Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jans linux setup jans cli 9710 #9747

Merged
merged 3 commits into from
Oct 15, 2024
Merged

Jans linux setup jans cli 9710 #9747

merged 3 commits into from
Oct 15, 2024

Conversation

devrimyatar
Copy link
Contributor

closes #9710

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@devrimyatar
fix(jans-linux-setup): jans cli argument
d8b46ab 
Signed-off-by: Mustafa Baser <mbaser@mail.com>
@devrimyatar
fix(jans-linux-setup): add opt folder to profile path
6e967cf 
Signed-off-by: Mustafa Baser <mbaser@mail.com>
@devrimyatar devrimyatar added kind-bug Issue or PR is a bug in existing functionality comp-jans-linux-setup Component affected by issue or PR labels Oct 15, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Oct 15, 2024
edited
Loading

DryRun Security Summary

The pull request includes updates to the system profile configuration and a Python script that serves as a top-level wrapper for managing the Janssen Server, an open-source identity and access management (IAM) platform, with a focus on introducing a command-line interface (CLI) mode, service management functionality, health checks, and commands to display log file paths and important URLs.

Expand for full summary

Summary:

The code changes in this pull request appear to be focused on updates to the system profile configuration and a Python script that serves as a top-level wrapper for managing the Janssen Server, an open-source identity and access management (IAM) platform.

The changes to the system profile configuration remove the OPENDJ_JAVA_HOME environment variable and update the PATH environment variable to include the %(jansOptBinFolder)s directory. These changes do not seem to have any significant security implications, as they are routine system configuration updates.

The changes to the jans Python script introduce a command-line interface (CLI) mode, service management functionality, health checks, and commands to display log file paths and important URLs. While these features can be useful for managing the Janssen Server, it's crucial to ensure that the script is properly secured to prevent unauthorized access, command execution, and information disclosure.

Files Changed:

  1. jans-linux-setup/jans_setup/templates/system_profile_systemd:

    • The OPENDJ_JAVA_HOME environment variable has been removed.
    • The PATH environment variable has been updated to include the %(jansOptBinFolder)s directory.
    • These changes appear to be routine system configuration updates and do not have any significant security implications.

  2. jans-linux-setup/jans_setup/static/scripts/jans:

    • The script introduces a CLI mode, which could potentially allow users to execute arbitrary commands on the system. This should be carefully reviewed to ensure proper security controls.
    • The script provides commands to start, stop, and restart Janssen Server services, which should be properly authenticated and authorized.
    • The script includes health-check functionality, which should ensure that the health-check endpoints are properly secured.
    • The script provides commands to display log file paths and important URLs, which should be reviewed to prevent information disclosure.

Overall, the changes in this pull request do not appear to have any major security concerns, but it's essential to thoroughly review and test the functionality introduced in the jans Python script to ensure that it is properly secured and does not introduce any vulnerabilities.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@yuriyz yuriyz enabled auto-merge (squash) October 15, 2024 10:39
@yuriyz yuriyz merged commit cc84a90 into main Oct 15, 2024
11 checks passed
@yuriyz yuriyz deleted the jans-linux-setup-jans-cli-9710 branch October 15, 2024 10:39
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'Jans-Keycloak-Link'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'Fido2 API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'SCIM API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

imShakil pushed a commit that referenced this pull request Oct 28, 2024
@devrimyatar @imShakil
fix(jans-linux-setup): jans cli corrections 9710 (#9747)
dc6e313 
* fix(jans-linux-setup): jans cli argument

Signed-off-by: Mustafa Baser <mbaser@mail.com>

* fix(jans-linux-setup): add opt folder to profile path

Signed-off-by: Mustafa Baser <mbaser@mail.com>

---------

Signed-off-by: Mustafa Baser <mbaser@mail.com>
yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@devrimyatar
fix(jans-linux-setup): jans cli corrections 9710 (#9747)
bec199b 
* fix(jans-linux-setup): jans cli argument

Signed-off-by: Mustafa Baser <mbaser@mail.com>

* fix(jans-linux-setup): add opt folder to profile path

Signed-off-by: Mustafa Baser <mbaser@mail.com>

---------

Signed-off-by: Mustafa Baser <mbaser@mail.com>
Former-commit-id: cc84a90
moabu pushed a commit that referenced this pull request Dec 26, 2024
@devrimyatar @imShakil
fix(jans-linux-setup): jans cli corrections 9710 (#9747)
3f20e1c 
* fix(jans-linux-setup): jans cli argument

Signed-off-by: Mustafa Baser <mbaser@mail.com>

* fix(jans-linux-setup): add opt folder to profile path

Signed-off-by: Mustafa Baser <mbaser@mail.com>

---------

Signed-off-by: Mustafa Baser <mbaser@mail.com>
moabu pushed a commit that referenced this pull request Dec 27, 2024
@devrimyatar @imShakil
fix(jans-linux-setup): jans cli corrections 9710 (#9747)
d43d9f0 
* fix(jans-linux-setup): jans cli argument

Signed-off-by: Mustafa Baser <mbaser@mail.com>

* fix(jans-linux-setup): add opt folder to profile path

Signed-off-by: Mustafa Baser <mbaser@mail.com>

---------

Signed-off-by: Mustafa Baser <mbaser@mail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuriyzz yuriyzz yuriyzz approved these changes

@yuriyz yuriyz yuriyz approved these changes

@yurem yurem Awaiting requested review from yurem yurem is a code owner

Assignees
No one assigned
Labels
comp-jans-linux-setup Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(jans-linux-setup): jans cli command is not working
3 participants
@devrimyatar @yuriyz @yuriyzz