From a4098a1b07d7266a0316743eaf2cf3d0f4d7e24e Mon Sep 17 00:00:00 2001 From: Zan Niu Date: Fri, 31 Jan 2025 08:03:33 +0000 Subject: [PATCH 1/2] Fix CVE caused by jetty-http introduced in spark-core Signed-off-by: Zan Niu --- build.gradle | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index a4c1aa61..829dbdb0 100644 --- a/build.gradle +++ b/build.gradle @@ -224,7 +224,8 @@ task addSparkJar(type: Copy) { } // Remove the unwanted directory from jar B delete file("${jarBContents}/org/apache/spark/unused") - + delete file("${jarBContents}/org/sparkproject/jetty/http") + delete file("${jarBContents}/META-INF/maven/org.eclipse.jetty/jetty-http") // Re-compress jar B ant.zip(destfile: jarB, baseDir: jarBContents) From e09a64b66b3a836dd74dbfea98f5fb9571278869 Mon Sep 17 00:00:00 2001 From: xinyual Date: Fri, 31 Jan 2025 23:10:42 +0800 Subject: [PATCH 2/2] fix ppl allow list bug Signed-off-by: xinyual --- src/main/java/org/opensearch/agent/tools/PPLTool.java | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/opensearch/agent/tools/PPLTool.java b/src/main/java/org/opensearch/agent/tools/PPLTool.java index 79a6f137..3a88a2d2 100644 --- a/src/main/java/org/opensearch/agent/tools/PPLTool.java +++ b/src/main/java/org/opensearch/agent/tools/PPLTool.java @@ -489,13 +489,14 @@ private String constructTableInfoByPPLResultForSpark(Map schema, StringJoiner tableInfoJoiner = new StringJoiner("\n"); for (String key : sortedKeys) { String line = ""; - if (ALLOWED_FIELDS_TYPE.contains(fieldsToType.get(key))) { + if (ALLOWED_FIELD_TYPE_FOR_SPARK.contains(fieldsToType.get(key))) { line = "- " + key + ": " + fieldsToType.get(key); + if (fieldsToSample.containsKey(key)) { + line += " (" + fieldsToSample.get(key) + ")"; + } + tableInfoJoiner.add(line); } - if (fieldsToSample.containsKey(key)) { - line += " (" + fieldsToSample.get(key) + ")"; - } - tableInfoJoiner.add(line); + } return tableInfoJoiner.toString();