Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes to make clone method final to increase security #23916

Merged
merged 1 commit into from
Nov 6, 2024
Merged

Changes to make clone method final to increase security #23916

merged 1 commit into from
Nov 6, 2024
+2 −2

Conversation

bibith4
Copy link
Contributor

@bibith4 bibith4 commented Oct 30, 2024
edited
Loading

Description

Improve Cloneable interface by making clone method final to increase security
Made the changes in
presto-main/src/main/java/com/facebook/presto/operator/aggregation/differentialentropy/WeightedDoubleReservoirSample.java:110
presto-main/src/main/java/com/facebook/presto/operator/aggregation/differentialentropy/UnweightedDoubleReservoirSample.java:124

Motivation and Context

All classes implementing the Cloneable interface must have a final clone() method. A class with a clone() method that is not declared final allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state.

Impact

no impact

Test Plan

Verified existing Unit test case for above fix :
(1) presto-main/src/test/java/com/facebook/presto/operator/aggregation/differentialentropy/TestWeightedDoubleReservoirSample.java
(2) presto-main/src/test/java/com/facebook/presto/operator/aggregation/differentialentropy/TestUnweightedDoubleReservoirSample.java

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== NO RELEASE NOTE ==

@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Oct 30, 2024
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@bibith4 bibith4 force-pushed the static_cve_fix_clone_final branch 6 times, most recently from 2603304 to be2b280 Compare October 30, 2024 12:03
@steveburnett
Copy link
Contributor

steveburnett commented Oct 30, 2024
edited
Loading

Nit suggestion for the release note entry to follow the Order of changes in the Release Notes Guidelines. Please edit this suggestion as needed to more accurately describe this PR.

== RELEASE NOTES ==

* Security Changes
Improve Cloneable interface by making clone method final to increase security : pr:`23916`

(note: edited, then realized this had already been responded to. Un-edited to restore comment to original state.)

@bibith4 bibith4 changed the title Changes to make clone methods final for security Changes to make clone method final to increase security Nov 4, 2024
@bibith4 bibith4 marked this pull request as ready for review November 4, 2024 10:49
@bibith4 bibith4 requested a review from a team as a code owner November 4, 2024 10:49
@steveburnett
Copy link
Contributor

Thanks for the release note entry! Nit ! missed earlier, please remove the space between : and pr.

== RELEASE NOTES ==

* Security Changes
Improve cloneable interface by making clone method final to increase security. :pr:`23916`

@bibith4
Copy link
Contributor Author

bibith4 commented Nov 4, 2024

Thanks for the release note entry! Nit ! missed earlier, please remove the space between : and pr.

== RELEASE NOTES ==

* Security Changes
Improve cloneable interface by making clone method final to increase security. :pr:`23916`

@steveburnett Corrected the message. Please check

@steveburnett
Copy link
Contributor

@bibith4 - LGTM, thanks!

@tdcmeehan tdcmeehan self-assigned this Nov 4, 2024
@tdcmeehan
Copy link
Contributor

Does this fix a specific CVE? If not, let's not add this to the release notes--too granular.

@bibith4
Copy link
Contributor Author

bibith4 commented Nov 5, 2024

Does this fix a specific CVE? If not, let's not add this to the release notes--too granular.

@tdcmeehan This change isn't meant to address a specific CVE but to resolve a static scan issue. I have removed the release note from the PR. Please check

@tdcmeehan tdcmeehan merged commit c05a15a into prestodb:master Nov 6, 2024
58 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tdcmeehan tdcmeehan tdcmeehan approved these changes

@presto-oss presto-oss Awaiting requested review from presto-oss presto-oss is a code owner automatically assigned from prestodb/committers

Assignees

@tdcmeehan tdcmeehan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bibith4 @steveburnett @tdcmeehan