trino/TrinoBasedRequestHandler.java
@@ -130,7 +130,8 @@ public Observable<Row> handleRequest(QueryRequest request, ExecutionContext exec
 
       return executeQuery(sql.getKey(), sql.getValue());
     } catch (Throwable t) {
-      return Observable.error(t);
+      String truncatedMessage = (t.getMessage() == null) ? null : t.getMessage().substring(0, 2048);
+      return Observable.error(new Throwable(truncatedMessage));
     }
   }
 

diff --git a/query-service/build.gradle.kts b/query-service/build.gradle.kts
@@ -10,8 +10,8 @@ plugins {
 
 dependencies {
   implementation(project(":query-service-factory"))
-  implementation("org.hypertrace.core.grpcutils:grpc-server-utils:0.12.1")
-  implementation("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.61")
+  implementation("org.hypertrace.core.grpcutils:grpc-server-utils:0.12.6")
+  implementation("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.62")
   implementation("org.slf4j:slf4j-api:1.7.32")
   implementation("com.typesafe:config:1.4.1")
 
@@ -22,7 +22,7 @@ dependencies {
   integrationTestImplementation("org.testcontainers:testcontainers:1.16.2")
   integrationTestImplementation("org.testcontainers:junit-jupiter:1.16.2")
   integrationTestImplementation("org.testcontainers:kafka:1.16.2")
-  integrationTestImplementation("org.hypertrace.core.serviceframework:integrationtest-service-framework:0.1.61")
+  integrationTestImplementation("org.hypertrace.core.serviceframework:integrationtest-service-framework:0.1.62")
   integrationTestImplementation("com.github.stefanbirkner:system-lambda:1.2.0")
 
   integrationTestImplementation("org.apache.kafka:kafka-clients:7.2.1-ccs")