Merge pull request ozimov#12 from martin-mfg/dependency-upgrade

upgrade vulnerable spring-data-redis

pom.xml

@@ -45,15 +45,14 @@
         <dependency>
             <groupId>redis.clients</groupId>
             <artifactId>jedis</artifactId>
-            <version>2.8.2</version>
-            <!-- incompatible with 2.9.0 and up: https://github.com/ozimov/embedded-redis/pull/4 -->
+            <version>3.8.0</version>
             <scope>test</scope>
         </dependency>
 
         <dependency>
             <groupId>org.springframework.data</groupId>
             <artifactId>spring-data-redis</artifactId>
-            <version>1.8.0.RELEASE</version>
+            <version>2.7.9</version>
             <scope>test</scope>
         </dependency>
 

src/test/java/redis/embedded/RedisClusterTest.java

@@ -4,9 +4,12 @@
 import org.junit.Test;
 import redis.clients.jedis.Jedis;
 import redis.clients.jedis.JedisSentinelPool;
+import redis.embedded.core.RedisSentinelBuilder;
 import redis.embedded.util.JedisUtil;
 
 import java.io.IOException;
+import java.net.Inet4Address;
+import java.net.UnknownHostException;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Set;
@@ -19,6 +22,8 @@
 import static redis.embedded.util.Collections.newHashSet;
 
 public class RedisClusterTest {
+    private final RedisSentinelBuilder sentinelBuilder = RedisSentinel.newRedisSentinel();
+    private String bindAddress;
 
     private Redis sentinel1;
     private Redis sentinel2;
@@ -28,11 +33,18 @@ public class RedisClusterTest {
     private RedisCluster instance;
 
     @Before
-    public void setUp() {
+    public void setUp() throws UnknownHostException {
         sentinel1 = mock(Redis.class);
         sentinel2 = mock(Redis.class);
         master1 = mock(Redis.class);
         master2 = mock(Redis.class);
+
+        // Jedis translates ”localhost” to getLocalHost().getHostAddress() (see Jedis HostAndPort#getLocalHostQuietly),
+        // which can vary from 127.0.0.1 (most notably, Debian/Ubuntu return 127.0.1.1)
+        if (bindAddress == null) {
+            bindAddress = Inet4Address.getLocalHost().getHostAddress();
+            sentinelBuilder.bind(bindAddress);
+        }
     }
 
     @Test
@@ -89,7 +101,7 @@ public void isActiveShouldCheckEntireClusterIfAllActive() {
 
     @Test
     public void testSimpleOperationsAfterRunWithSingleMasterNoSlavesCluster() throws IOException {
-        final RedisCluster cluster = RedisCluster.newRedisCluster().sentinelCount(1).replicationGroup("ourmaster", 0).build();
+        final RedisCluster cluster = RedisCluster.newRedisCluster().withSentinelBuilder(sentinelBuilder).sentinelCount(1).replicationGroup("ourmaster", 0).build();
         cluster.start();
 
         JedisSentinelPool pool = null;
@@ -110,7 +122,7 @@ public void testSimpleOperationsAfterRunWithSingleMasterNoSlavesCluster() throws
 
     @Test
     public void testSimpleOperationsAfterRunWithSingleMasterAndOneSlave() throws IOException {
-        final RedisCluster cluster = RedisCluster.newRedisCluster().sentinelCount(1).replicationGroup("ourmaster", 1).build();
+        final RedisCluster cluster = RedisCluster.newRedisCluster().withSentinelBuilder(sentinelBuilder).sentinelCount(1).replicationGroup("ourmaster", 1).build();
         cluster.start();
 
         JedisSentinelPool pool = null;
@@ -131,7 +143,7 @@ public void testSimpleOperationsAfterRunWithSingleMasterAndOneSlave() throws IOE
 
     @Test
     public void testSimpleOperationsAfterRunWithSingleMasterMultipleSlaves() throws IOException {
-        final RedisCluster cluster = RedisCluster.newRedisCluster().sentinelCount(1).replicationGroup("ourmaster", 2).build();
+        final RedisCluster cluster = RedisCluster.newRedisCluster().withSentinelBuilder(sentinelBuilder).sentinelCount(1).replicationGroup("ourmaster", 2).build();
         cluster.start();
 
         JedisSentinelPool pool = null;
@@ -152,7 +164,7 @@ public void testSimpleOperationsAfterRunWithSingleMasterMultipleSlaves() throws
 
     @Test
     public void testSimpleOperationsAfterRunWithTwoSentinelsSingleMasterMultipleSlaves() throws IOException {
-        final RedisCluster cluster = RedisCluster.newRedisCluster().sentinelCount(2).replicationGroup("ourmaster", 2).build();
+        final RedisCluster cluster = RedisCluster.newRedisCluster().withSentinelBuilder(sentinelBuilder).sentinelCount(2).replicationGroup("ourmaster", 2).build();
         cluster.start();
 
         JedisSentinelPool pool = null;
@@ -174,7 +186,7 @@ public void testSimpleOperationsAfterRunWithTwoSentinelsSingleMasterMultipleSlav
     @Test
     public void testSimpleOperationsAfterRunWithTwoPredefinedSentinelsSingleMasterMultipleSlaves() throws IOException {
         List<Integer> sentinelPorts = Arrays.asList(26381, 26382);
-        final RedisCluster cluster = RedisCluster.newRedisCluster().sentinelPorts(sentinelPorts).replicationGroup("ourmaster", 2).build();
+        final RedisCluster cluster = RedisCluster.newRedisCluster().withSentinelBuilder(sentinelBuilder).sentinelPorts(sentinelPorts).replicationGroup("ourmaster", 2).build();
         cluster.start();
         final Set<String> sentinelHosts = JedisUtil.portsToJedisHosts(sentinelPorts);
 
@@ -199,7 +211,7 @@ public void testSimpleOperationsAfterRunWithThreeSentinelsThreeMastersOneSlavePe
         final String master1 = "master1";
         final String master2 = "master2";
         final String master3 = "master3";
-        final RedisCluster cluster = RedisCluster.newRedisCluster().sentinelCount(3).quorumSize(2)
+        final RedisCluster cluster = RedisCluster.newRedisCluster().withSentinelBuilder(sentinelBuilder).sentinelCount(3).quorumSize(2)
                 .replicationGroup(master1, 1)
                 .replicationGroup(master2, 1)
                 .replicationGroup(master3, 1)
@@ -247,7 +259,7 @@ public void testSimpleOperationsAfterRunWithThreeSentinelsThreeMastersOneSlavePe
         final String master1 = "master1";
         final String master2 = "master2";
         final String master3 = "master3";
-        final RedisCluster cluster = RedisCluster.newRedisCluster().ephemeral().sentinelCount(3).quorumSize(2)
+        final RedisCluster cluster = RedisCluster.newRedisCluster().withSentinelBuilder(sentinelBuilder).ephemeral().sentinelCount(3).quorumSize(2)
                 .replicationGroup(master1, 1)
                 .replicationGroup(master2, 1)
                 .replicationGroup(master3, 1)

src/test/java/redis/embedded/RedisSentinelTest.java

@@ -1,5 +1,6 @@
 package redis.embedded;
 
+import org.junit.Before;
 import org.junit.Test;
 import redis.clients.jedis.Jedis;
 import redis.clients.jedis.JedisSentinelPool;
@@ -8,6 +9,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.net.Inet4Address;
 import java.util.concurrent.TimeUnit;
 import java.util.regex.Pattern;
 
@@ -16,14 +18,24 @@
 import static redis.embedded.util.Collections.newHashSet;
 
 public class RedisSentinelTest {
+    private String bindAddress;
 
     private RedisSentinel sentinel;
     private RedisServer server;
 
+    @Before
+    public void setup() throws Exception {
+        // Jedis translates ”localhost” to getLocalHost().getHostAddress() (see Jedis HostAndPort#getLocalHostQuietly),
+        // which can vary from 127.0.0.1 (most notably, Debian/Ubuntu return 127.0.1.1)
+        if (bindAddress == null) {
+            bindAddress = Inet4Address.getLocalHost().getHostAddress();
+        }
+    }
+
     @Test(timeout = 3000L)
     public void testSimpleRun() throws InterruptedException, IOException {
         server = new RedisServer();
-        sentinel = RedisSentinel.newRedisSentinel().build();
+        sentinel = RedisSentinel.newRedisSentinel().bind(bindAddress).build();
         sentinel.start();
         server.start();
         TimeUnit.SECONDS.sleep(1);
@@ -33,7 +45,7 @@ public void testSimpleRun() throws InterruptedException, IOException {
 
     @Test
     public void shouldAllowSubsequentRuns() throws IOException {
-        sentinel = RedisSentinel.newRedisSentinel().build();
+        sentinel = RedisSentinel.newRedisSentinel().bind(bindAddress).build();
         sentinel.start();
         sentinel.stop();
 
@@ -47,7 +59,7 @@ public void shouldAllowSubsequentRuns() throws IOException {
     @Test
     public void testSimpleOperationsAfterRun() throws InterruptedException, IOException {
         server = new RedisServer();
-        sentinel = RedisSentinel.newRedisSentinel().build();
+        sentinel = RedisSentinel.newRedisSentinel().bind(bindAddress).build();
         server.start();
         sentinel.start();
         TimeUnit.SECONDS.sleep(1);

src/test/java/redis/embedded/SpringDataConnectivityTest.java

@@ -6,7 +6,6 @@
 import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.core.StringRedisTemplate;
-import redis.clients.jedis.JedisShardInfo;
 
 import java.io.IOException;
 
@@ -23,9 +22,10 @@ public void setUp() throws IOException {
         redisServer = new RedisServer(6381);
         redisServer.start();
 
-        JedisShardInfo shardInfo = new JedisShardInfo("localhost", 6381);
         connectionFactory = new JedisConnectionFactory();
-        connectionFactory.setShardInfo(shardInfo);
+        connectionFactory.getStandaloneConfiguration().setHostName("localhost");
+        connectionFactory.getStandaloneConfiguration().setPort(6381);
+        connectionFactory.afterPropertiesSet();
 
         template = new StringRedisTemplate();
         template.setConnectionFactory(connectionFactory);