From 9cef2aa75d1d8a2b3c13a7bbb0adc4ba609812f3 Mon Sep 17 00:00:00 2001
From: Sean Kao <seankao@amazon.com>
Date: Thu, 11 May 2023 15:28:18 -0700
Subject: [PATCH] Patch 1.3 MED+ CVE's (#1626)

* Update Spring to 5.3.27 for CVE-2023-20863

Signed-off-by: Sean Kao <seankao@amazon.com>

* Update wiremock to 3.0.0-beta-7 for CVE-2023-1370

Signed-off-by: Sean Kao <seankao@amazon.com>

* Update checkstyle to 8.45.1 for CVE's

Change subprojects to allprojects to enforce root using same version
Patched CVE's:
* CVE-2019-10782
* CVE-2020-8908

And fix style violations

Signed-off-by: Sean Kao <seankao@amazon.com>

---------

Signed-off-by: Sean Kao <seankao@amazon.com>
---
 build.gradle                                      |  6 +++---
 config/checkstyle/google_checks.xml               |  2 +-
 .../org/opensearch/sql/analysis/AnalyzerTest.java |  8 ++++----
 .../logical/LogicalPlanNodeVisitorTest.java       |  4 ++--
 .../storage/script/core/ExpressionScript.java     |  2 +-
 .../OpenSearchExecutionProtectorTest.java         | 15 ++++++++-------
 .../sql/protocol/response/format/Format.java      |  1 +
 sql-jdbc/build.gradle                             |  2 +-
 8 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/build.gradle b/build.gradle
index 04095ba886..5c4852cbd5 100644
--- a/build.gradle
+++ b/build.gradle
@@ -7,7 +7,7 @@
 buildscript {
     ext {
         opensearch_version = System.getProperty("opensearch.version", "1.3.10-SNAPSHOT")
-        spring_version = "5.3.25"
+        spring_version = "5.3.27"
     }
 
     repositories {
@@ -119,11 +119,11 @@ jacocoTestCoverageVerification {
 check.dependsOn jacocoTestCoverageVerification
 
 // TODO: fix code style in main and test source code
-subprojects {
+allprojects {
     apply plugin: 'checkstyle'
     checkstyle {
         configFile rootProject.file("config/checkstyle/google_checks.xml")
-        toolVersion "8.29"
+        toolVersion "8.45.1"
         configProperties = [
                 "org.checkstyle.google.suppressionfilter.config": rootProject.file("config/checkstyle/suppressions.xml")]
         ignoreFailures = false
diff --git a/config/checkstyle/google_checks.xml b/config/checkstyle/google_checks.xml
index 28a15230b5..a0c7d90fd9 100644
--- a/config/checkstyle/google_checks.xml
+++ b/config/checkstyle/google_checks.xml
@@ -279,7 +279,7 @@
                 value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF, METHOD_DEF, CTOR_DEF, VARIABLE_DEF"/>
     </module>
     <module name="JavadocMethod">
-      <property name="scope" value="public"/>
+      <property name="accessModifiers" value="public"/>
       <property name="allowMissingParamTags" value="true"/>
       <property name="allowMissingReturnTag" value="true"/>
       <property name="allowedAnnotations" value="Override, Test"/>
diff --git a/core/src/test/java/org/opensearch/sql/analysis/AnalyzerTest.java b/core/src/test/java/org/opensearch/sql/analysis/AnalyzerTest.java
index fde22f2485..8640a7074a 100644
--- a/core/src/test/java/org/opensearch/sql/analysis/AnalyzerTest.java
+++ b/core/src/test/java/org/opensearch/sql/analysis/AnalyzerTest.java
@@ -714,10 +714,10 @@ public void kmeanns_relation() {
   public void ad_batchRCF_relation() {
     Map<String, Literal> argumentMap =
             new HashMap<String, Literal>() {{
-        put("shingle_size", new Literal(8, DataType.INTEGER));
-        put("time_decay", new Literal(0.0001, DataType.DOUBLE));
-        put("time_field", new Literal(null, DataType.STRING));
-      }};
+                put("shingle_size", new Literal(8, DataType.INTEGER));
+                put("time_decay", new Literal(0.0001, DataType.DOUBLE));
+                put("time_field", new Literal(null, DataType.STRING));
+            }};
     assertAnalyzeEqual(
             new LogicalAD(LogicalPlanDSL.relation("schema"), argumentMap),
             new AD(AstDSL.relation("schema"), argumentMap)
diff --git a/core/src/test/java/org/opensearch/sql/planner/logical/LogicalPlanNodeVisitorTest.java b/core/src/test/java/org/opensearch/sql/planner/logical/LogicalPlanNodeVisitorTest.java
index 1b8d606211..c7b822dae0 100644
--- a/core/src/test/java/org/opensearch/sql/planner/logical/LogicalPlanNodeVisitorTest.java
+++ b/core/src/test/java/org/opensearch/sql/planner/logical/LogicalPlanNodeVisitorTest.java
@@ -124,8 +124,8 @@ public void testAbstractPlanNodeVisitorShouldReturnNull() {
               put("shingle_size", new Literal(8, DataType.INTEGER));
               put("time_decay", new Literal(0.0001, DataType.DOUBLE));
               put("time_field", new Literal(null, DataType.STRING));
-        }
-      });
+            }
+        });
     assertNull(ad.accept(new LogicalPlanNodeVisitor<Integer, Object>() {
     }, null));
   }
diff --git a/opensearch/src/main/java/org/opensearch/sql/opensearch/storage/script/core/ExpressionScript.java b/opensearch/src/main/java/org/opensearch/sql/opensearch/storage/script/core/ExpressionScript.java
index 116d196fc3..acf147b975 100644
--- a/opensearch/src/main/java/org/opensearch/sql/opensearch/storage/script/core/ExpressionScript.java
+++ b/opensearch/src/main/java/org/opensearch/sql/opensearch/storage/script/core/ExpressionScript.java
@@ -71,7 +71,7 @@ public ExpressionScript(Expression expression) {
    * Evaluate on the doc generate by the doc provider.
    * @param docProvider doc provider.
    * @param evaluator evaluator
-   * @return
+   * @return expr value
    */
   public ExprValue execute(Supplier<Map<String, ScriptDocValues<?>>> docProvider,
                          BiFunction<Expression,
diff --git a/opensearch/src/test/java/org/opensearch/sql/opensearch/executor/protector/OpenSearchExecutionProtectorTest.java b/opensearch/src/test/java/org/opensearch/sql/opensearch/executor/protector/OpenSearchExecutionProtectorTest.java
index 2427ac4fe5..34216e8098 100644
--- a/opensearch/src/test/java/org/opensearch/sql/opensearch/executor/protector/OpenSearchExecutionProtectorTest.java
+++ b/opensearch/src/test/java/org/opensearch/sql/opensearch/executor/protector/OpenSearchExecutionProtectorTest.java
@@ -277,13 +277,14 @@ public void testVisitAD() {
     NodeClient nodeClient = mock(NodeClient.class);
     ADOperator adOperator =
             new ADOperator(
-                    values(emptyList()),
-                    new HashMap<String, Literal>() {{
-          put("shingle_size", new Literal(8, DataType.INTEGER));
-          put("time_decay", new Literal(0.0001, DataType.DOUBLE));
-          put("time_field", new Literal(null, DataType.STRING));
-        }
-      }, nodeClient);
+                values(emptyList()),
+                new HashMap<String, Literal>() {{
+                    put("shingle_size", new Literal(8, DataType.INTEGER));
+                    put("time_decay", new Literal(0.0001, DataType.DOUBLE));
+                    put("time_field", new Literal(null, DataType.STRING));
+                }},
+                nodeClient
+            );
 
     assertEquals(executionProtector.doProtect(adOperator),
             executionProtector.visitAD(adOperator, null));
diff --git a/protocol/src/main/java/org/opensearch/sql/protocol/response/format/Format.java b/protocol/src/main/java/org/opensearch/sql/protocol/response/format/Format.java
index 2ba08747b4..4291c09df0 100644
--- a/protocol/src/main/java/org/opensearch/sql/protocol/response/format/Format.java
+++ b/protocol/src/main/java/org/opensearch/sql/protocol/response/format/Format.java
@@ -24,6 +24,7 @@ public enum Format {
   private final String formatName;
 
   private static final Map<String, Format> ALL_FORMATS;
+
   static {
     ImmutableMap.Builder<String, Format> builder = new ImmutableMap.Builder<>();
     for (Format format : Format.values()) {
diff --git a/sql-jdbc/build.gradle b/sql-jdbc/build.gradle
index 1f8c2bd299..ffbb4b8d0d 100644
--- a/sql-jdbc/build.gradle
+++ b/sql-jdbc/build.gradle
@@ -51,7 +51,7 @@ dependencies {
 
     testImplementation('org.junit.jupiter:junit-jupiter-api:5.3.1')
     testImplementation('org.junit.jupiter:junit-jupiter-params:5.3.1')
-    testImplementation('com.github.tomakehurst:wiremock:3.0.0-beta-2')
+    testImplementation('com.github.tomakehurst:wiremock:3.0.0-beta-7')
     testImplementation('org.mockito:mockito-core:2.23.0')
     testImplementation('org.junit.jupiter:junit-jupiter-engine:5.3.1')
     testImplementation('org.junit-pioneer:junit-pioneer:0.3.0')