Fix CVE-2021-44228

catalog/src/main/java/org/polypheny/db/catalog/CatalogImpl.java

@@ -769,7 +769,7 @@ private void insertDefaultData() throws GenericCatalogException, UnknownUserExce
 
             // Add HTTP interface
             Map<String, String> httpSettings = new HashMap<>();
-            httpSettings.put( "port", "1337" );
+            httpSettings.put( "port", "13137" );
             httpSettings.put( "maxUploadSizeMb", "10000" );
             addQueryInterface( "http", "org.polypheny.db.http.HttpInterface", httpSettings );
         }

core/src/main/java/org/polypheny/db/transaction/Statement.java

@@ -19,6 +19,7 @@
 import org.polypheny.db.adapter.DataContext;
 import org.polypheny.db.information.InformationDuration;
 import org.polypheny.db.prepare.Context;
+import org.polypheny.db.monitoring.events.StatementEvent;
 import org.polypheny.db.processing.QueryProcessor;
 import org.polypheny.db.util.FileInputHandle;
 
@@ -38,6 +39,10 @@ public interface Statement {
 
     InformationDuration getOverviewDuration();
 
+    StatementEvent getMonitoringEvent();
+
+    void setMonitoringEvent( StatementEvent event );
+
     void close();
 
     void registerFileInputHandle( FileInputHandle fileInputHandle );

core/src/main/java/org/polypheny/db/transaction/Transaction.java

@@ -16,14 +16,14 @@
 
 package org.polypheny.db.transaction;
 
+
 import java.util.List;
 import java.util.concurrent.atomic.AtomicBoolean;
 import org.polypheny.db.adapter.Adapter;
 import org.polypheny.db.adapter.java.JavaTypeFactory;
 import org.polypheny.db.catalog.Catalog.QueryLanguage;
 import org.polypheny.db.catalog.entity.CatalogSchema;
 import org.polypheny.db.information.InformationManager;
-import org.polypheny.db.monitoring.events.StatementEvent;
 import org.polypheny.db.prepare.PolyphenyDbCatalogReader;
 import org.polypheny.db.processing.DataMigrator;
 import org.polypheny.db.processing.Processor;
@@ -74,10 +74,6 @@ public interface Transaction {
 
     DataMigrator getDataMigrator();
 
-    StatementEvent getMonitoringEvent();
-
-    void setMonitoringEvent( StatementEvent event );
-
     void setUseCache( boolean useCache );
 
     boolean getUseCache();

dbms/src/main/java/org/polypheny/db/processing/AbstractQueryProcessor.java

@@ -168,7 +168,7 @@ protected AbstractQueryProcessor( Statement statement ) {
 
     @Override
     public void executionTime( String reference, long nanoTime ) {
-        StatementEvent event = statement.getTransaction().getMonitoringEvent();
+        StatementEvent event = statement.getMonitoringEvent();
         if ( reference.equals( event.getLogicalQueryInformation().getQueryClass() ) ) {
             event.setExecutionTime( nanoTime );
         }
@@ -1353,7 +1353,7 @@ private Map<Integer, List<Long>> getAccessedPartitionsPerTableScan( AlgNode alg,
 
     private void prepareMonitoring( Statement statement, AlgRoot logicalRoot, boolean isAnalyze, boolean isSubquery, LogicalQueryInformation queryInformation ) {
         // Initialize Monitoring
-        if ( statement.getTransaction().getMonitoringEvent() == null ) {
+        if ( statement.getMonitoringEvent() == null ) {
             StatementEvent event;
             if ( logicalRoot.kind.belongsTo( Kind.DML ) ) {
                 event = new DmlEvent();
@@ -1367,14 +1367,14 @@ private void prepareMonitoring( Statement statement, AlgRoot logicalRoot, boolea
             event.setAnalyze( isAnalyze );
             event.setSubQuery( isSubquery );
             event.setLogicalQueryInformation( queryInformation );
-            statement.getTransaction().setMonitoringEvent( event );
+            statement.setMonitoringEvent( event );
         }
     }
 
 
     private void monitorResult( ProposedRoutingPlan selectedPlan ) {
-        if ( statement.getTransaction().getMonitoringEvent() != null ) {
-            StatementEvent eventData = statement.getTransaction().getMonitoringEvent();
+        if ( statement.getMonitoringEvent() != null ) {
+            StatementEvent eventData = statement.getMonitoringEvent();
             eventData.setAlgCompareString( selectedPlan.getRoutedRoot().alg.algCompareString() );
             if ( selectedPlan.getPhysicalQueryClass() != null ) {
                 eventData.setPhysicalQueryClass( selectedPlan.getPhysicalQueryClass() );

dbms/src/main/java/org/polypheny/db/routing/RoutingManager.java

@@ -139,6 +139,19 @@ public void restart( Config c ) {
         PLAN_SELECTION_STRATEGY.withUi( routingGroup.getId(), 2 );
 
         configManager.registerConfig( POST_COST_AGGREGATION_ACTIVE );
+        POST_COST_AGGREGATION_ACTIVE.addObserver( new ConfigListener() {
+            @Override
+            public void onConfigChange( Config c ) {
+                String status = c.getBoolean() ? "Enabled" : "Disabled";
+                log.warn( "{} post cost aggregation", status );
+            }
+
+
+            @Override
+            public void restart( Config c ) {
+
+            }
+        } );
         POST_COST_AGGREGATION_ACTIVE.withUi( routingGroup.getId(), 3 );
     }
 

dbms/src/main/java/org/polypheny/db/routing/routers/DmlRouterImpl.java

@@ -596,8 +596,8 @@ else if ( identifiedPartitionForSetValue != -1 ) {
                         accessedPartitionList.add( identPart );
                     }
 
-                    if ( statement.getTransaction().getMonitoringEvent() != null ) {
-                        statement.getTransaction().getMonitoringEvent()
+                    if ( statement.getMonitoringEvent() != null ) {
+                        statement.getMonitoringEvent()
                                 .updateAccessedPartitions(
                                         Collections.singletonMap( catalogTable.id, accessedPartitionList )
                                 );

dbms/src/main/java/org/polypheny/db/transaction/StatementImpl.java

@@ -31,6 +31,7 @@
 import org.polypheny.db.information.InformationManager;
 import org.polypheny.db.information.InformationPage;
 import org.polypheny.db.prepare.ContextImpl;
+import org.polypheny.db.monitoring.events.StatementEvent;
 import org.polypheny.db.processing.DataContextImpl;
 import org.polypheny.db.processing.QueryProcessor;
 import org.polypheny.db.processing.QueryProviderImpl;
@@ -55,6 +56,8 @@ public class StatementImpl implements Statement {
     private InformationDuration overviewDuration;
     private InformationPage executionTimePage;
 
+    private StatementEvent statementEvent;
+
 
     StatementImpl( TransactionImpl transaction ) {
         this.id = STATEMENT_COUNTER.getAndIncrement();
@@ -140,6 +143,18 @@ public InformationDuration getOverviewDuration() {
     }
 
 
+    @Override
+    public StatementEvent getMonitoringEvent() {
+        return this.statementEvent;
+    }
+
+
+    @Override
+    public void setMonitoringEvent( StatementEvent event ) {
+        this.statementEvent = event;
+    }
+
+
     private InformationDuration initDuration( String title, int order ) {
         InformationManager im = transaction.getQueryAnalyzer();
         if ( executionTimePage == null ) {

dbms/src/main/java/org/polypheny/db/transaction/TransactionImpl.java

@@ -86,9 +86,6 @@ public class TransactionImpl implements Transaction, Comparable<Object> {
     @Getter
     private final boolean analyze;
 
-
-    private StatementEvent statementEvent;
-
     private final List<Statement> statements = new ArrayList<>();
 
     private final List<String> changedTables = new ArrayList<>();
@@ -291,18 +288,6 @@ public boolean equals( Object o ) {
     }
 
 
-    @Override
-    public StatementEvent getMonitoringEvent() {
-        return this.statementEvent;
-    }
-
-
-    @Override
-    public void setMonitoringEvent( StatementEvent event ) {
-        this.statementEvent = event;
-    }
-
-
     @Override
     public void setUseCache( boolean useCache ) {
         this.useCache = useCache;

dbms/src/test/java/org/polypheny/db/TestHelper.java

@@ -334,7 +334,7 @@ private static HttpResponse<String> execute( String mql ) {
             request.basicAuth( "pa", "" );
             request.routeParam( "protocol", "http" );
             request.routeParam( "host", "127.0.0.1" );
-            request.routeParam( "port", "1337" );
+            request.routeParam( "port", "13137" );
             return request.asString();
         }
 

gradle.properties

@@ -66,9 +66,9 @@ jsoup_version = 1.11.3
 jsr305_version = 3.0.1
 junit_version = 4.12
 lang_painless_version = 6.2.4
-log4j_api_version = 2.14.0
-log4j_core_version = 2.14.0
-log4j_slf4j_impl_version = 2.14.0
+log4j_api_version = 2.15.0
+log4j_core_version = 2.15.0
+log4j_slf4j_impl_version = 2.15.0
 lombok_version = 6.3.0
 mapdb_version = 3.0.8
 mariadb_version = 2.7.2

http-interface/src/main/java/org/polypheny/db/http/HttpInterface.java

@@ -51,12 +51,12 @@
 public class HttpInterface extends QueryInterface {
 
     @SuppressWarnings("WeakerAccess")
-    public static final String INTERFACE_NAME = "MongoQL Interface";
+    public static final String INTERFACE_NAME = "HTTP Interface";
     @SuppressWarnings("WeakerAccess")
-    public static final String INTERFACE_DESCRIPTION = "MongoQL-based query interface.";
+    public static final String INTERFACE_DESCRIPTION = "HTTP-based query interface, which supports all available languages via specific routes.";
     @SuppressWarnings("WeakerAccess")
     public static final List<QueryInterfaceSetting> AVAILABLE_SETTINGS = ImmutableList.of(
-            new QueryInterfaceSettingInteger( "port", false, true, false, 1337 ),
+            new QueryInterfaceSettingInteger( "port", false, true, false, 13137 ),
             new QueryInterfaceSettingInteger( "maxUploadSizeMb", false, true, true, 10000 )
     );
 
@@ -135,7 +135,7 @@ public void shutdown() {
 
     @Override
     public String getInterfaceType() {
-        return "HttpInterface";
+        return "Http Interface";
     }
 
 

monitoring/src/test/java/org/polypheny/db/monitoring/core/MonitoringQueueImplIntegrationTest.java

@@ -38,7 +38,7 @@ class MonitoringQueueImplIntegrationTest {
     public void queuedEventsAreProcessed() {
         //  -- Arrange --
         // Set background task timer
-        RuntimeConfig.QUEUE_PROCESSING_INTERVAL.setEnum( TaskSchedulingType.EVERY_SECOND_FIXED );
+        RuntimeConfig.QUEUE_PROCESSING_INTERVAL.setEnum( TaskSchedulingType.EVERY_SECOND );
 
         // Initialize mock repository
         TestMapDbRepository repo = new TestMapDbRepository();