cadence-java-client icon indicating copy to clipboard operation
cadence-java-client copied to clipboard
verified publisher icon uber

Update thrift dependency to 0.19.0

Open votez opened this issue 2 years ago • 5 comments

Fixes direct vulnerabilities: CVE-2020-13949, CVE-2019-0205, CVE-2018-1320, CVE-2018-11798 and vulnerability from dependencies: CVE-2020-13956. Projects using Cadence Java client might have newer and binary incompatible versions of libthrift in the classpath due to security gates/checks. This causes exceptions information loss in Cadence server log.

Failure serializing exception: com.uber.cadence.workflow.ChildWorkflowFailureException: Failure serializing exception: com.uber.cadence.workflow.ActivityFailureException: ActivityFailureException 
{
  "reason": "com.uber.cadence.workflow.ChildWorkflowFailureException",
  "details": {
    "detailMessage": "Failure serializing exception: com.uber.cadence.workflow.ChildWorkflowFailureException: Failure serializing exception: com.uber.cadence.workflow.ActivityFailureException: ActivityFailureException,xxxx",
    "cause": {
      "detailMessage": "'java.lang.String org.apache.thrift.TSerializer.toString(org.apache.thrift.TBase, java.lang.String)'",
      "stackTrace": "com.uber.cadence.converter.TBaseTypeAdapterFactory$1.write(TBaseTypeAdapterFactory.java:52)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.internal.bind.TypeAdapterRuntimeTypeWrapper.write(TypeAdapterRuntimeTypeWrapper.java:69)\ncom.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1.write(ReflectiveTypeAdapterFactory.java:127)\ncom.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.write(ReflectiveTypeAdapterFactory.java:245)\ncom.google.gson.TypeAdapter.toJsonTree(TypeAdapter.java:234)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:93)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:34)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.Gson.toJson(Gson.java:735)\ncom.google.gson.Gson.toJson(Gson.java:714)\ncom.google.gson.Gson.toJson(Gson.java:669)\ncom.google.gson.Gson.toJson(Gson.java:649)\ncom.uber.cadence.converter.JsonDataConverter.toData(JsonDataConverter.java:90)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory.mapToWorkflowExecutionException(POJOWorkflowImplementationFactory.java:374)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory$POJOWorkflowImplementation.execute(POJOWorkflowImplementationFactory.java:275)\ncom.uber.cadence.internal.sync.WorkflowRunnable.run(WorkflowRunnable.java:47)\ncom.uber.cadence.internal.sync.CancellationScopeImpl.run(CancellationScopeImpl.java:102)\ncom.uber.cadence.internal.sync.WorkflowThreadImpl$RunnableWrapper.run(WorkflowThreadImpl.java:99)\njava.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)\njava.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\njava.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\njava.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\njava.base/java.lang.Thread.run(Thread.java:829)\n",
      "suppressedExceptions": [],
      "class": "java.lang.NoSuchMethodError"
    },
    "stackTrace": "com.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:102)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:34)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.Gson.toJson(Gson.java:735)\ncom.google.gson.Gson.toJson(Gson.java:714)\ncom.google.gson.Gson.toJson(Gson.java:669)\ncom.google.gson.Gson.toJson(Gson.java:649)\ncom.uber.cadence.converter.JsonDataConverter.toData(JsonDataConverter.java:90)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory.mapToWorkflowExecutionException(POJOWorkflowImplementationFactory.java:374)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory$POJOWorkflowImplementation.execute(POJOWorkflowImplementationFactory.java:275)\ncom.uber.cadence.internal.sync.WorkflowRunnable.run(WorkflowRunnable.java:47)\ncom.uber.cadence.internal.sync.CancellationScopeImpl.run(CancellationScopeImpl.java:102)\ncom.uber.cadence.internal.sync.WorkflowThreadImpl$RunnableWrapper.run(WorkflowThreadImpl.java:99)\njava.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)\njava.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\njava.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\njava.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\njava.base/java.lang.Thread.run(Thread.java:829)\n",
    "suppressedExceptions": [
      {
        "detailMessage": "Failure serializing exception: com.uber.cadence.workflow.ActivityFailureException: ActivityFailureException, ActivityType=\"xxxx",
        "cause": {
          "detailMessage": "'java.lang.String org.apache.thrift.TSerializer.toString(org.apache.thrift.TBase, java.lang.String)'",
          "stackTrace": "com.uber.cadence.converter.TBaseTypeAdapterFactory$1.write(TBaseTypeAdapterFactory.java:52)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.internal.bind.TypeAdapterRuntimeTypeWrapper.write(TypeAdapterRuntimeTypeWrapper.java:69)\ncom.google.gson.internal.bind.ReflectiveTypeAdapterFactory$1.write(ReflectiveTypeAdapterFactory.java:127)\ncom.google.gson.internal.bind.ReflectiveTypeAdapterFactory$Adapter.write(ReflectiveTypeAdapterFactory.java:245)\ncom.google.gson.TypeAdapter.toJsonTree(TypeAdapter.java:234)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:93)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:34)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.Gson.toJson(Gson.java:735)\ncom.google.gson.Gson.toJson(Gson.java:714)\ncom.google.gson.Gson.toJson(Gson.java:669)\ncom.google.gson.Gson.toJson(Gson.java:649)\ncom.uber.cadence.converter.JsonDataConverter.toData(JsonDataConverter.java:90)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory.mapToWorkflowExecutionException(POJOWorkflowImplementationFactory.java:374)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory$POJOWorkflowImplementation.execute(POJOWorkflowImplementationFactory.java:275)\ncom.uber.cadence.internal.sync.WorkflowRunnable.run(WorkflowRunnable.java:47)\ncom.uber.cadence.internal.sync.CancellationScopeImpl.run(CancellationScopeImpl.java:102)\ncom.uber.cadence.internal.sync.WorkflowThreadImpl$RunnableWrapper.run(WorkflowThreadImpl.java:99)\njava.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)\njava.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\njava.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\njava.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\njava.base/java.lang.Thread.run(Thread.java:829)\n",
          "suppressedExceptions": [],
          "class": "java.lang.NoSuchMethodError"
        },
        "stackTrace": "com.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:102)\ncom.uber.cadence.converter.CustomThrowableTypeAdapter.write(CustomThrowableTypeAdapter.java:34)\ncom.google.gson.TypeAdapter$1.write(TypeAdapter.java:191)\ncom.google.gson.Gson.toJson(Gson.java:735)\ncom.google.gson.Gson.toJson(Gson.java:714)\ncom.google.gson.Gson.toJson(Gson.java:669)\ncom.google.gson.Gson.toJson(Gson.java:649)\ncom.uber.cadence.converter.JsonDataConverter.toData(JsonDataConverter.java:90)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory.mapToWorkflowExecutionException(POJOWorkflowImplementationFactory.java:374)\ncom.uber.cadence.internal.sync.POJOWorkflowImplementationFactory$POJOWorkflowImplementation.execute(POJOWorkflowImplementationFactory.java:275)\ncom.uber.cadence.internal.sync.WorkflowRunnable.run(WorkflowRunnable.java:47)\ncom.uber.cadence.internal.sync.CancellationScopeImpl.run(CancellationScopeImpl.java:102)\ncom.uber.cadence.internal.sync.WorkflowThreadImpl$RunnableWrapper.run(WorkflowThreadImpl.java:99)\njava.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)\njava.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)\njava.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)\njava.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)\njava.base/java.lang.Thread.run(Thread.java:829)\n",
        "suppressedExceptions": [
          {
            "detailMessage": "com.cloudera.ApiException: Not Acceptable",
            "cause": {
              "code": 406,
              "responseHeaders": {
                "Content-Type": [
                  "application/json; charset=utf-8"
                ],
                "Date": [
                  "Wed, 27 Sep 2023 15:29:26 GMT"
                ],
                "Content-Length": [
                  "387"
                ],
                "OkHttp-Sent-Millis": [
                  "1695828565000"
                ],
                "OkHttp-Received-Millis": [
                  "1695828566468"
                ]
              },
              "responseBody": "{\"message\":\", cause: [error creating cluster]",
              "detailMessage": "Not Acceptable",
              "cause": null,
              "stackTrace": "sensitive",
              "suppressedExceptions": [],
              "class": "com.cloudera.ApiException"
            },
            "stackTrace": "sensitive",
            "suppressedExceptions": [],
            "class": "com.cloudera.ApiException"
          }
        ],
        "class": "com.uber.cadence.converter.DataConverterException"
      }
    ],
    "class": "com.uber.cadence.converter.DataConverterException"
  },
  "decisionTaskCompletedEventId": 13
}

votez avatar Sep 27 '23 15:09 votez

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Sep 27 '23 15:09 CLAassistant

Hi @votez , thanks for the update thrift dependecies change. We are getting ClientVersionNotSupportedError, could you kindly check unit test logs.

abhishekj720 avatar Sep 27 '23 19:09 abhishekj720

Hi @votez , thanks for the update thrift dependecies change. We are getting ClientVersionNotSupportedError, could you kindly check unit test logs.

I updated now the build pipeline to compile with Thrift 0.19.0 (was using the old one). Please re-run the PR build. @abhishekj720

votez avatar Sep 28 '23 12:09 votez

Pull Request Test Coverage Report for Build 2012

  • 4 of 6 (66.67%) changed or added relevant lines in 2 files are covered.
  • 1 unchanged line in 1 file lost coverage.
  • Overall coverage decreased (-0.009%) to 60.187%
Changes Missing Coverage Covered Lines Changed/Added Lines %
src/main/java/com/uber/cadence/internal/common/InternalUtils.java 3 5 60.0%
<!-- Total: 4 6
Files with Coverage Reduction New Missed Lines %
src/main/java/com/uber/cadence/internal/sync/WorkflowThreadContext.java 1 82.46%
<!-- Total: 1
Totals Coverage Status
Change from base Build 2011: -0.009%
Covered Lines: 11335
Relevant Lines: 18833
💛 - Coveralls

coveralls avatar Sep 28 '23 13:09 coveralls

Hi team, I asked a question regarding some info can not be found in the exception here https://uber-cadence.slack.com/archives/CL22WDF70/p1706035482907549, could that be fixed by this PR?

grace303303 avatar Jan 23 '24 19:01 grace303303