From d26fe3ff4b6a345d27e20859ec84cc88a6114fd5 Mon Sep 17 00:00:00 2001
From: PJ Fanning <pjfanning@users.noreply.github.com>
Date: Tue, 19 Jul 2022 17:07:53 +0100
Subject: [PATCH 1/5] use jackson v2 - jackson v1 is EOL and full of security
 issues

---
 .../tez/dag/history/logging/proto/DagManifesFileScanner.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tez-plugins/tez-protobuf-history-plugin/src/main/java/org/apache/tez/dag/history/logging/proto/DagManifesFileScanner.java b/tez-plugins/tez-protobuf-history-plugin/src/main/java/org/apache/tez/dag/history/logging/proto/DagManifesFileScanner.java
index 697083c30c..addb148530 100644
--- a/tez-plugins/tez-protobuf-history-plugin/src/main/java/org/apache/tez/dag/history/logging/proto/DagManifesFileScanner.java
+++ b/tez-plugins/tez-protobuf-history-plugin/src/main/java/org/apache/tez/dag/history/logging/proto/DagManifesFileScanner.java
@@ -28,12 +28,12 @@
 import java.util.List;
 import java.util.Map;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.apache.commons.io.IOUtils;
 import org.apache.hadoop.fs.FileStatus;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.tez.dag.api.TezConfiguration;
 import org.apache.tez.dag.history.logging.proto.HistoryLoggerProtos.ManifestEntryProto;
-import org.codehaus.jackson.map.ObjectMapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

From b2bba0744876afd384aa31daed9e8b6a3f14379f Mon Sep 17 00:00:00 2001
From: PJ Fanning <pjfanning@users.noreply.github.com>
Date: Tue, 19 Jul 2022 17:13:19 +0100
Subject: [PATCH 2/5] use jackson v2 code

---
 .../dag/history/logging/proto/HistoryEventProtoConverter.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tez-plugins/tez-protobuf-history-plugin/src/main/java/org/apache/tez/dag/history/logging/proto/HistoryEventProtoConverter.java b/tez-plugins/tez-protobuf-history-plugin/src/main/java/org/apache/tez/dag/history/logging/proto/HistoryEventProtoConverter.java
index f5f436eb9d..904c165684 100644
--- a/tez-plugins/tez-protobuf-history-plugin/src/main/java/org/apache/tez/dag/history/logging/proto/HistoryEventProtoConverter.java
+++ b/tez-plugins/tez-protobuf-history-plugin/src/main/java/org/apache/tez/dag/history/logging/proto/HistoryEventProtoConverter.java
@@ -24,6 +24,7 @@
 import java.util.Map.Entry;
 import java.util.TreeMap;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
 import org.apache.hadoop.yarn.api.records.ApplicationId;
 import org.apache.tez.common.ATSConstants;
@@ -58,7 +59,6 @@
 import org.apache.tez.dag.records.TezTaskAttemptID;
 import org.apache.tez.dag.records.TezTaskID;
 import org.apache.tez.dag.records.TezVertexID;
-import org.codehaus.jackson.map.ObjectMapper;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

From e14915dee624a9833084628f0bc22d5a302603c7 Mon Sep 17 00:00:00 2001
From: PJ Fanning <pjfanning@users.noreply.github.com>
Date: Thu, 21 Jul 2022 12:11:52 +0100
Subject: [PATCH 3/5] try to enforce that jackson v1 is not used

---
 pom.xml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/pom.xml b/pom.xml
index 5f381cdd27..e288189009 100644
--- a/pom.xml
+++ b/pom.xml
@@ -72,6 +72,7 @@
     <maven-checkstyle-plugin.version>3.1.1</maven-checkstyle-plugin.version>
     <checkstyle.version>8.35</checkstyle.version>
     <dependency-check-maven.version>1.3.6</dependency-check-maven.version>
+    <restrict-imports.enforcer.version>2.0.0</restrict-imports.enforcer.version>
     <test.build.data>${project.build.directory}/tmp</test.build.data>
   </properties>
   <scm>
@@ -1002,6 +1003,13 @@
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-enforcer-plugin</artifactId>
         <inherited>false</inherited>
+        <dependencies>
+          <dependency>
+            <groupId>de.skuzzle.enforcer</groupId>
+            <artifactId>restrict-imports-enforcer-rule</artifactId>
+            <version>${restrict-imports.enforcer.version}</version>
+          </dependency>
+        </dependencies>
         <executions>
           <execution>
             <id>clean</id>
@@ -1019,6 +1027,24 @@
               </rules>
             </configuration>
           </execution>
+          <execution>
+            <id>banned-illegal-imports</id>
+            <phase>process-sources</phase>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <RestrictImports>
+                  <includeTestCode>true</includeTestCode>
+                  <reason>Use Fasterxml Jackson 2 dependency in place of org.codehaus Jackson 1</reason>
+                  <bannedImports>
+                    <bannedImport>org.codehaus.jackson.**</bannedImport>
+                  </bannedImports>
+                </RestrictImports>
+              </rules>
+            </configuration>
+          </execution>
         </executions>
       </plugin>
       <plugin>

From 67986dfad627719418271b2b8e71e3b3c9c310bd Mon Sep 17 00:00:00 2001
From: PJ Fanning <pjfanning@users.noreply.github.com>
Date: Thu, 21 Jul 2022 12:27:52 +0100
Subject: [PATCH 4/5] Update pom.xml

---
 pom.xml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index e288189009..4a363ed5cc 100644
--- a/pom.xml
+++ b/pom.xml
@@ -70,6 +70,7 @@
     <frontend-maven-plugin.version>1.8.0</frontend-maven-plugin.version>
     <findbugs-maven-plugin.version>3.0.5</findbugs-maven-plugin.version>
     <maven-checkstyle-plugin.version>3.1.1</maven-checkstyle-plugin.version>
+    <maven-enforcer-plugin.version>3.0.0</maven-enforcer-plugin.version>
     <checkstyle.version>8.35</checkstyle.version>
     <dependency-check-maven.version>1.3.6</dependency-check-maven.version>
     <restrict-imports.enforcer.version>2.0.0</restrict-imports.enforcer.version>
@@ -1002,7 +1003,7 @@
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-enforcer-plugin</artifactId>
-        <inherited>false</inherited>
+        <version>${maven-enforcer-plugin.version}</version>
         <dependencies>
           <dependency>
             <groupId>de.skuzzle.enforcer</groupId>
@@ -1035,13 +1036,13 @@
             </goals>
             <configuration>
               <rules>
-                <RestrictImports>
+                <restrictImports>
                   <includeTestCode>true</includeTestCode>
                   <reason>Use Fasterxml Jackson 2 dependency in place of org.codehaus Jackson 1</reason>
                   <bannedImports>
                     <bannedImport>org.codehaus.jackson.**</bannedImport>
                   </bannedImports>
-                </RestrictImports>
+                </restrictImports>
               </rules>
             </configuration>
           </execution>

From 53c3f21eab25398d49c9838630542952c894ec45 Mon Sep 17 00:00:00 2001
From: PJ Fanning <pjfanning@users.noreply.github.com>
Date: Thu, 21 Jul 2022 12:31:44 +0100
Subject: [PATCH 5/5] use RestrictImports as that is what is documented in
 plugin docs

---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index 4a363ed5cc..7500412eae 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1036,13 +1036,13 @@
             </goals>
             <configuration>
               <rules>
-                <restrictImports>
+                <RestrictImports>
                   <includeTestCode>true</includeTestCode>
                   <reason>Use Fasterxml Jackson 2 dependency in place of org.codehaus Jackson 1</reason>
                   <bannedImports>
                     <bannedImport>org.codehaus.jackson.**</bannedImport>
                   </bannedImports>
-                </restrictImports>
+                </RestrictImports>
               </rules>
             </configuration>
           </execution>