Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
apache
SkyWalking
提交
56f2e86a
S
SkyWalking
项目概览
apache
/
SkyWalking
上一次同步 大约 1 年
通知
302
Star
21345
Fork
6091
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
S
SkyWalking
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
未验证
提交
56f2e86a
编写于
6月 05, 2021
作者:
Z
Zhenxu
提交者:
GitHub
6月 05, 2021
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
CVE: upgrade snakeyaml to prevent billion laughs attack in dynamic configuration. (#7071)
上级
971360a7
变更
11
隐藏空白更改
内联
并排
Showing
11 changed file
with
14 addition
and
13 deletion
+14
-13
.github/workflows/ci-it.yaml
.github/workflows/ci-it.yaml
+2
-1
CHANGES.md
CHANGES.md
+1
-0
dist-material/release-docs/LICENSE
dist-material/release-docs/LICENSE
+1
-1
oap-server/analyzer/agent-analyzer/src/main/java/org/apache/skywalking/oap/server/analyzer/provider/trace/TraceLatencyThresholdsAndWatcher.java
...yzer/provider/trace/TraceLatencyThresholdsAndWatcher.java
+3
-3
oap-server/analyzer/agent-analyzer/src/test/java/org/apache/skywalking/oap/server/analyzer/provider/trace/TraceLatencyThresholdsAndWatcherTest.java
.../provider/trace/TraceLatencyThresholdsAndWatcherTest.java
+1
-1
oap-server/pom.xml
oap-server/pom.xml
+1
-1
oap-server/server-configuration/configuration-api/src/main/java/org/apache/skywalking/oap/server/configuration/api/ConfigWatcherRegister.java
...g/oap/server/configuration/api/ConfigWatcherRegister.java
+1
-2
oap-server/server-library/library-util/src/test/java/org/apache/skywalking/oap/server/library/util/PropertyPlaceholderHelperTest.java
...ap/server/library/util/PropertyPlaceholderHelperTest.java
+1
-1
oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/test/java/org/apache/skywalking/oap/server/receiver/envoy/als/k8s/K8SALSServiceMeshHTTPAnalysisTest.java
...iver/envoy/als/k8s/K8SALSServiceMeshHTTPAnalysisTest.java
+1
-1
tools/dependencies/known-oap-backend-dependencies-es7.txt
tools/dependencies/known-oap-backend-dependencies-es7.txt
+1
-1
tools/dependencies/known-oap-backend-dependencies.txt
tools/dependencies/known-oap-backend-dependencies.txt
+1
-1
未找到文件。
.github/workflows/ci-it.yaml
浏览文件 @
56f2e86a
...
...
@@ -111,7 +111,8 @@ jobs:
java-version
:
8
-
name
:
'
Install
&
Test'
if
:
env.SKIP_CI != 'true'
run
:
./mvnw --batch-mode -P"agent,backend,ui,dist" clean verify install
run
:
|
./mvnw --batch-mode -P"agent,backend,ui,dist" clean verify install
CI-on-MacOS
:
...
...
CHANGES.md
浏览文件 @
56f2e86a
...
...
@@ -60,6 +60,7 @@ Release Notes.
*
Add HTTP implementation of logs reporting protocol.
*
Make metrics exporter still work even when storage layer failed.
*
Fix Jetty HTTP
`TRACE`
issue, disable HTTP methods except
`POST`
.
*
CVE: upgrade snakeyaml to prevent
[
billion laughs attack
](
https://en.wikipedia.org/wiki/Billion_laughs#Variations
)
in dynamic configuration.
#### UI
*
Add logo for kong plugin.
...
...
dist-material/release-docs/LICENSE
浏览文件 @
56f2e86a
...
...
@@ -247,7 +247,7 @@ The text of each license is the standard Apache 2.0 license.
securesm 1.1: https://github.com/elastic/securesm/blob/master/pom.xml , Apache 2.0
LMAX Ltd.(disruptor) 3.3.6: https://github.com/LMAX-Exchange/disruptor , Apache 2.0
Eclipse (Jetty) 9.4.40.v20210413: https://www.eclipse.org/jetty/ , Apache 2.0 and Eclipse Public License 1.0
SnakeYAML 1.
1
8: http://www.snakeyaml.org , Apache 2.0
SnakeYAML 1.
2
8: http://www.snakeyaml.org , Apache 2.0
Joda-Time 2.10.5: http://www.joda.org/joda-time/ , Apache 2.0
Joda-Convert 2.2.1: http://www.joda.org/joda-convert/ , Apache 2.0
Spring Framework 4.3.14.RELEASE: https://github.com/spring-projects/spring-framework, Apache 2.0
...
...
oap-server/analyzer/agent-analyzer/src/main/java/org/apache/skywalking/oap/server/analyzer/provider/trace/TraceLatencyThresholdsAndWatcher.java
浏览文件 @
56f2e86a
...
...
@@ -18,7 +18,7 @@
package
org.apache.skywalking.oap.server.analyzer.provider.trace
;
import
java.util.concurrent.atomic.Atomic
Reference
;
import
java.util.concurrent.atomic.Atomic
Integer
;
import
lombok.extern.slf4j.Slf4j
;
import
org.apache.skywalking.oap.server.analyzer.module.AnalyzerModule
;
import
org.apache.skywalking.oap.server.analyzer.provider.AnalyzerModuleConfig
;
...
...
@@ -31,11 +31,11 @@ import org.apache.skywalking.oap.server.library.module.ModuleProvider;
*/
@Slf4j
public
class
TraceLatencyThresholdsAndWatcher
extends
ConfigChangeWatcher
{
private
Atomic
Reference
<
Integer
>
slowTraceSegmentThreshold
;
private
Atomic
Integer
slowTraceSegmentThreshold
;
public
TraceLatencyThresholdsAndWatcher
(
ModuleProvider
provider
)
{
super
(
AnalyzerModule
.
NAME
,
provider
,
"slowTraceSegmentThreshold"
);
slowTraceSegmentThreshold
=
new
Atomic
Reference
<>
();
slowTraceSegmentThreshold
=
new
Atomic
Integer
();
slowTraceSegmentThreshold
.
set
(
getDefaultValue
());
}
...
...
oap-server/analyzer/agent-analyzer/src/test/java/org/apache/skywalking/oap/server/analyzer/provider/trace/TraceLatencyThresholdsAndWatcherTest.java
浏览文件 @
56f2e86a
...
...
@@ -57,7 +57,7 @@ public class TraceLatencyThresholdsAndWatcherTest {
register
.
registerConfigChangeWatcher
(
watcher
);
register
.
start
();
while
(
watcher
.
getSlowTraceSegmentThreshold
()
==
1000
0
)
{
while
(
watcher
.
getSlowTraceSegmentThreshold
()
<
0
)
{
Thread
.
sleep
(
2000
);
}
assertThat
(
watcher
.
getSlowTraceSegmentThreshold
(),
is
(
3000
));
...
...
oap-server/pom.xml
浏览文件 @
56f2e86a
...
...
@@ -57,7 +57,7 @@
<slf4j.version>
1.7.25
</slf4j.version>
<log4j.version>
2.9.0
</log4j.version>
<guava.version>
28.1-jre
</guava.version>
<snakeyaml.version>
1.
1
8
</snakeyaml.version>
<snakeyaml.version>
1.
2
8
</snakeyaml.version>
<graphql-java-tools.version>
5.2.3
</graphql-java-tools.version>
<graphql-java.version>
8.0
</graphql-java.version>
<zookeeper.version>
3.4.10
</zookeeper.version>
...
...
oap-server/server-configuration/configuration-api/src/main/java/org/apache/skywalking/oap/server/configuration/api/ConfigWatcherRegister.java
浏览文件 @
56f2e86a
...
...
@@ -64,7 +64,6 @@ public abstract class ConfigWatcherRegister implements DynamicConfigurationServi
public
void
start
()
{
isStarted
=
true
;
configSync
();
LOGGER
.
info
(
"Current configurations after the bootstrap sync."
+
LINE_SEPARATOR
+
register
.
toString
());
Executors
.
newSingleThreadScheduledExecutor
()
...
...
@@ -72,7 +71,7 @@ public abstract class ConfigWatcherRegister implements DynamicConfigurationServi
new
RunnableWithExceptionProtection
(
this
::
configSync
,
t
->
LOGGER
.
error
(
"Sync config center error."
,
t
)
),
syncPeriod
,
syncPeriod
,
TimeUnit
.
SECONDS
);
),
0
,
syncPeriod
,
TimeUnit
.
SECONDS
);
}
void
configSync
()
{
...
...
oap-server/server-library/library-util/src/test/java/org/apache/skywalking/oap/server/library/util/PropertyPlaceholderHelperTest.java
浏览文件 @
56f2e86a
...
...
@@ -73,7 +73,7 @@ public class PropertyPlaceholderHelperTest {
Assert
.
assertEquals
(
"0.0.0.0"
,
yaml
.
load
(
placeholderHelper
.
replacePlaceholders
(
properties
.
getProperty
(
"restHost"
),
properties
)));
//tests that use ${REST_PORT:12800} and set REST_PORT in environmentVariables.
Assert
.
assertEquals
(
12801
,
yaml
.
load
(
placeholderHelper
.
replacePlaceholders
(
properties
.
getProperty
(
"restPort"
),
properties
)));
Assert
.
assertEquals
(
(
Integer
)
12801
,
yaml
.
load
(
placeholderHelper
.
replacePlaceholders
(
properties
.
getProperty
(
"restPort"
),
properties
)));
}
@Test
...
...
oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/test/java/org/apache/skywalking/oap/server/receiver/envoy/als/k8s/K8SALSServiceMeshHTTPAnalysisTest.java
浏览文件 @
56f2e86a
...
...
@@ -155,7 +155,7 @@ public class K8SALSServiceMeshHTTPAnalysisTest {
@Override
public
void
init
(
ModuleManager
manager
,
EnvoyMetricReceiverConfig
config
)
{
super
.
init
(
manager
,
config
)
;
this
.
config
=
config
;
serviceRegistry
=
mock
(
K8SServiceRegistry
.
class
);
when
(
serviceRegistry
.
findService
(
anyString
())).
thenReturn
(
config
.
serviceMetaInfoFactory
().
unknown
());
when
(
serviceRegistry
.
findService
(
"10.44.2.56"
)).
thenReturn
(
new
ServiceMetaInfo
(
"ingress"
,
"ingress-Inst"
));
...
...
tools/dependencies/known-oap-backend-dependencies-es7.txt
浏览文件 @
56f2e86a
...
...
@@ -158,7 +158,7 @@ simpleclient_common-0.6.0.jar
simpleclient_hotspot-0.6.0.jar
simpleclient_httpserver-0.9.0.jar
slf4j-api-1.7.25.jar
snakeyaml-1.
1
8.jar
snakeyaml-1.
2
8.jar
swagger-annotations-1.6.2.jar
t-digest-3.2.jar
vavr-0.10.3.jar
...
...
tools/dependencies/known-oap-backend-dependencies.txt
浏览文件 @
56f2e86a
...
...
@@ -154,7 +154,7 @@ simpleclient_common-0.6.0.jar
simpleclient_hotspot-0.6.0.jar
simpleclient_httpserver-0.9.0.jar
slf4j-api-1.7.25.jar
snakeyaml-1.
1
8.jar
snakeyaml-1.
2
8.jar
swagger-annotations-1.6.2.jar
t-digest-3.2.jar
vavr-0.10.3.jar
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录