Carbyne Stack tuple store for secure multiparty computation

Related tags

Memory and concurrency castor
Overview

Carbyne Stack Castor Tuple Store

codecov Codacy Badge Known Vulnerabilities pre-commit Contributor Covenant

Castor is an open source storage service for cryptographic material used in Secure Multiparty Computation, so called tuples, and part of the Carbyne Stack platform.

DISCLAIMER: Carbyne Stack Castor is alpha software. The software is not ready for production use. It has neither been developed nor tested for a specific use case.

Please have a look at the underlying modules for more information on how to run a Castor service and how to interact with it using the provided Java clients:

  • Castor Common - A shared library of commonly used functionality.
  • Castor Service - The microservice implementing the backend storage facilities for tuples.
  • Castor Java Client - A Java client library to interact with a Castor service over its REST API. The module provides client implementations to communicate
    • with the Castor service within a Virtual Cloud Provider.
    • across Castor services participating in a Virtual Cloud.
  • Castor Java Upload Client - A Java client used to upload pre-generated tuples using Castor's WebSocket interface.

💡 NOTE
Castor is only used to manage tuples in a Carbyne Stack Virtual Cloud and does not provide any functionality for generating the tuples themselves.

Namesake

Castor, a genus name of the beaver. The service name is derived from Beaver triples (proposed by Donald Rozinak Beaver), stored as one specialized type of tuples in the castor service.

License

Carbyne Stack Castor Tuple Store is open-sourced under the Apache License 2.0. See the LICENSE file for details.

3rd Party Licenses

For information on how license obligations for 3rd party OSS dependencies are fulfilled see the README file of the Carbyne Stack repository.

Contributing

Please see the Carbyne Stack Contributor's Guide .

Comments
  • [Snyk] Security upgrade org.postgresql:postgresql from 42.2.25 to 42.2.26

    [Snyk] Security upgrade org.postgresql:postgresql from 42.2.25 to 42.2.26

    This PR was automatically created by Snyk using the credentials of a real user.


    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-service/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 748/1000
    Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1 | SQL Injection
    SNYK-JAVA-ORGPOSTGRESQL-2970521 | org.postgresql:postgresql:
    42.2.25 -> 42.2.26
    | No | Proof of Concept

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 SQL Injection

    triage/unresolved 
    opened by strieflin 3
  • [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.12.6 to 2.13.2.1

    [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.12.6 to 2.13.2.1

    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-common/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 661/1000
    Why? Recently disclosed, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 | com.fasterxml.jackson.core:jackson-databind:
    2.12.6 -> 2.13.2.1
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

    triage/unresolved 
    opened by snyk-bot 3
  • [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.12.6 to 2.13.2

    [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.12.6 to 2.13.2

    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-common/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 661/1000
    Why? Recently disclosed, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 | com.fasterxml.jackson.core:jackson-databind:
    2.12.6 -> 2.13.2
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

    triage/unresolved 
    opened by snyk-bot 3
  • [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.12.6 to 2.13.0

    [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.12.6 to 2.13.0

    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-common/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 661/1000
    Why? Recently disclosed, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 | com.fasterxml.jackson.core:jackson-databind:
    2.12.6 -> 2.13.0
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

    triage/unresolved 
    opened by snyk-bot 3
  • [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.12.6 to 2.13.4

    [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.12.6 to 2.13.4

    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-common/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | 688/1000
    Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424 | com.fasterxml.jackson.core:jackson-databind:
    2.12.6 -> 2.13.4
    | No | Proof of Concept

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Denial of Service (DoS)

    triage/unresolved 
    opened by snyk-bot 2
  • [Snyk] Security upgrade org.springframework.data:spring-data-redis from 2.2.4.RELEASE to 2.5.11

    [Snyk] Security upgrade org.springframework.data:spring-data-redis from 2.2.4.RELEASE to 2.5.11

    This PR was automatically created by Snyk using the credentials of a real user.


    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-service/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- critical severity | 947/1000
    Why? Mature exploit, Recently disclosed, Has a fix available, CVSS 9.8 | Remote Code Execution
    SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751 | org.springframework.data:spring-data-redis:
    2.2.4.RELEASE -> 2.5.11
    | No | Mature low severity | 471/1000
    Why? Recently disclosed, Has a fix available, CVSS 3.7 | Improper Handling of Case Sensitivity
    SNYK-JAVA-ORGSPRINGFRAMEWORK-2689634 | org.springframework.data:spring-data-redis:
    2.2.4.RELEASE -> 2.5.11
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Remote Code Execution

    triage/unresolved 
    opened by strieflin 2
  • [Snyk] Security upgrade io.minio:minio from 8.2.1 to 8.3.8

    [Snyk] Security upgrade io.minio:minio from 8.2.1 to 8.3.8

    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-service/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | 509/1000
    Why? Has a fix available, CVSS 5.9 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698 | io.minio:minio:
    8.2.1 -> 8.3.8
    | No | No Known Exploit high severity | 589/1000
    Why? Has a fix available, CVSS 7.5 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 | io.minio:minio:
    8.2.1 -> 8.3.8
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

    triage/unresolved 
    opened by snyk-bot 2
  • [Snyk] Security upgrade io.minio:minio from 8.2.1 to 8.4.4

    [Snyk] Security upgrade io.minio:minio from 8.2.1 to 8.4.4

    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-service/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 731/1000
    Why? Proof of Concept exploit, Has a fix available, CVSS 8.2 | Information Exposure
    SNYK-JAVA-COMSQUAREUPOKHTTP3-2958044 | io.minio:minio:
    8.2.1 -> 8.4.4
    | No | Proof of Concept

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

    triage/unresolved 
    opened by snyk-bot 1
  • Tuples are reserved and consumed twice

    Tuples are reserved and consumed twice

    As discovered while implementing tuple streaming support in ephemeral (carbynestack/ephemeral#27), tuples are reserved, and thus consumed, twice under conditions that are not further analyzed.

    Reproduce Issue

    • Set up new two-party setting with tuples streaming enabled as introduced by carbynestack/ephemeral#27
    • Upload Tuples to castor (at least GFP input masks and multiplication triples) Tuples available in this scenario were: 
      $ Initializing ExecutorService
bit_gfp
  available:	20000
  consumption/s:	0
bit_gf2n
  available:	10000
  consumption/s:	0
inputmask_gfp
  available:	59974
  consumption/s:	0
inputmask_gf2n
  available:	60000
  consumption/s:	0
inversetuple_gfp
  available:	20000
  consumption/s:	0
inversetuple_gf2n
  available:	20000
  consumption/s:	0
squaretuple_gfp
  available:	20000
  consumption/s:	0
squaretuple_gf2n
  available:	20000
  consumption/s:	0
multiplicationtriple_gfp
  available:	16974
  consumption/s:	0
multiplicationtriple_gf2n
  available:	14000
  consumption/s:	0
interval: 60000
    • Upload two amphora secrets In this example, the following two secrets were uploaded 
      $ cs amphora create-secret 3 -t id=value_a                     
0cd12e4c-e104-4846-9b06-d808690dc199
$ cs amphora create-secret 12 -t id=value_b
c716f2f8-53b8-4350-88ac-b46661d2ca76
$ cs amphora get-secrets
0cd12e4c-e104-4846-9b06-d808690dc199
  id -> value_a
  creation-date -> 1658910606176
c716f2f8-53b8-4350-88ac-b46661d2ca76
  id -> value_b
  creation-date -> 1658910622385
    • Define a program using multiple threads 
      cat << 'EOF' > test_multi.mpc
# Prologue to read in the inputs
port=regint(10000)
listen(port)
socket_id = regint()
acceptclientconnection(socket_id, port)
v = sint.read_from_socket(socket_id, 2)

# The logic
a = MemValue(v[0])
b = MemValue(v[1])

resp = Array(10, sint)
@for_range_multithread(2, 1, 10)
def _(i):
    resp[i] = i * a * b

# Epilogue to return the outputs
sint.write_to_socket(socket_id, resp)
EOF
    • Execute ephemeral computation 
      cat test_multi.mpc | cs ephemeral execute ephemeral-generic.default \
  -i 0cd12e4c-e104-4846-9b06-d808690dc199 \
  -i c716f2f8-53b8-4350-88ac-b46661d2ca76

    Expectation

    The computation returns a new amphora secret (✔) and tuples are consumed for each of the threads (here 2000 gfp multiplication triples in total) in ephemeral (❌).

    Observation

    • Ephemeral returned the expected result
    • Castor lists only 1000 gfp multiplication triples consumed: 
      $ cs castor get-telemetry 1
Initializing ExecutorService
bit_gfp
  available:	20000
  consumption/s:	0
bit_gf2n
  available:	10000
  consumption/s:	0
inputmask_gfp
  available:	59954
  consumption/s:	0
inputmask_gf2n
  available:	60000
  consumption/s:	0
inversetuple_gfp
  available:	20000
  consumption/s:	0
inversetuple_gf2n
  available:	20000
  consumption/s:	0
squaretuple_gfp
  available:	20000
  consumption/s:	0
squaretuple_gf2n
  available:	20000
  consumption/s:	0
 multiplicationtriple_gfp
  available:	15954
  consumption/s:	0
multiplicationtriple_gf2n
  available:	14000
  consumption/s:	0
interval: 60000

    Analyzing the logs from the scenario descibed,

    • ephemeral 
      2022-07-28T05:41:53.037Z	DEBUG	io/tuple_streamer.go:230	Fetched new tuples from Castor	{"gameID": "da04b169-b95b-462b-b7fe-8cadb89d6e66", "TupleType": {"Name":"MULTIPLICATION_TRIPLE_GFP","PreprocessingName":"Triples","SpdzProtocol":{"Descriptor":"SPDZ gfp","Shorthand":"p"}}, "ThreadNr": 1, "RequestID": "fc73125d-6d77-3fe1-8c75-2198a1e17c3d"}
2022-07-28T05:41:53.112Z	DEBUG	io/tuple_streamer.go:230	Fetched new tuples from Castor	{"gameID": "da04b169-b95b-462b-b7fe-8cadb89d6e66", "TupleType": {"Name":"MULTIPLICATION_TRIPLE_GFP","PreprocessingName":"Triples","SpdzProtocol":{"Descriptor":"SPDZ gfp","Shorthand":"p"}}, "ThreadNr": 2, "RequestID": "1f17caa0-6b61-357e-8a4a-e25caa209d47"}
    • castor 
      [...]
2022-07-28 05:41:52.737 DEBUG 1 --- [io-10100-exec-7] i.c.c.s.p.t.MinioTupleStore              : Starting download from S3 for key 5e8c28ae-0054-4e31-a23c-8327f01d8b15 from byte 193920 to byte 289920
2022-07-28 05:41:52.738 DEBUG 1 --- [io-10100-exec-5] i.c.c.s.r.ReservationRestController      : Received update for reservation #1f17caa0-6b61-357e-8a4a-e25caa209d47_multiplicationtriple_gfp to status UNLOCKED
2022-07-28 05:41:52.739 DEBUG 1 --- [io-10100-exec-5] i.c.c.s.p.c.ReservationCachingService    : updating reservation 1f17caa0-6b61-357e-8a4a-e25caa209d47_multiplicationtriple_gfp
2022-07-28 05:41:52.740 DEBUG 1 --- [io-10100-exec-5] i.c.c.s.p.c.ReservationCachingService    : object in cache at castor-reservation-store::1f17caa0-6b61-357e-8a4a-e25caa209d47_multiplicationtriple_gfp is Reservation(reservationId=1f17caa0-6b61-357e-8a4a-e25caa209d47_multiplicationtriple_gfp, tupleType=multiplicationtriple_gfp, reservations=[ReservationElement(tupleChunkId=5e8c28ae-0054-4e31-a23c-8327f01d8b15, reservedTuples=1000, startIndex=2020)], status=LOCKED)
2022-07-28 05:41:52.741 DEBUG 1 --- [io-10100-exec-5] i.c.c.s.p.c.ReservationCachingService    : reservation updated
2022-07-28 05:41:52.768 DEBUG 1 --- [o-10100-exec-10] i.c.c.s.p.t.MinioTupleStore              : Starting download from S3 for key 5e8c28ae-0054-4e31-a23c-8327f01d8b15 from byte 193920 to byte 289920
2022-07-28 05:45:19.804 DEBUG 1 --- [ool-2-thread-22] i.c.c.s.d.WaitForReservationCallable     : No reservation was found for id 7b2b3571-bc1e-4de4-a603-67a23b6fa219_inputmask_gfp.
2022-07-28 05:45:19.859 DEBUG 1 --- [ool-2-thread-22] i.c.c.s.d.WaitForReservationCallable     : No reservation was found for id 7b2b3571-bc1e-4de4-a603-67a23b6fa219_inputmask_gfp.
2022-07-28 05:45:19.864 DEBUG 1 --- [io-10100-exec-5] i.c.c.s.p.c.ReservationCachingService    : persisting reservation Reservation(reservationId=7b2b3571-bc1e-4de4-a603-67a23b6fa219_inputmask_gfp, tupleType=inputmask_gfp, reservations=[ReservationElement(tupleChunkId=c3a4bbd8-7517-43e9-9712-67e436e57854, reservedTuples=20, startIndex=20)], status=LOCKED)
2022-07-28 05:45:19.865 DEBUG 1 --- [io-10100-exec-5] i.c.c.s.p.c.ReservationCachingService    : put in database at castor-reservation-store::7b2b3571-bc1e-4de4-a603-67a23b6fa219_inputmask_gfp
[...]

    it can be seen, that ephemeral fetches tuples from castor for two different threads using the reservation (request) IDs fc73125d-6d77-3fe1-8c75-2198a1e17c3d and 1f17caa0-6b61-357e-8a4a-e25caa209d47. Both requests are processed by castor independently, but reference the exact same tuples:

    reservations=[ReservationElement(tupleChunkId=5e8c28ae-0054-4e31-a23c-8327f01d8b15, reservedTuples=1000, startIndex=2020)

    With this, the same tuples are consumed twice and therefore counted only once for consumption.

    kind/bug 
    opened by sbckr 1
  • customize docker plugin

    customize docker plugin

    make docker image name / repo configurable, so we can push to a different registry - e.g. a private one.

    Publish Castor docker image to a private registry:

    export CASTOR_IMAGE_TAG=latest
mvn package dockerfile:push \
  -Ddocker.repository=registry.example.org/carbynestack/castor-service \
   -Ddocker.tag=$CASTOR_IMAGE_TAG \
   -Ddockerfile.skip=false
    kind/feature 
    opened by grafjo 1
  • [Snyk] Security upgrade org.postgresql:postgresql from 42.2.1 to 42.2.25

    [Snyk] Security upgrade org.postgresql:postgresql from 42.2.1 to 42.2.25

    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-service/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 711/1000
    Why? Recently disclosed, Has a fix available, CVSS 8.5 | Remote Code Execution (RCE)
    SNYK-JAVA-ORGPOSTGRESQL-2390459 | org.postgresql:postgresql:
    42.2.1 -> 42.2.25
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    opened by snyk-bot 1
  • [Snyk] Security upgrade org.postgresql:postgresql from 42.2.25 to 42.2.27

    [Snyk] Security upgrade org.postgresql:postgresql from 42.2.25 to 42.2.27

    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-service/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | 521/1000
    Why? Recently disclosed, Has a fix available, CVSS 4.7 | Information Exposure
    SNYK-JAVA-ORGPOSTGRESQL-3146847 | org.postgresql:postgresql:
    42.2.25 -> 42.2.27
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

    opened by snyk-bot 1
  • [Snyk] Security upgrade io.minio:minio from 8.2.1 to 8.4.6

    [Snyk] Security upgrade io.minio:minio from 8.2.1 to 8.4.6

    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-service/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | 616/1000
    Why? Proof of Concept exploit, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424 | io.minio:minio:
    8.2.1 -> 8.4.6
    | No | Proof of Concept medium severity | 616/1000
    Why? Proof of Concept exploit, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426 | io.minio:minio:
    8.2.1 -> 8.4.6
    | No | Proof of Concept

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Denial of Service (DoS) 🦉 Denial of Service (DoS)

    needs-triage 
    opened by snyk-bot 0
  • [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.12.6 to 2.12.7.1

    [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.12.6 to 2.12.7.1

    This PR was automatically created by Snyk using the credentials of a real user.


    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-common/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | 712/1000
    Why? Currently trending on Twitter, Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.9 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426 | com.fasterxml.jackson.core:jackson-databind:
    2.12.6 -> 2.12.7.1
    | No | Proof of Concept

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Denial of Service (DoS)

    needs-triage 
    opened by strieflin 1
  • [Snyk] Security upgrade org.springframework.data:spring-data-redis from 2.2.4.RELEASE to 2.7.0

    [Snyk] Security upgrade org.springframework.data:spring-data-redis from 2.2.4.RELEASE to 2.7.0

    This PR was automatically created by Snyk using the credentials of a real user.


    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-service/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | 551/1000
    Why? Recently disclosed, Has a fix available, CVSS 5.3 | Denial of Service (DoS)
    SNYK-JAVA-ORGSPRINGFRAMEWORK-2823313 | org.springframework.data:spring-data-redis:
    2.2.4.RELEASE -> 2.7.0
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

    needs-triage 
    opened by strieflin 1
  • [Snyk] Fix for 6 vulnerabilities

    [Snyk] Fix for 6 vulnerabilities

    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-service/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 624/1000
    Why? Has a fix available, CVSS 8.2 | XML External Entity (XXE) Injection
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-1048302 | | No | No Known Exploit medium severity | 509/1000
    Why? Has a fix available, CVSS 5.9 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698 | | No | No Known Exploit high severity | 589/1000
    Why? Has a fix available, CVSS 7.5 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 | | No | No Known Exploit medium severity | 429/1000
    Why? Has a fix available, CVSS 4.3 | Improper Output Neutralization for Logs
    SNYK-JAVA-ORGSPRINGFRAMEWORK-2329097 | org.springframework.data:spring-data-redis:
    2.2.4.RELEASE -> 2.4.1
    | No | No Known Exploit medium severity | 429/1000
    Why? Has a fix available, CVSS 4.3 | Improper Input Validation
    SNYK-JAVA-ORGSPRINGFRAMEWORK-2330878 | org.springframework.data:spring-data-redis:
    2.2.4.RELEASE -> 2.4.1
    | No | No Known Exploit critical severity | 957/1000
    Why? Currently trending on Twitter, Mature exploit, Recently disclosed, Has a fix available, CVSS 9.8 | Remote Code Execution
    SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751 | org.springframework.data:spring-data-redis:
    2.2.4.RELEASE -> 2.4.1
    | No | Mature

    (*) Note that the real score may have changed since the PR was raised.

    Vulnerabilities that could not be fixed

    • Upgrade:
      • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.2.4.RELEASE/spring-boot-dependencies-2.2.4.RELEASE.pom
      • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.2.4.RELEASE/spring-boot-dependencies-2.2.4.RELEASE.pom

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Remote Code Execution

    needs-triage 
    opened by snyk-bot 1
  • [Snyk] Fix for 2 vulnerabilities

    [Snyk] Fix for 2 vulnerabilities

    Snyk has created this PR to fix one or more vulnerable packages in the `maven` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • castor-service/pom.xml

    Vulnerabilities that will be fixed

    With an upgrade:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- high severity | 661/1000
    Why? Recently disclosed, Has a fix available, CVSS 7.5 | Denial of Service (DoS)
    SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244 | | No | No Known Exploit medium severity | 616/1000
    Why? Recently disclosed, Has a fix available, CVSS 6.6 | Arbitrary Code Injection
    SNYK-JAVA-ORGPOSTGRESQL-2401816 | org.postgresql:postgresql:
    42.2.25 -> 42.3.3
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Vulnerabilities that could not be fixed

    • Upgrade:
      • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.2.4.RELEASE/spring-boot-dependencies-2.2.4.RELEASE.pom
      • Could not upgrade org.springframework.boot:[email protected] to org.springframework.boot:[email protected]; Reason could not apply upgrade, dependency is managed externally ; Location: https://maven-central.storage-download.googleapis.com/maven2/org/springframework/boot/spring-boot-dependencies/2.2.4.RELEASE/spring-boot-dependencies-2.2.4.RELEASE.pom

    Check the changes in this PR to ensure they won't cause issues with your project.

    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    🛠 Adjust project settings

    📚 Read more about Snyk's upgrade and patch logic

    Learn how to fix vulnerabilities with free interactive lessons:

    🦉 Arbitrary Code Injection

    needs-triage 
    opened by snyk-bot 2
Releases(0.1-SNAPSHOT-3541963092-21-f149a10)
Owner
Carbyne Stack
Cloud Native Secure Multiparty Computation
Carbyne Stack
GitHub https://carbynestack.io
Replicate your Key Value Store across your network, with consistency, persistance and performance.

Chronicle Map Version Overview Chronicle Map is a super-fast, in-memory, non-blocking, key-value store, designed for low-latency, and/or multi-process

Chronicle Software : Open Source 2.5k Dec 29, 2022
Lightning Memory Database (LMDB) for Java: a low latency, transactional, sorted, embedded, key-value store

LMDB for Java LMDB offers: Transactions (full ACID semantics) Ordered keys (enabling very fast cursor-based iteration) Memory-mapped files (enabling o

null 680 Dec 23, 2022
Immutable key/value store with efficient space utilization and fast reads. They are ideal for the use-case of tables built by batch processes and shipped to multiple servers.

Minimal Perfect Hash Tables About Minimal Perfect Hash Tables are an immutable key/value store with efficient space utilization and fast reads. They a

Indeed Engineering 92 Nov 22, 2022
Distributed and fault-tolerant realtime computation: stream processing, continuous computation, distributed RPC, and more

IMPORTANT NOTE!!! Storm has Moved to Apache. The official Storm git repository is now hosted by Apache, and is mirrored on github here: https://github

Nathan Marz 8.9k Dec 26, 2022
Carbyne Stack secret sharing distributed object store

Carbyne Stack Amphora Secret Share Store Amphora is an open source object store for secret shared data and part of Carbyne Stack. DISCLAIMER: Carbyne

Carbyne Stack 6 Dec 1, 2022
Carbyne Stack MP-SPDZ Integration Utilities

Carbyne Stack MP-SPDZ Integration Utilities This project provides utilities for using MP-SPDZ in the Carbyne Stack microservices. License Carbyne Stac

Carbyne Stack 5 Oct 15, 2022
Command Line Interface to interact with Carbyne Stack Virtual Clouds

Carbyne Stack Command Line Interface This is a CLI tool to communicate with the Carbyne Stack services. DISCLAIMER: The Carbyne Stack CLI is alpha sof

Carbyne Stack 5 Oct 15, 2022
Base classes and utilities for Java Carbyne Stack service clients

Carbyne Stack Java HTTP Client This project provides common functionality for the Java-based HTTP clients for the Carbyne Stack microservices. License

Carbyne Stack 5 Oct 15, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 29, 2022
Kafka is not for event sourcing, isn't it? Kafka alone is not an event store, but Kafka and ksqlDB together allow building full-featured event stores. This repository provides a sample of event sourced system that uses Kafka and ksqlDB as event store.

Event Sourcing with Kafka and ksqlDB Introduction Example Domain Event Sourcing and CQRS 101 State-Oriented Persistence Event Sourcing CQRS Advantages

Evgeniy Khyst 54 Dec 28, 2022
This is an Android application that deals with storage or "data persistence". The app is suitable for any shelter house to store the data of pets such as name, breed, gender and weight of the pet. The app uses a SQLite Database to store the data. The data is stored locally on the users phone. This app uses many other concepts such as building a ContentProvider and using a CursorAdapter and CursorLoader to automatically load the data.

Pets App This app displays a list of pets and their related com.example.android.pets.data that the user inputs. Used in a Udacity course in the Androi

null 3 Sep 2, 2021
Flink Table Store is a unified streaming and batch store for building dynamic tables on Apache Flink

Flink Table Store is a unified streaming and batch store for building dynamic tables on Apache Flink

The Apache Software Foundation 366 Jan 1, 2023
jOOλ - The Missing Parts in Java 8 jOOλ improves the JDK libraries in areas where the Expert Group's focus was elsewhere. It adds tuple support, function support, and a lot of additional functionality around sequential Streams. The JDK 8's main efforts (default methods, lambdas, and the Stream API) were focused around maintaining backwards compatibility and implementing a functional API for parallelism.

jOOλ jOOλ is part of the jOOQ series (along with jOOQ, jOOX, jOOR, jOOU) providing some useful extensions to Java 8 lambdas. It contains these classes

jOOQ Object Oriented Querying 2k Jan 9, 2023
jOOλ - The Missing Parts in Java 8 jOOλ improves the JDK libraries in areas where the Expert Group's focus was elsewhere. It adds tuple support, function support, and a lot of additional functionality around sequential Streams. The JDK 8's main efforts (default methods, lambdas, and the Stream API) were focused around maintaining backwards compatibility and implementing a functional API for parallelism.

jOOλ jOOλ is part of the jOOQ series (along with jOOQ, jOOX, jOOR, jOOU) providing some useful extensions to Java 8 lambdas. It contains these classes

jOOQ Object Oriented Querying 2k Dec 31, 2022
Anthos Edge Use Cases for bringing apps and computation closer to the location where the action is, to improve response times and save bandwidth.

Anthos Bare Metal Edge Use Cases Edge computing is a distributed computing paradigm that brings computation and data storage closer to the location wh

Google Cloud Platform 27 Dec 20, 2022
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Tink A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Ubuntu

Google 12.9k Jan 3, 2023
jte is a secure and lightweight template engine for Java.

jte is a secure and lightweight template engine for Java. All jte templates are compiled to Java class files, meaning jte adds essentially zero overhe

Andreas Hager 457 Dec 22, 2022
Payara Server is an open source middleware platform that supports reliable and secure deployments of Java EE (Jakarta EE) and MicroProfile applications in any environment: on premise, in the cloud or hybrid.

Payara Platform Community Edition Create. Innovate. Elevate. Payara Platform Community Edition features open source server runtimes for development pr

Payara Foundation 847 Dec 27, 2022
BAIN Social is a Fully Decentralized Server/client system that utilizes Concepts pioneered by I2P, ToR, and PGP to create a system which bypasses singular hosts for data while keeping that data secure.

SYNOPSIS ---------------------------------------------------------------------------------------------------- Welcome to B.A.I.N - Barren's A.I. Natio

Barren A.I. Wolfsbane 14 Jan 11, 2022
Decipher-pad - Encrypt and secure your text files with Decipher Pad!

Welcome to Decipher Pad ?? Encrypt and secure your text files with Decipher Pad! Table of Contents About The Project Tech Stack Prerequisites Developm

Md Ausaf Rashid 4 Feb 24, 2022