Merge branch 'master' into SNOW-871839_fix_snyk_permissions

.github/workflows/build-test.yml

@@ -114,7 +114,7 @@ jobs:
         strategy:
             fail-fast: false
             matrix:
-                image: [ 'nodejs-centos7-node14']
+                image: [ 'nodejs-centos7-node14', 'nodejs-centos7-fips']
                 cloud: [ 'AWS', 'AZURE', 'GCP' ]
         steps:
             - uses: actions/checkout@v1

.npmignore

@@ -13,6 +13,7 @@ snowflake-sdk*.tgz
 coverage
 system_test/
 scripts/
+samples/
 ci/
 .github/
 .eslintrc.js

ci/image/Dockerfile.nodejs-centos7-fips-test

@@ -35,29 +35,49 @@ SHELL [ "/usr/bin/scl", "enable", "devtoolset-8"]
 
 # node-fips environment variables
 ENV NODE_HOME $HOME/node
-ENV NODEJS_VERSION 14.0.0
-ENV FIPSDIR $HOME/install-openssl-fips
-ENV OPENSSL_VERSION 2.0.16
+ENV NODEJS_VERSION 18.17.0
+ENV OPENSSL_VERSION 3.0.8
+ENV PKG_CONFIG_PATH "/usr/local/lib64/pkgconfig"
+ENV LD_LIBRARY_PATH "${LD_LIBRARY_PATH}:/usr/local/lib64"
+ENV OPENSSL_CONF /usr/local/ssl/openssl.cnf
+ENV FIPSCONF /usr/local/ssl/fipsmodule.cnf
+ENV OPENSSL_MODULES=/usr/local/lib64/ossl-modules
 
-# Install OpenSSL 
+# Install OpenSSL
 RUN cd $HOME
-RUN curl https://www.openssl.org/source/openssl-fips-$OPENSSL_VERSION.tar.gz -o $HOME/openssl-fips-$OPENSSL_VERSION.tar.gz
+RUN curl https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz -o $HOME/openssl-fips-$OPENSSL_VERSION.tar.gz
 RUN tar -xvf $HOME/openssl-fips-$OPENSSL_VERSION.tar.gz
-RUN mv openssl-fips-$OPENSSL_VERSION $HOME/openssl-fips
+RUN mv openssl-$OPENSSL_VERSION $HOME/openssl-fips
 RUN cd $HOME/openssl-fips
-
+
+# Install OpenSSL dependencies
+RUN yum -y install perl-IPC-Cmd
+RUN yum -y install perl-Digest-SHA
+RUN yum -y install openssl-devel
+
 # You must run ONLY these commands when building the FIPS version of OpenSSL
-RUN cd $HOME/openssl-fips && ./config && make && make install
-
+RUN cd $HOME/openssl-fips && ./config enable-fips && make && make install
+
+# Enable FIPS by editing the openssl.cnf file
+RUN sed -i "s/openssl_conf = openssl_init/nodejs_conf = openssl_init/g" $OPENSSL_CONF
+RUN sed -i "s/# .include fipsmodule.cnf/.include ${FIPSCONF//\//\\/}/g" $OPENSSL_CONF
+RUN sed -i 's/# fips = fips_sect/fips = fips_sect/g' $OPENSSL_CONF
+RUN sed -i 's/# activate = 1/activate = 1/g' $OPENSSL_CONF
+RUN sed -i '55ialg_section = algorithm_sect' $OPENSSL_CONF
+RUN sed -i '75idefault_properties = fips=yes' $OPENSSL_CONF
+RUN sed -i '75i[algorithm_sect]' $OPENSSL_CONF
+
 # Download and build NodeJS
 RUN git clone --branch v$NODEJS_VERSION https://github.com/nodejs/node.git $NODE_HOME
 RUN gcc --version
 RUN g++ --version
-RUN cd $NODE_HOME && ./configure --openssl-fips=$FIPSDIR && make -j2 &> /dev/null && make install
+RUN cd $NODE_HOME && ./configure --shared-openssl --shared-openssl-libpath=/usr/local/lib64 --shared-openssl-includes=/usr/local/include/openssl --openssl-is-fips && make -j2 &> /dev/null && make install
 # Should be $NODEJS_VERSION
 RUN node --version
 # Should be $OPENSSL_VERSION
 RUN node -p "process.versions.openssl"
+# Should be 1 (FIPS is enabled by default)
+RUN node -p 'crypto.getFips()'
 
 # workspace
 RUN mkdir -p /home/user

lib/agent/socket_util.js

@@ -74,6 +74,8 @@ exports.secureSocket = function (socket, host, agent, mock)
     // stop listening for the secure event
     socket.removeListener('secure', validate);
 
+    Logger.getInstance().trace('socket reused = %s', socket.isSessionReused());
+
     // if the server has resumed our existing session, unblock all
     // writes without performing any additional validation
     if (socket.isSessionReused())
@@ -106,8 +108,6 @@ exports.secureSocket = function (socket, host, agent, mock)
         socket.uncork();
       });
     }
-
-    Logger.getInstance().trace('socket reused = %s', socket.isSessionReused());
   };
 
   // when the socket is secure, perform additional validation

lib/connection/result/result.js

@@ -48,7 +48,7 @@ function Result(options) {
 
   data = options.response.data;
 
-  this._statementId = data.queryId;
+  this._queryId = data.queryId;
   this._version = version = String(data.version); // don't rely on the version being a number
   this._returnedRows = data.returned;
   this._totalRows = data.total;
@@ -694,11 +694,23 @@ Result.prototype.getColumn = function (columnIdentifier)
  * Returns the statement id generated by the server for the statement that
  * produced this result.
  *
+ * Should use getQueryId instead.
+ * @deprecated
  * @returns {string}
  */
 Result.prototype.getStatementId = function ()
 {
-  return this._statementId;
+  return this._queryId;
+};
+
+/**
+ * Returns the query id generated by the server for the statement that
+ * produced this result.
+ *
+ * @returns {string}
+ */
+Result.prototype.getQueryId = function () {
+  return this._queryId;
 };
 
 /**

lib/connection/statement.js

@@ -149,13 +149,13 @@ exports.createStatementPostExec = function (
   Errors.checkArgumentValid(Util.isObject(statementOptions),
     ErrorCodes.ERR_CONN_FETCH_RESULT_INVALID_OPTIONS);
 
-  // check for missing statement id
-  Errors.checkArgumentExists(Util.exists(statementOptions.statementId),
-    ErrorCodes.ERR_CONN_FETCH_RESULT_MISSING_STATEMENT_ID);
+  // check for missing query id
+  Errors.checkArgumentExists(Util.exists(statementOptions.queryId),
+    ErrorCodes.ERR_CONN_FETCH_RESULT_MISSING_QUERY_ID);
 
-  // check for invalid statement id
-  Errors.checkArgumentValid(Util.isString(statementOptions.statementId),
-    ErrorCodes.ERR_CONN_FETCH_RESULT_INVALID_STATEMENT_ID);
+  // check for invalid query id
+  Errors.checkArgumentValid(Util.isString(statementOptions.queryId),
+    ErrorCodes.ERR_CONN_FETCH_RESULT_INVALID_QUERY_ID);
 
   // check for invalid complete callback
   var complete = statementOptions.complete;
@@ -199,7 +199,7 @@ exports.createStatementPostExec = function (
   // create a statement context
   var statementContext = createStatementContext();
 
-  statementContext.statementId = statementOptions.statementId;
+  statementContext.queryId = statementOptions.queryId;
   statementContext.complete = complete;
   statementContext.streamResult = statementOptions.streamResult;
   statementContext.fetchAsString = statementOptions.fetchAsString;
@@ -542,17 +542,30 @@ function BaseStatement(
   };
 
   /**
-   * Returns the statement id generated by the server for this statement.
-   * If the statement is still executing and we don't know the statement id
+   * Returns the query id generated by the server for this statement.
+   * If the statement is still executing and we don't know the query id
    * yet, this method will return undefined.
    *
+   * Should use getQueryId instead.
+   * @deprecated 
    * @returns {String}
    */
   this.getStatementId = function ()
   {
-    return context.statementId;
+    return context.queryId;
   };
 
+  /**
+   * Returns the query id generated by the server for this statement.
+   * If the statement is still executing and we don't know the query id
+   * yet, this method will return undefined.
+   *
+   * @returns {String}
+   */
+    this.getQueryId = function () {
+      return context.queryId;
+    };
+
   /**
    * Cancels this statement if possible.
    *
@@ -571,8 +584,8 @@ function BaseStatement(
   context.refresh = function (callback)
   {
     // pick the appropriate function to get the result based on whether we
-    // have the statement id or request id (we should have at least one)
-    var sendRequestFn = context.statementId ?
+    // have the query id or request id (we should have at least one)
+    var sendRequestFn = context.queryId ?
       sendRequestPostExec : sendRequestPreExec;
 
     // the current result error might be transient,
@@ -615,12 +628,12 @@ function BaseStatement(
       // save the error
       context.resultError = err;
 
-      // if we don't have a statement id and we got a response from GS, extract
-      // the statement id from the data
-      if (!context.statementId &&
+      // if we don't have a query id and we got a response from GS, extract
+      // the query id from the data
+      if (!context.queryId &&
         Errors.isOperationFailedError(err) && err.data)
       {
-        context.statementId = err.data.queryId;
+        context.queryId = err.data.queryId;
       }
     }
 
@@ -643,7 +656,7 @@ function BaseStatement(
       Logger.getInstance().debug('refreshed result of statement with %s',
         context.requestId ?
           Util.format('request id = %s', context.requestId) :
-          Util.format('statement id = %s', context.statementId));
+          Util.format('query id = %s', context.queryId));
     }
   };
 
@@ -779,7 +792,7 @@ function createOnStatementRequestSuccRow(statement, context)
         context.isMulti = true;
         context.multiResultIds = this._resultIds;
         context.multiCurId = 0;
-        context.statementId = this._resultIds[context.multiCurId];
+        context.queryId = this._resultIds[context.multiCurId];
         exports.createStatementPostExec(context, context.services, context.connectionConfig);
       }
       else
@@ -793,8 +806,8 @@ function createOnStatementRequestSuccRow(statement, context)
             connectionConfig: context.connectionConfig,
             rowMode: context.rowMode
           });
-        // save the statement id
-        context.statementId = context.result.getStatementId();
+        // save the query id
+        context.queryId = context.result.getQueryId();
       }
     }
     else
@@ -1239,10 +1252,10 @@ function sendCancelStatement(statementContext, statement, callback)
   var url;
   var json;
 
-  // use different rest endpoints based on whether the statement id is available
-  if (statementContext.statementId)
+  // use different rest endpoints based on whether the query id is available
+  if (statementContext.queryId)
   {
-    url = '/queries/' + statementContext.statementId + '/abort-request';
+    url = '/queries/' + statementContext.queryId + '/abort-request';
   }
   else
   {
@@ -1515,7 +1528,7 @@ function sendRequestPostExec(statementContext, onResultAvailable)
       headers: headers,
       url: Url.format(
         {
-          pathname: '/queries/' + statementContext.statementId + '/result',
+          pathname: '/queries/' + statementContext.queryId + '/result',
           search: QueryString.stringify(
             {
               disableOfflineChunks: false
@@ -1619,8 +1632,8 @@ function buildResultRequestCallback(
     }
     else
     {
-      // extract the statement id from the response and save it
-      statementContext.statementId = body.data.queryId;
+      // extract the query id from the response and save it
+      statementContext.queryId = body.data.queryId;
 
       // if the result is not ready yet, extract the result url from the response
       // and issue a GET request to try to fetch the result again
@@ -1708,7 +1721,7 @@ function createNextReuslt(statement, context)
     if(hasNextResult(statement, context))
     {
       context.multiCurId++;
-      context.statementId = context.multiResultIds[context.multiCurId];
+      context.queryId = context.multiResultIds[context.multiCurId];
       exports.createStatementPostExec(context, context.services, context.connectionConfig);
     }
   }

lib/errors.js

@@ -113,8 +113,8 @@ codes.ERR_CONN_EXEC_STMT_INVALID_REQUEST_ID = 409013;
 // 410001
 codes.ERR_CONN_FETCH_RESULT_MISSING_OPTIONS = 410001;
 codes.ERR_CONN_FETCH_RESULT_INVALID_OPTIONS = 410002;
-codes.ERR_CONN_FETCH_RESULT_MISSING_STATEMENT_ID = 410003;
-codes.ERR_CONN_FETCH_RESULT_INVALID_STATEMENT_ID = 410004;
+codes.ERR_CONN_FETCH_RESULT_MISSING_QUERY_ID = 410003;
+codes.ERR_CONN_FETCH_RESULT_INVALID_QUERY_ID = 410004;
 codes.ERR_CONN_FETCH_RESULT_INVALID_COMPLETE = 410005;
 codes.ERR_CONN_FETCH_RESULT_INVALID_STREAM_RESULT = 410006;
 codes.ERR_CONN_FETCH_RESULT_INVALID_FETCH_AS_STRING = 410007;

lib/file_transfer_agent/file_transfer_agent.js

@@ -574,7 +574,6 @@ function file_transfer_agent(context)
       var s3location = SnowflakeS3Util.extractBucketNameAndPath(stageInfo['location']);
 
       await client.getBucketAccelerateConfiguration({ Bucket: s3location.bucketName })
-        .promise()
         .then(function (data)
         {
           useAccelerateEndpoint = data['Status'] == 'Enabled';