IG-21969: Upgrade gRPC version (#650)

* IG-21969: Upgrade gRPC version

This fixes the following security vulnerabilities:
* CVE-2023-1428
* CVE-2023-32731
* CVE-2023-32732

* lint

* Fixes and improvements

---------

Co-authored-by: Gal Topper <galt@iguazio.com>

Author: gtopper

Makefile

@@ -43,7 +43,7 @@ test: test-go test-py
 
 .PHONY: test-go
 test-go:
-	GO111MODULE=on go test -v $(testflags) -timeout 20m ./...
+	GO111MODULE=on go test -v -timeout 20m ./...
 
 .PHONY: test-py
 test-py:
@@ -66,7 +66,7 @@ grpc: grpc-go grpc-py
 
 .PHONY: grpc-go
 grpc-go:
-	protoc frames.proto --go_out=plugins=grpc:pb
+	protoc frames.proto --go_out=pb --go-grpc_out=pb --go-grpc_opt=require_unimplemented_servers=false
 
 .PHONY: grpc-py
 grpc-py:
@@ -129,7 +129,7 @@ frames:
 		--env GOOS=$(GOOS) \
 		--env GOARCH=$(GOARCH) \
 		--env FRAMES_TAG=$(FRAMES_TAG) \
-		golang:1.14 \
+		golang:1.19 \
 		make frames-bin
 
 PHONY: gofmt

backends/backends.go

@@ -107,7 +107,11 @@ func ValidateRequest(backend string, request interface{}, allowedFields map[stri
 	for i := 0; i < reftype.NumField(); i++ {
 		field := reftype.Field(i)
 		fieldName := field.Name
-		fieldValue := reflect.ValueOf(request).Elem().FieldByName(fieldName).Interface()
+		reflectedField := reflect.ValueOf(request).Elem().FieldByName(fieldName)
+		if !reflectedField.CanInterface() {
+			continue
+		}
+		fieldValue := reflectedField.Interface()
 		zeroValue := reflect.Zero(field.Type).Interface()
 		if !globalRequestFieldsByRequestType[reftype][fieldName] && !allowedFields[fieldName] && !reflect.DeepEqual(fieldValue, zeroValue) {
 			return errors.Errorf("%s cannot be used as an argument to a %s to %s backend", fieldName, reftype.Name(), backend)

clients/py/requirements.txt

@@ -1,7 +1,5 @@
 googleapis-common-protos>=1.5.3
-# grpcio 1.34.0 must not be used as it segfaults (1.34.1 ok).
-# grpcio 1.49 breaks binary compatibility, because it upgrades protobuf from 3.x to 4.x.
-grpcio-tools>=1.30,!=1.34.0,<1.49
-grpcio>=1.30,!=1.34.0,<1.49
+grpcio-tools~=1.49
+grpcio~=1.49
 pandas>=0.23.4
 requests>=2.19.1

clients/py/tests/test_integration.py

@@ -176,7 +176,7 @@ def compare_dfs(df1, df2, backend):
         col2 = df2[name].sort_index()
         assert len(col1) == len(col2), \
             '{}: column {} size mismatch'.format(backend, name)
-        if col1.dtype == np.float:
+        if col1.dtype == float:
             ok = np.allclose(col1.values, col2.values)
         else:
             ok = col1.equals(col2)

clients/py/tests/test_pbutils.py

@@ -28,7 +28,7 @@ def test_encode_df():
 
     df = pd.read_csv('{}/weather.csv'.format(here))
     df['STATION_CAT'] = df['STATION'].astype('category')
-    df['WDF2_F'] = df['WDF2'].astype(np.float)
+    df['WDF2_F'] = df['WDF2'].astype(float)
     msg = pbutils.df2msg(df, labels)
 
     names = [col.name for col in msg.columns]