Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(cloud-native): sync assets for OCI images #8778

Merged
merged 3 commits into from
Jun 25, 2024
Merged

chore(cloud-native): sync assets for OCI images #8778

merged 3 commits into from
Jun 25, 2024

Conversation

iromli
Copy link
Contributor

@iromli iromli commented Jun 24, 2024

Prepare

Description

Target issue

closes #8777

Implementation Details

  • add validation for default auth method (docker-jans-config-api)
  • apply password validation (docker-jans-scim)

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

@iromli iromli requested a review from moabu as a code owner June 24, 2024 20:05
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jun 24, 2024
edited
Loading

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Server-Side Request Forgery Analyzer 0 findings
Configured Codepaths Analyzer 0 findings
Secrets Analyzer 0 findings
Authn/Authz Analyzer 1 finding
SQL Injection Analyzer 0 findings
Sensitive Files Analyzer 2 findings
IDOR Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code changes are part of the upgrade process for the Janssen SCIM (System for Cross-domain Identity Management) and Janssen Config API applications. The changes focus on maintaining the consistency and proper configuration of these components within the Jans platform.

From an application security perspective, the key changes include:

  1. Updating Client Scopes and Dynamic Configuration: The changes ensure that the client scopes and SCIM dynamic configuration are up-to-date, which helps maintain the principle of least privilege and reduces the risk of unauthorized access.

  2. Improving Redirect URI and API Configuration: The changes related to the client redirect URI and the API dynamic configuration help prevent unauthorized access and improve the overall security posture of the applications.

  3. Maintaining Scope Management: The updates to the client and test client scopes ensure that the clients have access to the appropriate resources, which is a crucial aspect of OAuth 2.0 and OpenID Connect security.

  4. Dependency and Configuration Management: The Dockerfile changes update the SCIM server version, Janssen source version, and various configuration settings. It's important to review these changes to ensure that any known security vulnerabilities in the updated dependencies are addressed and that the configurations are properly secured.

Overall, the code changes appear to be focused on maintaining the security and stability of the Janssen SCIM and Janssen Config API applications through the upgrade process.

Files Changed:

  • docker-jans-scim/scripts/upgrade.py: The changes in this file focus on updating the client scopes and SCIM dynamic configuration to ensure that the necessary settings are in place.
  • docker-jans-config-api/scripts/upgrade.py: The changes in this file focus on updating the client redirect URI, API dynamic configuration, client scopes, and scope creator attributes to maintain the security and stability of the Janssen Config API application.
  • docker-jans-scim/Dockerfile: The changes in this Dockerfile update the SCIM server version and Janssen source version, and also include security-related configurations, such as creating a non-root user and adjusting file permissions.
  • docker-jans-config-api/Dockerfile: The changes in this Dockerfile update the Janssen Config API server version and Janssen source version, and include various configuration settings that should be reviewed for security implications.

Powered by DryRun Security

@moabu moabu merged commit 9b1e7f5 into main Jun 25, 2024
9 checks passed
@moabu moabu deleted the cn-sync-assets branch June 25, 2024 10:43
yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@iromli @moabu
chore(cloud-native): sync assets for OCI images (#8778)
6dd3233 
* chore(docker-jans-config-api): validation for default auth method

Signed-off-by: iromli <[email protected]>

* chore(docker-jans-scim): apply password validation

Signed-off-by: iromli <[email protected]>

---------

Signed-off-by: iromli <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
Former-commit-id: 9b1e7f5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moabu moabu moabu approved these changes

Assignees
No one assigned
Labels
comp-docker-jans-config-api comp-docker-jans-scim kind-dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

chore(cloud-native): sync assets for OCI images
3 participants
@iromli @moabu @mo-auto