truncate Trino query error message to 2K (#210)

satish-mittal · web-flow · commit 40fc51e4392b · 2023-10-25T17:08:24.000+05:30
* truncate Trino query error message to 2K

* fix vulnerabilities
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
@@ -18,14 +18,15 @@
     <cve>CVE-2020-13956</cve>
   </suppress>
 
-  <suppress until="2023-10-31Z">
+  <suppress until="2023-11-30Z">
     <notes><![CDATA[
-   file name: zookeeper-api-1.2.0.jar
+   file name: zookeeper-api-1.3.0.jar
    ]]></notes>
     <packageUrl regex="true">^pkg:maven/org\.apache\.helix/zookeeper\-api@.*$</packageUrl>
     <cve>CVE-2016-5017</cve>
     <cve>CVE-2018-8012</cve>
     <cve>CVE-2019-0201</cve>
+    <cve>CVE-2023-44981</cve>
   </suppress>
   <suppress until="2023-10-31Z">
     <notes><![CDATA[
diff --git a/query-service-client/build.gradle.kts b/query-service-client/build.gradle.kts
@@ -7,7 +7,7 @@ plugins {
 
 dependencies {
   api(project(":query-service-api"))
-  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.12.1")
+  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.12.6")
 
   // Logging
   implementation("org.slf4j:slf4j-api:1.7.32")
diff --git a/query-service-factory/build.gradle.kts b/query-service-factory/build.gradle.kts
@@ -3,7 +3,7 @@ plugins {
 }
 
 dependencies {
-  api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.60")
+  api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.62")
 
   implementation(project(":query-service-impl"))
   implementation("com.google.inject:guice:5.0.1")
diff --git a/query-service-impl/build.gradle.kts b/query-service-impl/build.gradle.kts
@@ -54,12 +54,15 @@ dependencies {
     implementation("com.squareup.okio:okio:3.4.0") {
       because("CVE-2023-3635")
     }
+    implementation("org.apache.zookeeper:zookeeper:3.7.2") {
+      because("CVE-2023-44981")
+    }
   }
   api(project(":query-service-api"))
   api("com.typesafe:config:1.4.1")
-  implementation("org.hypertrace.core.grpcutils:grpc-context-utils:0.12.1")
-  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.12.1")
-  implementation("org.hypertrace.core.grpcutils:grpc-server-rx-utils:0.12.1")
+  implementation("org.hypertrace.core.grpcutils:grpc-context-utils:0.12.6")
+  implementation("org.hypertrace.core.grpcutils:grpc-client-utils:0.12.6")
+  implementation("org.hypertrace.core.grpcutils:grpc-server-rx-utils:0.12.6")
   implementation("org.hypertrace.core.attribute.service:attribute-service-api:0.14.26")
   implementation("org.hypertrace.core.attribute.service:attribute-projection-registry:0.14.26")
   implementation("org.hypertrace.core.attribute.service:caching-attribute-service-client:0.14.26")
@@ -71,7 +74,7 @@ dependencies {
   }
   implementation("org.slf4j:slf4j-api:1.7.32")
   implementation("commons-codec:commons-codec:1.15")
-  implementation("org.hypertrace.core.serviceframework:platform-metrics:0.1.60")
+  implementation("org.hypertrace.core.serviceframework:platform-metrics:0.1.62")
   implementation("com.google.protobuf:protobuf-java-util:3.22.0")
   implementation("com.google.guava:guava:32.1.2-jre")
   implementation("io.reactivex.rxjava3:rxjava:3.0.11")
diff --git a/query-service-impl/src/main/java/org/hypertrace/core/query/service/trino/TrinoBasedRequestHandler.java b/query-service-impl/src/main/java/org/hypertrace/core/query/service/trino/TrinoBasedRequestHandler.java
@@ -130,7 +130,8 @@ public Observable<Row> handleRequest(QueryRequest request, ExecutionContext exec
 
       return executeQuery(sql.getKey(), sql.getValue());
     } catch (Throwable t) {
-      return Observable.error(t);
+      String truncatedMessage = (t.getMessage() == null) ? null : t.getMessage().substring(0, 2048);
+      return Observable.error(new Throwable(truncatedMessage));
     }
   }
 
diff --git a/query-service/build.gradle.kts b/query-service/build.gradle.kts
@@ -10,8 +10,8 @@ plugins {
 
 dependencies {
   implementation(project(":query-service-factory"))
-  implementation("org.hypertrace.core.grpcutils:grpc-server-utils:0.12.1")
-  implementation("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.61")
+  implementation("org.hypertrace.core.grpcutils:grpc-server-utils:0.12.6")
+  implementation("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.62")
   implementation("org.slf4j:slf4j-api:1.7.32")
   implementation("com.typesafe:config:1.4.1")
 
@@ -22,7 +22,7 @@ dependencies {
   integrationTestImplementation("org.testcontainers:testcontainers:1.16.2")
   integrationTestImplementation("org.testcontainers:junit-jupiter:1.16.2")
   integrationTestImplementation("org.testcontainers:kafka:1.16.2")
-  integrationTestImplementation("org.hypertrace.core.serviceframework:integrationtest-service-framework:0.1.61")
+  integrationTestImplementation("org.hypertrace.core.serviceframework:integrationtest-service-framework:0.1.62")
   integrationTestImplementation("com.github.stefanbirkner:system-lambda:1.2.0")
 
   integrationTestImplementation("org.apache.kafka:kafka-clients:7.2.1-ccs")

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@ plugins {`
`3`	`3`	`}`
`4`	`4`
`5`	`5`	`dependencies {`
`6`		`- api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.60")`
	`6`	`+ api("org.hypertrace.core.serviceframework:platform-grpc-service-framework:0.1.62")`
`7`	`7`
`8`	`8`	`implementation(project(":query-service-impl"))`
`9`	`9`	`implementation("com.google.inject:guice:5.0.1")`
Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,8 @@ public Observable<Row> handleRequest(QueryRequest request, ExecutionContext exec`
`130`	`130`
`131`	`131`	`return executeQuery(sql.getKey(), sql.getValue());`
`132`	`132`	`} catch (Throwable t) {`
`133`		`- return Observable.error(t);`
	`133`	`+ String truncatedMessage = (t.getMessage() == null) ? null : t.getMessage().substring(0, 2048);`
	`134`	`+ return Observable.error(new Throwable(truncatedMessage));`
`134`	`135`	`}`
`135`	`136`	`}`
`136`	`137`