datageartech / datagear Goto Github PK
View Code? Open in Web Editor NEW数据可视化分析平台,自由制作任何您想要的数据看板
Home Page: http://www.datagear.tech
License: GNU Lesser General Public License v3.0
数据可视化分析平台,自由制作任何您想要的数据看板
Home Page: http://www.datagear.tech
License: GNU Lesser General Public License v3.0
What is the format of the JSON request body of the Graphql request ? I can not find the usage in the documentation. Please show me an example! Thank you !
便于将该平台集成至统一认证平台。
你好作者,你得作品很棒,让我很想去看懂源码,但是好像和常用的架构不太一样,让我疑惑是不是用了定制的框架,或者要是能有一个项目的技术栈,架构图,这将对了解项目有很大的帮助
grafana是支持prometheus的,你们不支持?
本地开发的看板,到服务器部署时,如果不全量覆盖,所有的ID都要修改,这是个很痛苦的过程。能优化这个逻辑吗?
你好,
请问箱型图的数据集如何定义?
定义方式和Echarts有很大区别,能举个例子吗
尊敬的开发您好:
我们现在想基于您的平台,做一个内部不商用的数据展示平台。要求是有上传、编辑图表功能
我看完了文档,没看到可以外部调用的API(如Java访问对应端口,传递看板IDxxxx
,得到此看板的对应数据,然后可以调用替换接口,传递图表IDyyyyy
,将看板的指定图表设置为新传入的yyyy
,进而实现使用 Java 替换看板内容)
如果有的话,可以麻烦您指点位置吗?
或者请问有开发此类接口的计划吗?
感谢🙏
Hey there!
I belong to an open source security research community, and a member (@Firebasky) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
是否支持国产数据库 例如达梦 优炫等数据库
提示缺少很多张表
现象描述:无法显示出hive的表
安装环境:java1.8,win10
(1)Hive是CDH6.0.0的版本,hive-common-2.1.1,驱动是从Cloudera官网下载的HiveJDBC-2.6.19.1022中的ClouderaHiveJDBC42-2.6.19.1022,驱动包为HiveJDBC42.jar,使用的类名为com.cloudera.hive.jdbc.HS2Driver
(2)确定驱动包是上传成功的
(3)配置好数据驱动后,点击测试,测试通过,点击数据源,无法显示出数据库的表(有几率报错:无法解析表结构)
(4)在数据源中无法显示表,但是在数据集中可以通过sql查询到表
(5)在看板中也能正常显示
RT
DevTools failed to load SourceMap: Could not load content for http://127.0.0.1:50401/static/script/DataTables-1.10.18/pdfmake.min.js.map: HTTP error: status code 404, net::ERR_HTTP_RESPONSE_CODE_FAILURE
java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:122)
at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt(AesBytesEncryptor.java:123)
at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt(HexEncodingTextEncryptor.java:39)
at org.datagear.web.util.DashboardSharePasswordCryptoImpl.encrypt(DashboardSharePasswordCryptoImpl.java:59)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.update(DashboardShareSetServiceImpl.java:80)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.update(DashboardShareSetServiceImpl.java:24)
at org.datagear.management.service.impl.AbstractMybatisService.update(AbstractMybatisService.java:149)
at org.datagear.management.service.impl.AbstractMybatisEntityService.update(AbstractMybatisEntityService.java:105)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.save(DashboardShareSetServiceImpl.java:63)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl$$FastClassBySpringCGLIB$$e857b093.invoke()
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl$$EnhancerBySpringCGLIB$$18c41159.save()
at org.datagear.web.controller.DashboardController.saveShareSet(DashboardController.java:991)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:665)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.datagear.web.security.AnonymousAuthenticationFilterExt.doFilter(AnonymousAuthenticationFilterExt.java:94)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:102)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:93)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:219)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:213)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.datagear.web.security.LoginLatchFilter.doFilter(LoginLatchFilter.java:122)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.InvalidKeyException: No installed provider supports this key: javax.crypto.spec.SecretKeySpec
at javax.crypto.Cipher.chooseProvider(Cipher.java:893)
at javax.crypto.Cipher.init(Cipher.java:1396)
at javax.crypto.Cipher.init(Cipher.java:1327)
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:115)
... 121 more
Hi, In /datagear-web,there is a dependency org.springframework.security:spring-security-web:5.6.2 that calls the risk method.
The scope of this CVE affected version is [5.6.0, 5.6.9) [5.7.0, 5.7.5)
After further analysis, in this project, the main Api called is org.springframework.security.web.access.intercept.AuthorizationFilter: doFilterInternal(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,javax.servlet.FilterChain)V
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 4
CVE Bug Invocation Path :
org.datagear.web.security.AnonymousAuthenticationFilterExt: doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)V /.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.6.6/spring-boot-autoconfigure-2.6.6.jar
org.springframework.security.web.FilterChainProxy$VirtualFilterChain: doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse)V /.m2/repository/org/springframework/security/spring-security-web/5.6.2/spring-security-web-5.6.2.jar
org.springframework.web.filter.OncePerRequestFilter: doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)V /.m2/repository/org/springframework/boot/spring-boot-autoconfigure/2.6.6/spring-boot-autoconfigure-2.6.6.jar
org.springframework.security.web.access.intercept.AuthorizationFilter: doFilterInternal(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,javax.servlet.FilterChain)V
Dependency tree--
[INFO] org.datagear:datagear-web:war:4.5.0
[INFO] +- org.datagear:datagear-persistence:jar:4.5.0:compile
[INFO] | +- org.datagear:datagear-meta:jar:4.5.0:compile
[INFO] | +- org.springframework:spring-expression:jar:5.3.18:compile
[INFO] | \- commons-codec:commons-codec:jar:1.15:compile
[INFO] +- org.datagear:datagear-management:jar:4.5.0:compile
[INFO] | +- org.datagear:datagear-connection:jar:4.5.0:compile
[INFO] | +- org.mybatis:mybatis:jar:3.3.1:compile
[INFO] | +- org.mybatis:mybatis-spring:jar:1.3.1:compile
[INFO] | +- org.springframework:spring-tx:jar:5.3.18:compile
[INFO] | \- org.springframework:spring-context:jar:5.3.18:compile
[INFO] +- org.datagear:datagear-dataexchange:jar:4.5.0:compile
[INFO] | +- org.apache.commons:commons-csv:jar:1.9.0:compile
[INFO] | +- org.apache.poi:poi:jar:4.1.2:compile
[INFO] | | +- org.apache.commons:commons-collections4:jar:4.4:compile
[INFO] | | +- org.apache.commons:commons-math3:jar:3.6.1:compile
[INFO] | | \- com.zaxxer:SparseBitSet:jar:1.2:compile
[INFO] | +- org.apache.poi:poi-ooxml:jar:4.1.2:compile
[INFO] | | +- org.apache.poi:poi-ooxml-schemas:jar:4.1.2:compile
[INFO] | | | \- org.apache.xmlbeans:xmlbeans:jar:3.1.0:compile
[INFO] | | +- org.apache.commons:commons-compress:jar:1.19:compile
[INFO] | | \- com.github.virtuald:curvesapi:jar:1.06:compile
[INFO] | \- org.glassfish:javax.json:jar:1.1.4:compile
[INFO] +- org.datagear:datagear-analysis:jar:4.5.0:compile
[INFO] | +- org.freemarker:freemarker:jar:2.3.31:compile
[INFO] | +- org.apache.httpcomponents.client5:httpclient5:jar:5.1.3:compile
[INFO] | | +- org.apache.httpcomponents.core5:httpcore5:jar:5.1.3:compile
[INFO] | | \- org.apache.httpcomponents.core5:httpcore5-h2:jar:5.1.3:compile
[INFO] | \- com.jayway.jsonpath:json-path:jar:2.6.0:compile
[INFO] | \- net.minidev:json-smart:jar:2.4.8:compile
[INFO] | \- net.minidev:accessors-smart:jar:2.4.8:compile
[INFO] | \- org.ow2.asm:asm:jar:9.1:compile
[INFO] +- org.datagear:datagear-util:jar:4.5.0:compile
[INFO] +- javax.servlet:javax.servlet-api:jar:4.0.1:provided
[INFO] +- org.springframework.boot:spring-boot-starter:jar:2.6.6:compile
[INFO] | +- org.springframework.boot:spring-boot:jar:2.6.6:compile
[INFO] | +- org.springframework.boot:spring-boot-autoconfigure:jar:2.6.6:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-logging:jar:2.6.6:compile
[INFO] | | +- ch.qos.logback:logback-classic:jar:1.2.11:compile
[INFO] | | | \- ch.qos.logback:logback-core:jar:1.2.11:compile
[INFO] | | +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.17.2:compile
[INFO] | | | \- org.apache.logging.log4j:log4j-api:jar:2.17.2:compile
[INFO] | | \- org.slf4j:jul-to-slf4j:jar:1.7.36:compile
[INFO] | +- jakarta.annotation:jakarta.annotation-api:jar:1.3.5:compile
[INFO] | +- org.springframework:spring-core:jar:5.3.18:compile
[INFO] | | \- org.springframework:spring-jcl:jar:5.3.18:compile
[INFO] | \- org.yaml:snakeyaml:jar:1.29:compile
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.6.6:compile
[INFO] | +- org.springframework.boot:spring-boot-starter-json:jar:2.6.6:compile
[INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.13.2:compile
[INFO] | | +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.13.2:compile
[INFO] | | \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.13.2:compile
[INFO] | +- org.springframework:spring-web:jar:5.3.18:compile
[INFO] | \- org.springframework:spring-webmvc:jar:5.3.18:compile
[INFO] +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.6.6:provided
[INFO] | +- org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.60:provided
[INFO] | +- org.apache.tomcat.embed:tomcat-embed-el:jar:9.0.60:compile
[INFO] | \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:9.0.60:provided
[INFO] +- org.springframework.boot:spring-boot-starter-freemarker:jar:2.6.6:compile
[INFO] | \- org.springframework:spring-context-support:jar:5.3.18:compile
[INFO] +- org.springframework.boot:spring-boot-starter-security:jar:2.6.6:compile
[INFO] | +- org.springframework:spring-aop:jar:5.3.18:compile
[INFO] | +- org.springframework.security:spring-security-config:jar:5.6.2:compile
[INFO] | | \- org.springframework.security:spring-security-core:jar:5.6.2:compile
[INFO] | | \- org.springframework.security:spring-security-crypto:jar:5.6.2:compile
[INFO] | \- org.springframework.security:spring-security-web:jar:5.6.2:compile
[INFO] +- org.springframework.boot:spring-boot-starter-validation:jar:2.6.6:compile
[INFO] | \- org.hibernate.validator:hibernate-validator:jar:6.2.3.Final:compile
[INFO] | +- jakarta.validation:jakarta.validation-api:jar:2.0.2:compile
[INFO] | +- org.jboss.logging:jboss-logging:jar:3.4.3.Final:compile
[INFO] | \- com.fasterxml:classmate:jar:1.5.1:compile
[INFO] +- com.github.ben-manes.caffeine:caffeine:jar:2.9.3:compile
[INFO] | +- org.checkerframework:checker-qual:jar:3.19.0:compile
[INFO] | \- com.google.errorprone:error_prone_annotations:jar:2.10.0:compile
[INFO] +- org.springframework:spring-jdbc:jar:5.3.18:compile
[INFO] | \- org.springframework:spring-beans:jar:5.3.18:compile
[INFO] +- org.aspectj:aspectjweaver:jar:1.9.7:runtime
[INFO] +- com.fasterxml.jackson.core:jackson-databind:jar:2.13.2.2:compile
[INFO] | +- com.fasterxml.jackson.core:jackson-annotations:jar:2.13.2:compile
[INFO] | \- com.fasterxml.jackson.core:jackson-core:jar:2.13.2:compile
[INFO] +- org.apache.derby:derby:jar:10.14.2.0:compile
[INFO] +- org.apache.commons:commons-dbcp2:jar:2.9.0:compile
[INFO] | \- org.apache.commons:commons-pool2:jar:2.11.1:compile
[INFO] +- commons-fileupload:commons-fileupload:jar:1.4:compile
[INFO] | \- commons-io:commons-io:jar:2.2:compile
[INFO] +- org.quartz-scheduler:quartz:jar:2.3.2:compile
[INFO] | \- com.mchange:mchange-commons-java:jar:0.2.15:compile
[INFO] +- org.springframework.boot:spring-boot-devtools:jar:2.6.6:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.36:compile
[INFO] +- org.hamcrest:hamcrest:jar:2.2:test
[INFO] +- org.hamcrest:hamcrest-library:jar:2.2:test
[INFO] | \- org.hamcrest:hamcrest-core:jar:2.2:test
[INFO] +- junit:junit:jar:4.13.2:test
[INFO] \- mysql:mysql-connector-java:jar:8.0.28:test
Suggested solutions:
Update dependency version
Thank you very much.
java.lang.IllegalArgumentException: Unable to initialize due to invalid secret key
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:122)
at org.springframework.security.crypto.encrypt.AesBytesEncryptor.encrypt(AesBytesEncryptor.java:123)
at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.encrypt(HexEncodingTextEncryptor.java:39)
at org.datagear.web.util.DashboardSharePasswordCryptoImpl.encrypt(DashboardSharePasswordCryptoImpl.java:59)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.update(DashboardShareSetServiceImpl.java:80)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.update(DashboardShareSetServiceImpl.java:24)
at org.datagear.management.service.impl.AbstractMybatisService.update(AbstractMybatisService.java:149)
at org.datagear.management.service.impl.AbstractMybatisEntityService.update(AbstractMybatisEntityService.java:105)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl.save(DashboardShareSetServiceImpl.java:63)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl$$FastClassBySpringCGLIB$$e857b093.invoke()
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:783)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698)
at org.datagear.management.service.impl.DashboardShareSetServiceImpl$$EnhancerBySpringCGLIB$$18c41159.save()
at org.datagear.web.controller.DashboardController.saveShareSet(DashboardController.java:991)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:665)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:122)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.datagear.web.security.AnonymousAuthenticationFilterExt.doFilter(AnonymousAuthenticationFilterExt.java:94)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:102)
at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:93)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:219)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:213)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.datagear.web.security.LoginLatchFilter.doFilter(LoginLatchFilter.java:122)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:889)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.InvalidKeyException: No installed provider supports this key: javax.crypto.spec.SecretKeySpec
at javax.crypto.Cipher.chooseProvider(Cipher.java:893)
at javax.crypto.Cipher.init(Cipher.java:1396)
at javax.crypto.Cipher.init(Cipher.java:1327)
at org.springframework.security.crypto.encrypt.CipherUtils.initCipher(CipherUtils.java:115)
... 121 more
Hi, In datagear/datagear-dataexchange,there is a dependency org.apache.poi:poi-ooxml:3.17 that calls the risk method.
The scope of this CVE affected version is [,4.1.0)
After further analysis, in this project, the main Api called is <org.apache.poi.xssf.streaming.SXSSFCell: void setCellValue(java.lang.String)>
Risk method repair link : GitHub
CVE Bug Invocation Path--
Path Length : 2
<org.apache.poi.xssf.streaming.SXSSFCell: void setCellValue(java.lang.String)>
at <org.datagear.dataexchange.support.ExcelDataExportService: void writeRecords(org.datagear.dataexchange.support.ExcelDataExport,java.sql.Connection,java.util.List,java.sql.ResultSet,java.io.OutputStream,org.datagear.dataexchange.support.ExcelDataExportService$ExcelDataExportContext)> (org.datagear.dataexchange.support.ExcelDataExportService.java:[131]) in /detect/unzip/datagear-master/datagear-dataexchange/target/classes
Dependency tree--
[INFO] org.datagear:datagear-dataexchange:jar:2.2.0
[INFO] +- org.datagear:datagear-util:jar:2.2.0:compile
[INFO] +- org.datagear:datagear-persistence:jar:2.2.0:compile
[INFO] | +- org.datagear:datagear-meta:jar:2.2.0:compile
[INFO] | | \- org.datagear:datagear-connection:jar:2.2.0:compile
[INFO] | | +- org.apache.commons:commons-dbcp2:jar:2.7.0:compile
[INFO] | | | \- org.apache.commons:commons-pool2:jar:2.8.1:compile
[INFO] | | \- com.google.guava:guava:jar:28.2-jre:compile
[INFO] | | +- com.google.guava:failureaccess:jar:1.0.1:compile
[INFO] | | +- com.google.guava:listenablefuture:jar:9999.0-empty-to-avoid-conflict-with-guava:compile
[INFO] | | +- com.google.code.findbugs:jsr305:jar:3.0.2:compile
[INFO] | | +- org.checkerframework:checker-qual:jar:2.10.0:compile
[INFO] | | +- com.google.errorprone:error_prone_annotations:jar:2.3.4:compile
[INFO] | | \- com.google.j2objc:j2objc-annotations:jar:1.3:compile
[INFO] | +- org.springframework:spring-expression:jar:5.2.11.RELEASE:compile
[INFO] | | \- org.springframework:spring-core:jar:5.2.11.RELEASE:compile
[INFO] | | \- org.springframework:spring-jcl:jar:5.2.11.RELEASE:compile
[INFO] | \- commons-codec:commons-codec:jar:1.14:compile
[INFO] +- org.apache.commons:commons-csv:jar:1.4:compile
[INFO] +- org.apache.poi:poi:jar:3.17:compile
[INFO] | \- org.apache.commons:commons-collections4:jar:4.1:compile
[INFO] +- org.apache.poi:poi-ooxml:jar:3.17:compile
[INFO] | +- org.apache.poi:poi-ooxml-schemas:jar:3.17:compile
[INFO] | | \- org.apache.xmlbeans:xmlbeans:jar:2.6.0:compile
[INFO] | | \- stax:stax-api:jar:1.0.1:compile
[INFO] | \- com.github.virtuald:curvesapi:jar:1.04:compile
[INFO] +- org.glassfish:javax.json:jar:1.0.4:compile
[INFO] +- org.slf4j:slf4j-api:jar:1.7.30:compile
Suggested solutions:
Update dependency version
Thank you very much.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.