fix(vulnerabilities)/vulnerabilities_fixes_datahub (#8075) (#8189)

Co-authored-by: Sejal-NucleusTeq <109514187+Sejal-NucleusTeq@users.noreply.github.com>
2025-12-25 08:58:26 +00:00 · 2023-06-07 18:42:19 -05:00 · 2023-06-07 18:42:19 -05:00 · 81fdf9df55
commit 81fdf9df55
parent fd790e33d8
8 changed files with 57 additions and 13 deletions
--- a/build.gradle
+++ b/build.gradle
@ -7,7 +7,6 @@ buildscript {
  ext.springBootVersion = '2.7.11'
  ext.openTelemetryVersion = '1.18.0'
  ext.neo4jVersion = '4.4.9'
-  ext.graphQLJavaVersion = '19.0'
  ext.testContainersVersion = '1.17.4'
  ext.elasticsearchVersion = '7.10.2'
  // TODO: Change to final release version once it's out ETA Mid-April
@ -92,8 +91,8 @@ project.ext.externalDependency = [
    'elasticSearchRest': 'org.elasticsearch.client:elasticsearch-rest-high-level-client:' + elasticsearchVersion,
    'elasticSearchTransport': 'org.elasticsearch.client:transport:' + elasticsearchVersion,
    'findbugsAnnotations': 'com.google.code.findbugs:annotations:3.0.1',
-    'graphqlJava': 'com.graphql-java:graphql-java:' + graphQLJavaVersion,
-    'graphqlJavaScalars': 'com.graphql-java:graphql-java-extended-scalars:' + graphQLJavaVersion,
+    'graphqlJava': 'com.graphql-java:graphql-java:19.5',
+    'graphqlJavaScalars': 'com.graphql-java:graphql-java-extended-scalars:19.1',
    'gson': 'com.google.code.gson:gson:2.8.9',
    'guice': 'com.google.inject:guice:4.2.3',
    'guava': 'com.google.guava:guava:27.0.1-jre',
@ -206,7 +205,12 @@ project.ext.externalDependency = [
    'testContainersKafka': 'org.testcontainers:kafka:' + testContainersVersion,
    'typesafeConfig':'com.typesafe:config:1.4.1',
    'wiremock':'com.github.tomakehurst:wiremock:2.10.0',
-    'zookeeper': 'org.apache.zookeeper:zookeeper:3.4.14'
+    'zookeeper': 'org.apache.zookeeper:zookeeper:3.4.14',
+    'wire': 'com.squareup.wire:wire-compiler:3.7.1',
+    'charle':  'com.charleskorn.kaml:kaml:0.53.0',
+    'common': 'commons-io:commons-io:2.7',
+    'jline':'jline:jline:1.4.1',
+    'jetbrains':' org.jetbrains.kotlin:kotlin-stdlib:1.6.0'
    
 ]

--- a/datahub-frontend/app/controllers/AuthenticationController.java
+++ b/datahub-frontend/app/controllers/AuthenticationController.java
@ -49,7 +49,7 @@ import static org.pac4j.core.client.IndirectClient.ATTEMPTED_AUTHENTICATION_SUFF

 // TODO add logging.
 public class AuthenticationController extends Controller {
-
+    public static final String AUTH_VERBOSE_LOGGING = "auth.verbose.logging";
    private static final String AUTH_REDIRECT_URI_PARAM = "redirect_uri";
    private static final String ERROR_MESSAGE_URI_PARAM = "error_msg";
    private static final String SSO_DISABLED_ERROR_MESSAGE = "SSO is not configured";
@ -60,6 +60,7 @@ public class AuthenticationController extends Controller {
    private final CookieConfigs _cookieConfigs;
    private final JAASConfigs _jaasConfigs;
    private final NativeAuthenticationConfigs _nativeAuthenticationConfigs;
+    private final boolean _verbose;

    @Inject
    private org.pac4j.core.config.Config _ssoConfig;
@ -78,6 +79,7 @@ public class AuthenticationController extends Controller {
        _cookieConfigs = new CookieConfigs(configs);
        _jaasConfigs = new JAASConfigs(configs);
        _nativeAuthenticationConfigs = new NativeAuthenticationConfigs(configs);
+        _verbose = configs.hasPath(AUTH_VERBOSE_LOGGING) && configs.getBoolean(AUTH_VERBOSE_LOGGING);
    }

    /**
@ -282,7 +284,11 @@ public class AuthenticationController extends Controller {
            final Optional<RedirectionAction> action = client.getRedirectionAction(playWebContext);
            return action.map(act -> new PlayHttpActionAdapter().adapt(act, playWebContext));
        } catch (Exception e) {
-            _logger.error("Caught exception while attempting to redirect to SSO identity provider! It's likely that SSO integration is mis-configured", e);
+            if (_verbose) {
+                _logger.error("Caught exception while attempting to redirect to SSO identity provider! It's likely that SSO integration is mis-configured", e);
+            } else {
+                _logger.error("Caught exception while attempting to redirect to SSO identity provider! It's likely that SSO integration is mis-configured");
+            }
            return Optional.of(Results.redirect(
                String.format("/login?error_msg=%s",
                URLEncoder.encode("Failed to redirect to Single Sign-On provider. Please contact your DataHub Administrator, "
@ -316,7 +322,11 @@ public class AuthenticationController extends Controller {
                _logger.debug("Jaas authentication successful. Login succeeded");
                loginSucceeded = true;
            } catch (Exception e) {
-                _logger.debug("Jaas authentication error. Login failed", e);
+                if (_verbose) {
+                    _logger.debug("Jaas authentication error. Login failed", e);
+                } else {
+                    _logger.debug("Jaas authentication error. Login failed");
+                }
            }
        }

--- a/datahub-frontend/app/security/AuthenticationManager.java
+++ b/datahub-frontend/app/security/AuthenticationManager.java
@ -18,8 +18,7 @@ import play.Logger;

 public class AuthenticationManager {

-  private AuthenticationManager() {
-
+  private AuthenticationManager(boolean verbose) {
  }

  public static void authenticateJaasUser(@Nonnull String userName, @Nonnull String password) throws Exception {
@ -33,7 +32,9 @@ public class AuthenticationManager {
      LoginContext lc = new LoginContext("WHZ-Authentication", new WHZCallbackHandler(userName, password));
      lc.login();
    } catch (LoginException le) {
-      throw new AuthenticationException(le.toString(), le);
+      AuthenticationException authenticationException = new AuthenticationException(le.getMessage());
+      authenticationException.setRootCause(le);
+      throw authenticationException;
    }
  }

--- a/datahub-frontend/conf/application.conf
+++ b/datahub-frontend/conf/application.conf
@ -142,6 +142,13 @@ ui.new.browse.dataset = true

 # React App Authentication
 # ~~~~~
+
+#
+# Enable verbose authentication logging
+#
+auth.verbose.logging = false
+auth.verbose.logging = ${?AUTH_VERBOSE_LOGGING}
+
 # React currently supports OIDC SSO + self-configured JAAS for authentication. Below you can find the supported configurations for
 # each mechanism.
 #
--- a/datahub-upgrade/build.gradle
+++ b/datahub-upgrade/build.gradle
@ -15,6 +15,7 @@ dependencies {
  compile project(':metadata-io')
  compile project(':metadata-service:factories')
  compile project(':metadata-service:restli-client')
+  implementation externalDependency.charle

  compile externalDependency.javaxInject
  compile(externalDependency.hadoopClient) {
@ -23,6 +24,8 @@ dependencies {
    exclude group: "org.apache.htrace", module: "htrace-core4"
    exclude group: "org.eclipse.jetty", module: "jetty-util"
    exclude group: "org.apache.hadoop.thirdparty", module: "hadoop-shaded-protobuf_3_7"
+    exclude group: "com.charleskorn.kaml", module:"kaml"
+
  }

  constraints {
@ -101,3 +104,4 @@ task cleanLocalDockerImages {
  }
 }
 dockerClean.finalizedBy(cleanLocalDockerImages)
+
--- a/metadata-service/factories/build.gradle
+++ b/metadata-service/factories/build.gradle
@ -46,7 +46,13 @@ dependencies {
  testCompile externalDependency.mockito
  testCompile externalDependency.testng
  testCompile externalDependency.hazelcastTest
+  implementation externalDependency.jline
+  implementation externalDependency.common
+}

+configurations.all{
+  exclude group: "commons-io", module:"commons-io"
+  exclude group: "jline", module:"jline"
 }

 processResources.configure {
--- a/metadata-service/graphql-servlet-impl/build.gradle
+++ b/metadata-service/graphql-servlet-impl/build.gradle
@ -13,6 +13,14 @@ dependencies {
  compile externalDependency.springContext
  implementation externalDependency.slf4jApi
  compileOnly externalDependency.lombok
-
  annotationProcessor externalDependency.lombok
+
+  implementation externalDependency.charle
+  implementation externalDependency.jetbrains
+
+}
+
+configurations.all{
+  exclude group: "com.charleskorn.kaml", module:"kaml"
+  exclude group: " org.jetbrains.kotlin", module:"kotlin-stdlib"
 }
--- a/metadata-service/war/build.gradle
+++ b/metadata-service/war/build.gradle
@ -39,8 +39,12 @@ dependencies {
  runtime externalDependency.logbackClassic
  implementation externalDependency.awsMskIamAuth
  testRuntime externalDependency.logbackClassic
+  implementation externalDependency.charle
+}
+configurations.all{
+  exclude group: "com.charleskorn.kaml", module:"kaml"
+  
 }
-
 configurations {
  jetty9
 }
@ -83,4 +87,4 @@ task cleanLocalDockerImages {
    rootProject.ext.cleanLocalDockerImages(docker_registry, docker_repo, "v${version}")
  }
 }
-dockerClean.finalizedBy(cleanLocalDockerImages)
+dockerClean.finalizedBy(cleanLocalDockerImages)