Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-lock): cedarling code refactoring to improve its readability and maintainance #9493

Merged
merged 11 commits into from
Sep 16, 2024
Merged

feat(jans-lock): cedarling code refactoring to improve its readability and maintainance #9493

merged 11 commits into from
Sep 16, 2024

Conversation

olehbozhok
Copy link
Contributor

Prepare

Description

This PR includes skeleton of new version of Cedarling

Target issue

[link](https://github.com/JanssenProject/jans/issues/9484)

closes #9484

Implementation Details

Code of Cedarling was removed. Created new skeleton.
New code will be created according to the Cedarling Build Plan

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Sep 14, 2024
edited
Loading

DryRun Security Summary

The provided code changes cover a wide range of modifications to the Cedarling project, a Rust-based authorization and security solution, including updates to the project configuration, the addition of new functionality, and improvements to the overall codebase, with a focus on improving the security and robustness of the project.

Expand for full summary

Summary:

The provided code changes cover a wide range of modifications to the Cedarling project, which appears to be a Rust-based authorization and security solution. The changes span multiple files and modules, including updates to the project configuration, the addition of new functionality, and improvements to the overall codebase.

From an application security perspective, the changes appear to be generally positive, with a focus on improving the security and robustness of the Cedarling project. Key highlights include:

  1. Dependency Reduction: The removal of several dependencies in the Cargo.toml files suggests a streamlining of the project's dependencies, which can potentially reduce the attack surface and improve the overall security posture.
  2. Modular Design: The introduction of new modules, such as the "authz", "jwt", "init", "lock", and "log" modules, indicates a move towards a more modular and maintainable codebase, which can facilitate better security reviews and audits.
  3. Documentation and Licensing: The addition of Apache-2.0 license information, copyright notices, and detailed module-level documentation is a positive step towards improving transparency and enabling better understanding of the project's security-related aspects.
  4. Logging and Monitoring: The introduction of a dedicated "Log Engine" module suggests a focus on improving the project's logging and monitoring capabilities, which can be crucial for security incident detection and response.

While the changes appear to be generally positive from a security perspective, it is important to review the specific implementation details of the new modules and functionality to ensure that they are designed and implemented with security best practices in mind. This includes, but is not limited to, verifying input validation, access control, error handling, and the secure handling of sensitive data, such as cryptographic keys and authorization tokens.

Files Changed:

  1. jans-lock/cedarling/Cargo.toml: The changes in this file simplify the workspace configuration and remove a significant number of dependencies, potentially improving the project's security and performance.
  2. jans-lock/cedarling/cedarling/Cargo.toml: The changes in this file update the version of the cedarling package and remove several dependencies, indicating a refactoring or optimization effort.
  3. jans-lock/cedarling/README.md: The changes in this file provide a high-level overview of the Cedarling project, highlighting its focus on being a performant local authorization service.
  4. jans-lock/cedarling/cedarling/src/authz/mod.rs: The addition of this new module suggests the introduction of a core authorization functionality within the Cedarling project, which should be reviewed for proper implementation of access control, input validation, and error handling.
  5. jans-lock/cedarling/cedarling/src/jwt/mod.rs: The addition of this new module indicates the inclusion of dedicated JWT handling functionality, which is crucial for maintaining the security of applications that rely on JWTs.
  6. jans-lock/cedarling/cedarling/src/init/mod.rs: The addition of this new module suggests the introduction of a centralized initialization process, which should be reviewed for the secure handling of sensitive configuration, policies, and cryptographic keys.
  7. jans-lock/cedarling/cedarling/src/lock/mod.rs: The addition of this new module indicates the inclusion of an "enterprise feature" for a centralized control plane and auditing functionality, which should be reviewed for proper security implementation.
  8. jans-lock/cedarling/cedarling/src/lib.rs: The changes in this file include the addition of license information and a reorganization of the module structure, which can improve the overall maintainability and security of the project.
  9. jans-lock/cedarling/cedarling/src/models/mod.rs: The changes in this file add license and copyright information, which is a standard practice.
  10. jans-lock/cedarling/cedarling/src/tests/mod.rs: The addition of this new module indicates the inclusion of integration tests, which can help ensure the overall security and stability of the application.
  11. jans-lock/cedarling/cedarling/src/log/mod.rs: The addition of this new module suggests the inclusion of a dedicated logging engine, which should be reviewed for the secure handling of sensitive data and the implementation of appropriate log rotation and access control policies.

Code Analysis

We ran 9 analyzers against 30 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto mo-auto added area-documentation Documentation needs to change as part of issue or PR kind-feature Issue or PR is a new feature request labels Sep 14, 2024
@olehbozhok
feat!(jans-lock): remove cedarling code
92e196d 
Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-lock): created empty cedarling crate, with default parameters
9337240 
Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-lock): add auth module
9a51ccf 
Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-lock): add init module
0ffb2bd 
Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-lock): add jwt module
41e3ae7 
Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
@olehbozhok
docs(jans-lock): added readme file
97981cc 
Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
nynymike
nynymike requested changes Sep 14, 2024
View reviewed changes
Copy link
Contributor

@nynymike nynymike left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  2. The license should actually read:
/*
 * This software is available under the Apache-2.0 license. 
 * See https://www.apache.org/licenses/LICENSE-2.0.txt for full text.
 *
 * Copyright (c) 2024, Gluu, Inc. 
 */
  1. Did you add #![deny(missing_docs)] ?

jans-lock/cedarling/rustfmt.toml
hard_tabs = true
edition = "2021"
unstable_features = true
version = "Two"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Version "Two"? What is the version of exactly? Why is it "Two"?

Copy link
Contributor Author

@olehbozhok olehbozhok Sep 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

Which version of the formatting rules to use. Version::One is backwards-compatible with Rustfmt 1.0. Other versions are only backwards compatible within a major version number.

https://rust-lang.github.io/rustfmt/?version=v1.6.0&search=#version
here is link to the config documentation

@olehbozhok
chore(jans-lock): added license notice
a734098 
Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-lock): add test module
1c258f9 
Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-lock): add lock module
bfdb74d 
Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-lock): add models module
1ad8e97 
Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
@olehbozhok
chore(jans-lock): add log module
efde4b5 
Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
nynymike
nynymike approved these changes Sep 15, 2024
View reviewed changes
Copy link
Contributor

@nynymike nynymike left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bueno!

@moabu moabu merged commit af9d2bc into main Sep 16, 2024
11 checks passed
@moabu moabu deleted the jans-cedaling-issue-9484 branch September 16, 2024 03:58
yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@olehbozhok
feat(jans-lock): cedarling code refactoring to improve its readabilit…
0e5ec9e 
…y and maintainance (#9493)

* feat!(jans-lock): remove cedarling code

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

* chore(jans-lock): created empty cedarling crate, with default parameters

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

* chore(jans-lock): add auth module

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

* chore(jans-lock): add init module

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

* chore(jans-lock): add jwt module

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

* docs(jans-lock): added readme file

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

* chore(jans-lock): added license notice

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

* chore(jans-lock): add test module

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

* chore(jans-lock): add lock module

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

* chore(jans-lock): add models module

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

* chore(jans-lock): add log module

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>

---------

Signed-off-by: Oleh Bohzok <olehbozhok@gmail.com>
Former-commit-id: af9d2bc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moabu moabu moabu approved these changes

@duttarnab duttarnab duttarnab approved these changes

@nynymike nynymike nynymike approved these changes

@yurem yurem Awaiting requested review from yurem yurem is a code owner

Assignees
No one assigned
Labels
area-documentation Documentation needs to change as part of issue or PR kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@olehbozhok @nynymike @duttarnab @moabu @mo-auto