Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update thrift dependency to 0.19.0 #855

Open
wants to merge 9 commits into
base: master
Choose a base branch
from

Conversation

votez
Copy link
Contributor

@votez votez commented Sep 27, 2023

Fixes direct vulnerabilities: CVE-2020-13949, CVE-2019-0205, CVE-2018-1320, CVE-2018-11798 and vulnerability from dependencies: CVE-2020-13956. Projects using Cadence Java client might have newer and binary incompatible versions of libthrift in the classpath due to security gates/checks. This causes exceptions information loss in Cadence server log.

Failure serializing exception: com.uber.cadence.workflow.ChildWorkflowFailureException: Failure serializing exception: com.uber.cadence.workflow.ActivityFailureException: ActivityFailureException
{
  "reason": "com.uber.cadence.workflow.ChildWorkflowFailureException",
  "details": {
    "detailMessage": "Failure serializing exception: com.uber.cadence.workflow.ChildWorkflowFailureException: Failure serializing exception: com.uber.cadence.workflow.ActivityFailureException: ActivityFailureException,xxxx",
    "cause": {
      "detailMessage": "'java.lang.String org.apache.thrift.TSerializer.toString(org.apache.thrift.TBase, java.lang.String)'",
      "stackTrace": "com.uber.cadence.converter.TBaseTypeAdapterFactory$1.write(TBaseTypeAdapterFactory.java:52)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.internal.bind.TypeAdapterRuntimeTypeWrapper.write(TypeAdapterRuntimeTypeWrapper.java:69)\ncom.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1.write(ReflectiveTypeAdapterFactory.java:127)\ncom.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.write(ReflectiveTypeAdapterFactory.java:245)\ncom.google.gson.TypeAdapter.toJsonTree(TypeAdapter.java:234)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:93)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:34)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.Gson.toJson(Gson.java:735)\ncom.google.gson.Gson.toJson(Gson.java:714)\ncom.google.gson.Gson.toJson(Gson.java:669)\ncom.google.gson.Gson.toJson(Gson.java:649)\ncom.uber.cadence.converter.JsonDataConverter.toData(JsonDataConverter.java:90)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory.mapToWorkflowExecutionException(POJOWorkflowImplementationFactory.java:374)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory$POJOWorkflowImplementation.execute(POJOWorkflowImplementationFactory.java:275)\ncom.uber.cadence.internal.sync.WorkflowRunnable.run(WorkflowRunnable.java:47)\ncom.uber.cadence.internal.sync.CancellationScopeImpl.run(CancellationScopeImpl.java:102)\ncom.uber.cadence.internal.sync.WorkflowThreadImpl$RunnableWrapper.run(WorkflowThreadImpl.java:99)\njava.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)\njava.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\njava.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\njava.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\njava.base/java.lang.Thread.run(Thread.java:829)\n",
      "suppressedExceptions": [],
      "class": "java.lang.NoSuchMethodError"
    },
    "stackTrace": "com.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:102)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:34)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.Gson.toJson(Gson.java:735)\ncom.google.gson.Gson.toJson(Gson.java:714)\ncom.google.gson.Gson.toJson(Gson.java:669)\ncom.google.gson.Gson.toJson(Gson.java:649)\ncom.uber.cadence.converter.JsonDataConverter.toData(JsonDataConverter.java:90)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory.mapToWorkflowExecutionException(POJOWorkflowImplementationFactory.java:374)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory$POJOWorkflowImplementation.execute(POJOWorkflowImplementationFactory.java:275)\ncom.uber.cadence.internal.sync.WorkflowRunnable.run(WorkflowRunnable.java:47)\ncom.uber.cadence.internal.sync.CancellationScopeImpl.run(CancellationScopeImpl.java:102)\ncom.uber.cadence.internal.sync.WorkflowThreadImpl$RunnableWrapper.run(WorkflowThreadImpl.java:99)\njava.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)\njava.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\njava.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\njava.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\njava.base/java.lang.Thread.run(Thread.java:829)\n",
    "suppressedExceptions": [
      {
        "detailMessage": "Failure serializing exception: com.uber.cadence.workflow.ActivityFailureException: ActivityFailureException, ActivityType=\"xxxx",
        "cause": {
          "detailMessage": "'java.lang.String org.apache.thrift.TSerializer.toString(org.apache.thrift.TBase, java.lang.String)'",
          "stackTrace": "com.uber.cadence.converter.TBaseTypeAdapterFactory$1.write(TBaseTypeAdapterFactory.java:52)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.internal.bind.TypeAdapterRuntimeTypeWrapper.write(TypeAdapterRuntimeTypeWrapper.java:69)\ncom.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1.write(ReflectiveTypeAdapterFactory.java:127)\ncom.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.write(ReflectiveTypeAdapterFactory.java:245)\ncom.google.gson.TypeAdapter.toJsonTree(TypeAdapter.java:234)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:93)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:34)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.Gson.toJson(Gson.java:735)\ncom.google.gson.Gson.toJson(Gson.java:714)\ncom.google.gson.Gson.toJson(Gson.java:669)\ncom.google.gson.Gson.toJson(Gson.java:649)\ncom.uber.cadence.converter.JsonDataConverter.toData(JsonDataConverter.java:90)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory.mapToWorkflowExecutionException(POJOWorkflowImplementationFactory.java:374)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory$POJOWorkflowImplementation.execute(POJOWorkflowImplementationFactory.java:275)\ncom.uber.cadence.internal.sync.WorkflowRunnable.run(WorkflowRunnable.java:47)\ncom.uber.cadence.internal.sync.CancellationScopeImpl.run(CancellationScopeImpl.java:102)\ncom.uber.cadence.internal.sync.WorkflowThreadImpl$RunnableWrapper.run(WorkflowThreadImpl.java:99)\njava.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)\njava.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\njava.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\njava.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\njava.base/java.lang.Thread.run(Thread.java:829)\n",
          "suppressedExceptions": [],
          "class": "java.lang.NoSuchMethodError"
        },
        "stackTrace": "com.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:102)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:34)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.Gson.toJson(Gson.java:735)\ncom.google.gson.Gson.toJson(Gson.java:714)\ncom.google.gson.Gson.toJson(Gson.java:669)\ncom.google.gson.Gson.toJson(Gson.java:649)\ncom.uber.cadence.converter.JsonDataConverter.toData(JsonDataConverter.java:90)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory.mapToWorkflowExecutionException(POJOWorkflowImplementationFactory.java:374)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory$POJOWorkflowImplementation.execute(POJOWorkflowImplementationFactory.java:275)\ncom.uber.cadence.internal.sync.WorkflowRunnable.run(WorkflowRunnable.java:47)\ncom.uber.cadence.internal.sync.CancellationScopeImpl.run(CancellationScopeImpl.java:102)\ncom.uber.cadence.internal.sync.WorkflowThreadImpl$RunnableWrapper.run(WorkflowThreadImpl.java:99)\njava.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)\njava.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\njava.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\njava.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\njava.base/java.lang.Thread.run(Thread.java:829)\n",
        "suppressedExceptions": [
          {
            "detailMessage": "com.cloudera.ApiException: Not Acceptable",
            "cause": {
              "code": 406,
              "responseHeaders": {
                "Content-Type": [
                  "application/json; charset=utf-8"
                ],
                "Date": [
                  "Wed, 27 Sep 2023 15:29:26 GMT"
                ],
                "Content-Length": [
                  "387"
                ],
                "OkHttp-Sent-Millis": [
                  "1695828565000"
                ],
                "OkHttp-Received-Millis": [
                  "1695828566468"
                ]
              },
              "responseBody": "{\"message\":\", cause: [error creating cluster]",
              "detailMessage": "Not Acceptable",
              "cause": null,
              "stackTrace": "sensitive",
              "suppressedExceptions": [],
              "class": "com.cloudera.ApiException"
            },
            "stackTrace": "sensitive",
            "suppressedExceptions": [],
            "class": "com.cloudera.ApiException"
          }
        ],
        "class": "com.uber.cadence.converter.DataConverterException"
      }
    ],
    "class": "com.uber.cadence.converter.DataConverterException"
  },
  "decisionTaskCompletedEventId": 13
}

Fixes direct vulnerabilities: CVE-2020-13949, CVE-2019-0205, CVE-2018-1320, CVE-2018-11798 and vulnerability from dependencies: CVE-2020-13956. Projects using Cadence Java client might have newer and binary incompatible versions of libthrift in the classpath due to security gates/checks. This causes exceptions information loss in Cadence server log.
@CLAassistant
Copy link

CLAassistant commented Sep 27, 2023

CLA assistant check
All committers have signed the CLA.

@abhishekj720
Copy link
Contributor

Hi @votez , thanks for the update thrift dependecies change. We are getting ClientVersionNotSupportedError, could you kindly check unit test logs.

@votez
Copy link
Contributor Author

votez commented Sep 28, 2023

Hi @votez , thanks for the update thrift dependecies change. We are getting ClientVersionNotSupportedError, could you kindly check unit test logs.

I updated now the build pipeline to compile with Thrift 0.19.0 (was using the old one). Please re-run the PR build. @abhishekj720

@coveralls
Copy link

coveralls commented Sep 28, 2023

Pull Request Test Coverage Report for Build 2012

  • 4 of 6 (66.67%) changed or added relevant lines in 2 files are covered.
  • 1 unchanged line in 1 file lost coverage.
  • Overall coverage decreased (-0.009%) to 60.187%

Changes Missing Coverage Covered Lines Changed/Added Lines %
src/main/java/com/uber/cadence/internal/common/InternalUtils.java 3 5 60.0%
Files with Coverage Reduction New Missed Lines %
src/main/java/com/uber/cadence/internal/sync/WorkflowThreadContext.java 1 82.46%
Totals Coverage Status
Change from base Build 2011: -0.009%
Covered Lines: 11335
Relevant Lines: 18833

💛 - Coveralls

@grace303303
Copy link

Hi team, I asked a question regarding some info can not be found in the exception here https://uber-cadence.slack.com/archives/CL22WDF70/p1706035482907549, could that be fixed by this PR?

@votez votez requested a review from natemort as a code owner May 10, 2024 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants