Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-config-api): update swagger api #9272

Merged
merged 1 commit into from
Aug 26, 2024
Merged

feat(jans-config-api): update swagger api #9272

merged 1 commit into from
Aug 26, 2024

Conversation

yurem
Copy link
Contributor

@yurem yurem commented Aug 26, 2024
edited by mo-auto
Loading

closes #9270

  • I confirm that there is no impact on the docs due to the code changes in this PR.

Closes #9273,

@yurem
feat(jans-config-api): update swagger api
a3042f6 
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
@yurem yurem requested a review from yuremm August 26, 2024 15:04
@yurem yurem requested review from yuriyz and yuriyzz as code owners August 26, 2024 15:04
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Aug 26, 2024
edited
Loading

DryRun Security Summary

The pull request modifies the format of the distinguished name (DN) string for a document in the DBDocumentService class, separating the inum value from the baseDn with a comma, and it is important to review the overall context and usage of this method to ensure that there are no potential security vulnerabilities.

Expand for full summary

Summary:

The code change in this pull request modifies the format of the distinguished name (DN) string for a document in the DBDocumentService class. The previous implementation concatenated the inum value directly with the baseDn, while the updated code separates the inum value from the baseDn with a comma. From an application security perspective, this change does not introduce any obvious security concerns, as it is a minor implementation detail related to the construction of the DN string.

However, it is important to review the overall context and usage of this method to ensure that there are no potential security vulnerabilities. Specifically, you should check if the inum value is properly sanitized and validated before being used in the DN string construction, as improper handling of user-supplied input can lead to security issues like injection vulnerabilities. Additionally, you may want to review the other methods in the DBDocumentService class to ensure that they are also implemented securely and follow best practices for application security.

Files Changed:

  • jans-core/document-store/src/main/java/io/jans/service/document/store/service/DBDocumentService.java: The changes in this file modify the format of the distinguished name (DN) string for a document in the getDnForDocument method. The previous implementation concatenated the inum value directly with the baseDn, while the updated code separates the inum value from the baseDn with a comma. This change does not introduce any obvious security concerns, but it is important to review the overall context and usage of this method to ensure that there are no potential security vulnerabilities.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@yuremm yuremm enabled auto-merge (squash) August 26, 2024 15:04
@mo-auto mo-auto mentioned this pull request Aug 26, 2024
Closed
@mo-auto
Copy link
Member

mo-auto commented Aug 26, 2024

Error: Hi @yurem, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

@mo-auto mo-auto added comp-jans-config-api Component affected by issue or PR comp-jans-core Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Aug 26, 2024
@yuremm yuremm merged commit 5eba06b into main Aug 26, 2024
11 checks passed
@yuremm yuremm deleted the issue_9270_1 branch August 26, 2024 15:17
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-core'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@yurem
feat(jans-config-api): update swagger api (#9272)
3005a3d 
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Former-commit-id: 5eba06b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuriyz yuriyz yuriyz approved these changes

@yuremm yuremm yuremm approved these changes

@yuriyzz yuriyzz Awaiting requested review from yuriyzz yuriyzz is a code owner

Assignees
No one assigned
Labels
comp-jans-config-api Component affected by issue or PR comp-jans-core Component affected by issue or PR kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
4 participants
@yurem @mo-auto @yuriyz @yuremm