From 93829cada7d9923187b94f1dc673091cf9b4584b Mon Sep 17 00:00:00 2001
From: vburlachenko <slaboezveno3@gmail.com>
Date: Mon, 8 Apr 2024 17:45:12 +0300
Subject: [PATCH 1/2] added env variable filtering.groovy.enabled which allows
 to enable/disable groovy script executions

---
 .../ui/controller/MessagesController.java     |  7 ++++++
 .../ui/serdes/builtin/ProtobufFileSerde.java  |  8 ++++++-
 .../ui/util/DynamicConfigOperations.java      | 13 +++++++++++
 pom.xml                                       | 22 ++++++++++++++-----
 4 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/controller/MessagesController.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/controller/MessagesController.java
index 32d341e6134..50b36e14703 100644
--- a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/controller/MessagesController.java
+++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/controller/MessagesController.java
@@ -24,6 +24,7 @@
 import com.provectus.kafka.ui.model.rbac.permission.TopicAction;
 import com.provectus.kafka.ui.service.DeserializationService;
 import com.provectus.kafka.ui.service.MessagesService;
+import com.provectus.kafka.ui.util.DynamicConfigOperations;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -31,6 +32,7 @@
 import javax.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.tuple.Pair;
 import org.apache.kafka.common.TopicPartition;
 import org.springframework.http.ResponseEntity;
@@ -47,6 +49,7 @@ public class MessagesController extends AbstractController implements MessagesAp
 
   private final MessagesService messagesService;
   private final DeserializationService deserializationService;
+  private final DynamicConfigOperations dynamicConfigOperations;
 
   @Override
   public Mono<ResponseEntity<Void>> deleteTopicMessages(
@@ -94,6 +97,10 @@ public Mono<ResponseEntity<Flux<TopicMessageEventDTO>>> getTopicMessages(String
         .topicActions(MESSAGES_READ)
         .operationName("getTopicMessages");
 
+    if (StringUtils.isNoneEmpty(q) && MessageFilterTypeDTO.GROOVY_SCRIPT == filterQueryType) {
+      dynamicConfigOperations.checkIfFilteringGroovyEnabled();
+    }
+
     if (auditService.isAuditTopic(getCluster(clusterName), topicName)) {
       contextBuilder.auditActions(AuditAction.VIEW);
     }
diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/serdes/builtin/ProtobufFileSerde.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/serdes/builtin/ProtobufFileSerde.java
index 05809e26912..5eda42534a0 100644
--- a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/serdes/builtin/ProtobufFileSerde.java
+++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/serdes/builtin/ProtobufFileSerde.java
@@ -364,7 +364,8 @@ private Map<String, ProtoFile> knownProtoFiles() {
           loadKnownProtoFile("google/protobuf/struct.proto", StructProto.getDescriptor()),
           loadKnownProtoFile("google/protobuf/timestamp.proto", TimestampProto.getDescriptor()),
           loadKnownProtoFile("google/protobuf/type.proto", TypeProto.getDescriptor()),
-          loadKnownProtoFile("google/protobuf/wrappers.proto", WrappersProto.getDescriptor())
+          loadKnownProtoFile("google/protobuf/wrappers.proto", WrappersProto.getDescriptor()),
+          loadKnownProtoFile("wire/extensions.proto")
       ).collect(Collectors.toMap(p -> p.getLocation().getPath(), p -> p));
     }
 
@@ -381,6 +382,11 @@ private ProtoFile loadKnownProtoFile(String path, Descriptors.FileDescriptor fil
       return ProtoFile.Companion.get(ProtoParser.Companion.parse(Location.get(path), protoFileString));
     }
 
+    private ProtoFile loadKnownProtoFile(String path) {
+      return ProtoFile.Companion.get(ProtoFileElement.empty(path));
+    }
+
+
     private Loader createFilesLoader(Map<String, ProtoFile> files) {
       return new Loader() {
         @Override
diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/util/DynamicConfigOperations.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/util/DynamicConfigOperations.java
index 9b1e5017ba8..2a5532ca76a 100644
--- a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/util/DynamicConfigOperations.java
+++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/util/DynamicConfigOperations.java
@@ -45,6 +45,7 @@
 public class DynamicConfigOperations {
 
   static final String DYNAMIC_CONFIG_ENABLED_ENV_PROPERTY = "dynamic.config.enabled";
+  static final String FILTERING_GROOVY_ENABLED_PROPERTY = "filtering.groovy.enabled";
   static final String DYNAMIC_CONFIG_PATH_ENV_PROPERTY = "dynamic.config.path";
   static final String DYNAMIC_CONFIG_PATH_ENV_PROPERTY_DEFAULT = "/etc/kafkaui/dynamic_config.yaml";
 
@@ -64,6 +65,10 @@ public boolean dynamicConfigEnabled() {
     return "true".equalsIgnoreCase(ctx.getEnvironment().getProperty(DYNAMIC_CONFIG_ENABLED_ENV_PROPERTY));
   }
 
+  public boolean filteringGroovyEnabled() {
+    return "true".equalsIgnoreCase(ctx.getEnvironment().getProperty(FILTERING_GROOVY_ENABLED_PROPERTY));
+  }
+
   private Path dynamicConfigFilePath() {
     return Paths.get(
         Optional.ofNullable(ctx.getEnvironment().getProperty(DYNAMIC_CONFIG_PATH_ENV_PROPERTY))
@@ -147,6 +152,14 @@ public Mono<Path> uploadConfigRelatedFile(FilePart file) {
         .onErrorMap(th -> new FileUploadException(targetFilePath, th));
   }
 
+  public void checkIfFilteringGroovyEnabled() {
+    if (!filteringGroovyEnabled()) {
+      throw new ValidationException(
+              "Groovy filters is not allowed. "
+                      + "Set filtering.groovy.enabled property to 'true' to enabled it.");
+    }
+  }
+
   private void checkIfDynamicConfigEnabled() {
     if (!dynamicConfigEnabled()) {
       throw new ValidationException(
diff --git a/pom.xml b/pom.xml
index aa02a56f0e9..e3af3248a94 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,28 +24,30 @@
         <antlr4-maven-plugin.version>4.12.0</antlr4-maven-plugin.version>
         <apache.commons.version>2.11.1</apache.commons.version>
         <assertj.version>3.19.0</assertj.version>
-        <avro.version>1.11.1</avro.version>
+        <avro.version>1.11.3</avro.version>
         <byte-buddy.version>1.12.19</byte-buddy.version>
         <confluent.version>7.4.0</confluent.version>
         <datasketches-java.version>3.1.0</datasketches-java.version>
         <groovy.version>3.0.13</groovy.version>
         <jackson.version>2.14.0</jackson.version>
-        <kafka-clients.version>3.5.0</kafka-clients.version>
+        <kafka-clients.version>3.5.2</kafka-clients.version>
         <org.mapstruct.version>1.5.5.Final</org.mapstruct.version>
         <org.projectlombok.version>1.18.24</org.projectlombok.version>
         <protobuf-java.version>3.23.3</protobuf-java.version>
         <scala-lang.library.version>2.13.9</scala-lang.library.version>
         <snakeyaml.version>2.0</snakeyaml.version>
-        <spring-boot.version>3.1.3</spring-boot.version>
+        <spring-boot.version>3.1.9</spring-boot.version>
         <kafka-ui-serde-api.version>1.0.0</kafka-ui-serde-api.version>
         <odd-oddrn-generator.version>0.1.17</odd-oddrn-generator.version>
         <odd-oddrn-client.version>0.1.26</odd-oddrn-client.version>
-        <org.json.version>20230227</org.json.version>
+        <org.json.version>20231013</org.json.version>
+        <dev.cel.version>0.3.0</dev.cel.version>
+        <guava.version>31.0.1-jre</guava.version>
 
         <!-- Test dependency versions -->
         <junit.version>5.9.1</junit.version>
         <mockito.version>5.3.1</mockito.version>
-        <okhttp3.mockwebserver.version>4.10.0</okhttp3.mockwebserver.version>
+        <okhttp3.mockwebserver.version>4.12.0</okhttp3.mockwebserver.version>
         <testcontainers.version>1.17.5</testcontainers.version>
 
         <!-- Frontend dependency versions -->
@@ -129,6 +131,16 @@
                 <artifactId>protobuf-java</artifactId>
                 <version>${protobuf-java.version}</version>
             </dependency>
+            <dependency>
+                <groupId>dev.cel</groupId>
+                <artifactId>cel</artifactId>
+                <version>${dev.cel.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>com.google.guava</groupId>
+                <artifactId>guava</artifactId>
+                <version>${guava.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.junit</groupId>
                 <artifactId>junit-bom</artifactId>

From 081205b51174aec554be5c38e3a34a17254ac9b2 Mon Sep 17 00:00:00 2001
From: vburlachenko <slaboezveno3@gmail.com>
Date: Mon, 8 Apr 2024 20:08:26 +0300
Subject: [PATCH 2/2] added env variable filtering.groovy.enabled which allows
 to enable/disable groovy script executions

---
 .../ui/serdes/builtin/ProtobufFileSerde.java  |  8 +------
 pom.xml                                       | 22 +++++--------------
 2 files changed, 6 insertions(+), 24 deletions(-)

diff --git a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/serdes/builtin/ProtobufFileSerde.java b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/serdes/builtin/ProtobufFileSerde.java
index 5eda42534a0..05809e26912 100644
--- a/kafka-ui-api/src/main/java/com/provectus/kafka/ui/serdes/builtin/ProtobufFileSerde.java
+++ b/kafka-ui-api/src/main/java/com/provectus/kafka/ui/serdes/builtin/ProtobufFileSerde.java
@@ -364,8 +364,7 @@ private Map<String, ProtoFile> knownProtoFiles() {
           loadKnownProtoFile("google/protobuf/struct.proto", StructProto.getDescriptor()),
           loadKnownProtoFile("google/protobuf/timestamp.proto", TimestampProto.getDescriptor()),
           loadKnownProtoFile("google/protobuf/type.proto", TypeProto.getDescriptor()),
-          loadKnownProtoFile("google/protobuf/wrappers.proto", WrappersProto.getDescriptor()),
-          loadKnownProtoFile("wire/extensions.proto")
+          loadKnownProtoFile("google/protobuf/wrappers.proto", WrappersProto.getDescriptor())
       ).collect(Collectors.toMap(p -> p.getLocation().getPath(), p -> p));
     }
 
@@ -382,11 +381,6 @@ private ProtoFile loadKnownProtoFile(String path, Descriptors.FileDescriptor fil
       return ProtoFile.Companion.get(ProtoParser.Companion.parse(Location.get(path), protoFileString));
     }
 
-    private ProtoFile loadKnownProtoFile(String path) {
-      return ProtoFile.Companion.get(ProtoFileElement.empty(path));
-    }
-
-
     private Loader createFilesLoader(Map<String, ProtoFile> files) {
       return new Loader() {
         @Override
diff --git a/pom.xml b/pom.xml
index e3af3248a94..aa02a56f0e9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,30 +24,28 @@
         <antlr4-maven-plugin.version>4.12.0</antlr4-maven-plugin.version>
         <apache.commons.version>2.11.1</apache.commons.version>
         <assertj.version>3.19.0</assertj.version>
-        <avro.version>1.11.3</avro.version>
+        <avro.version>1.11.1</avro.version>
         <byte-buddy.version>1.12.19</byte-buddy.version>
         <confluent.version>7.4.0</confluent.version>
         <datasketches-java.version>3.1.0</datasketches-java.version>
         <groovy.version>3.0.13</groovy.version>
         <jackson.version>2.14.0</jackson.version>
-        <kafka-clients.version>3.5.2</kafka-clients.version>
+        <kafka-clients.version>3.5.0</kafka-clients.version>
         <org.mapstruct.version>1.5.5.Final</org.mapstruct.version>
         <org.projectlombok.version>1.18.24</org.projectlombok.version>
         <protobuf-java.version>3.23.3</protobuf-java.version>
         <scala-lang.library.version>2.13.9</scala-lang.library.version>
         <snakeyaml.version>2.0</snakeyaml.version>
-        <spring-boot.version>3.1.9</spring-boot.version>
+        <spring-boot.version>3.1.3</spring-boot.version>
         <kafka-ui-serde-api.version>1.0.0</kafka-ui-serde-api.version>
         <odd-oddrn-generator.version>0.1.17</odd-oddrn-generator.version>
         <odd-oddrn-client.version>0.1.26</odd-oddrn-client.version>
-        <org.json.version>20231013</org.json.version>
-        <dev.cel.version>0.3.0</dev.cel.version>
-        <guava.version>31.0.1-jre</guava.version>
+        <org.json.version>20230227</org.json.version>
 
         <!-- Test dependency versions -->
         <junit.version>5.9.1</junit.version>
         <mockito.version>5.3.1</mockito.version>
-        <okhttp3.mockwebserver.version>4.12.0</okhttp3.mockwebserver.version>
+        <okhttp3.mockwebserver.version>4.10.0</okhttp3.mockwebserver.version>
         <testcontainers.version>1.17.5</testcontainers.version>
 
         <!-- Frontend dependency versions -->
@@ -131,16 +129,6 @@
                 <artifactId>protobuf-java</artifactId>
                 <version>${protobuf-java.version}</version>
             </dependency>
-            <dependency>
-                <groupId>dev.cel</groupId>
-                <artifactId>cel</artifactId>
-                <version>${dev.cel.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.google.guava</groupId>
-                <artifactId>guava</artifactId>
-                <version>${guava.version}</version>
-            </dependency>
             <dependency>
                 <groupId>org.junit</groupId>
                 <artifactId>junit-bom</artifactId>