From 65ae3f742598028c47773765cff4f8967c5953d0 Mon Sep 17 00:00:00 2001
From: namrata1012 <nsharma4@usc.edu>
Date: Wed, 6 Sep 2023 16:13:31 -0700
Subject: [PATCH] Exclude vuln snappy-java

---
 karma-commands/commands-bloom/pom.xml |  4 ++++
 karma-common/pom.xml                  | 12 ++++++++++++
 karma-jsonld/pom.xml                  |  6 ++++++
 karma-mr/pom.xml                      | 24 ++++++++++++++++++++++--
 karma-offline/pom.xml                 |  4 ++++
 karma-semanticlabeling/pom.xml        | 12 ++++++++++++
 karma-spark/pom.xml                   | 12 ++++++++++++
 7 files changed, 72 insertions(+), 2 deletions(-)

diff --git a/karma-commands/commands-bloom/pom.xml b/karma-commands/commands-bloom/pom.xml
index 7654d7bdf..587ac9bf6 100644
--- a/karma-commands/commands-bloom/pom.xml
+++ b/karma-commands/commands-bloom/pom.xml
@@ -70,6 +70,10 @@
 		            <groupId>com.fasterxml.jackson.core</groupId>
 		            <artifactId>jackson.core</artifactId>
 		        </exclusion>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
 				<exclusion>
 		            <artifactId>jackson-jaxrs</artifactId>
 		            <groupId>org.codehaus.jackson</groupId>
diff --git a/karma-common/pom.xml b/karma-common/pom.xml
index dea1eccfe..e2ce89e75 100644
--- a/karma-common/pom.xml
+++ b/karma-common/pom.xml
@@ -144,11 +144,23 @@
 		<groupId>org.apache.avro</groupId>
 		<artifactId>avro</artifactId>
 		<version>1.7.7</version>
+		<exclusions>
+			<exclusion>
+				<groupId>org.xerial.snappy</groupId>
+				<artifactId>snappy-java</artifactId>
+			</exclusion>
+		</exclusions>
 	</dependency>
 	<dependency>
 		<groupId>org.apache.avro</groupId>
 		<artifactId>avro-compiler</artifactId>
 		<version>1.7.7</version>
+		<exclusions>
+			<exclusion>
+				<groupId>org.xerial.snappy</groupId>
+				<artifactId>snappy-java</artifactId>
+			</exclusion>
+		</exclusions>
 		
 	</dependency>
 	<dependency>
diff --git a/karma-jsonld/pom.xml b/karma-jsonld/pom.xml
index 1b3623a51..bbfdb03c2 100644
--- a/karma-jsonld/pom.xml
+++ b/karma-jsonld/pom.xml
@@ -35,6 +35,12 @@
             <groupId>org.apache.spark</groupId>
             <artifactId>spark-core_2.11</artifactId>
             <version>2.4.5</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.xerial.snappy</groupId>
+                    <artifactId>snappy-java</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>commons-cli</groupId>
diff --git a/karma-mr/pom.xml b/karma-mr/pom.xml
index a6b1f9034..6539e0c58 100644
--- a/karma-mr/pom.xml
+++ b/karma-mr/pom.xml
@@ -238,6 +238,10 @@
 					<groupId>com.microsoft.windowsazure.storage</groupId>
 					<artifactId>microsoft-windowsazure-storage-sdk</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
 				<exclusion>
 		            <groupId>com.fasterxml.jackson.core</groupId>
 		            <artifactId>jackson.core</artifactId>
@@ -356,7 +360,13 @@
 			<groupId>org.apache.avro</groupId>
 			<artifactId>avro-mapred</artifactId>
 			<version>${avro.version}</version>
-			<classifier>hadoop2</classifier> 
+			<classifier>hadoop2</classifier>
+			<exclusions>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
     	</dependencies>
   		</profile>
@@ -421,6 +431,10 @@
 			<artifactId>hadoop-common</artifactId>
 			<version>${hadoop.version}</version>
 			<exclusions>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
 				<exclusion>
 					<groupId>com.microsoft.windowsazure.storage</groupId>
 					<artifactId>microsoft-windowsazure-storage-sdk</artifactId>
@@ -543,7 +557,13 @@
 			<groupId>org.apache.avro</groupId>
 			<artifactId>avro-mapred</artifactId>
 			<version>${avro.version}</version>
-			<classifier>hadoop2</classifier> 
+			<classifier>hadoop2</classifier>
+			<exclusions>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
+			</exclusions>
 		</dependency>
     		</dependencies>
   		</profile>
diff --git a/karma-offline/pom.xml b/karma-offline/pom.xml
index f3a7c69f8..ccb134959 100644
--- a/karma-offline/pom.xml
+++ b/karma-offline/pom.xml
@@ -136,6 +136,10 @@
 					<groupId>com.microsoft.windowsazure.storage</groupId>
 					<artifactId>microsoft-windowsazure-storage-sdk</artifactId>
 				</exclusion>
+				<exclusion>
+					<groupId>org.xerial.snappy</groupId>
+					<artifactId>snappy-java</artifactId>
+				</exclusion>
 				<exclusion>
 		            <groupId>com.fasterxml.jackson.core</groupId>
 		            <artifactId>jackson.core</artifactId>
diff --git a/karma-semanticlabeling/pom.xml b/karma-semanticlabeling/pom.xml
index 2173b311c..c5ac2438c 100644
--- a/karma-semanticlabeling/pom.xml
+++ b/karma-semanticlabeling/pom.xml
@@ -74,6 +74,12 @@
             <groupId>org.apache.spark</groupId>
             <artifactId>spark-mllib_2.11</artifactId>
             <version>2.2.0</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.xerial.snappy</groupId>
+                    <artifactId>snappy-java</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
@@ -81,6 +87,12 @@
             <artifactId>spark-sql_2.12</artifactId>
             <version>3.0.0</version>
             <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.xerial.snappy</groupId>
+                    <artifactId>snappy-java</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
 
         <dependency>
diff --git a/karma-spark/pom.xml b/karma-spark/pom.xml
index a8d7d32cc..a310dd285 100644
--- a/karma-spark/pom.xml
+++ b/karma-spark/pom.xml
@@ -170,6 +170,12 @@
 		            <groupId>org.apache.spark</groupId>
 		            <artifactId>spark-core${spark.scala.version}</artifactId>
 		            <version>${spark.version}</version>
+                    <exclusions>
+                        <exclusion>
+                            <groupId>org.xerial.snappy</groupId>
+                            <artifactId>snappy-java</artifactId>
+                        </exclusion>
+                    </exclusions>
 		        </dependency>
 	        </dependencies>
     	</profile>
@@ -191,6 +197,12 @@
 		            <groupId>org.apache.spark</groupId>
 		            <artifactId>spark-core${spark.scala.version}</artifactId>
 		            <version>${spark.version}</version>
+                    <exclusions>
+                        <exclusion>
+                            <groupId>org.xerial.snappy</groupId>
+                            <artifactId>snappy-java</artifactId>
+                        </exclusion>
+                    </exclusions>
 		        </dependency>
 	        </dependencies>
     	</profile>