dendi-wang/thingsboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #6709 from vvlladd28/bug/vulnerabilities/js-msa

Browse Source 
[3.4] UI: Fixed vulnerabilities in msa repositories
This commit is contained in:
Igor Kulikov 2022-06-14 16:10:29 +03:00 committed by GitHub
commit eeada1f494
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 1643 additions and 1767 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
msa/js-executor/package.json
View File

@ -12,20 +12,19 @@
"start-prod": "NODE_ENV=production nodemon server.js" "start-prod": "NODE_ENV=production nodemon server.js"
}, },
"dependencies": { "dependencies": {
"@azure/service-bus": "^1.1.9", "@azure/service-bus": "^7.5.1",
"@google-cloud/pubsub": "^2.5.0", "@google-cloud/pubsub": "^3.0.1",
"amqplib": "^0.6.0", "amqplib": "^0.10.0",
"aws-sdk": "^2.741.0", "aws-sdk": "^2.1152.0",
"azure-sb": "^0.11.1", "config": "^3.3.7",
"config": "^3.3.1", "express": "^4.18.1",
"express": "^4.17.1", "js-yaml": "^4.1.0",
"js-yaml": "^3.14.0", "kafkajs": "^2.0.2",
"kafkajs": "^1.15.0", "long": "^5.2.0",
"long": "^4.0.0",
"uuid-parse": "^1.1.0", "uuid-parse": "^1.1.0",
"uuid-random": "^1.3.2", "uuid-random": "^1.3.2",
"winston": "^3.3.3", "winston": "^3.7.2",
"winston-daily-rotate-file": "^4.5.0" "winston-daily-rotate-file": "^4.7.1"
}, },
"nyc": { "nyc": {
"exclude": [ "exclude": [
@ -36,13 +35,19 @@
] ]
}, },
"devDependencies": { "devDependencies": {
"fs-extra": "^10.0.0", "fs-extra": "^10.1.0",
"nodemon": "^2.0.12", "nodemon": "^2.0.16",
"pkg": "^5.3.1" "pkg": "^5.7.0"
}, },
"pkg": { "pkg": {
"assets": [ "assets": [
"node_modules/config/**/*.*" "node_modules/config/**/*.*"
] ]
},
"resolutions": {
"ansi-regex": "^5.0.1",
"color-string": "^1.5.5",
"minimist": "^1.2.6",
"node-fetch": "^2.6.7"
} }
} }

4
msa/js-executor/pom.xml
View File

@ -71,8 +71,8 @@
<goal>install-node-and-yarn</goal> <goal>install-node-and-yarn</goal>
</goals> </goals>
<configuration> <configuration>
<nodeVersion>v12.16.1</nodeVersion> <nodeVersion>v16.13.1</nodeVersion>
<yarnVersion>v1.22.4</yarnVersion> <yarnVersion>v1.22.17</yarnVersion>
</configuration> </configuration>
</execution> </execution>
<execution> <execution>

53
msa/js-executor/queue/serviceBusTemplate.js
View File

@ -18,8 +18,7 @@
const config = require('config'), const config = require('config'),
JsInvokeMessageProcessor = require('../api/jsInvokeMessageProcessor'), JsInvokeMessageProcessor = require('../api/jsInvokeMessageProcessor'),
logger = require('../config/logger')._logger('serviceBusTemplate'); logger = require('../config/logger')._logger('serviceBusTemplate');
const {ServiceBusClient, ReceiveMode} = require("@azure/service-bus"); const {ServiceBusClient, ServiceBusAdministrationClient} = require("@azure/service-bus");
const azure = require('azure-sb');
const requestTopic = config.get('request_topic'); const requestTopic = config.get('request_topic');
const namespaceName = config.get('service_bus.namespace_name'); const namespaceName = config.get('service_bus.namespace_name');
@ -28,7 +27,6 @@ const sasKey = config.get('service_bus.sas_key');
const queueProperties = config.get('service_bus.queue_properties'); const queueProperties = config.get('service_bus.queue_properties');
let sbClient; let sbClient;
let receiverClient;
let receiver; let receiver;
let serviceBusService; let serviceBusService;
@ -61,11 +59,10 @@ function ServiceBusProducer() {
} }
function CustomSender(topic) { function CustomSender(topic) {
this.queueClient = sbClient.createQueueClient(topic); this.sender = sbClient.createSender(topic);
this.sender = this.queueClient.createSender();
this.send = async (message) => { this.send = async (message) => {
return this.sender.send(message); return this.sender.sendMessages(message);
} }
} }
@ -74,8 +71,8 @@ function CustomSender(topic) {
logger.info('Starting ThingsBoard JavaScript Executor Microservice...'); logger.info('Starting ThingsBoard JavaScript Executor Microservice...');
const connectionString = `Endpoint=sb://${namespaceName}.servicebus.windows.net/;SharedAccessKeyName=${sasKeyName};SharedAccessKey=${sasKey}`; const connectionString = `Endpoint=sb://${namespaceName}.servicebus.windows.net/;SharedAccessKeyName=${sasKeyName};SharedAccessKey=${sasKey}`;
sbClient = ServiceBusClient.createFromConnectionString(connectionString); sbClient = new ServiceBusClient(connectionString)
serviceBusService = azure.createServiceBusService(connectionString); serviceBusService = new ServiceBusAdministrationClient(connectionString);
parseQueueProperties(); parseQueueProperties();
@ -84,9 +81,9 @@ function CustomSender(topic) {
if (err) { if (err) {
reject(err); reject(err);
} else { } else {
data.forEach(queue => { for (const queue of data) {
queues.push(queue.QueueName); queues.push(queue.name);
}); }
resolve(); resolve();
} }
}); });
@ -97,8 +94,7 @@ function CustomSender(topic) {
queues.push(requestTopic); queues.push(requestTopic);
} }
receiverClient = sbClient.createQueueClient(requestTopic); receiver = sbClient.createReceiver(requestTopic, {receiveMode: 'peekLock'});
receiver = receiverClient.createReceiver(ReceiveMode.peekLock);
const messageProcessor = new JsInvokeMessageProcessor(new ServiceBusProducer()); const messageProcessor = new JsInvokeMessageProcessor(new ServiceBusProducer());
@ -111,18 +107,18 @@ function CustomSender(topic) {
const errorHandler = (error) => { const errorHandler = (error) => {
logger.error('Failed to receive message from queue.', error); logger.error('Failed to receive message from queue.', error);
}; };
receiver.registerMessageHandler(messageHandler, errorHandler); receiver.subscribe({processMessage: messageHandler, processError: errorHandler})
} catch (e) { } catch (e) {
logger.error('Failed to start ThingsBoard JavaScript Executor Microservice: %s', e.message); logger.error('Failed to start ThingsBoard JavaScript Executor Microservice: %s', e.message);
logger.error(e.stack); logger.error(e.stack);
exit(-1); await exit(-1);
} }
})(); })();
async function createQueueIfNotExist(topic) { async function createQueueIfNotExist(topic) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
serviceBusService.createQueueIfNotExists(topic, queueOptions, (err) => { serviceBusService.createQueue(topic, queueOptions, (err) => {
if (err) { if (err && err.code !== "MessageEntityAlreadyExistsError") {
reject(err); reject(err);
} else { } else {
resolve(); resolve();
@ -139,10 +135,10 @@ function parseQueueProperties() {
properties[p.substring(0, delimiterPosition)] = p.substring(delimiterPosition + 1); properties[p.substring(0, delimiterPosition)] = p.substring(delimiterPosition + 1);
}); });
queueOptions = { queueOptions = {
DuplicateDetection: 'false', requiresDuplicateDetection: false,
MaxSizeInMegabytes: properties['maxSizeInMb'], maxSizeInMegabytes: properties['maxSizeInMb'],
DefaultMessageTimeToLive: `PT${properties['messageTimeToLiveInSec']}S`, defaultMessageTimeToLive: `PT${properties['messageTimeToLiveInSec']}S`,
LockDuration: `PT${properties['lockDurationInSec']}S` lockDuration: `PT${properties['lockDurationInSec']}S`
}; };
} }
@ -161,24 +157,11 @@ async function exit(status) {
} }
} }
if (receiverClient) {
try {
await receiverClient.close();
} catch (e) {
}
}
senderMap.forEach((k, v) => { senderMap.forEach((k, v) => {
try { try {
v.sender.close(); v.sender.close();
} catch (e) { } catch (e) {
}
try {
v.queueClient.close();
} catch (e) {
} }
}); });
@ -191,4 +174,4 @@ async function exit(status) {
} }
logger.info('Azure Service Bus resources stopped.') logger.info('Azure Service Bus resources stopped.')
process.exit(status); process.exit(status);
} }

2331
msa/js-executor/yarn.lock
View File

File diff suppressed because it is too large Load Diff

21
msa/web-ui/package.json
View File

@ -13,14 +13,14 @@
}, },
"dependencies": { "dependencies": {
"compression": "^1.7.4", "compression": "^1.7.4",
"config": "^3.3.1", "config": "^3.3.7",
"connect-history-api-fallback": "^1.6.0", "connect-history-api-fallback": "^1.6.0",
"express": "^4.17.1", "express": "^4.18.1",
"http": "0.0.0", "http": "0.0.0",
"http-proxy": "^1.18.1", "http-proxy": "^1.18.1",
"js-yaml": "^3.14.0", "js-yaml": "^4.1.0",
"winston": "^3.3.3", "winston": "^3.7.2",
"winston-daily-rotate-file": "^4.5.0" "winston-daily-rotate-file": "^4.7.1"
}, },
"nyc": { "nyc": {
"exclude": [ "exclude": [
@ -31,13 +31,18 @@
] ]
}, },
"devDependencies": { "devDependencies": {
"fs-extra": "^10.0.0", "fs-extra": "^10.1.0",
"nodemon": "^2.0.12", "nodemon": "^2.0.16",
"pkg": "^5.3.1" "pkg": "^5.7.0"
}, },
"pkg": { "pkg": {
"assets": [ "assets": [
"node_modules/config/**/*.*" "node_modules/config/**/*.*"
] ]
},
"resolutions": {
"color-string": "^1.5.5",
"follow-redirects": "^1.14.8",
"minimist": "^1.2.6"
} }
} }

4
msa/web-ui/pom.xml
View File

@ -80,8 +80,8 @@
<goal>install-node-and-yarn</goal> <goal>install-node-and-yarn</goal>
</goals> </goals>
<configuration> <configuration>
<nodeVersion>v12.16.1</nodeVersion> <nodeVersion>v16.13.1</nodeVersion>
<yarnVersion>v1.22.4</yarnVersion> <yarnVersion>v1.22.17</yarnVersion>
</configuration> </configuration>
</execution> </execution>
<execution> <execution>

962
msa/web-ui/yarn.lock
View File

File diff suppressed because it is too large Load Diff