Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Marge treasure data v0.6.26 #23

Merged
merged 29 commits into from
Jan 29, 2024
Merged

Marge treasure data v0.6.26 #23

merged 29 commits into from
Jan 29, 2024

Conversation

pn-koshikawa
Copy link

Are all connections created by the plugin secure?

  • Does it opt secure communication standard? Such as HTTPS, SSH, SFTP, SMTP STARTTLS. If not check with CISO to decide we can deploy the plugin.
  • Does support both authentication and encryption appropriately? Such as: "just encrypting without authentication" that is insecure.

Does the plugin connect only to its expected external site which the customer explicitly set in their config file?

  • Does NOT connect unexpected external site and our internal endpoints? Such as: “v3/job/:id/set_started” callback endpoint.

Does NOT the plugin persist any customers' private information? Identify the private information beforehand.

  • Does NOT include them in (temporary) files?
  • Does NOT include them in log messages and exception messages?

What kind of environments does the plugin interact with?

  • Does NOT execute any shell command?
  • Does NOT read any files on the running instance? Such as: "/etc/passwords". It’s ok to read temporary files that the plugin wrote.
  • Does use to create temporary files by spi.TempFileSpace utility to avoid the conflict of the file names.
  • Does NOT get environment variables or JVM system properties at runtime? Such as AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in environment variables

Does NOT the plugin use insecure libraries?

  • Line up all depending library so that we can identify the impact of security incident of those library if any.
  • Check libraries usage of the plugin; all security check list must apply to the library usages. Such as "Are all connections created by the library secure?"

Does NOT the plugin source code repository contain kinds of credentials

  • API keys
  • Passwords

Make sure to free up all resources allocated during Embulk transaction “committing” or “rolling back”or before.

  • Network (connections, pooled connections)
  • Memory (cache in static variables)
  • File (temporary files)
  • CPU (threads, processes)

NirmalaY12 and others added 29 commits November 22, 2020 23:40
@NirmalaY12
Create codeql-analysis.yml
9a20b85 
Code scanning is a feature that you use to analyze the code in a GitHub repository to find security vulnerabilities and coding errors.
@kietdo360
Merge pull request treasure-data#105 from treasure-data/CodeQL
3aa023e 
Create codeql-analysis.yml
@xuantuan58
Extract method
aac02ab
@xuantuan58
Should shutdown ThreadPoolExecutor in any situation
beac285
@xuantuan58
Added unit test and update CHANGELOG.md
1b89183
@xuantuan58
Set daemon thread for executor
f17c4f5
@xuantuan58
Also make sure client is closed
f3056fa
@xuantuan58
Merge pull request treasure-data#114 from treasure-data/fix-resource-…
7dcc07b 
…leak-program-members

Fix resource leak when import program members
@xuantuan58
Bump up v0.6.25
9bb4b9f
@xuantuan58
Merge pull request treasure-data#115 from treasure-data/fix-resource-…
e618a73 
…leak-program-members

Follows the PR treasure-data#114 bump up v0.6.25
@dmikurube
Get ready for Maven Central by adding sources and javadoc JARs
1e48ea1
@dmikurube
Merge pull request treasure-data#116 from treasure-data/ready-for-mav…
8455367 
…en-central

Get ready for Maven Central by adding sources and javadoc JARs
@cspicer
Update CodeQL actions to v2 and enable Dependabot for GitHub Actions
4442e45
@minidragon88
Update codeql
fe2026d
@minidragon88
Merge pull request treasure-data#117 from treasure-data/codeql-depend…
808295f 
…abot-update

Update CodeQL actions to v2 and enable Dependabot for GitHub Actions
@dependabot
Bump actions/upload-artifact from 2 to 3
615576f 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/checkout from 2 to 3
7941925 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@minidragon88
Merge pull request treasure-data#118 from treasure-data/dependabot/gi…
b319786 
…thub_actions/actions/upload-artifact-3

Bump actions/upload-artifact from 2 to 3
@minidragon88
Merge pull request treasure-data#119 from treasure-data/dependabot/gi…
768f228 
…thub_actions/actions/checkout-3

Bump actions/checkout from 2 to 3
@dependabot
Bump actions/setup-java from 1 to 3
c344f10 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 1 to 3.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v1...v3)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@minidragon88
update java distribution
aa36cd5
@minidragon88
Merge pull request treasure-data#120 from treasure-data/dependabot/gi…
00bf61a 
…thub_actions/actions/setup-java-3

Bump actions/setup-java from 1 to 3
@minidragon88
Update coverage location
fcc8cae
@minidragon88
Merge pull request treasure-data#121 from treasure-data/update_action…
2b765ec 
…_artifacts

Update coverage location
@vietnguyen-td
Catch up to Java 11
6b40048
@vietnguyen-td
Merge pull request treasure-data#124 from treasure-data/catch-up-java-11
e3283d1 
Catch up to Java 11
@pn-koshikawa
update-to-v0.6.26
42a1d13
@pn-koshikawa
update compileClasspath
0936314
@pn-koshikawa
fix build error
ffb524a
@pn-koshikawa pn-koshikawa changed the title Update to v0.6.26 Marge treasure data v0.6.26 Jan 24, 2024
pn-koshikawa
pn-koshikawa commented Jan 24, 2024
View reviewed changes
build.gradle
@@ -15,7 +15,7 @@ repositories {
group = "com.treasuredata.embulk.plugins"
description = "Loads records from Marketo."
version = {
def baseVersion = "0.6.24"
def baseVersion = "0.6.26"
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ベースを変更しています

@pn-koshikawa
Copy link
Author

動作確認は組込後に確認する

d-hrs
d-hrs approved these changes Jan 29, 2024
View reviewed changes
Copy link

@d-hrs d-hrs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@d-hrs d-hrs merged commit 67003b8 into master Jan 29, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@d-hrs d-hrs d-hrs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@pn-koshikawa @d-hrs @NirmalaY12 @kietdo360 @xuantuan58 @dmikurube @cspicer @minidragon88 @vietnguyen-td