exasol / bigquery-virtual-schema Goto Github PK
View Code? Open in Web Editor NEWVirtual Schema for connecting Big Query as a data source to Exasol
License: MIT License
Virtual Schema for connecting Big Query as a data source to Exasol
License: MIT License
Rename error codes from VS-BIGQ to VSBIGQ
Migrate BigQuery dialect implementation from the virtual-schemas repository
ThreeTen Backport v1.6.8 was discovered to contain an integer overflow via the component org.threeten.bp.format.DateTimeFormatter::parse(CharSequence, ParsePosition).
CVE: CVE-2024-23082
CWE: CWE-190
See log messages from build job Dependency Check:
Excluded vulnerabilities:
When loading a table from BigQuery that contains a DATE, on the Exasol side it results in a VARCHAR
instead of a DATE
.
Example:
DATE
value "09.01.2020" on BigQuery turned to a VARCHAR(10) UTF8
in Exasol.
We need to support nanosecond timestamp resolution.
Error: Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project bigquery-virtual-schema: Detected 2 vulnerable components:
Error: org.apache.commons:commons-compress:jar:1.22:test; https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2023-42503] CWE-20: Improper Input Validation (5.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-42503?component-type=maven&component-name=org.apache.commons%2Fcommons-compress&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: io.netty:netty-handler:jar:4.1.94.Final:test; https://ossindex.sonatype.org/component/pkg:maven/io.netty/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2023-4586] CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle') (6.5); https://ossindex.sonatype.org/vulnerability/CVE-2023-4586?component-type=maven&component-name=io.netty%2Fnetty-handler&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
We have added a few new functions to the common part recently.
We need to check if some dialects could support them. The list of the new function capabilities to check:
In order to verify the bugfix for #8 we need to add integration tests using the BigQuery JDBC driver and bigquery-emulator.
This requires changes to bigquery-emulator: goccy/bigquery-emulator#7
This issue would be useful: exasol/exasol-testcontainers#74
Add to class BigQueryDatasetFixture
(and potentially others as well):
@SuppressWarnings("try")
// auto-closeable resource virtualSchema is never referenced in body of corresponding try statement
Remove from file pom.xml
, maven-compiler-plugin
:
-try
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder
can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the bodyListHttpData
list. The decoder cumulates bytes in the undecodedChunk
buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.
CVE: CVE-2024-29025
CWE: CWE-770
https://github.com/goccy/bigquery-emulator
Check if BigQuery Emulator now supports the required features, see #9.
Currently already version 2.23.2 com.google.cloud/google-cloud-bigquery
is available on maven central.
Error: Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project bigquery-virtual-schema: Detected 1 vulnerable components:
Error: org.apache.commons:commons-compress:jar:1.24.0:test; https://ossindex.sonatype.org/component/pkg:maven/org.apache.commons/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2024-25710] CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') (8.1); https://ossindex.sonatype.org/vulnerability/CVE-2024-25710?component-type=maven&component-name=org.apache.commons%2Fcommons-compress&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2024-26308] CWE-770: Allocation of Resources Without Limits or Throttling (7.5); https://ossindex.sonatype.org/vulnerability/CVE-2024-26308?component-type=maven&component-name=org.apache.commons%2Fcommons-compress&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate).
CVE: CVE-2024-23081
CWE: CWE-476
Additionally check if the following currently excluded vulnerabilities need to remain so
Currently, joins are not pushed down to BigQuery.
However, this would be very useful when working with Virtual Schemas on BigQuery.
Update dependencies to use enhanced Datatype Detection For Result Sets from virtual-schemas-common-jdbc
Since 2023-06-02 for version 8.18.1 of Exasol database a Docker image is available on Dockerhub.
The current ticket therefore requests to update the integration tests of VSBIGQ to use version 8.18.1 as latest default version.
Please note sibling-tickets for all JDBC-based virtual schemas.
See https://github.com/exasol/bigquery-virtual-schema/actions/runs/4867663879/jobs/8680444060
Error: Failed to execute goal org.sonatype.ossindex.maven:ossindex-maven-plugin:3.2.0:audit (default-cli) on project bigquery-virtual-schema: Detected 1 vulnerable components:
Error: com.google.guava:guava:jar:31.1-jre:test; https://ossindex.sonatype.org/component/pkg:maven/com.google.guava/[email protected]?utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error: * [CVE-2020-8908] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions (6.2); https://ossindex.sonatype.org/vulnerability/CVE-2020-8908?component-type=maven&component-name=com.google.guava%2Fguava&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
Error:
Virtual-schema-shared-integration-tests provide generic integration tests.
Refactor this repository to use that library.
IntegrationTestSetup.java sets constant values for DEBUG_ADDRESS
and LOG_LEVEL
.
if (System.getProperty("test.vs-logs", "false").equals("true")) {
properties.put("DEBUG_ADDRESS", "127.0.0.1:3001");
Please consider to remove these lines and propose using the system properties supported by exasol/test-db-builder-java#103 in the documentation (either user_guide or developer_guide).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.