Closure Compiler - Protobuf 漏洞

【问题标题】:Closure Compiler - Protobuf vulnerabilityClosure Compiler - Protobuf 漏洞
【发布时间】:2023-02-04 14:00:29
【问题描述】:

我们正在使用 Java 8,支持 Java 8 的闭包编译器的最大标记是 v20220502, 现在这个标签中使用的 protobuf-java 版本是3.17.0.那就是提到的是protobuf_proto_rules工作区.bazel

http_archive(
    name = "protobuf_proto_rules",
    # output from `sha256sum` on the downloaded tar.gz file
    sha256 = "66bfdf8782796239d3875d37e7de19b1d94301e8972b3cbd2446b332429b4df1",
    strip_prefix = "rules_proto-4.0.0",
    urls = [
        "https://mirror.bazel.build/github.com/bazelbuild/rules_proto/archive/refs/tags/4.0.0.tar.gz",
        "https://github.com/bazelbuild/rules_proto/archive/refs/tags/4.0.0.tar.gz",
    ],
)

我们想使用 https://github.com/bazelbuild/rules_proto/blob/5.3.0-21.7/proto/private/dependencies.bzl 的 protobuf_java 版本3.21.7所以我们编辑了工作区.bazel像这样

http_archive(
    name = "protobuf_proto_rules",
    sha256 = "dc3fb206a2cb3441b485eb1e423165b231235a1ea9b031b4433cf7bc1fa460dd",
    strip_prefix = "rules_proto-5.3.0-21.7",
    urls = [
        "https://github.com/bazelbuild/rules_proto/archive/refs/tags/5.3.0-21.7.tar.gz",
    ],
)

在此之后出现以下错误

Starting local Bazel server and connecting to it...
ERROR: Traceback (most recent call last):
        File "C:/users/.../_bazel_.../7eswowuu/external/rules_cc/cc/private/rules_impl/cc_flags_supplier.bzl", line 16, column 76, in <toplevel>
                load("@bazel_tools//tools/cpp:toolchain_utils.bzl", "find_cpp_toolchain", "use_cpp_toolchain")
Error: file '@bazel_tools//tools/cpp:toolchain_utils.bzl' does not contain symbol 'use_cpp_toolchain' (did you mean 'find_cpp_toolchain'?)
ERROR: While resolving toolchains for target //:compiler_unshaded: com.google.devtools.build.lib.packages.BuildFileContainsErrorsException: error loading package '@bazel_tools//tools/cpp': in C:/users/.../_bazel_.../7eswowuu/external/rules_cc/cc/defs.bzl: Extension file 'cc/private/rules_impl/cc_flags_supplier.bzl' has errors
ERROR: Analysis of target '//:compiler_unshaded_deploy.jar' failed; build aborted: com.google.devtools.build.lib.packages.BuildFileContainsErrorsException: error loading package '@bazel_tools//tools/cpp': in C:/users/.../_bazel_.../7eswowuu/external/rules_cc/cc/defs.bzl: Extension file 'cc/private/rules_impl/cc_flags_supplier.bzl' has errors
INFO: Elapsed time: 5.810s
INFO: 0 processes.
FAILED: Build did NOT complete successfully (2 packages loaded, 0 targets configured)

如何将protobuf java版本升级到3.21.7

【问题讨论】:

    标签: protocol-buffers google-closure-compiler protobuf-java


    【解决方案1】:

    我们在 WORKSPACE.bazel 的开头添加了新的 protobuf 规则,它解决了使用问题。这是我们与 v20220502 一起使用的文件

    workspace(name = "com_google_javascript_jscomp")

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "4.2"
RULES_JVM_EXTERNAL_SHA = "cd1a77b7b02e8e008439ca76fd34f5b07aecb8c752961f9640dea15e9e5ba1ca"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/archive/%s.zip" % RULES_JVM_EXTERNAL_TAG,
)

#
# To update google_bazel_common, locate the git commit to depend on and
# use something like the following to determine the sha256
#  curl -L https://github.com/google/bazel-common/archive/<git-commit-id>.zip |
#  sha256
#
#

http_archive(
     name = "protobuf_proto_rules",
    sha256 = "dc3fb206a2cb3441b485eb1e423165b231235a1ea9b031b4433cf7bc1fa460dd",
    strip_prefix = "rules_proto-5.3.0-21.7",
    urls = [
        "https://github.com/bazelbuild/rules_proto/archive/refs/tags/5.3.0-21.7.tar.gz",
    ],
)

load("@protobuf_proto_rules//proto:repositories.bzl", "rules_proto_dependencies", "rules_proto_toolchains")
rules_proto_dependencies()
rules_proto_toolchains()

http_archive(
    name = "google_bazel_common",
    # output from `sha256sum` on the downloaded zip file
    sha256 = "cb37c4977b01311f72157897b1b180b6caf2fc88336ee64b39152af61f8708a9",
    strip_prefix = "bazel-common-82a7dd0f4cd8593fdaa40d65a1fa820b14ff3493",
    urls = [
      "https://github.com/google/bazel-common/archive/82a7dd0f4cd8593fdaa40d65a1fa820b14ff3493.zip",
    ],
)

load("@google_bazel_common//:workspace_defs.bzl", "google_common_workspace_rules", "maven_import")

google_common_workspace_rules()

maven_import(
    # http://args4j.kohsuke.org/index.html
    group_id = "args4j",
    artifact_id = "args4j",
    version = "2.33",
    sha256 = "91ddeaba0b24adce72291c618c00bbdce1c884755f6c4dba9c5c46e871c69ed6",
    licenses = ["notice"],
)

maven_import(
    # https://github.com/java-diff-utils/java-diff-utils
    group_id = "io.github.java-diff-utils",
    artifact_id = "java-diff-utils",
    version = "4.0",
    sha256 = "810232374e76a954949f0e2185cd7d9515addb918cf3da3481f77e07c356b49a",
    licenses = ["notice"],
)

maven_import(
    # https://github.com/google/gson
    group_id = "com.google.code.gson",
    artifact_id = "gson",
    version = "2.9.0",
    sha256 = "c96d60551331a196dac54b745aa642cd078ef89b6f267146b705f2c2cbef052d",
    licenses = ["notice"],
)

maven_import(
    # https://github.com/google/re2j
    group_id ="com.google.re2j",
    artifact_id = "re2j",
    version ="1.3",
    sha256 = "d8040fa1c54c1ce208199015b6e599ec2ef37b7780f8f55a8b4b4b4299bade19",
    licenses = ["notice"],
)

maven_import(
    # https://ant.apache.org/
    group_id ="org.apache.ant",
    artifact_id = "ant",
    version ="1.10.12",
    sha256 = "5c6a438c3ebe7a306eba452b09fa307b0e60314926177920bca896c4a504eaf6",
    licenses = ["notice"],
)

maven_import(
    # https://truth.dev/protobufs
    group_id = "com.google.truth.extensions",
    artifact_id = "truth-liteproto-extension",
    version = "1.1",
    sha256 = "f637de4743194a870316a55a1c50c89638355a2323d96b6ced363a22d6ced316",
    licenses = ["notice"],
)

maven_import(
    # https://truth.dev/protobufs
    group_id = "com.google.truth.extensions",
    artifact_id = "truth-proto-extension",
    version = "1.1",
    sha256 = "d2fa8736dcb541813f8f4090ecc0d634b85cb82bd6d486f1af975458d0238afe",
    licenses = ["notice"],
)

maven_import(
    # https://github.com/google/jimfs
    group_id = "com.google.jimfs",
    artifact_id = "jimfs",
    version = "1.2",
    sha256 = "de16d5c8489729a8512f1a02fbd81f58f89249b72066987da4cc5c87ecb9f72d",
    licenses = ["notice"],
)



http_archive(
    name = "protobuf_java_rules",
    sha256 = "7c4bbe11e41c61212a5cf16d9aafaddade3f5b1b6c8bf94270d78215fafd4007",
    strip_prefix = "rules_java-c13e3ead84afb95f81fbddfade2749d8ba7cb77f",
    url = "https://github.com/bazelbuild/rules_java/archive/c13e3ead84afb95f81fbddfade2749d8ba7cb77f.tar.gz",  # 2021-01-25
)

load("@protobuf_java_rules//java:repositories.bzl", "remote_jdk8_repos")

remote_jdk8_repos()

# Jarjar is a Google tool (https://github.com/google/jarjar) for generating
# shaded JARs (https://stackoverflow.com/questions/49810578). This repo contains
# Bazel bindings for Jarjar, under the Apache license.
http_archive(
    name = "com_github_johnynek_bazel_jar_jar",
    # output from `sha256sum` on the downloaded zip file
    sha256 = "fdf2c5276e5c6f27efa1e0b64a301f5a122d84a4c1c0dd80006dbbc530a16773",
    strip_prefix = "bazel_jar_jar-171f268569384c57c19474b04aebe574d85fde0d",
    urls = [
      "https://github.com/johnynek/bazel_jar_jar/archive/171f268569384c57c19474b04aebe574d85fde0d.zip",
    ],
)

load("@com_github_johnynek_bazel_jar_jar//:jar_jar.bzl", "jar_jar_repositories")

jar_jar_repositories()

    【讨论】:

      猜你喜欢
      • 2014-10-15
      • 2011-05-12
      • 1970-01-01
      • 1970-01-01
      • 2019-09-27
      • 2017-10-04
      • 2016-08-15
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode