From acb2def408167e584a3b127e2853b644fd5bdb6d Mon Sep 17 00:00:00 2001 From: Sumi Mathew Date: Tue, 12 Nov 2024 17:10:15 +0530 Subject: [PATCH] Fix for Cross Site Scripting Rule --- pom.xml | 6 ++++++ presto-accumulo/pom.xml | 1 - presto-bigquery/pom.xml | 5 ++++- presto-hive-function-namespace/pom.xml | 6 ++++++ presto-main/pom.xml | 5 +++++ .../facebook/presto/server/AsyncPageTransportServlet.java | 5 +++-- presto-parquet/pom.xml | 1 - presto-pinot-toolkit/pom.xml | 4 ++++ 8 files changed, 28 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index 54bf984a6808..b65e5f612899 100644 --- a/pom.xml +++ b/pom.xml @@ -1411,6 +1411,12 @@ 3.6.1 + + org.apache.commons + commons-lang3 + 3.14.0 + + org.apache.commons commons-text diff --git a/presto-accumulo/pom.xml b/presto-accumulo/pom.xml index 86a7e17f8062..731a77f383a5 100644 --- a/presto-accumulo/pom.xml +++ b/presto-accumulo/pom.xml @@ -232,7 +232,6 @@ org.apache.commons commons-lang3 - 3.4 diff --git a/presto-bigquery/pom.xml b/presto-bigquery/pom.xml index 97a39676ff77..d9ead60edaba 100644 --- a/presto-bigquery/pom.xml +++ b/presto-bigquery/pom.xml @@ -47,7 +47,6 @@ org.apache.commons commons-lang3 - 3.14.0 @@ -200,6 +199,10 @@ io.grpc grpc-protobuf-lite + + org.apache.commons + commons-lang3 + diff --git a/presto-hive-function-namespace/pom.xml b/presto-hive-function-namespace/pom.xml index e400e547ef0d..7c7b135f6633 100644 --- a/presto-hive-function-namespace/pom.xml +++ b/presto-hive-function-namespace/pom.xml @@ -36,6 +36,12 @@ org.apache.hive hive-llap-common + + + org.apache.commons + commons-lang3 + + diff --git a/presto-main/pom.xml b/presto-main/pom.xml index f6ab94cfd333..f916928f8f17 100644 --- a/presto-main/pom.xml +++ b/presto-main/pom.xml @@ -36,6 +36,11 @@ commons-math3 + + org.apache.commons + commons-lang3 + + com.facebook.presto presto-spi diff --git a/presto-main/src/main/java/com/facebook/presto/server/AsyncPageTransportServlet.java b/presto-main/src/main/java/com/facebook/presto/server/AsyncPageTransportServlet.java index 7619c3bb6f5d..774ea1cfca6d 100644 --- a/presto-main/src/main/java/com/facebook/presto/server/AsyncPageTransportServlet.java +++ b/presto-main/src/main/java/com/facebook/presto/server/AsyncPageTransportServlet.java @@ -29,6 +29,7 @@ import com.google.common.util.concurrent.ListenableFuture; import io.airlift.units.DataSize; import io.airlift.units.Duration; +import org.apache.commons.lang3.StringEscapeUtils; import org.weakref.jmx.Managed; import org.weakref.jmx.Nested; @@ -116,7 +117,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) protected void reportFailure(HttpServletResponse response, String message) throws IOException { - response.sendError(SC_BAD_REQUEST, message); + response.sendError(SC_BAD_REQUEST, StringEscapeUtils.escapeHtml4(message)); } protected void parseURI(String requestURI, HttpServletRequest request, HttpServletResponse response) @@ -181,7 +182,7 @@ public void onError(AsyncEvent event) { String errorMessage = format("Server error to process task result request %s : %s", requestURI, event.getThrowable().getMessage()); log.error(event.getThrowable(), errorMessage); - response.sendError(SC_INTERNAL_SERVER_ERROR, errorMessage); + response.sendError(SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml4(errorMessage)); } public void onStartAsync(AsyncEvent event) diff --git a/presto-parquet/pom.xml b/presto-parquet/pom.xml index 0dd58524b084..a3e55f4270ed 100644 --- a/presto-parquet/pom.xml +++ b/presto-parquet/pom.xml @@ -121,7 +121,6 @@ org.apache.commons commons-lang3 - 3.4 test diff --git a/presto-pinot-toolkit/pom.xml b/presto-pinot-toolkit/pom.xml index 3e94aaaedaec..580c3fbd94ec 100644 --- a/presto-pinot-toolkit/pom.xml +++ b/presto-pinot-toolkit/pom.xml @@ -314,6 +314,10 @@ com.fasterxml.jackson.dataformat jackson-dataformat-yaml + + org.apache.commons + commons-lang3 +