#48: Fix CVE-2023-4043 in test dependency `org.eclipse.parsson:parsso…

…n` (#49)

doc/changes/changes_2.0.5.md

@@ -1,9 +1,15 @@
-# Virtual Schema for Hive 2.0.5, released 2023-??-??
+# Virtual Schema for Hive 2.0.5, released 2023-11-21
 
-Code name:
+Code name: Fix CVE-2023-4043 in test dependency `org.eclipse.parsson:parsson`
 
 ## Summary
 
+This release fixes vulnerability CVE-2023-4043 in test dependency `org.eclipse.parsson:parsson`.
+
+## Security
+
+* #48: Fixed CVE-2023-4043 in test dependency `org.eclipse.parsson:parsson`
+
 ## Documentation
 
 * #40: Added missing `--/` to documentation
@@ -13,19 +19,22 @@ Code name:
 ### Test Dependency Updates
 
 * Updated `com.exasol:exasol-jdbc:7.1.17` to `7.1.20`
-* Updated `com.exasol:exasol-testcontainers:6.6.1` to `6.6.2`
-* Updated `com.exasol:hamcrest-resultset-matcher:1.5.2` to `1.6.1`
-* Updated `com.exasol:test-db-builder-java:3.4.2` to `3.5.1`
-* Updated `org.junit.jupiter:junit-jupiter:5.9.2` to `5.10.0`
-* Updated `org.mockito:mockito-junit-jupiter:5.2.0` to `5.6.0`
+* Updated `com.exasol:exasol-testcontainers:6.6.1` to `6.6.3`
+* Updated `com.exasol:hamcrest-resultset-matcher:1.5.2` to `1.6.3`
+* Updated `com.exasol:test-db-builder-java:3.4.2` to `3.5.2`
+* Updated `org.apache.commons:commons-compress:1.24.0` to `1.25.0`
+* Updated `org.junit.jupiter:junit-jupiter:5.9.2` to `5.10.1`
+* Updated `org.mockito:mockito-junit-jupiter:5.2.0` to `5.7.0`
 * Added `org.slf4j:slf4j-jdk14:2.0.9`
-* Updated `org.testcontainers:junit-jupiter:1.17.6` to `1.19.1`
+* Updated `org.testcontainers:junit-jupiter:1.17.6` to `1.19.2`
 
 ### Plugin Dependency Updates
 
 * Updated `com.exasol:error-code-crawler-maven-plugin:1.3.0` to `1.3.1`
-* Updated `com.exasol:project-keeper-maven-plugin:2.9.11` to `2.9.14`
+* Updated `com.exasol:project-keeper-maven-plugin:2.9.11` to `2.9.16`
 * Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.0` to `3.4.1`
+* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.1.2` to `3.2.2`
+* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.1.2` to `3.2.2`
 * Updated `org.codehaus.mojo:versions-maven-plugin:2.16.0` to `2.16.1`
 * Updated `org.jacoco:jacoco-maven-plugin:0.8.10` to `0.8.11`
 * Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184` to `3.10.0.2594`

doc/developer_guide.md

@@ -10,5 +10,7 @@ The reason for the tests being disabled is we can only deliver drivers where the
 1. Download the [Hive JDBC driver `HiveJDBC42.jar`](https://www.cloudera.com/downloads/connectors/hive/jdbc/2-6-23.html)
 2. Temporarily put the driver into `src/test/resources/integration/driver/hive` directory.
 3. Make sure that the file's name is `HiveJDBC42.jar`.
-4. Run the tests from an IDE or temporarily comment out the `skip` property of `maven-failsafe-plugin` and execute `mvn verify` command.
+4. Run integration tests:
+   * Run `HiveSqlDialectIT` from your IDE or
+   * temporarily comment out the `skip` property of `maven-failsafe-plugin` and execute `mvn verify` command.
 5. **Do not upload the driver to the GitHub repository**.

pom.xml

@@ -44,13 +44,13 @@
         <dependency>
             <groupId>org.junit.jupiter</groupId>
             <artifactId>junit-jupiter</artifactId>
-            <version>5.10.0</version>
+            <version>5.10.1</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-junit-jupiter</artifactId>
-            <version>5.6.0</version>
+            <version>5.7.0</version>
             <scope>test</scope>
         </dependency>
         <!--Integration test dependencies-->
@@ -63,31 +63,31 @@
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>exasol-testcontainers</artifactId>
-            <version>6.6.2</version>
+            <version>6.6.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
             <artifactId>junit-jupiter</artifactId>
-            <version>1.19.1</version>
+            <version>1.19.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>
-            <version>1.24.0</version>
+            <version>1.25.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>test-db-builder-java</artifactId>
-            <version>3.5.1</version>
+            <version>3.5.2</version>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>com.exasol</groupId>
             <artifactId>hamcrest-resultset-matcher</artifactId>
-            <version>1.6.1</version>
+            <version>1.6.3</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -111,7 +111,7 @@
             <plugin>
                 <groupId>com.exasol</groupId>
                 <artifactId>project-keeper-maven-plugin</artifactId>
-                <version>2.9.14</version>
+                <version>2.9.16</version>
                 <executions>
                     <execution>
                         <goals>

src/test/java/com/exasol/adapter/dialects/hive/HiveSqlDialectIT.java

@@ -17,16 +17,14 @@
 import java.net.*;
 import java.nio.file.Path;
 import java.sql.*;
+import java.time.Duration;
 import java.util.*;
 import java.util.concurrent.TimeoutException;
 import java.util.stream.Collectors;
 
 import org.hamcrest.Matcher;
 import org.junit.jupiter.api.*;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.testcontainers.containers.DockerComposeContainer;
-import org.testcontainers.containers.output.Slf4jLogConsumer;
 import org.testcontainers.containers.wait.strategy.Wait;
 import org.testcontainers.junit.jupiter.Container;
 import org.testcontainers.junit.jupiter.Testcontainers;
@@ -40,13 +38,13 @@
 import com.exasol.matcher.TypeMatchMode;
 
 /**
- * How to run `HiveSqlDialectIT`: See the documentation <a href="doc/developer_guide.md"</a>.
+ * How to run {@link HiveSqlDialectIT}: See the documentation in doc/developer_guide.md.
  */
 @Tag("integration")
 @Testcontainers
 class HiveSqlDialectIT {
-    private static final Logger LOGGER = LoggerFactory.getLogger(HiveSqlDialectIT.class);
-    private static final String HIVE_DOCKER_COMPOSE_YAML = "src/test/resources/integration/driver/hive/docker-compose.yaml";
+    private static final File HIVE_DOCKER_COMPOSE_YAML = new File(
+            "src/test/resources/integration/driver/hive/docker-compose.yaml");
     private static final String HIVE_SERVICE_NAME = "hive-server_1";
     private static final int HIVE_EXPOSED_PORT = 10000;
     private static final String JDBC_CONNECTION_NAME = "JDBC";
@@ -61,18 +59,18 @@ class HiveSqlDialectIT {
     private static final String HIVE_SOURCE_TABLE = "HIVE_SOURCE";
     @Container
     public static DockerComposeContainer<? extends DockerComposeContainer<?>> HIVE = new DockerComposeContainer<>(
-            new File(HIVE_DOCKER_COMPOSE_YAML)) //
-            .withExposedService(HIVE_SERVICE_NAME, HIVE_EXPOSED_PORT, Wait.forListeningPort());
+            HIVE_DOCKER_COMPOSE_YAML) //
+            .withExposedService(HIVE_SERVICE_NAME, HIVE_EXPOSED_PORT,
+                    Wait.forListeningPort().withStartupTimeout(Duration.ofMinutes(2)));
     @Container
-    private static final ExasolContainer<? extends ExasolContainer<?>> EXASOL = new ExasolContainer<>()
-            .withLogConsumer(new Slf4jLogConsumer(LOGGER)).withReuse(true); //
+    private static final ExasolContainer<? extends ExasolContainer<?>> EXASOL = new ExasolContainer<>().withReuse(true); //
     private static Connection exasolConnection;
     private static Statement statementExasol;
     private static ExasolObjectFactory exasolFactory;
     private static AdapterScript adapterScript;
     private static ConnectionDefinition connectionDefinition;
-    private VirtualSchema virtualSchema;
     private static Connection hiveConnection;
+    private VirtualSchema virtualSchema;
 
     @BeforeAll
     static void beforeAll() throws BucketAccessException, TimeoutException, SQLException, ClassNotFoundException,