Skip to content

Update error-prone to 2.14.0#12558

Merged
findepi merged 1 commit intotrinodb:masterfrom
wendigo:serafin/errorprone
May 30, 2022
Merged

Update error-prone to 2.14.0#12558
findepi merged 1 commit intotrinodb:masterfrom
wendigo:serafin/errorprone

Conversation

@wendigo
Copy link
Copy Markdown
Contributor

@wendigo wendigo commented May 26, 2022

No description provided.

@cla-bot cla-bot bot added the cla-signed label May 26, 2022
@wendigo wendigo requested review from findepi and ksobolew May 26, 2022 08:40
@findepi
Copy link
Copy Markdown
Member

findepi commented May 26, 2022

Does it pass on Trino? cc @ksobolew

@ksobolew
Copy link
Copy Markdown
Contributor

ksobolew commented May 26, 2022

Weird, how did I miss 2.13.0? I was just checking if there was a new release :)

Does it pass on Trino?

I guess we'll find out from the build

@ksobolew
Copy link
Copy Markdown
Contributor

ksobolew commented May 26, 2022
edited
Loading

I get BanJNDI in my local build in io.trino.plugin.base.ldap.JdkLdapClient.CloseableContext#search

@ksobolew
Copy link
Copy Markdown
Contributor

ksobolew commented May 26, 2022

The build confirms:

Error:  /home/runner/work/trino/trino/lib/trino-plugin-toolkit/src/main/java/io/trino/plugin/base/ldap/JdkLdapClient.java:[180,34] [BanJNDI] Using JNDI may deserialize user input via the `Serializable` API which is extremely dangerous
    (see https://errorprone.info/bugpattern/BanJNDI)

@wendigo wendigo force-pushed the serafin/errorprone branch from 6532c9b to 93f9a37 Compare May 26, 2022 09:18
findepi
findepi reviewed May 27, 2022
View reviewed changes
@wendigo wendigo requested a review from findepi May 27, 2022 10:38
@wendigo wendigo force-pushed the serafin/errorprone branch from 93f9a37 to 887c170 Compare May 27, 2022 10:38
ksobolew
ksobolew approved these changes May 27, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@ksobolew ksobolew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not familiar with the LDAP code, so I trust you that these are actually safe to ignore

@wendigo
Copy link
Copy Markdown
Contributor Author

wendigo commented May 30, 2022

Can we merge that @findepi ?

@findepi findepi merged commit 47dc6d8 into trinodb:master May 30, 2022
@github-actions github-actions bot added this to the 383 milestone May 30, 2022
@wendigo wendigo deleted the serafin/errorprone branch May 30, 2022 09:16
@colebow colebow mentioned this pull request May 31, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@findepi findepi findepi approved these changes

+1 more reviewer

@ksobolew ksobolew ksobolew approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla-signed

Milestone

383

Development

Successfully merging this pull request may close these issues.

3 participants

@wendigo @findepi @ksobolew