Fix vulnerabilities

Author: samikshya-db

databricks-sdk-java/src/main/java/com/databricks/sdk/core/ConfigLoader.java

@@ -1,16 +1,17 @@
 package com.databricks.sdk.core;
 
 import com.databricks.sdk.core.utils.Environment;
-import java.io.File;
 import java.io.FileNotFoundException;
+import java.io.FileReader;
 import java.io.IOException;
 import java.lang.reflect.Field;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.nio.file.Paths;
 import java.util.*;
-import org.ini4j.Ini;
-import org.ini4j.Profile;
+import org.apache.commons.configuration2.INIConfiguration;
+import org.apache.commons.configuration2.SubnodeConfiguration;
+import org.apache.commons.configuration2.ex.ConfigurationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -59,14 +60,14 @@ static void loadFromEnvironmentVariables(DatabricksConfig cfg) throws IllegalAcc
       }
     } catch (DatabricksException e) {
       String msg =
-          String.format("%s auth: %s", cfg.getCredentialsProvider().authType(), e.getMessage());
+              String.format("%s auth: %s", cfg.getCredentialsProvider().authType(), e.getMessage());
       throw new DatabricksException(msg, e);
     }
   }
 
   static void loadFromConfig(DatabricksConfig cfg) throws IllegalAccessException {
     if (isNullOrEmpty(cfg.getProfile())
-        && (isAnyAuthConfigured(cfg)
+            && (isAnyAuthConfigured(cfg)
             || !isNullOrEmpty(cfg.getHost())
             || !isNullOrEmpty(cfg.getAzureWorkspaceResourceId()))) {
       return;
@@ -86,15 +87,15 @@ static void loadFromConfig(DatabricksConfig cfg) throws IllegalAccessException {
       configFile = configFile.replaceFirst("^~", userHome);
     }
 
-    Ini ini = parseDatabricksCfg(configFile, isDefaultConfig);
+    INIConfiguration ini = parseDatabricksCfg(configFile, isDefaultConfig);
     if (ini == null) return;
     String profile = cfg.getProfile();
     boolean hasExplicitProfile = !isNullOrEmpty(profile);
     if (!hasExplicitProfile) {
       profile = "DEFAULT";
     }
 
-    Profile.Section section = ini.get(profile);
+    SubnodeConfiguration section = ini.getSection(profile);
     if (section == null && !hasExplicitProfile) {
       LOG.info("{} has no {} profile configured", configFile, profile);
       return;
@@ -106,26 +107,26 @@ static void loadFromConfig(DatabricksConfig cfg) throws IllegalAccessException {
     }
 
     for (ConfigAttributeAccessor accessor : accessors) {
-      String value = section.get(accessor.getName());
+      String value = section.getString(accessor.getName());
       if (!isNullOrEmpty(accessor.getValueFromConfig(cfg))) {
         continue;
       }
       accessor.setValueOnConfig(cfg, value);
     }
   }
 
-  private static Ini parseDatabricksCfg(String configFile, boolean isDefaultConfig) {
-    Ini ini = new Ini();
-    try {
-      ini.load(new File(configFile));
+  private static INIConfiguration parseDatabricksCfg(String configFile, boolean isDefaultConfig) {
+    INIConfiguration iniConfig = new INIConfiguration();
+    try (FileReader reader = new FileReader(configFile)) {
+      iniConfig.read(reader);
     } catch (FileNotFoundException e) {
       if (isDefaultConfig) {
         return null;
       }
-    } catch (IOException e) {
+    } catch (IOException | ConfigurationException e) {
       throw new DatabricksException("Cannot load " + configFile, e);
     }
-    return ini;
+    return iniConfig;
   }
 
   public static void fixHostIfNeeded(DatabricksConfig cfg) {
@@ -166,21 +167,21 @@ static void validate(DatabricksConfig cfg) throws DatabricksException {
       if (authSet.size() <= 1) return;
       String names = String.join(" and ", authSet);
       throw new DatabricksException(
-          String.format("validate: more than one authorization method configured: %s", names));
+              String.format("validate: more than one authorization method configured: %s", names));
     } catch (IllegalAccessException e) {
       throw new DatabricksException("Cannot create default config", e);
     }
   }
 
   public static DatabricksException makeNicerError(
-      String message, Exception e, DatabricksConfig cfg) {
+          String message, Exception e, DatabricksConfig cfg) {
     return makeNicerError(message, e, 200, cfg);
   }
 
   public static DatabricksException makeNicerError(
-      String message, Exception e, Integer statusCode, DatabricksConfig cfg) {
+          String message, Exception e, Integer statusCode, DatabricksConfig cfg) {
     boolean isHttpUnauthorizedOrForbidden =
-        true; // TODO - pass status code with exception, default this to false
+            true; // TODO - pass status code with exception, default this to false
     if (statusCode == 401 || statusCode == 402) isHttpUnauthorizedOrForbidden = true;
     String debugString = "";
     if (cfg.getEnv() != null) {
@@ -264,4 +265,4 @@ public static boolean isAnyAuthConfigured(DatabricksConfig cfg) throws IllegalAc
     }
     return false;
   }
-}
+}

pom.xml

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.databricks</groupId>
   <artifactId>databricks-sdk-parent</artifactId>
@@ -291,4 +291,4 @@
       </build>
     </profile>
   </profiles>
-</project>
+</project>