feat(dependencies): update grpc (#6429)

avoid CVE-2025-55163,MadeYouReset
 1. bump grpc-java from 1.60.0 to 1.75.0
 2. bump protobuf from 3.25.5 to 3.25.8
 3. add node.rpc.maxRstStream and node.rpc.secondsPerWindow
 4. bump libp2p to 2.2.7-SNAPSHOT

Author: halibobo1205

build.gradle

@@ -126,6 +126,21 @@ subprojects {
             }
         }
     }
+    configurations.configureEach {
+        resolutionStrategy {
+            eachDependency { details ->
+                if (details.requested.group == 'com.google.guava' &&
+                        details.requested.name == 'guava') {
+                    def requestedVersion = details.requested.version
+                    if (requestedVersion.matches(/.*-android$/)) {
+                        def jreVersion = requestedVersion.replaceAll(/-android$/, '-jre')
+                        details.useVersion(jreVersion)
+                        details.because("Automatically replace android guava with jre version: ${requestedVersion} -> ${jreVersion}")
+                    }
+                }
+            }
+        }
+    }
 }
 
 task copyToParent(type: Copy) {

common/build.gradle

@@ -22,7 +22,7 @@ dependencies {
     api 'org.aspectj:aspectjrt:1.9.8'
     api 'org.aspectj:aspectjweaver:1.9.8'
     api 'org.aspectj:aspectjtools:1.9.8'
-    api group: 'io.github.tronprotocol', name: 'libp2p', version: '2.2.6',{
+    api group: 'com.github.tronprotocol', name: 'libp2p', version: 'release-v2.2.7-SNAPSHOT',{
         exclude group: 'io.grpc', module: 'grpc-context'
         exclude group: 'io.grpc', module: 'grpc-core'
         exclude group: 'io.grpc', module: 'grpc-netty'

common/src/main/java/org/tron/common/parameter/CommonParameter.java

@@ -249,6 +249,15 @@ public class CommonParameter {
   @Getter
   @Setter
   public int flowControlWindow;
+  // the positive limit of RST_STREAM frames per connection per period for grpc,
+  // 0 or Integer.MAX_VALUE for unlimited, by default there is no limit.
+  @Getter
+  @Setter
+  public int rpcMaxRstStream;
+  // the positive number of seconds per period for grpc
+  @Getter
+  @Setter
+  public int rpcSecondsPerWindow;
   @Getter
   @Setter
   public long maxConnectionIdleInMillis;

common/src/main/java/org/tron/core/Constant.java

@@ -163,6 +163,8 @@ public class Constant {
   public static final String NODE_RPC_MAX_CONCURRENT_CALLS_PER_CONNECTION = "node.rpc.maxConcurrentCallsPerConnection";
   public static final String NODE_RPC_FLOW_CONTROL_WINDOW = "node.rpc.flowControlWindow";
   public static final String NODE_RPC_MAX_CONNECTION_IDLE_IN_MILLIS = "node.rpc.maxConnectionIdleInMillis";
+  public static final String NODE_RPC_MAX_RST_STREAM = "node.rpc.maxRstStream";
+  public static final String NODE_RPC_SECONDS_PER_WINDOW = "node.rpc.secondsPerWindow";
   public static final String NODE_PRODUCED_TIMEOUT = "node.blockProducedTimeOut";
   public static final String NODE_MAX_HTTP_CONNECT_NUMBER = "node.maxHttpConnectNumber";
 

framework/src/main/java/org/tron/common/application/RpcService.java

@@ -88,6 +88,10 @@ protected NettyServerBuilder initServerBuilder() {
         .maxConnectionAge(parameter.getMaxConnectionAgeInMillis(), TimeUnit.MILLISECONDS)
         .maxInboundMessageSize(parameter.getMaxMessageSize())
         .maxHeaderListSize(parameter.getMaxHeaderListSize());
+    if (parameter.getRpcMaxRstStream() > 0 && parameter.getRpcSecondsPerWindow() > 0) {
+      serverBuilder.maxRstFramesPerWindow(
+          parameter.getRpcMaxRstStream(), parameter.getRpcSecondsPerWindow());
+    }
 
     if (parameter.isRpcReflectionServiceEnable()) {
       serverBuilder.addService(ProtoReflectionService.newInstance());

framework/src/main/java/org/tron/core/config/args/Args.java

@@ -251,6 +251,8 @@ public static void clearParam() {
     PARAMETER.allowTvmCancun = 0;
     PARAMETER.allowTvmBlob = 0;
     PARAMETER.allowTvmSelfdestructRestriction = 0;
+    PARAMETER.rpcMaxRstStream = 0;
+    PARAMETER.rpcSecondsPerWindow = 0;
   }
 
   /**
@@ -723,6 +725,12 @@ public static void setParam(final Config config) {
     PARAMETER.flowControlWindow = config.hasPath(Constant.NODE_RPC_FLOW_CONTROL_WINDOW)
         ? config.getInt(Constant.NODE_RPC_FLOW_CONTROL_WINDOW)
         : NettyServerBuilder.DEFAULT_FLOW_CONTROL_WINDOW;
+    if (config.hasPath(Constant.NODE_RPC_MAX_RST_STREAM)) {
+      PARAMETER.rpcMaxRstStream = config.getInt(Constant.NODE_RPC_MAX_RST_STREAM);
+    }
+    if (config.hasPath(Constant.NODE_RPC_SECONDS_PER_WINDOW)) {
+      PARAMETER.rpcSecondsPerWindow = config.getInt(Constant.NODE_RPC_SECONDS_PER_WINDOW);
+    }
 
     PARAMETER.maxConnectionIdleInMillis =
         config.hasPath(Constant.NODE_RPC_MAX_CONNECTION_IDLE_IN_MILLIS)

framework/src/test/java/org/tron/common/ParameterTest.java

@@ -129,6 +129,12 @@ public void testCommonParameter() {
     assertEquals(10, parameter.getMaxConcurrentCallsPerConnection());
     parameter.setFlowControlWindow(20);
     assertEquals(20, parameter.getFlowControlWindow());
+    assertEquals(0, parameter.getRpcMaxRstStream());
+    parameter.setRpcMaxRstStream(10);
+    assertEquals(10, parameter.getRpcMaxRstStream());
+    assertEquals(0, parameter.getRpcSecondsPerWindow());
+    parameter.setRpcSecondsPerWindow(5);
+    assertEquals(5, parameter.getRpcSecondsPerWindow());
     parameter.setMaxConnectionIdleInMillis(1000);
     assertEquals(1000, parameter.getMaxConnectionIdleInMillis());
     parameter.setBlockProducedTimeOut(500);

framework/src/test/java/org/tron/core/services/RpcApiServicesTest.java

@@ -12,6 +12,7 @@
 import java.io.IOException;
 import java.util.Objects;
 import org.junit.AfterClass;
+import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.FixMethodOrder;
@@ -131,6 +132,8 @@ public class RpcApiServicesTest {
   @BeforeClass
   public static void init() throws IOException {
     Args.setParam(new String[]{"-d", temporaryFolder.newFolder().toString()}, Constant.TEST_CONF);
+    Assert.assertEquals(5, getInstance().getRpcMaxRstStream());
+    Assert.assertEquals(10, getInstance().getRpcSecondsPerWindow());
     String OWNER_ADDRESS = Wallet.getAddressPreFixString()
         + "548794500882809695a8a687866e76d4271a1abc";
     getInstance().setRpcEnable(true);

framework/src/test/resources/config-test.conf

@@ -209,6 +209,8 @@ node {
 
     # The switch of the reflection service, effective for all gRPC services
     reflectionService = true
+    maxRstStream = 5
+    secondsPerWindow = 10
   }
 
 }