[Backport 2.x] Update dependency com.pinterest:ktlint to 0.47.1 and fix CVE-2023-6378 for common-utils (opensearch-project#588)

* add logback-classic for CVE-2023-6378

Signed-off-by: Joanne Wang <jowg@amazon.com>

* updated com.pinterest:ktlint to v0.47.1

Signed-off-by: jowg-amazon <jowg@amazon.com>

* ran ./gradlew ktlintformat

Signed-off-by: jowg-amazon <jowg@amazon.com>

---------

Signed-off-by: Joanne Wang <jowg@amazon.com>
Signed-off-by: jowg-amazon <jowg@amazon.com>
Signed-off-by: AWSHurneyt <hurneyt@amazon.com>

Author: jowg-amazon

build.gradle

@@ -66,7 +66,12 @@ apply plugin: 'opensearch.repositories'
 apply from: 'build-tools/opensearchplugin-coverage.gradle'
 
 configurations {
-    ktlint
+    ktlint {
+      resolutionStrategy {
+          force "ch.qos.logback:logback-classic:1.3.14"
+          force "ch.qos.logback:logback-core:1.3.14"
+      }
+   }
 }
 
 dependencies {
@@ -86,7 +91,7 @@ dependencies {
     testImplementation "commons-validator:commons-validator:1.7"
     testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.7.2'
 
-    ktlint "com.pinterest:ktlint:0.44.0"
+    ktlint "com.pinterest:ktlint:0.47.1"
 }
 
 test {
@@ -226,4 +231,4 @@ task updateVersion {
         // Include the required files that needs to be updated with new Version
         ant.replaceregexp(file:'build.gradle', match: '"opensearch.version", "\\d.*"', replace: '"opensearch.version", "' + newVersion.tokenize('-')[0] + '-SNAPSHOT"', flags:'g', byline:true)
     }
-}
+}

src/main/kotlin/org/opensearch/commons/alerting/action/AcknowledgeChainedAlertRequest.kt

@@ -19,7 +19,7 @@ class AcknowledgeChainedAlertRequest : ActionRequest {
 
     constructor(
         workflowId: String,
-        alertIds: List<String>,
+        alertIds: List<String>
     ) : super() {
         this.workflowId = workflowId
         this.alertIds = alertIds
@@ -28,7 +28,7 @@ class AcknowledgeChainedAlertRequest : ActionRequest {
     @Throws(IOException::class)
     constructor(sin: StreamInput) : this(
         sin.readString(), // workflowId
-        Collections.unmodifiableList(sin.readStringList()), // alertIds
+        Collections.unmodifiableList(sin.readStringList()) // alertIds
     )
 
     override fun validate(): ActionRequestValidationException? {

src/main/kotlin/org/opensearch/commons/alerting/action/AlertingActions.kt

@@ -29,6 +29,7 @@ object AlertingActions {
     @JvmField
     val INDEX_WORKFLOW_ACTION_TYPE =
         ActionType(INDEX_WORKFLOW_ACTION_NAME, ::IndexWorkflowResponse)
+
     @JvmField
     val GET_ALERTS_ACTION_TYPE =
         ActionType(GET_ALERTS_ACTION_NAME, ::GetAlertsResponse)
@@ -48,6 +49,7 @@ object AlertingActions {
     @JvmField
     val DELETE_WORKFLOW_ACTION_TYPE =
         ActionType(DELETE_WORKFLOW_ACTION_NAME, ::DeleteWorkflowResponse)
+
     @JvmField
     val GET_FINDINGS_ACTION_TYPE =
         ActionType(GET_FINDINGS_ACTION_NAME, ::GetFindingsResponse)

src/main/kotlin/org/opensearch/commons/alerting/action/DeleteWorkflowRequest.kt

@@ -9,6 +9,7 @@ import java.io.IOException
 class DeleteWorkflowRequest : ActionRequest {
 
     val workflowId: String
+
     /**
      * Flag that indicates whether the delegate monitors should be deleted or not.
      * If the flag is set to true, Delegate monitors will be deleted only in the case when they are part of the specified workflow and no other.

src/main/kotlin/org/opensearch/commons/alerting/action/GetMonitorRequest.kt

@@ -38,7 +38,9 @@ class GetMonitorRequest : ActionRequest {
         sin.readEnum(RestRequest.Method::class.java), // method
         if (sin.readBoolean()) {
             FetchSourceContext(sin) // srcContext
-        } else null
+        } else {
+            null
+        }
     )
 
     override fun validate(): ActionRequestValidationException? {

src/main/kotlin/org/opensearch/commons/alerting/action/GetMonitorResponse.kt

@@ -32,7 +32,7 @@ class GetMonitorResponse : BaseResponse {
         seqNo: Long,
         primaryTerm: Long,
         monitor: Monitor?,
-        associatedCompositeMonitors: List<AssociatedWorkflow>?,
+        associatedCompositeMonitors: List<AssociatedWorkflow>?
     ) : super() {
         this.id = id
         this.version = version
@@ -50,8 +50,10 @@ class GetMonitorResponse : BaseResponse {
         primaryTerm = sin.readLong(), // primaryTerm
         monitor = if (sin.readBoolean()) {
             Monitor.readFrom(sin) // monitor
-        } else null,
-        associatedCompositeMonitors = sin.readList((AssociatedWorkflow)::readFrom),
+        } else {
+            null
+        },
+        associatedCompositeMonitors = sin.readList((AssociatedWorkflow)::readFrom)
     )
 
     @Throws(IOException::class)

src/main/kotlin/org/opensearch/commons/alerting/action/GetWorkflowAlertsRequest.kt

@@ -27,7 +27,7 @@ class GetWorkflowAlertsRequest : ActionRequest {
         monitorIds: List<String>? = null,
         workflowIds: List<String>? = null,
         alertIds: List<String>? = null,
-        getAssociatedAlerts: Boolean,
+        getAssociatedAlerts: Boolean
     ) : super() {
         this.table = table
         this.severityLevel = severityLevel

src/main/kotlin/org/opensearch/commons/alerting/action/GetWorkflowAlertsResponse.kt

@@ -12,6 +12,7 @@ import java.util.Collections
 class GetWorkflowAlertsResponse : BaseResponse {
     val alerts: List<Alert>
     val associatedAlerts: List<Alert>
+
     // totalAlerts is not the same as the size of alerts because there can be 30 alerts from the request, but
     // the request only asked for 5 alerts, so totalAlerts will be 30, but alerts will only contain 5 alerts
     val totalAlerts: Int?

src/main/kotlin/org/opensearch/commons/alerting/action/GetWorkflowResponse.kt

@@ -51,7 +51,9 @@ class GetWorkflowResponse : BaseResponse {
         sin.readEnum(RestStatus::class.java), // RestStatus
         if (sin.readBoolean()) {
             Workflow.readFrom(sin) // monitor
-        } else null
+        } else {
+            null
+        }
     )
 
     @Throws(IOException::class)
@@ -76,8 +78,9 @@ class GetWorkflowResponse : BaseResponse {
             .field(_VERSION, version)
             .field(_SEQ_NO, seqNo)
             .field(_PRIMARY_TERM, primaryTerm)
-        if (workflow != null)
+        if (workflow != null) {
             builder.field("workflow", workflow)
+        }
 
         return builder.endObject()
     }

src/main/kotlin/org/opensearch/commons/alerting/action/IndexWorkflowRequest.kt

@@ -57,55 +57,61 @@ class IndexWorkflowRequest : ActionRequest {
 
         if (workflow.inputs.isEmpty()) {
             validationException = ValidateActions.addValidationError(
-                "Input list can not be empty.", validationException
+                "Input list can not be empty.",
+                validationException
             )
             return validationException
         }
         if (workflow.inputs.size > 1) {
             validationException = ValidateActions.addValidationError(
-                "Input list can contain only one element.", validationException
+                "Input list can contain only one element.",
+                validationException
             )
             return validationException
         }
         if (workflow.inputs[0] !is CompositeInput) {
             validationException = ValidateActions.addValidationError(
-                "When creating a workflow input must be CompositeInput", validationException
+                "When creating a workflow input must be CompositeInput",
+                validationException
             )
         }
         val compositeInput = workflow.inputs[0] as CompositeInput
         val monitorIds = compositeInput.sequence.delegates.stream().map { it.monitorId }.collect(Collectors.toList())
 
         if (monitorIds.isNullOrEmpty()) {
             validationException = ValidateActions.addValidationError(
-                "Delegates list can not be empty.", validationException
+                "Delegates list can not be empty.",
+                validationException
             )
             // Break the flow because next checks are dependant on non-null monitorIds
             return validationException
         }
 
         if (monitorIds.size > MAX_DELEGATE_SIZE) {
             validationException = ValidateActions.addValidationError(
-                "Delegates list can not be larger then $MAX_DELEGATE_SIZE.", validationException
+                "Delegates list can not be larger then $MAX_DELEGATE_SIZE.",
+                validationException
             )
         }
 
         if (monitorIds.toSet().size != monitorIds.size) {
             validationException = ValidateActions.addValidationError(
-                "Duplicate delegates not allowed", validationException
+                "Duplicate delegates not allowed",
+                validationException
             )
         }
         val delegates = compositeInput.sequence.delegates
         val orderSet = delegates.stream().filter { it.order > 0 }.map { it.order }.collect(Collectors.toSet())
         if (orderSet.size != delegates.size) {
             validationException = ValidateActions.addValidationError(
-                "Sequence ordering of delegate monitor shouldn't contain duplicate order values", validationException
+                "Sequence ordering of delegate monitor shouldn't contain duplicate order values",
+                validationException
             )
         }
 
         val monitorIdOrderMap: Map<String, Int> = delegates.associate { it.monitorId to it.order }
         delegates.forEach {
             if (it.chainedMonitorFindings != null) {
-
                 if (it.chainedMonitorFindings.monitorId != null) {
                     if (monitorIdOrderMap.containsKey(it.chainedMonitorFindings.monitorId) == false) {
                         validationException = ValidateActions.addValidationError(