Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-lock): lock should collect MAU and MAC based on log entries… #10328

Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

feat(jans-lock): lock should collect MAU and MAC based on log entries… #10328

wants to merge 17 commits into from

Conversation

yurem
Copy link
Contributor

@yurem yurem commented Dec 3, 2024
edited
Loading

  • I confirm that there is no impact on the docs due to the code changes in this PR.

Closes #10327,

@mo-auto mo-auto added comp-jans-auth-server Component affected by issue or PR comp-jans-bom Component affected by issue or PR comp-jans-linux-setup Component affected by issue or PR comp-jans-lock kind-feature Issue or PR is a new feature request labels Dec 3, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Dec 3, 2024
edited
Loading

DryRun Security Summary

The pull request introduces comprehensive updates to the Jans Lock application, focusing on enhancing statistics and monitoring capabilities through new data types, configuration settings, REST services, and event handling, while also providing recommendations for maintaining application security.

Expand for full summary

Summary:

The code changes in this pull request cover a wide range of updates and additions to the Jans Lock application, primarily focused on improving the application's statistics and monitoring capabilities. The changes introduce new data types, configuration settings, REST web services, and event handling related to statistics collection and reporting.

From an application security perspective, the changes do not appear to introduce any immediate security vulnerabilities. However, there are several areas that should be reviewed and addressed to ensure the ongoing security and integrity of the application:

  1. Input Validation and Sanitization: Ensure that all user input and external data are properly validated and sanitized to prevent common web application vulnerabilities, such as SQL injection and cross-site scripting (XSS).
  2. Sensitive Data Handling: Review the application's handling of sensitive data, such as user IDs, access tokens, and configuration details, to ensure that appropriate security measures are in place to protect this information.
  3. Access Control and Authorization: Verify that the access control and authorization mechanisms, such as the @ProtectedApi annotation, are properly implemented and configured to restrict access to sensitive functionality and data.
  4. Logging and Monitoring: Ensure that the application's logging and monitoring capabilities are robust and secure, allowing for the detection and investigation of potential security incidents.
  5. Dependency Management: Regularly review the application's dependencies, including third-party libraries, to identify and address any known security vulnerabilities.

Overall, the code changes appear to be focused on enhancing the application's functionality and monitoring capabilities, which can be beneficial from a security perspective. However, it's crucial to review the implementation details and the broader context of the application to ensure that the changes do not introduce any unintended security risks.

Files Changed:

  1. jans-linux-setup/jans_setup/static/rdbm/sql_data_types.json: This file has been updated to add a new data type called "clntDat" of type "TEXT" in the MySQL database.
  2. jans-bom/pom.xml: The dependencies in this file have been updated, including the addition of new dependencies for Prometheus and HyperLogLog, as well as version updates for several existing dependencies.
  3. jans-linux-setup/jans_setup/schema/jans_schema.json: A new attribute called "clntDat" and a new objectclass called "jansLockStatEntry" have been added to the Jans schema.
  4. jans-linux-setup/jans_setup/templates/jans-lock/errors.json: New error codes and descriptions have been added to the existing "common" section and a new "stat" section.
  5. jans-lock/lock-server/model/src/main/java/io/jans/lock/model/config/BaseDnConfiguration.java: A new field called "stat" has been added to this class.
  6. jans-lock/lock-server/model/src/main/java/io/jans/lock/model/config/AppConfiguration.java: Two new configuration properties, "statEnabled" and "statTimerIntervalInSeconds", have been added.
  7. jans-linux-setup/jans_setup/templates/jans-lock/static-conf.json: A new base DN for "lock" and "stat" has been added under the "o=jans" organization.
  8. jans-lock/lock-server/model/src/main/java/io/jans/lock/model/config/ErrorMessages.java: New XML annotations have been added to this class.
  9. jans-lock/lock-server/service/pom.xml: Dependencies have been updated, including the addition of new libraries for working with Prometheus and HyperLogLog.
  10. jans-lock/lock-server/service/src/main/java/io/jans/lock/model/Stat.java: A new class called "Stat" has been added to represent statistical information.
  11. jans-lock/lock-server/service/src/main/java/io/jans/lock/model/StatEntry.java: A new class called "StatEntry" has been added to store and manage statistical data.
  12. jans-lock/lock-server/service/src/main/java/io/jans/lock/model/error/CommonErrorResponseType.java: Two new error types, "INVALID_REQUEST" and "UNKNOWN_ERROR", have been added.

Code Analysis

We ran 9 analyzers against 30 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 3 findings

View PR in the DryRun Dashboard.

@mo-auto
Copy link
Member

mo-auto commented Dec 3, 2024

Error: Hi @yurem, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

@mo-auto mo-auto mentioned this pull request Dec 3, 2024
Open
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-cli'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@moabu moabu force-pushed the main branch 2 times, most recently from 5126af2 to aa1b2ed Compare December 27, 2024 04:55
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 2, 2025

Quality Gate Passed Quality Gate passed for 'Jans-Keycloak-Link'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 2, 2025

Quality Gate Passed Quality Gate passed for 'SCIM API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 3, 2025

Quality Gate Passed Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@yurem yurem marked this pull request as ready for review January 3, 2025 18:11
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 3, 2025

Quality Gate Passed Quality Gate passed for 'jans-pycloudlib'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 3, 2025

Quality Gate Passed Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@yuremm yuremm enabled auto-merge (squash) January 3, 2025 20:41
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jan 3, 2025

Quality Gate Passed Quality Gate passed for 'agama parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuremm yuremm yuremm approved these changes

@yuriyzz yuriyzz yuriyzz approved these changes

@devrimyatar devrimyatar devrimyatar approved these changes

@yuriyz yuriyz yuriyz approved these changes

Assignees
No one assigned
Labels
comp-jans-auth-server Component affected by issue or PR comp-jans-bom Component affected by issue or PR comp-jans-linux-setup Component affected by issue or PR comp-jans-lock kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(jans-lock): lock should collect MAU and MAC based on log entries requests
6 participants
@yurem @mo-auto @yuriyz @devrimyatar @yuriyzz @yuremm