Git Product home page Git Product logo

nasa-pds / pds4-jparser Goto Github PK

View Code? Open in Web Editor NEW
3.0 8.0 3.0 35.65 MB

Java Library providing APIs for parsing and exporting information on PDS4 products, including table and image objects to various formats including CSV, PNG, VICAR, FITs, etc.

Home Page: https://nasa-pds.github.io/pds4-jparser/

License: Other

XSLT 0.12% Java 38.16% Shell 0.15% Batchfile 0.10% HTML 61.47%
pds4 nasa nasa-pds

pds4-jparser's Introduction

PDS4 JParser

DOI 🤪 Unstable integration & delivery 😌 Stable integration & delivery

Java library providing APIs for parsing and exporting information on PDS4 table and image objects to various formats including CSV, PNG, Vicar, Fits, etc. The software is packaged in a JAR file.

Please visit the website https://NASA-PDS.github.io/pds4-jparser/ for information on installation, use, operation, and also development of this software.

Looking for a Python library? See the Planetary Data Reader (pdr)

System Requirements

Current software requires:

  • Maven 3

Documentation

The documentation including release notes, installation and operation of the software should be online at https://NASA-PDS.github.io/pds4-jparser/. If it is not accessible, you can execute the "mvn site:run" command and view the documentation locally at http://localhost:8080.

Build

The software can be compiled and built with the "mvn compile" command but in order to create the JAR file, you must execute the "mvn compile jar:jar" command.

In order to create a complete distribution package, execute the following commands:

mvn site
mvn package

Operational Release

Run pre-build software

When new PDS4 Information Model is available, run the following script to download the latest IM and push to git.

$ build/pre-build.sh

pre-build.sh <dev_or_ops> <IM version>
     dev_or_ops - still in dev or released
     IM Version - e.g. 1D00

# For dev release of IM
build/pre-build.sh dev 1E00

For operation release of IM
build/pre-build.sh ops 1E00

Release with ConMan

For internal JPL use, the ConMan software package can be used for releasing software, otherwise the following sections outline how to complete these steps manually.

Manual Release

Note that GitHub Actions are enabled for the repository of this software so that automated SNAPSHOT and stable releases are available. Manual release instructions follow below.

Update Version Numbers

Update pom.xml for the release version or use the Maven Versions Plugin using semantic versioning. For IM release candidates and operational releases, PDS4 JParser will be built and deployed as an operational release and versioned and re-build if needed.

VERSION=1.1.0
mvn versions:set -DnewVersion=$VERSION

Update Changelog

Update Changelog using Changelog Generator. Note: Make sure you set $CHANGELOG_GITHUB_TOKEN in your .bash_profile or use the --token flag.

github_changelog_generator --future-release v$VERSION

Commit Changes

Commit changes using following template commit message:

[RELEASE] PDS4 Java Parser Library v$VERSION

Build and Deploy Software to Sonatype Maven Repo.

mvn clean site deploy -P release

Note: If you have issues with GPG, be sure to make sure you've created your GPG key, sent to server, and have the following in your ~/.m2/settings.xml:

<profiles>
  <profile>
    <activation>
      <activeByDefault>true</activeByDefault>
    </activation>
    <properties>
      <gpg.executable>gpg</gpg.executable>
      <gpg.keyname>KEY_NAME</gpg.keyname>
      <gpg.passphrase>KEY_PASSPHRASE</gpg.passphrase>
    </properties>
  </profile>
</profiles>

Push Tagged Release

git tag v$VERSION
git push --tags

Deploy Site to Github Pages

From cloned repo:

git checkout gh-pages

# Create specific version site
mv target/site $VERSION
rm -fr target

# Sync latest version to ops 
rsync -av $VERSION/* .
git add .
git commit -m "Deploy v$VERSION docs"
git push origin gh-pages

Update Versions For Development

Update pom.xml with the next SNAPSHOT version either manually or using Github Versions Plugin, e.g.:

git checkout main
VERSION=1.16.0-SNAPSHOT
mvn versions:set -DnewVersion=$VERSION
git add pom.xml
git commit -m "Update version for $VERSION development"
git push -u origin main

Complete Release in Github

Currently the process to create more formal release notes and attach Assets is done manually through the Github UI but should eventually be automated via script.

Snapshot Release

  1. Checkout the main branch.

  2. Deploy software to Sonatype Maven repo:

mvn clean site deploy

JAR Dependency Reference

Official Releases

https://search.maven.org/search?q=g:gov.nasa.pds%20AND%20a:pds4-jparser&core=gav

Snapshots

https://oss.sonatype.org/content/repositories/snapshots/gov/nasa/pds/pds4-jparser

If you want to access snapshots, add the following to your ~/.m2/settings.xml:

<profiles>
  <profile>
     <id>allow-snapshots</id>
     <activation><activeByDefault>true</activeByDefault></activation>
     <repositories>
       <repository>
         <id>snapshots-repo</id>
         <url>https://oss.sonatype.org/content/repositories/snapshots</url>
         <releases><enabled>false</enabled></releases>
         <snapshots><enabled>true</enabled></snapshots>
       </repository>
     </repositories>
   </profile>
</profiles>

pds4-jparser's People

Contributors

al-niessner avatar dependabot[bot] avatar hhlee445 avatar jbfaden avatar jordanpadams avatar mcayanan avatar nutjob4life avatar pdsen-ci avatar testpersonal avatar tloubrieu-jpl avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

autoplot weltonvaz jbfaden

pds4-jparser's Issues

[SECURITY] Update constants to use proper types

Vulnerability

Determine if the findings about  results if an integer multiplication being cast to a long are valid, and determine the potential consequences if they are.

File Warning Line Warning Text
pds4-jparser/src/main/java/gov/nasa/arc/pds/tools/util/FileUtils.java 45 Result of integer multiplication cast to long (CWE-190)

Software Version

Current

Update HTTPServletResponse to ensure secure connections

PDS-000001 12/31/18 If possible always use setSecure to set the 'secure' flag on a cookie before adding it to an HttpServletResponse. high preparation/core/src/main/java/gov/nasa/pds/tools/util/Utility.java 96 Failure to use SSL (CWE-311) Failure to use SSL (CWE-311).  Non-SSL connections can be intercepted by third parties. Y Not using secure flag   3 CWE-311 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
preparation/pds4-tools/src/main/java/gov/nasa/pds/label/object/DataObject.java 73 Failure to use SSL (CWE-311) Failure to use SSL (CWE-311).  Non-SSL connections can be intercepted by third parties. Y Not using secure flag   3 CWE-311 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
preparation/pds4-tools/src/main/java/gov/nasa/pds/label/object/DataObject.java 120 Failure to use SSL (CWE-311) Failure to use SSL (CWE-311).  Non-SSL connections can be intercepted by third parties. Y Not using secure flag   3 CWE-311 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
preparation/pds4-tools/src/main/java/gov/nasa/pds/objectAccess/ObjectAccess.java 253 Failure to use SSL (CWE-311) Failure to use SSL (CWE-311).  Non-SSL connections can be intercepted by third parties. Y Not using secure flag   3 CWE-311 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
preparation/pds4-tools/src/main/java/gov/nasa/pds/objectAccess/utility/Utility.java 88 Failure to use SSL (CWE-311) Failure to use SSL (CWE-311).  Non-SSL connections can be intercepted by third parties. Y Not using secure flag   3 CWE-311 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
report/report-manager/src/main/java/gov/nasa/pds/report/logs/pushpull/HttpPull.java 185 Failure to use SSL (CWE-311) Failure to use SSL (CWE-311).  Non-SSL connections can be intercepted by third parties. Y Not using secure flag   3 CWE-311 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
transport/transport-proxy/src/main/java/gov/nasa/pds/portal/product/HTTPAdaptor.java 96 Failure to use SSL (CWE-311) Failure to use SSL (CWE-311).  Non-SSL connections can be intercepted by third parties. Y Not using secure flag   3 CWE-311 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
transport/transport-proxy/src/main/java/gov/nasa/pds/portal/product/HTTPAdaptor.java 147 Failure to use SSL (CWE-311) Failure to use SSL (CWE-311).  Non-SSL connections can be intercepted by third parties. Y Not using secure flag   3 CWE-311 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
transport/transport-proxy/src/main/java/gov/nasa/pds/portal/product/HTTPAdaptor.java 160 Failure to use SSL (CWE-311) Failure to use SSL (CWE-311).  Non-SSL connections can be intercepted by third parties. Y Not using secure flag   3 CWE-311 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
transport/transport-registry/src/main/java/gov/nasa/pds/transport/SearchProductHandler.java 472 Failure to use SSL (CWE-311) Failure to use SSL (CWE-311).  Non-SSL connections can be intercepted by third parties. Y Not using secure flag   3 CWE-311 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
transport/transport-registry/src/main/java/gov/nasa/pds/transport/SearchProductHandler.java 513 Failure to use SSL (CWE-311) Failure to use SSL (CWE-311).  Non-SSL connections can be intercepted by third parties. Y Not using secure flag   3 CWE-311 Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.

Improve exception handling and comments

💡 Description

Per comments on this this PR, there is way too much use of the generic exception in this code, and overuse of core java exceptions that make no sense when applying to PDS (e.g. ArrayIndexOutOfBounds exception should not be used when we are talking about overlapping fields in a PDS array data object).

Additionally, per the comment on PR, could use a comment when some values are very PDS domain specific.

Parse failure for table fields of type ASCII_Numeric_Base16

🐛 Describe the bug

This code in FieldType.java looks wrong:

   ASCII_NUMERIC_BASE16("ASCII_Numeric_Base16", new NumericTextFieldAdapter(), true),

in view of the ASCII_Numeric_Base16 type definitiion.
The NumericTextFieldAdapter includes code like:

    @Override
    public long getLong(byte[] buf, int offset, int length, int startBit, int stopBit) {
        return Long.parseLong(getString(buf, offset, length, startBit, stopBit).trim());
    }

which wil fail (with a java.lang.NumberFormatException) if fed the kind of text expected for Base16.

📜 To Reproduce

Steps to reproduce the behavior:
try to use pds4-jparser to read values from a table with ASCII_Numeric_Base16 data. I have an example data file of this sort, but the provider doesn't want to post it publicly.

📚 Version of Software Used

I'm looking at the source code on master at time of writing, 194b5f9.

Suggested fix

I suggest either to introduce a new RadixTextFieldAdapter for use with ASCII_Numeric_Base16, ASCII_Numeric_Base8 and ASCII_Numeric_Base2 (I have prototyped this and can make a Pull Request on request). Failing that, fall back to the DefaultFieldAdapter for ASCII_Numeric_Base16, as is already done for ASCII_Numeric_Base8 and ASCII_Numeric_Base2.

🦄 Related requirements

⚙️ Engineering Details

NIO Library causes error when trying to build with openJDK 8

Describe the bug
When trying to run mvn test, was getting this error:

java.lang.NoSuchMethodError: java.nio.ByteBuffer.flip()

To Reproduce

mvn test

Proposed solution
See https://stackoverflow.com/questions/61267495/exception-in-thread-main-java-lang-nosuchmethoderror-java-nio-bytebuffer-flip to cast ByteBuffer as Buffer

((Buffer) bb).flip();

Expected behavior
Test completes successfully.

Desktop (please complete the following information):

  • OS: Mac OS
  • Java Version
openjdk version "1.8.0_265"
OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_265-b01)
OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.265-b01, mixed mode)

Update URLUtils to ensure secure connection

Vulnerability

Determine if the findings about SQL queries containing user input that is not sanitized are valid, and determine the potential consequences if they are.

File Warning Line Warning Text Notes
pds4-jparser/src/main/java/gov/nasa/arc/pds/tools/util/URLUtils.java 195 Failure to use SSL (CWE-311) Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
pds4-jparser/src/main/java/gov/nasa/arc/pds/tools/util/URLUtils.java 228 Failure to use SSL (CWE-311) Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.
pds4-jparser/src/main/java/gov/nasa/arc/pds/tools/util/URLUtils.java 286 Failure to use SSL (CWE-311) Try to set secure before addCookie. ssoCookie.setSecure(true) plain text viewing possible if not set.

Software Version

Version

[SECURITY] Update string comparisons to use .equals instead of ==

Vulnerability

Determine if the findings about string object comparison issues do exist and determine the potential consequences if they are.

File Warning Line Warning Text Notes
pds4-jparser/src/main/java/gov/nasa/arc/pds/tools/container/FileMirror.java 37 Reference equality test on strings (CWE-597) Confirm the intention is to compare the object may need to test with .equals
pds4-jparser/src/main/java/gov/nasa/arc/pds/tools/util/FileUtils.java 286 Reference equality test on strings (CWE-597) Confirm the intention is to compare the object may need to test with .equals

NoSuchMethodError: java.nio.ByteBuffer with Java9 Builds

🐛 Describe the bug

Per jetty/jetty.project#3244

Like many other projects (Tomcat, MongoDB, etc.) compiling with JDK 9+ with release 8 produces incorrect bytecode for these ByteBuffer methods:

  • position(int)
  • limit(int) None
  • mark​()
  • reset​()
  • clear()
  • flip()
  • rewind​()

Running a Jetty compiled with JDK 9+ with release 8 in a JDK 8 JVM will produce a NoSuchMethodError.

The solution is to cast the ByteBuffer to Buffer when calling those methods:

((Buffer)byteBuffer).position(0);

Update table reads for large files and improve memory footprints

Is your feature request related to a problem? Please describe.
When validating a Table_Delimited PDS4 product, validate tool takes as much memory as 12 times the size of the data file. This makes difficult to validate products close to the gigabyte (like highgate magnetometer data) as they require to run validate with a large portion of the available memory.

See the following other tickets for more details. Any improvements should be sure the following tickets are also verified as successfully tested.

Debugging this issue I found that most of the memory allocation is in pds4-jparser's gov.nasa.pds.objectAccess.TableReader class, specifically in line 120 which loads the whole data file.
delimitedRecordList = csvReader.readAll();

Describe the solution you'd like
An alternative table delimited read implementation that does not consume so much memory.

Describe alternatives you've considered
Reading the data sequentially using csvReader.readNex(); but the problem of this approach it doesn't consider cases where the current row pointer is reset while reading the file, and that might happen as TableReader declares:
public TableRecord getRecord(int index) throws IllegalArgumentException, IOException public void setCurrentRow(int row)

Additional context
Memory footprint validating a 720MB product:
CurrentFootprint

Memory footprint validating a 720MB product with the alternative described:
ModifiedFootprint

Modifications to TableReader used for the second case:
@@ -65,7 +65,7 @@ public class TableReader {

  •   private List<String[]> delimitedRecordList;

  •   //private List<String[]> delimitedRecordList;

@@ -117,7 +117,7 @@ public class TableReader {

  •                   delimitedRecordList = csvReader.readAll();

  •                   //delimitedRecordList = csvReader.readAll();

@@ -188,7 +188,7 @@ public class TableReader {

  •                   String[] recordValue = delimitedRecordList.get(currentRow-1);

  •                   String[] recordValue = csvReader.readNext();

As a user, I want to read 4D arrays

Checked for duplicates

No - I haven't checked

🧑‍🔬 User Persona(s)

Data Engineer

💪 Motivation

...so that I can have the ability to read and write 4D arrays

📖 Additional Details

No response

Acceptance Criteria

Given a 4D array product
When I perform a read() call
Then I expect to be able to read the object into memory

⚙️ Engineering Details

No response

🎉 I&T

No response

Investigate if PR#63 is appropriate

💡 Description

@msbentley filed a regression in validate that demonstrated a NullPointerException that appeared in validate-2.4 (and 3.0) that wasn't present in 2.3.

@nutjob4life created a pull request that addressed the issue and made the exception go away. However, he also opined that the fix didn't feel "right" since the code addressed in the PR hasn't really changed in quite some time—and now suddenly it's producing NPEs? 🧐

@jordanpadams requested a new issue for him to go back through the recent and large changes to pds4-jparser and validate and see if there's something else going on—or if PR#63 is indeed appropriate.

Software does not build in Java11 on Windows

🐛 Describe the bug

Project doesn't build due to XJC compilation errors.

📜 To Reproduce

Steps to reproduce the behavior:

git clone [email protected]:NASA-PDS/pds4-jparser.git
cd pds4-jparser
mvn clean package

output:

[xjc] [WARNING] schema_reference.4: Failed to read schema document 'schema-stripped.xsd', because 1) could not find the document; 2) the document
could not be read; 3) the root element of the document is not <xsd:schema>.
[xjc]   line 13 of file:C:%5Cws%5Cgithub%5Cpds4-jparser%5Ctarget%5Cgenerated-sources%5Ctemp%5CPDS4_DISP_1G00.xsd
[xjc]
[xjc] [ERROR] src-resolve: Cannot resolve the name 'pds:ASCII_Integer' to a(n) 'type definition' component.
[xjc]   line 111 of file:C:%5Cws%5Cgithub%5Cpds4-jparser%5Ctarget%5Cgenerated-sources%5Ctemp%5CPDS4_DISP_1G00.xsd
[xjc]
[xjc] [ERROR] src-resolve: Cannot resolve the name 'pds:Units_of_Frame_Rate' to a(n) 'simpleType definition' component.
[xjc]   line 150 of file:C:%5Cws%5Cgithub%5Cpds4-jparser%5Ctarget%5Cgenerated-sources%5Ctemp%5CPDS4_DISP_1G00.xsd
[xjc]
[xjc] [ERROR] src-resolve: Cannot resolve the name 'pds:Units_of_Time' to a(n) 'simpleType definition' component.
[xjc]   line 236 of file:C:%5Cws%5Cgithub%5Cpds4-jparser%5Ctarget%5Cgenerated-sources%5Ctemp%5CPDS4_DISP_1G00.xsd

🕵️ Expected behavior

Builds successfully

📚 Version of Software Used

2.1.0-SNAPSHOT (2021-06-17)

🩺 Test Data / Additional context

🏞Screenshots

🖥 System Info

  • OS: Windows 10
  • JDK 11

🦄 Applicable requirements

N/A

⚙️ Engineering Details

  • removing parent POM reference and adding all that info into the POM appears to work better

SNAPSHOT dependencies in 2.0.0 release

The 2.0.0 release of pds4-jparser contains SNAPSHOT dependencies in its pom.xml. This means that this release can not be built using publicly accessible maven repositories. More importantly, downstream projects that depend on pds4-jparsers:2.0.0 also can not be built using public maven repositories. For example, the current master branch of https://github.com/NASA-PDS/validate.
The two SNAPSHOT dependencies are gov.nasa.jpl.ammos.ids.vicario:vicario:48.0.3-SNAPSHOT and com.opencsv:opencsv:5-4-SNAPSHOT.

Potential fix: Release pds4-jparser:2.0.1 with no SNAPSHOT dependencies.

remove antlr dependency in POM

💡 Description

Eclipse environment is unhappy with registry-api and pds4-jparser because the former uses version 4 (antlr4 technically) and latter references but does not use 3. Removing it from POM makes eclipse happy and not having unused dependencies in the POM makes it more robust.

Fix code scanning alert - Comparison of narrow type with wide type in loop condition

Tracking issue for:

[SECURITY] Migrate to log4j-core / log4j-api

Summary

Per the known vulnerability, we want to upgrade log4j to the latest 2.* version, which would be switching over to using log4j-core and log4-api instead of the current log4j:

Per the POM:

    <dependency>
      <groupId>log4j</groupId>
      <artifactId>log4j</artifactId>
      <version>1.2.16</version>
      <scope>test</scope>
    </dependency>

This is a low priority because the scope when this is used is during the test phase, but we still want to update eventually.

Vulnerability

Describe the vulnerability
Resolves https://github.com/NASA-PDS/pds4-jparser/security/dependabot/1
Resolves https://github.com/NASA-PDS/pds4-jparser/security/dependabot/2
Resolves https://github.com/NASA-PDS/pds4-jparser/security/dependabot/3
Resolves https://github.com/NASA-PDS/pds4-jparser/security/dependabot/4

Software Version

Version
Latest

Fix code scanning alert - Investigate and disable unnecessary parsing of DTDs

PDS-000004 12/31/18 Determine if the findings about the parsing of user-controlled XML documents is valid, and determine the potential consequences if they are. med preparation/pds4-tools/src/main/java/gov/nasa/pds/objectAccess/ObjectAccess.java 163 Resolving XML external entity in user-controlled data (CWE-611) Resolving XML external entity in user-controlled data (CWE-611).  Parsing user-controlled XML documents and allowing expansion of external entity references may lead to disclosure of confidential data or denial of service. Y More research needed, but this couldbe relevant.     CWE-611 The best way to prevent XML External Entity attacks is if possible disable the parsing of any Document Type Declarations (DTDs) in untrusted data. Many XML parsers for Java are a know and easy target for exploitation.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.