8000 feat(jans-orm): mask password attribute values by yurem · Pull Request #9104 · JanssenProject/jans · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat(jans-orm): mask password attribute values #9104

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 2, 2024
Merged

feat(jans-orm): mask password attribute values #9104

merged 1 commit into from
Aug 2, 2024

Conversation

yurem
Copy link
Contributor
@yurem yurem commented Aug 2, 2024

closes #9102

  • [x ] I confirm that there is no impact on the docs due to the code changes in this PR.

@yurem
feat(jans-orm): mask password attribute values
8444f83 
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
@yurem yurem requested a review from yuremm August 2, 2024 19:16
@yurem yurem requested a review from yuriyz as a code owner August 2, 2024 19:16
@dryrunsecurity DryRunSecurity
Copy link
dryrunsecurity bot commented Aug 2, 2024
edited
Loading

DryRun Security Summary

The code change focuses on improving the security and logging of sensitive data in the BaseEntryManager class by masking sensitive data, such as user passwords, and enhancing the logging to ensure that sensitive data is properly masked.

Expand for full summary

Summary:

This code change is focused on improving the security and logging of sensitive data in the BaseEntryManager class. The key changes include:

  1. Masking Sensitive Data: The code adds a new static constant USER_PASSWORD and a new private method maskSensetiveData() that is used to mask the values of any attributes with the name "userPassword". This helps prevent the accidental logging or exposure of sensitive password data.

  2. Improved Logging: The code modifies the logging statements in the persist() and getAttributeValues() methods to use the new maskSensetiveData() method when logging attribute values. This ensures that sensitive data is properly masked in the logs.

While the addition of the maskSensetiveData() method and the increased logging may have a slight performance impact, the security benefits of masking sensitive data likely outweigh the minor performance cost. Overall, this code change is a positive security improvement that helps protect sensitive data and reduces the risk of unauthorized access or exposure.

Files Changed:

  • jans-orm/core/src/main/java/io/jans/orm/impl/BaseEntryManager.java: This file has been updated to include a new static constant USER_PASSWORD and a new private method maskSensetiveData() that is used to mask the values of any attributes with the name "userPassword". The logging statements in the persist() and getAttributeValues() methods have also been modified to use the new maskSensetiveData() method when logging attribute values.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Authn/Authz Analyzer 4 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@yurem yurem enabled auto-merge (squash) August 2, 2024 19:16
@mo-auto mo-auto added comp-jans-orm Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Aug 2, 2024
@sonarqubecloud SonarQubeCloud
Copy link
sonarqubecloud bot commented Aug 2, 2024

Quality Gate Passed Quality Gate passed for 'orm'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@yurem yurem merged commit de37d9d into main Aug 2, 2024
12 checks passed
@yurem yurem deleted the issue_9102 branch August 2, 2024 21:43
yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@yurem
feat(jans-orm): mask password attribute values (#9104)
f0eeb7e 
Signed-off-by: Yuriy Movchan <Yuriy.Movchan@gmail.com>
Former-commit-id: de37d9d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuriyz yuriyz yuriyz approved these changes

@yuremm yuremm yuremm approved these changes

Assignees
No one assigned
Labels
comp-jans-orm Component affected by issue or PR kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(oxOrm): plaintext passwords logged from BaseEntryManager.java
4 participants
@yurem @yuriyz @yuremm @mo-auto
0