Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(jans-orm): fix contains in MySQL JSON array #10051

Merged
merged 4 commits into from
Nov 5, 2024
Merged

fix(jans-orm): fix contains in MySQL JSON array #10051

merged 4 commits into from
Nov 5, 2024

Conversation

yurem
Copy link
Contributor

@yurem yurem commented Nov 5, 2024
edited by mo-auto
Loading

closes #10050

  • I confirm that there is no impact on the docs due to the code changes in this PR.

Closes #10052,

@yurem yurem requested a review from yuriyz as a code owner November 5, 2024 18:52
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 5, 2024
edited
Loading

DryRun Security Summary

The changes in this pull request focus on improving the handling of multi-valued attributes in SQL filters within the SqlFilterConverter class, including support for PostgreSQL, escaping of special characters to prevent SQL injection, handling of null values, and attribute type resolution, demonstrating a focus on improving the robustness and security of the SQL filter conversion process.

Expand for full summary

Summary:

The changes made in this pull request are focused on improving the handling of multi-valued attributes in SQL filters within the SqlFilterConverter class. The key security-related aspects of these changes are:

  1. Handling of Multi-valued Attributes: The code now supports converting LDAP filters with multi-valued attributes to their SQL equivalents, which is an important feature for applications that need to query data with complex filter conditions.

  2. Support for PostgreSQL: The patch includes specific handling for PostgreSQL databases, using PostgreSQL-specific operators to efficiently handle multi-valued attributes in SQL filters.

  3. Escaping of Special Characters: The code includes a method to escape special regular expression characters when building SQL LIKE expressions, which is an important security measure to prevent SQL injection attacks.

  4. Handling of Null Values: The code correctly handles the case where the filter's assertion value is null by generating a SQL IS NULL expression.

  5. Attribute Type Resolution: The code attempts to resolve the attribute type for the filter's attribute name, which is important for ensuring that the correct SQL data type is used when generating the filter expression.

Overall, the changes in this patch demonstrate a focus on improving the robustness and security of the SQL filter conversion process, particularly in the handling of multi-valued attributes and the prevention of SQL injection vulnerabilities.

Files Changed:

  • jans-orm/sql/src/main/java/io/jans/orm/sql/impl/SqlFilterConverter.java: This file contains the SqlFilterConverter class, which is responsible for converting LDAP filters to SQL filters. The changes in this patch focus on improving the handling of multi-valued attributes in SQL filters, supporting PostgreSQL-specific syntax, escaping special characters to prevent SQL injection, handling null values, and resolving attribute types.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@yurem yurem mentioned this pull request Nov 5, 2024
Closed
@yuriyz yuriyz enabled auto-merge (squash) November 5, 2024 19:10
@yuriyz yuriyz merged commit fa0cb6a into main Nov 5, 2024
36 of 39 checks passed
@yuriyz yuriyz deleted the mysql_json_contains_fix branch November 5, 2024 19:10
@mo-auto mo-auto added comp-jans-orm Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality labels Nov 5, 2024
@mo-auto
Copy link
Member

mo-auto commented Nov 5, 2024

Error: Hi @yurem, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.

@mo-auto mo-auto mentioned this pull request Nov 5, 2024
Open
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 5, 2024

Quality Gate Passed Quality Gate passed for 'agama parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 5, 2024

Quality Gate Passed Quality Gate passed for 'Jans-Keycloak-Link'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 5, 2024

Quality Gate Passed Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 5, 2024

Quality Gate Passed Quality Gate passed for 'jans-pycloudlib'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 5, 2024

Quality Gate Passed Quality Gate passed for 'Fido2 API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 5, 2024

Quality Gate Passed Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 5, 2024

Quality Gate Passed Quality Gate passed for 'SCIM API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

yuriyz added a commit that referenced this pull request Nov 7, 2024
@yurem @yuriyz
fix(jans-orm): fix contains in MySQL JSON array (#10051)
669a871 
* fix(jans-core): document store manager should have not null supported list by default

Signed-off-by: Yuriy Movchan <[email protected]>

* feat(jans-orm): search in top level JSON array

Merge branch 'main' of https://github.com/JanssenProject/jans into main

Signed-off-by: Yuriy Movchan <[email protected]>

---------

Signed-off-by: Yuriy Movchan <[email protected]>
Co-authored-by: YuriyZ <[email protected]>
Former-commit-id: fa0cb6a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yuremm yuremm yuremm approved these changes

@yuriyz yuriyz yuriyz approved these changes

Assignees
No one assigned
Labels
comp-jans-orm Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality
Projects
None yet
Milestone
No milestone
4 participants
@yurem @mo-auto @yuriyz @yuremm