[AMBARI-26185] Upgrade commons-collections to resolve CVEs

ambari-agent/pom.xml

@@ -75,8 +75,9 @@
       <artifactId>commons-cli</artifactId>
     </dependency>
     <dependency>
-      <groupId>commons-collections</groupId>
-      <artifactId>commons-collections</artifactId>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-collections4</artifactId>
+      <version>4.4</version>
     </dependency>
     <dependency>
       <groupId>commons-configuration</groupId>

ambari-agent/src/packages/tarball/all.xml

@@ -240,7 +240,7 @@
       <unpack>false</unpack>
       <includes>
         <include>commons-cli:commons-cli</include>
-        <include>commons-collections:commons-collections</include>
+        <include>org.apache.commons:commons-collections4</include>
         <include>commons-configuration:commons-configuration</include>
         <include>commons-io:commons-io</include>
         <include>commons-lang:commons-lang</include>

ambari-project/pom.xml

@@ -109,18 +109,18 @@
         <version>1.3.1</version>
       </dependency>
       <dependency>
-        <groupId>commons-collections</groupId>
-        <artifactId>commons-collections</artifactId>
-        <version>3.2.2</version>
+        <groupId>org.apache.commons</groupId>
+        <artifactId>commons-collections4</artifactId>
+        <version>4.4</version>
       </dependency>
       <dependency>
         <groupId>commons-beanutils</groupId>
         <artifactId>commons-beanutils</artifactId>
         <version>1.9.4</version>
         <exclusions>
           <exclusion>
-            <groupId>commons-collections</groupId>
-            <artifactId>commons-collections</artifactId>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-collections4</artifactId>
           </exclusion>
         </exclusions>
       </dependency>

ambari-server/pom.xml

@@ -1174,8 +1174,9 @@
       <version>${project.version}</version>
     </dependency>
     <dependency>
-      <groupId>commons-collections</groupId>
-      <artifactId>commons-collections</artifactId>
+      <groupId>org.apache.commons</groupId>
+      <artifactId>commons-collections4</artifactId>
+      <version>4.4</version>
     </dependency>
     <dependency>
       <groupId>commons-beanutils</groupId>
@@ -1311,6 +1312,12 @@
       <version>3.5.10</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.mockito</groupId>
+      <artifactId>mockito-inline</artifactId>
+      <version>3.5.10</version>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>org.eclipse.jetty</groupId>
       <artifactId>jetty-security</artifactId>
@@ -1627,8 +1634,8 @@
       <version>2.3</version>
       <exclusions>
         <exclusion>
-          <groupId>commons-collections</groupId>
-          <artifactId>commons-collections</artifactId>
+          <groupId>org.apache.commons</groupId>
+          <artifactId>commons-collections4</artifactId>
           </exclusion>
       </exclusions>
     </dependency>
@@ -1764,8 +1771,8 @@
       <version>${hadoop.version}</version>
       <exclusions>
         <exclusion>
-          <groupId>commons-collections</groupId>
-          <artifactId>commons-collections</artifactId>
+          <groupId>org.apache.commons</groupId>
+          <artifactId>commons-collections4</artifactId>
         </exclusion>
         <exclusion>
           <groupId>commons-beanutils</groupId>
@@ -1863,8 +1870,8 @@
       <scope>provided</scope> <!-- for @ApiIgnore -->
       <exclusions>
         <exclusion>
-          <groupId>commons-collections</groupId>
-          <artifactId>commons-collections</artifactId>
+          <groupId>org.apache.commons</groupId>
+          <artifactId>commons-collections4</artifactId>
         </exclusion>
         <exclusion>
           <groupId>commons-beanutils</groupId>
@@ -1903,8 +1910,8 @@
       <version>2.0.0-M24</version>
       <exclusions>
         <exclusion>
-          <groupId>commons-collections</groupId>
-          <artifactId>commons-collections</artifactId>
+          <groupId>org.apache.commons</groupId>
+          <artifactId>commons-collections4</artifactId>
         </exclusion>
         <exclusion>
           <groupId>org.apache.directory.api</groupId>

ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionScheduler.java

@@ -70,7 +70,7 @@
 import org.apache.ambari.server.state.fsm.InvalidStateTransitionException;
 import org.apache.ambari.server.state.svccomphost.ServiceComponentHostOpFailedEvent;
 import org.apache.ambari.server.utils.StageUtils;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

ambari-server/src/main/java/org/apache/ambari/server/agent/HeartBeatHandler.java

@@ -54,7 +54,7 @@
 import org.apache.ambari.server.state.host.HostRegistrationRequestEvent;
 import org.apache.ambari.server.state.host.HostStatusUpdatesReceivedEvent;
 import org.apache.ambari.server.utils.VersionUtils;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

ambari-server/src/main/java/org/apache/ambari/server/agent/HeartbeatProcessor.java

@@ -76,7 +76,7 @@
 import org.apache.ambari.server.state.svccomphost.ServiceComponentHostStartedEvent;
 import org.apache.ambari.server.state.svccomphost.ServiceComponentHostStoppedEvent;
 import org.apache.ambari.spi.upgrade.UpgradeType;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

ambari-server/src/main/java/org/apache/ambari/server/agent/stomp/AgentConfigsHolder.java

@@ -29,7 +29,7 @@
 import org.apache.ambari.server.state.ConfigHelper;
 import org.apache.ambari.server.state.Host;
 import org.apache.ambari.server.utils.ThreadPools;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

ambari-server/src/main/java/org/apache/ambari/server/agent/stomp/AlertDefinitionsHolder.java

@@ -45,7 +45,7 @@
 import org.apache.ambari.server.state.alert.AlertDefinitionFactory;
 import org.apache.ambari.server.state.alert.AlertDefinitionHash;
 import org.apache.ambari.server.state.alert.AlertHelper;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

ambari-server/src/main/java/org/apache/ambari/server/agent/stomp/HostLevelParamsHolder.java

@@ -36,7 +36,7 @@
 import org.apache.ambari.server.state.Clusters;
 import org.apache.ambari.server.state.Host;
 import org.apache.ambari.server.state.ServiceComponentHost;
-import org.apache.commons.collections.MapUtils;
+import org.apache.commons.collections4.MapUtils;
 
 import com.google.common.eventbus.Subscribe;
 import com.google.inject.Inject;

ambari-server/src/main/java/org/apache/ambari/server/agent/stomp/MetadataHolder.java

@@ -33,8 +33,8 @@
 import org.apache.ambari.server.events.publishers.AmbariEventPublisher;
 import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.collections.MapUtils;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.collections4.MapUtils;
 
 import com.google.common.eventbus.Subscribe;
 import com.google.inject.Inject;

ambari-server/src/main/java/org/apache/ambari/server/agent/stomp/TopologyHolder.java

@@ -43,7 +43,7 @@
 import org.apache.ambari.server.state.Service;
 import org.apache.ambari.server.state.ServiceComponent;
 import org.apache.ambari.server.state.ServiceComponentHost;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

ambari-server/src/main/java/org/apache/ambari/server/agent/stomp/dto/TopologyCluster.java

@@ -23,8 +23,8 @@
 
 import org.apache.ambari.server.NullHostNameException;
 import org.apache.ambari.server.events.UpdateEventType;
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.collections.SetUtils;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.collections4.SetUtils;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;

ambari-server/src/main/java/org/apache/ambari/server/agent/stomp/dto/TopologyComponent.java

@@ -24,8 +24,8 @@
 import java.util.TreeMap;
 
 import org.apache.ambari.server.state.State;
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.collections.MapUtils;
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang.StringUtils;
 
 import com.fasterxml.jackson.annotation.JsonInclude;

ambari-server/src/main/java/org/apache/ambari/server/api/services/stackadvisor/commands/ConfigurationRecommendationCommand.java

@@ -33,7 +33,7 @@
 import org.apache.ambari.server.api.services.stackadvisor.recommendations.RecommendationResponse.HostGroup;
 import org.apache.ambari.server.controller.internal.AmbariServerConfigurationHandler;
 import org.apache.ambari.server.state.ServiceInfo;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.codehaus.jackson.JsonNode;
 
 /**

ambari-server/src/main/java/org/apache/ambari/server/api/services/stackadvisor/commands/StackAdvisorCommand.java

@@ -52,7 +52,7 @@
 import org.apache.ambari.server.controller.spi.Resource;
 import org.apache.ambari.server.state.ServiceInfo;
 import org.apache.ambari.server.utils.DateUtils;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang.StringUtils;
 import org.codehaus.jackson.JsonNode;

ambari-server/src/main/java/org/apache/ambari/server/checks/AmbariMetricsHadoopSinkVersionCompatibilityCheck.java

@@ -50,7 +50,7 @@
 import org.apache.ambari.spi.upgrade.UpgradeCheckResult;
 import org.apache.ambari.spi.upgrade.UpgradeCheckStatus;
 import org.apache.ambari.spi.upgrade.UpgradeCheckType;
-import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

ambari-server/src/main/java/org/apache/ambari/server/checks/DatabaseConsistencyCheckHelper.java

@@ -72,7 +72,7 @@
 import org.apache.ambari.server.state.UpgradeState;
 import org.apache.ambari.server.state.configgroup.ConfigGroup;
 import org.apache.ambari.server.utils.VersionUtils;
-import org.apache.commons.collections.MapUtils;
+import org.apache.commons.collections4.MapUtils;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

ambari-server/src/main/java/org/apache/ambari/server/collections/Predicate.java

@@ -23,10 +23,10 @@
 import com.google.gson.Gson;
 
 /**
- * {@link Predicate} wraps {@link org.apache.commons.collections.Predicate} to
+ * {@link Predicate} wraps {@link org.apache.commons.collections4.Predicate} to
  * provide additional functionality like serializing to and from a Map and JSON formatted data.
  */
-public abstract class Predicate implements org.apache.commons.collections.Predicate {
+public abstract class Predicate implements org.apache.commons.collections4.Predicate {
 
   /**
    * The name of this predicate. For example "and", "or", etc...

ambari-server/src/main/java/org/apache/ambari/server/collections/functors/AndPredicate.java

@@ -23,11 +23,11 @@
 import java.util.Map;
 
 import org.apache.ambari.server.collections.PredicateUtils;
-import org.apache.commons.collections.Predicate;
-import org.apache.commons.collections.functors.PredicateDecorator;
+import org.apache.commons.collections4.Predicate;
+import org.apache.commons.collections4.functors.PredicateDecorator;
 
 /**
- * {@link AndPredicate} wraps {@link org.apache.commons.collections.functors.AndPredicate} to
+ * {@link AndPredicate} wraps {@link org.apache.commons.collections4.functors.AndPredicate} to
  * provide additional functionality like serializing to and from a Map and JSON formatted data.
  * <p>
  * See {@link DelegatedMultiplePredicateContainer}
@@ -80,7 +80,7 @@ public static AndPredicate fromMap(Map<String, Object> map) {
    */
   public AndPredicate(Predicate predicate1, Predicate predicate2) {
     super(NAME,
-        (PredicateDecorator) org.apache.commons.collections.functors.AndPredicate.getInstance(predicate1, predicate2));
+        (PredicateDecorator) org.apache.commons.collections4.functors.AndPredicate.andPredicate(predicate1, predicate2));
   }
 
   @Override

ambari-server/src/main/java/org/apache/ambari/server/collections/functors/ContextTransformer.java

@@ -20,7 +20,7 @@
 
 import java.util.Map;
 
-import org.apache.commons.collections.Transformer;
+import org.apache.commons.collections4.Transformer;
 
 /**
  * {@link ContextTransformer} is a {@link Transformer} implementation that traverses a {@link Map}

ambari-server/src/main/java/org/apache/ambari/server/collections/functors/DelegatedMultiplePredicateContainer.java

@@ -24,7 +24,7 @@
 import java.util.Map;
 
 import org.apache.ambari.server.collections.Predicate;
-import org.apache.commons.collections.functors.PredicateDecorator;
+import org.apache.commons.collections4.functors.PredicateDecorator;
 
 /**
  * DelegatedMultiplePredicateContainer is an abstract class providing functionality related to
@@ -60,7 +60,7 @@ public boolean evaluate(Object o) {
   }
 
   @Override
-  public org.apache.commons.collections.Predicate[] getPredicates() {
+  public org.apache.commons.collections4.Predicate[] getPredicates() {
     return delegate.getPredicates();
   }
 
@@ -95,10 +95,10 @@ private List<Map<String, Object>> containedPredicatesToMaps() {
     List<Map<String, Object>> list = new ArrayList<>();
 
     if (delegate != null) {
-      org.apache.commons.collections.Predicate[] predicates = delegate.getPredicates();
+      org.apache.commons.collections4.Predicate[] predicates = delegate.getPredicates();
 
       if (predicates != null) {
-        for (org.apache.commons.collections.Predicate p : predicates) {
+        for (org.apache.commons.collections4.Predicate p : predicates) {
           if (p instanceof Predicate) {
             list.add(((Predicate) p).toMap());
           } else {

ambari-server/src/main/java/org/apache/ambari/server/collections/functors/DelegatedSinglePredicateContainer.java

@@ -22,7 +22,7 @@
 import java.util.Map;
 
 import org.apache.ambari.server.collections.Predicate;
-import org.apache.commons.collections.functors.PredicateDecorator;
+import org.apache.commons.collections4.functors.PredicateDecorator;
 
 /**
  * DelegatedSinglePredicateContainer is an abstract class providing functionality to managing a
@@ -57,7 +57,7 @@ public boolean evaluate(Object o) {
   }
 
   @Override
-  public org.apache.commons.collections.Predicate[] getPredicates() {
+  public org.apache.commons.collections4.Predicate[] getPredicates() {
     return delegate.getPredicates();
   }
 
@@ -92,11 +92,11 @@ private Map<String, Object> containedPredicateToMap() {
     Map<String, Object> map = null;
 
     if (delegate != null) {
-      org.apache.commons.collections.Predicate[] predicates = delegate.getPredicates();
+      org.apache.commons.collections4.Predicate[] predicates = delegate.getPredicates();
 
       if ((predicates != null) && (predicates.length > 0)) {
         // Only process the 1st predicate.
-        org.apache.commons.collections.Predicate p = predicates[0];
+        org.apache.commons.collections4.Predicate p = predicates[0];
         if (p instanceof Predicate) {
           map = ((Predicate) p).toMap();
         } else {

ambari-server/src/main/java/org/apache/ambari/server/collections/functors/EqualsPredicate.java

@@ -26,10 +26,10 @@
 import java.util.Map;
 
 import org.apache.ambari.server.collections.Predicate;
-import org.apache.commons.collections.functors.EqualPredicate;
+import org.apache.commons.collections4.functors.EqualPredicate;
 
 /**
- * {@link EqualsPredicate} wraps {@link org.apache.commons.collections.functors.EqualPredicate} to
+ * {@link EqualsPredicate} wraps {@link org.apache.commons.collections4.functors.EqualPredicate} to
  * provide additional functionality like serializing to and from a Map and JSON formatted data as well
  * as obtaining data using a {@link ContextTransformer}
  */
@@ -41,9 +41,9 @@ public class EqualsPredicate extends OperationPredicate {
   public static final String NAME = "equals";
 
   /**
-   * The {@link org.apache.commons.collections.functors.EqualPredicate} to delegate operations to
+   * The {@link org.apache.commons.collections4.functors.EqualPredicate} to delegate operations to
    */
-  private final org.apache.commons.collections.functors.EqualPredicate delegate;
+  private final org.apache.commons.collections4.functors.EqualPredicate delegate;
 
   /**
    * Creates a new {@link EqualsPredicate} using the given {@link Map} of data.