From 30b9f5671c4cd226982abdff8abaa95e34dbde12 Mon Sep 17 00:00:00 2001 From: skumar34 Date: Wed, 6 Nov 2024 21:57:37 +0530 Subject: [PATCH] [AMBARI-26185] Upgrade commons-collections to resolve CVEs --- ambari-metrics-hadoop-sink/pom.xml | 6 +++--- ambari-metrics-timelineservice/pom.xml | 14 +++++++++++--- .../core/timeline/HBaseTimelineMetricsService.java | 4 ++-- .../core/timeline/PhoenixHBaseAccessor.java | 2 +- .../core/timeline/TimelineMetricsFilter.java | 2 +- .../aggregators/AbstractTimelineAggregator.java | 2 +- .../core/timeline/aggregators/AggregatorUtils.java | 2 +- .../v2/TimelineMetricFilteringHostAggregator.java | 2 +- .../discovery/TimelineMetricMetadataManager.java | 4 ++-- .../core/timeline/query/ConditionBuilder.java | 2 +- .../core/timeline/query/DefaultCondition.java | 2 +- .../timeline/query/MetadataQueryCondition.java | 2 +- .../core/timeline/query/PhoenixTransactSQL.java | 2 +- .../metrics/core/timeline/query/TopNCondition.java | 2 +- .../timeline/query/TransientMetricCondition.java | 2 +- .../ambari/metrics/webapp/TimelineWebServices.java | 2 +- .../core/timeline/query/DefaultConditionTest.java | 2 +- 17 files changed, 31 insertions(+), 23 deletions(-) diff --git a/ambari-metrics-hadoop-sink/pom.xml b/ambari-metrics-hadoop-sink/pom.xml index af23ccdb..efbe2d72 100644 --- a/ambari-metrics-hadoop-sink/pom.xml +++ b/ambari-metrics-hadoop-sink/pom.xml @@ -129,9 +129,9 @@ limitations under the License. compile - commons-collections - commons-collections - 3.2.2 + org.apache.commons + commons-collections4 + 4.4 compile diff --git a/ambari-metrics-timelineservice/pom.xml b/ambari-metrics-timelineservice/pom.xml index 6494d9b1..f2c91deb 100644 --- a/ambari-metrics-timelineservice/pom.xml +++ b/ambari-metrics-timelineservice/pom.xml @@ -391,6 +391,14 @@ com.fasterxml.jackson.core jackson-databind + + commons-collections + commons-collections + + + org.apache.commons + commons-collections4 + @@ -700,9 +708,9 @@ - commons-collections - commons-collections - 3.2.2 + org.apache.commons + commons-collections4 + 4.4 diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/HBaseTimelineMetricsService.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/HBaseTimelineMetricsService.java index 0a3531ca..7e68cd37 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/HBaseTimelineMetricsService.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/HBaseTimelineMetricsService.java @@ -52,8 +52,8 @@ import org.apache.ambari.metrics.core.timeline.query.ConditionBuilder; import org.apache.ambari.metrics.core.timeline.query.PhoenixTransactSQL; import org.apache.ambari.metrics.core.timeline.query.TopNCondition; -import org.apache.commons.collections.CollectionUtils; -import org.apache.commons.collections.MapUtils; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.collections4.MapUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/PhoenixHBaseAccessor.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/PhoenixHBaseAccessor.java index cf976dd6..506ad830 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/PhoenixHBaseAccessor.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/PhoenixHBaseAccessor.java @@ -128,7 +128,7 @@ import org.apache.ambari.metrics.core.timeline.sink.ExternalSinkProvider; import org.apache.ambari.metrics.core.timeline.source.InternalMetricsSource; import org.apache.ambari.metrics.core.timeline.source.InternalSourceProvider; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang.ArrayUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/TimelineMetricsFilter.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/TimelineMetricsFilter.java index 4d9fd98b..bba6c7d1 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/TimelineMetricsFilter.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/TimelineMetricsFilter.java @@ -30,7 +30,7 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/AbstractTimelineAggregator.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/AbstractTimelineAggregator.java index 9d4cab43..a8a332b9 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/AbstractTimelineAggregator.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/AbstractTimelineAggregator.java @@ -37,7 +37,7 @@ import org.apache.ambari.metrics.core.timeline.availability.MetricCollectorHAController; import org.apache.ambari.metrics.core.timeline.query.Condition; import org.apache.ambari.metrics.core.timeline.query.EmptyCondition; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.io.FileUtils; import org.apache.commons.lang.StringUtils; import org.apache.hadoop.conf.Configuration; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/AggregatorUtils.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/AggregatorUtils.java index a1fab37e..869305d1 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/AggregatorUtils.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/AggregatorUtils.java @@ -25,7 +25,7 @@ import java.util.Map; import java.util.TreeMap; -import org.apache.commons.collections.MapUtils; +import org.apache.commons.collections4.MapUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/v2/TimelineMetricFilteringHostAggregator.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/v2/TimelineMetricFilteringHostAggregator.java index 1077ff84..3b6db6fb 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/v2/TimelineMetricFilteringHostAggregator.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/aggregators/v2/TimelineMetricFilteringHostAggregator.java @@ -26,7 +26,7 @@ import org.apache.ambari.metrics.core.timeline.availability.MetricCollectorHAController; import org.apache.ambari.metrics.core.timeline.query.EmptyCondition; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.hadoop.conf.Configuration; import org.apache.ambari.metrics.core.timeline.PhoenixHBaseAccessor; import org.apache.ambari.metrics.core.timeline.availability.AggregationTaskRunner; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/discovery/TimelineMetricMetadataManager.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/discovery/TimelineMetricMetadataManager.java index 1b289c05..91963f0e 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/discovery/TimelineMetricMetadataManager.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/discovery/TimelineMetricMetadataManager.java @@ -46,8 +46,8 @@ import org.apache.ambari.metrics.core.timeline.uuid.MetricUuidGenStrategy; import org.apache.ambari.metrics.core.timeline.uuid.Murmur3HashUuidGenStrategy; import org.apache.ambari.metrics.core.timeline.uuid.TimelineMetricUuid; -import org.apache.commons.collections.CollectionUtils; -import org.apache.commons.collections.MapUtils; +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.collections4.MapUtils; import org.apache.commons.lang.ArrayUtils; import org.apache.commons.lang.StringUtils; import org.apache.commons.logging.Log; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/ConditionBuilder.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/ConditionBuilder.java index 9285c8b8..04a7eab4 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/ConditionBuilder.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/ConditionBuilder.java @@ -21,7 +21,7 @@ import java.util.List; import java.util.Set; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.hadoop.metrics2.sink.timeline.Precision; import org.apache.ambari.metrics.core.timeline.aggregators.Function; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/DefaultCondition.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/DefaultCondition.java index 3ced0d80..68b393cd 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/DefaultCondition.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/DefaultCondition.java @@ -23,7 +23,7 @@ import java.util.List; import java.util.Set; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.metrics2.sink.timeline.Precision; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/MetadataQueryCondition.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/MetadataQueryCondition.java index 08404b2a..6998ec9c 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/MetadataQueryCondition.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/MetadataQueryCondition.java @@ -21,7 +21,7 @@ import java.util.Collections; import java.util.List; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang.StringUtils; public class MetadataQueryCondition extends TransientMetricCondition { diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/PhoenixTransactSQL.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/PhoenixTransactSQL.java index 3a988040..bbf4022b 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/PhoenixTransactSQL.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/PhoenixTransactSQL.java @@ -25,7 +25,7 @@ import java.util.regex.Pattern; import org.apache.ambari.metrics.core.timeline.TimelineMetricConfiguration; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.metrics2.sink.timeline.Precision; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/TopNCondition.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/TopNCondition.java index e951cd52..a6398213 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/TopNCondition.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/TopNCondition.java @@ -20,7 +20,7 @@ import java.util.List; import org.apache.ambari.metrics.core.timeline.aggregators.Function; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.metrics2.sink.timeline.Precision; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/TransientMetricCondition.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/TransientMetricCondition.java index 9d83300a..9518ed05 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/TransientMetricCondition.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/core/timeline/query/TransientMetricCondition.java @@ -18,7 +18,7 @@ package org.apache.ambari.metrics.core.timeline.query; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.hadoop.metrics2.sink.timeline.Precision; import java.util.ArrayList; diff --git a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/webapp/TimelineWebServices.java b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/webapp/TimelineWebServices.java index 71477ecd..8dcf178f 100644 --- a/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/webapp/TimelineWebServices.java +++ b/ambari-metrics-timelineservice/src/main/java/org/apache/ambari/metrics/webapp/TimelineWebServices.java @@ -49,7 +49,7 @@ import javax.xml.bind.annotation.XmlRootElement; import org.apache.ambari.metrics.core.timeline.TimelineMetricServiceSummary; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.classification.InterfaceAudience.Public; diff --git a/ambari-metrics-timelineservice/src/test/java/org/apache/ambari/metrics/core/timeline/query/DefaultConditionTest.java b/ambari-metrics-timelineservice/src/test/java/org/apache/ambari/metrics/core/timeline/query/DefaultConditionTest.java index 1c32bbbf..76bf2cb1 100644 --- a/ambari-metrics-timelineservice/src/test/java/org/apache/ambari/metrics/core/timeline/query/DefaultConditionTest.java +++ b/ambari-metrics-timelineservice/src/test/java/org/apache/ambari/metrics/core/timeline/query/DefaultConditionTest.java @@ -19,7 +19,7 @@ package org.apache.ambari.metrics.core.timeline.query; import junit.framework.Assert; -import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.collections4.CollectionUtils; import org.junit.Ignore; import org.junit.Test;