Exasol test-db-builder supports can build test setups for some virtual schemas. For these dialects, the tests will be quite similar, so it would be useful to have a common part.

Move the abstract scalar function integration tests from postgresql-virtual-schema to this repository.

Summary

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.

Users are recommended to upgrade to version 1.26, which fixes the issue.

CVE: CVE-2024-26308
CWE: CWE-770

References

• https://ossindex.sonatype.org/vulnerability/CVE-2024-26308?component-type=maven&component-name=org.apache.commons%2Fcommons-compress&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-26308
• https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg
• https://www.openwall.com/lists/oss-security/2024/02/19/2

Currently you need to run the whole encompassing ScalarFunctionsTestBase derived test class to also run the nested WithAutomaticParameterDiscovery class and its very convoluted testScalarFunctions test from test runner UIs (tried intellij's and eclipse's).
The nested class and its method do not show up there. Probably because these are part of the abstract ScalarFunctionsTestBase class, which is an abstract class (as this test framework was designed).

This could be improved.

As a bonus: the current testScalarFunctions test uses a caching system which is overly complex. It should be seen if this can somehow be improved. Probably not a simple task as it depends on trying out various combinations and then caching those that DO work on the Exasol database to retry later to speed up things.

Testing table only contains a DECIMAL column without decimal places. To also test with decimal places we should add a column DECIMAL column with decimal places.

• org.eclipse.parsson:parsson:jar:1.1.1 in test
  • CVE-2023-4043, severity CWE-20: Improper Input Validation (7.5)

Vulnerability is typically introduced via transitive test dependency exasol-test-containers:

\- com.exasol:exasol-testcontainers:jar:6.6.2:test
   \- com.exasol:bucketfs-java:jar:3.1.0:test
      \- org.eclipse.parsson:parsson:jar:1.1.1:test

Update dependencies to use enhanced Datatype Detection For Result Sets from virtual-schemas-common-jdbc

Dependents:

• https://github.com/exasol/oracle-virtual-schema
• https://github.com/exasol/mysql-virtual-schema
• https://github.com/exasol/postgresql-virtual-schema

Rename error codes from VS-SIT to VSSIT

Summary

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.

CVE: CVE-2024-25710
CWE: CWE-835

References

• https://ossindex.sonatype.org/vulnerability/CVE-2024-25710?component-type=maven&component-name=org.apache.commons%2Fcommons-compress&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
• http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-25710
• https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf

withAutomaticParameterDiscovery/testScalarFunctions fails in the oracle scalar integration nests because 2 decimal columns with different precision are included. The name is identical and this causes the test setup to fail.
We got a fix for this, adding a counter to the columnName.

Currently, the scalar function tests with automatic parameter discovery use a nested test class for having a common beforeAll in order to improve performance.
We should however user nested class in a way to group tests in a meaningful way.
Solution:

• Refactor to create the same test setup again and again
• Add a cache for test setups

By that we don't need to exclude the whole function but just a single combination that fails.

Currently, only PostgreSQL uses this repo. We should however roll it out to all vs dialects.