search

purecloudlabs / ring-jetty-ws

MIT License
6 stars 2 forks source link

Possibility to upgrade jetty-adapter and jetty-websocket dependencies? #4

Open erkkikeranen opened 5 years ago

erkkikeranen commented 5 years ago

Would it be possible to upgrade the jetty-adapter to 1.7.1 and jetty-websocket dependencies to support 9.4.x?

The current dependencies have some vulnerabities:

jetty-util-9.2.24.v20180105.jar CVE-2017-7656, CVE-2017-7658, CVE-2017-7657, CVE-2017-9735, CVE-2018-12536

websocket-client-9.2.24.v20180105.jar CVE-2017-7656, CVE-2017-7658, CVE-2017-7657, CVE-2017-9735, CVE-2018-12536

I tried to manually force them in my project:

[org.clojure/clojure "1.10.0"]
[ring/ring-jetty-adapter "1.7.1"]

[inin-purecloud/ring-jetty-ws "1.1.0" :exclusions [org.clojure/clojure
                                                                    org.eclipse.jetty.websocket/websocket-server
                                                                    ring/ring-jetty-adapter
                                                                    ]]
[org.eclipse.jetty.websocket/websocket-server "9.4.12.v20180830"]

But faced some issues:

java.lang.IllegalArgumentException: No matching method setStatus found taking 1 args for class org.eclipse.jetty.websocket.servlet.ServletUpgradeResponse
    at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:127)
    at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:102)
    at ring_jetty_ws.ws$update_servlet_response.invokeStatic(ws.clj:90)
    at ring_jetty_ws.ws$update_servlet_response.invoke(ws.clj:86)
    at ring_jetty_ws.ws$create_ws_creator$reify__22937.createWebSocket(ws.clj:109)
    at org.eclipse.jetty.websocket.server.WebSocketServerFactory.acceptWebSocket(WebSocketServerFactory.java:217)
    at org.eclipse.jetty.websocket.server.WebSocketServerFactory.acceptWebSocket(WebSocketServerFactory.java:202)
    at org.eclipse.jetty.websocket.server.WebSocketHandler.handle(WebSocketHandler.java:101)
    at ring_jetty_ws.ws.proxy$org.eclipse.jetty.websocket.server.WebSocketHandler$ff19274a.handle(Unknown Source)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:167)
    at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:102)
    at ring_jetty_ws.ws$create_ws_handler$fn__22943$fn__22946.invoke(ws.clj:123)
    at clojure.core$proxy_call_with_super.invokeStatic(core_proxy.clj:388)
    at clojure.core$proxy_call_with_super.invoke(core_proxy.clj:384)
    at ring_jetty_ws.ws$create_ws_handler$fn__22943.invoke(ws.clj:123)
    at ring_jetty_ws.ws.proxy$org.eclipse.jetty.websocket.server.WebSocketHandler$ff19274a.handle(Unknown Source)
    at org.eclipse.jetty.server.handler.HandlerList.handle(HandlerList.java:61)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
    at org.eclipse.jetty.server.Server.handle(Server.java:503)
    at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364)
    at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
    at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305)
    at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
    at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168)
    at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:132)
    at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765)
    at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683)
    at java.base/java.lang.Thread.run(Thread.java:834)

Anyway, thanks for this great library - it's a perfect fit for our project. Keep up the good work!

MattCheely commented 5 years ago

It might be a while before I can take a look at this, but if you have time to open a PR (even if it's just a tart), I'd be happy to work with you to get it in a good state to merge.

It looks like the setStatus method became setStatusCode: https://www.eclipse.org/jetty/javadoc/9.4.12.v20180830/org/eclipse/jetty/websocket/servlet/ServletUpgradeResponse.html#setStatusCode-int-