From 09b58e7e8e3d1156529ed7f0fdc5884ff7424887 Mon Sep 17 00:00:00 2001
From: Shuduo Sang <sangshuduo@gmail.com>
Date: Wed, 14 Jul 2021 18:32:43 +0800
Subject: [PATCH] [TD-5259]<fix>: JDBC vulnerable packages. (#6858)

---
 cmake/install.inc                                   |  2 +-
 src/connector/jdbc/CMakeLists.txt                   |  4 ++--
 src/connector/jdbc/pom.xml                          |  6 +++---
 .../comparisonTest/cassandra/cassandratest/pom.xml  |  2 +-
 tests/comparisonTest/opentsdb/opentsdbtest/pom.xml  |  4 ++--
 tests/examples/JDBC/SpringJdbcTemplate/pom.xml      |  2 +-
 tests/examples/JDBC/connectionPools/pom.xml         | 13 +++++++++----
 .../com/taosdata/example/ConnectionPoolDemo.java    |  5 +++--
 .../com/taosdata/example/common/InsertTask.java     |  5 +++--
 tests/examples/JDBC/mybatisplus-demo/pom.xml        |  2 +-
 tests/examples/JDBC/taosdemo/pom.xml                | 12 ++++++------
 .../com/taosdata/taosdemo/TaosDemoApplication.java  |  5 +++--
 .../taosdata/taosdemo/dao/DatabaseMapperImpl.java   |  5 +++--
 .../taosdata/taosdemo/dao/SubTableMapperImpl.java   |  5 +++--
 .../taosdata/taosdemo/dao/SuperTableMapperImpl.java |  5 +++--
 .../com/taosdata/taosdemo/dao/TableMapperImpl.java  |  5 +++--
 .../taosdata/taosdemo/service/SubTableService.java  |  5 +++--
 17 files changed, 50 insertions(+), 37 deletions(-)

diff --git a/cmake/install.inc b/cmake/install.inc
index 30aa801122..fced638966 100755
--- a/cmake/install.inc
+++ b/cmake/install.inc
@@ -32,7 +32,7 @@ ELSEIF (TD_WINDOWS)
   #INSTALL(TARGETS taos RUNTIME DESTINATION driver)
   #INSTALL(TARGETS shell RUNTIME DESTINATION .)
   IF (TD_MVN_INSTALLED)
-    INSTALL(FILES ${LIBRARY_OUTPUT_PATH}/taos-jdbcdriver-2.0.32-dist.jar DESTINATION connector/jdbc)
+    INSTALL(FILES ${LIBRARY_OUTPUT_PATH}/taos-jdbcdriver-*-dist.jar DESTINATION connector/jdbc)
   ENDIF ()
 ELSEIF (TD_DARWIN)
   SET(TD_MAKE_INSTALL_SH "${TD_COMMUNITY_DIR}/packaging/tools/make_install.sh")
diff --git a/src/connector/jdbc/CMakeLists.txt b/src/connector/jdbc/CMakeLists.txt
index 81af0ec144..7791317969 100644
--- a/src/connector/jdbc/CMakeLists.txt
+++ b/src/connector/jdbc/CMakeLists.txt
@@ -8,8 +8,8 @@ IF (TD_MVN_INSTALLED)
   ADD_CUSTOM_COMMAND(OUTPUT ${JDBC_CMD_NAME}
     POST_BUILD
     COMMAND mvn -Dmaven.test.skip=true install -f ${CMAKE_CURRENT_SOURCE_DIR}/pom.xml
-    COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/target/taos-jdbcdriver-2.0.32-dist.jar ${LIBRARY_OUTPUT_PATH}
+    COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/target/taos-jdbcdriver-*-dist.jar ${LIBRARY_OUTPUT_PATH}
     COMMAND mvn -Dmaven.test.skip=true clean -f ${CMAKE_CURRENT_SOURCE_DIR}/pom.xml
     COMMENT "build jdbc driver")
   ADD_CUSTOM_TARGET(${JDBC_TARGET_NAME} ALL WORKING_DIRECTORY ${EXECUTABLE_OUTPUT_PATH} DEPENDS ${JDBC_CMD_NAME})
-ENDIF ()
\ No newline at end of file
+ENDIF ()
diff --git a/src/connector/jdbc/pom.xml b/src/connector/jdbc/pom.xml
index 61d7fb85ef..a1aa41b351 100644
--- a/src/connector/jdbc/pom.xml
+++ b/src/connector/jdbc/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.taosdata.jdbc</groupId>
     <artifactId>taos-jdbcdriver</artifactId>
-    <version>2.0.32</version>
+    <version>2.0.33</version>
     <packaging>jar</packaging>
     <name>JDBCDriver</name>
     <url>https://github.com/taosdata/TDengine/tree/master/src/connector/jdbc</url>
@@ -40,7 +40,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.13</version>
+            <version>4.13.1</version>
             <scope>test</scope>
         </dependency>
         <!-- for restful -->
@@ -57,7 +57,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>29.0-jre</version>
+            <version>30.0-jre</version>
         </dependency>
     </dependencies>
 
diff --git a/tests/comparisonTest/cassandra/cassandratest/pom.xml b/tests/comparisonTest/cassandra/cassandratest/pom.xml
index 8eeb5c3aa0..00630d93d1 100644
--- a/tests/comparisonTest/cassandra/cassandratest/pom.xml
+++ b/tests/comparisonTest/cassandra/cassandratest/pom.xml
@@ -75,7 +75,7 @@
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
-      <version>4.11</version>
+      <version>4.13.1</version>
       <scope>test</scope>
     </dependency>
 
diff --git a/tests/comparisonTest/opentsdb/opentsdbtest/pom.xml b/tests/comparisonTest/opentsdb/opentsdbtest/pom.xml
index e0ada8b763..b55a136c73 100644
--- a/tests/comparisonTest/opentsdb/opentsdbtest/pom.xml
+++ b/tests/comparisonTest/opentsdb/opentsdbtest/pom.xml
@@ -87,14 +87,14 @@
     <dependency>
       <groupId>junit</groupId>
       <artifactId>junit</artifactId>
-      <version>4.11</version>
+      <version>4.13.1</version>
       <scope>test</scope>
     </dependency>
 
     <dependency>
       <groupId>com.google.guava</groupId>
       <artifactId>guava</artifactId>
-      <version>29.0-jre</version>
+      <version>30.0-jre</version>
     </dependency>
 
     <dependency>
diff --git a/tests/examples/JDBC/SpringJdbcTemplate/pom.xml b/tests/examples/JDBC/SpringJdbcTemplate/pom.xml
index 64a91b951b..eac3dec0a9 100644
--- a/tests/examples/JDBC/SpringJdbcTemplate/pom.xml
+++ b/tests/examples/JDBC/SpringJdbcTemplate/pom.xml
@@ -40,7 +40,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.13</version>
+            <version>4.13.1</version>
             <scope>test</scope>
         </dependency>
 
diff --git a/tests/examples/JDBC/connectionPools/pom.xml b/tests/examples/JDBC/connectionPools/pom.xml
index 045e9d336c..34518900ed 100644
--- a/tests/examples/JDBC/connectionPools/pom.xml
+++ b/tests/examples/JDBC/connectionPools/pom.xml
@@ -4,6 +4,11 @@
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
+    <properties>
+     <maven.compiler.source>1.8</maven.compiler.source>
+     <maven.compiler.target>1.8</maven.compiler.target>
+    </properties>
+
     <groupId>com.taosdata.demo</groupId>
     <artifactId>connectionPools</artifactId>
     <version>1.0-SNAPSHOT</version>
@@ -46,9 +51,9 @@
         </dependency>
         <!-- log4j -->
         <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-            <version>1.2.17</version>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>2.14.1</version>
         </dependency>
         <!-- proxool -->
         <dependency>
@@ -108,4 +113,4 @@
         </plugins>
     </build>
 
-</project>
\ No newline at end of file
+</project>
diff --git a/tests/examples/JDBC/connectionPools/src/main/java/com/taosdata/example/ConnectionPoolDemo.java b/tests/examples/JDBC/connectionPools/src/main/java/com/taosdata/example/ConnectionPoolDemo.java
index bd57d138b2..96ad65aa4f 100644
--- a/tests/examples/JDBC/connectionPools/src/main/java/com/taosdata/example/ConnectionPoolDemo.java
+++ b/tests/examples/JDBC/connectionPools/src/main/java/com/taosdata/example/ConnectionPoolDemo.java
@@ -5,7 +5,8 @@ import com.taosdata.example.pool.C3p0Builder;
 import com.taosdata.example.pool.DbcpBuilder;
 import com.taosdata.example.pool.DruidPoolBuilder;
 import com.taosdata.example.pool.HikariCpBuilder;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 
 import javax.sql.DataSource;
 import java.sql.Connection;
@@ -17,7 +18,7 @@ import java.util.concurrent.TimeUnit;
 
 public class ConnectionPoolDemo {
 
-    private static Logger logger = Logger.getLogger(DruidPoolBuilder.class);
+    private static Logger logger = LogManager.getLogger(DruidPoolBuilder.class);
     private static final String dbName = "pool_test";
 
     private static String poolType = "hikari";
diff --git a/tests/examples/JDBC/connectionPools/src/main/java/com/taosdata/example/common/InsertTask.java b/tests/examples/JDBC/connectionPools/src/main/java/com/taosdata/example/common/InsertTask.java
index da7c9a22b5..f8f1555c08 100644
--- a/tests/examples/JDBC/connectionPools/src/main/java/com/taosdata/example/common/InsertTask.java
+++ b/tests/examples/JDBC/connectionPools/src/main/java/com/taosdata/example/common/InsertTask.java
@@ -1,6 +1,7 @@
 package com.taosdata.example.common;
 
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 
 import javax.sql.DataSource;
 import java.sql.Connection;
@@ -10,7 +11,7 @@ import java.util.Random;
 
 public class InsertTask implements Runnable {
     private final Random random = new Random(System.currentTimeMillis());
-    private static final Logger logger = Logger.getLogger(InsertTask.class);
+    private static final Logger logger = LogManager.getLogger(InsertTask.class);
 
     private final DataSource ds;
     private final String dbName;
diff --git a/tests/examples/JDBC/mybatisplus-demo/pom.xml b/tests/examples/JDBC/mybatisplus-demo/pom.xml
index a83d0a00e6..ad6a63e800 100644
--- a/tests/examples/JDBC/mybatisplus-demo/pom.xml
+++ b/tests/examples/JDBC/mybatisplus-demo/pom.xml
@@ -68,7 +68,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.12</version>
+            <version>4.13.1</version>
             <scope>test</scope>
         </dependency>
     </dependencies>
diff --git a/tests/examples/JDBC/taosdemo/pom.xml b/tests/examples/JDBC/taosdemo/pom.xml
index 22c2f3b63e..91b976c2ae 100644
--- a/tests/examples/JDBC/taosdemo/pom.xml
+++ b/tests/examples/JDBC/taosdemo/pom.xml
@@ -4,7 +4,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.taosdata</groupId>
     <artifactId>taosdemo</artifactId>
-    <version>2.0</version>
+    <version>2.0.1</version>
     <name>taosdemo</name>
     <packaging>jar</packaging>
     <description>Demo project for TDengine</description>
@@ -81,20 +81,20 @@
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
-            <version>5.1.47</version>
+            <version>8.0.16</version>
             <scope>test</scope>
         </dependency>
         <!-- log4j -->
         <dependency>
-            <groupId>log4j</groupId>
-            <artifactId>log4j</artifactId>
-            <version>1.2.17</version>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>2.14.1</version>
         </dependency>
         <!-- junit -->
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.12</version>
+            <version>4.13.1</version>
             <scope>test</scope>
         </dependency>
         <!-- lombok -->
diff --git a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/TaosDemoApplication.java b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/TaosDemoApplication.java
index c361df82b0..d4f5ff2688 100644
--- a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/TaosDemoApplication.java
+++ b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/TaosDemoApplication.java
@@ -8,7 +8,8 @@ import com.taosdata.taosdemo.service.SqlExecuteTask;
 import com.taosdata.taosdemo.service.SubTableService;
 import com.taosdata.taosdemo.service.SuperTableService;
 import com.taosdata.taosdemo.service.data.SuperTableMetaGenerator;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 
 import javax.sql.DataSource;
 import java.io.IOException;
@@ -20,7 +21,7 @@ import java.util.Map;
 
 public class TaosDemoApplication {
 
-    private static final Logger logger = Logger.getLogger(TaosDemoApplication.class);
+    private static final Logger logger = LogManager.getLogger(TaosDemoApplication.class);
 
     public static void main(String[] args) throws IOException {
         // 读配置参数
diff --git a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/DatabaseMapperImpl.java b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/DatabaseMapperImpl.java
index 421a2dea1f..9340fc3fdd 100644
--- a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/DatabaseMapperImpl.java
+++ b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/DatabaseMapperImpl.java
@@ -1,14 +1,15 @@
 package com.taosdata.taosdemo.dao;
 
 import com.taosdata.taosdemo.utils.SqlSpeller;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.jdbc.core.JdbcTemplate;
 
 import javax.sql.DataSource;
 import java.util.Map;
 
 public class DatabaseMapperImpl implements DatabaseMapper {
-    private static final Logger logger = Logger.getLogger(DatabaseMapperImpl.class);
+    private static final Logger logger = LogManager.getLogger(DatabaseMapperImpl.class);
 
     private final JdbcTemplate jdbcTemplate;
 
diff --git a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/SubTableMapperImpl.java b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/SubTableMapperImpl.java
index 90b0990a2b..db0d43ff05 100644
--- a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/SubTableMapperImpl.java
+++ b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/SubTableMapperImpl.java
@@ -3,7 +3,8 @@ package com.taosdata.taosdemo.dao;
 import com.taosdata.taosdemo.domain.SubTableMeta;
 import com.taosdata.taosdemo.domain.SubTableValue;
 import com.taosdata.taosdemo.utils.SqlSpeller;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.jdbc.core.JdbcTemplate;
 
 import javax.sql.DataSource;
@@ -11,7 +12,7 @@ import java.util.List;
 
 public class SubTableMapperImpl implements SubTableMapper {
 
-    private static final Logger logger = Logger.getLogger(SubTableMapperImpl.class);
+    private static final Logger logger = LogManager.getLogger(SubTableMapperImpl.class);
     private final JdbcTemplate jdbcTemplate;
 
     public SubTableMapperImpl(DataSource dataSource) {
diff --git a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/SuperTableMapperImpl.java b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/SuperTableMapperImpl.java
index efa9a1f39e..658a403a0c 100644
--- a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/SuperTableMapperImpl.java
+++ b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/SuperTableMapperImpl.java
@@ -2,13 +2,14 @@ package com.taosdata.taosdemo.dao;
 
 import com.taosdata.taosdemo.domain.SuperTableMeta;
 import com.taosdata.taosdemo.utils.SqlSpeller;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.jdbc.core.JdbcTemplate;
 
 import javax.sql.DataSource;
 
 public class SuperTableMapperImpl implements SuperTableMapper {
-    private static final Logger logger = Logger.getLogger(SuperTableMapperImpl.class);
+    private static final Logger logger = LogManager.getLogger(SuperTableMapperImpl.class);
     private JdbcTemplate jdbcTemplate;
 
     public SuperTableMapperImpl(DataSource dataSource) {
diff --git a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/TableMapperImpl.java b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/TableMapperImpl.java
index b049fbe197..16bc094848 100644
--- a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/TableMapperImpl.java
+++ b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/dao/TableMapperImpl.java
@@ -3,13 +3,14 @@ package com.taosdata.taosdemo.dao;
 import com.taosdata.taosdemo.domain.TableMeta;
 import com.taosdata.taosdemo.domain.TableValue;
 import com.taosdata.taosdemo.utils.SqlSpeller;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 import org.springframework.jdbc.core.JdbcTemplate;
 
 import java.util.List;
 
 public class TableMapperImpl implements TableMapper {
-    private static final Logger logger = Logger.getLogger(TableMapperImpl.class);
+    private static final Logger logger = LogManager.getLogger(TableMapperImpl.class);
     private JdbcTemplate template;
 
     @Override
diff --git a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/service/SubTableService.java b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/service/SubTableService.java
index cea98a1c5d..b0a79dea78 100644
--- a/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/service/SubTableService.java
+++ b/tests/examples/JDBC/taosdemo/src/main/java/com/taosdata/taosdemo/service/SubTableService.java
@@ -8,7 +8,8 @@ import com.taosdata.taosdemo.domain.SubTableValue;
 import com.taosdata.taosdemo.domain.SuperTableMeta;
 import com.taosdata.taosdemo.service.data.SubTableMetaGenerator;
 import com.taosdata.taosdemo.service.data.SubTableValueGenerator;
-import org.apache.log4j.Logger;
+import org.apache.logging.log4j.Logger;
+import org.apache.logging.log4j.LogManager;
 
 import javax.sql.DataSource;
 import java.util.ArrayList;
@@ -20,7 +21,7 @@ import java.util.stream.IntStream;
 public class SubTableService extends AbstractService {
 
     private SubTableMapper mapper;
-    private static final Logger logger = Logger.getLogger(SubTableService.class);
+    private static final Logger logger = LogManager.getLogger(SubTableService.class);
 
     public SubTableService(DataSource datasource) {
         this.mapper = new SubTableMapperImpl(datasource);
-- 
GitLab