Update sqlite-jdbc to 3.41.2.2 to address CVE-2023-32697 (#1667)

Yury-Fridlyand · Yury-Fridlyand · commit 512fee01013b · 2023-06-27T11:20:53.000-07:00
* Update sqlite-jdbc to 3.41.2.2 to address CVE-2023-32697 Signed-off-by: MaxKsyunz <maxk@bitquilltech.com> * Don't check column names on H2 results for correctness tests as described in #1667 (comment). Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> * Address PR review comment. Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> --------- Signed-off-by: MaxKsyunz <maxk@bitquilltech.com> Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com> Co-authored-by: Yury-Fridlyand <yury.fridlyand@improving.com> Signed-off-by: Yury-Fridlyand <yury.fridlyand@improving.com>
diff --git a/integ-test/build.gradle b/integ-test/build.gradle
@@ -94,7 +94,7 @@ dependencies {
     testRuntimeOnly('org.junit.jupiter:junit-jupiter-engine:5.6.2')
 
     testImplementation group: 'com.h2database', name: 'h2', version: '2.1.214'
-    testImplementation group: 'org.xerial', name: 'sqlite-jdbc', version: '3.28.0'
+    testImplementation group: 'org.xerial', name: 'sqlite-jdbc', version: '3.41.2.2'
     testImplementation group: 'com.google.code.gson', name: 'gson', version: '2.8.9'
 }
 
diff --git a/integ-test/src/test/java/org/opensearch/sql/correctness/runner/resultset/DBResult.java b/integ-test/src/test/java/org/opensearch/sql/correctness/runner/resultset/DBResult.java
@@ -12,8 +12,9 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
+import java.util.Objects;
 import java.util.Set;
-import lombok.EqualsAndHashCode;
+import java.util.stream.Collectors;
 import lombok.Getter;
 import lombok.ToString;
 import org.json.JSONPropertyName;
@@ -24,7 +25,6 @@
  * query with SELECT columns or just *, order of column and row may matter or not. So the internal data structure of this
  * class is passed in from outside either list or set, hash map or linked hash map etc.
  */
-@EqualsAndHashCode(exclude = "databaseName")
 @ToString
 public class DBResult {
 
@@ -191,4 +191,24 @@ private static <T extends Comparable<T>> List<T> sort(Collection<T> collection)
     return list;
   }
 
+  public boolean equals(final Object o) {
+    if (o == this) {
+      return true;
+    }
+    if (!(o instanceof DBResult)) {
+      return false;
+    }
+    final DBResult other = (DBResult) o;
+    // H2 calculates the value before setting column name
+    // for example, for query "select 1 + 1" it returns a column named "2" instead of "1 + 1"
+    boolean skipColumnNameCheck = databaseName.equalsIgnoreCase("h2") || other.databaseName.equalsIgnoreCase("h2");
+    if (!skipColumnNameCheck && !schema.equals(other.schema)) {
+      return false;
+    }
+    if (skipColumnNameCheck && !schema.stream().map(Type::getType).collect(Collectors.toList())
+                    .equals(other.schema.stream().map(Type::getType).collect(Collectors.toList()))) {
+      return false;
+    }
+    return dataRows.equals(other.dataRows);
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -94,7 +94,7 @@ dependencies {`
`94`	`94`	`testRuntimeOnly('org.junit.jupiter:junit-jupiter-engine:5.6.2')`
`95`	`95`
`96`	`96`	`testImplementation group: 'com.h2database', name: 'h2', version: '2.1.214'`
`97`		`- testImplementation group: 'org.xerial', name: 'sqlite-jdbc', version: '3.28.0'`
	`97`	`+ testImplementation group: 'org.xerial', name: 'sqlite-jdbc', version: '3.41.2.2'`
`98`	`98`	`testImplementation group: 'com.google.code.gson', name: 'gson', version: '2.8.9'`
`99`	`99`	`}`
`100`	`100`