Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-config-api): update swagger api #9271

Merged
merged 1 commit into from
Aug 26, 2024
Merged

feat(jans-config-api): update swagger api #9271

merged 1 commit into from
Aug 26, 2024

Conversation

yurem
Copy link
Contributor

@yurem yurem commented Aug 26, 2024

closes #9270

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@yurem
feat(jans-config-api): update swagger api
a68a72e 
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
@yurem yurem requested a review from yuremm August 26, 2024 13:40
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Aug 26, 2024
edited
Loading

DryRun Security Summary

The provided code changes focus on improving the security and manageability of the Jans Config API by enhancing the schema definitions for various components, while also addressing a minor bug fix in the DBDocumentService class.

Expand for full summary

Summary:

The provided code changes primarily focus on improving the security and manageability of the Jans Config API by enhancing the schema definitions for various components, such as attributes, clients, scopes, and UMA resources. These changes introduce new security-related features and configurations, which can help ensure data integrity, improve access control, and enable better logging and auditing capabilities.

The changes to the DBDocumentService class appear to be a minor bug fix that ensures the correct format of the Distinguished Name (DN) string for documents. While this change does not directly introduce any security vulnerabilities, it is important to maintain a comprehensive security posture for the entire application by regularly reviewing the codebase, implementing input validation and sanitization, and conducting security audits and penetration testing.

Files Changed:

  1. jans-core/document-store/src/main/java/io/jans/service/document/store/service/DBDocumentService.java:

    • The changes modify the format of the returned DN string for a document to ensure that the inum (unique identifier) is correctly included.
    • The getDnForDocument method is a utility function used throughout the DBDocumentService class to build the DN string for various document-related operations.
    • While the code change does not introduce any immediate security concerns, it is essential to maintain a comprehensive security posture for the entire application.

  2. jans-config-api/docs/jans-config-api-swagger.yaml:

    • The changes update the schema definitions for various components, such as JansAttribute, Client, Scope, and UmaResource.
    • The updates include features like attribute validation, scope management, UMA resource management, client configuration, logging and auditing, and asset management.
    • These changes aim to enhance the security and manageability of the Jans Config API by providing more granular control over security-related aspects of the system.
    • Reviewing these changes and ensuring the appropriate security controls are in place is crucial for maintaining the overall security posture of the application.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto mo-auto added comp-jans-config-api Component affected by issue or PR comp-jans-core Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Aug 26, 2024
@yurem yurem enabled auto-merge (squash) August 26, 2024 13:42
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-core'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@yurem yurem merged commit efa4e1a into main Aug 26, 2024
13 checks passed
@yurem yurem deleted the issue_9270 branch August 26, 2024 14:02
yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@yurem
feat(jans-config-api): update swagger api (#9271)
f64b098 
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Former-commit-id: efa4e1a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuriyz yuriyz yuriyz approved these changes

@yuremm yuremm yuremm approved these changes

@pujavs pujavs Awaiting requested review from pujavs pujavs is a code owner

@yuriyzz yuriyzz Awaiting requested review from yuriyzz yuriyzz is a code owner

Assignees
No one assigned
Labels
comp-jans-config-api Component affected by issue or PR comp-jans-core Component affected by issue or PR kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(jans-config-api): update config swagger api to conform latest document attributes
4 participants
@yurem @yuriyz @yuremm @mo-auto