search

JanssenProject / jans

An open source enterprise digital identity platform for CIAM or workforce... Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO
https://docs.jans.io
Apache License 2.0
479 stars 75 forks source link

fix(jans-linux-setup): display CLI logs in jans script #10262

Closed devrimyatar closed 3 days ago

devrimyatar commented 3 days ago

Closes #10202

dryrunsecurity[bot] commented 3 days ago

DryRun Security Summary

The provided Python script serves as a wrapper for managing the Janssen Server, an open-source identity and access management (IAM) platform, and should be reviewed for potential security vulnerabilities to ensure its secure implementation.

Expand for full summary
**Summary:** The provided code appears to be a Python script that serves as a wrapper for managing the Janssen Server, an open-source identity and access management (IAM) platform. The script offers various commands to interact with the server, including starting, stopping, restarting, and checking the status of the server's services, as well as viewing log files and other information. From an application security perspective, the script should be reviewed for potential security vulnerabilities, such as improper user input validation, insecure subprocess execution, sensitive information exposure, and the appropriate use of elevated privileges. While the script seems to be well-structured and functional, it's crucial to ensure that it is implemented with a strong focus on security to prevent any potential security issues that could arise from its use. **Files Changed:** - `jans-linux-setup/jans_setup/static/scripts/jans`: This Python script serves as a top-level wrapper for managing the Janssen Server. It provides various commands to interact with the server, such as starting, stopping, restarting, and checking the status of services, as well as viewing log files and other information. The script should be reviewed for potential security vulnerabilities, including: 1. Ensuring proper user input validation and sanitization to prevent command injection. 2. Secure construction of subprocess commands to avoid introducing security issues. 3. Appropriate handling and securing of the configuration file located at `~/.config/jans-cli.ini`. 4. Limiting the exposure of sensitive information, such as the server's hostname. 5. Proper configuration and use of elevated privileges (via the `sudo` command) to only the necessary operations.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

:green_circle: Risk threshold not exceeded.

View PR in the DryRun Dashboard.

sonarcloud[bot] commented 3 days ago

Quality Gate Passed Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud