Merge branch 'master' of github.com:Evolveum/midpoint

config/config-native.xml

@@ -50,6 +50,7 @@ https://github.com/Evolveum/midpoint/blob/master/repo/system-init/src/main/resou
         <icf>
             <scanClasspath>true</scanClasspath>
             <scanDirectory>${midpoint.home}/icf-connectors</scanDirectory>
+            <scanDirectory>${midpoint.home}/connid-connectors</scanDirectory>
         </icf>
         <keystore>
             <keyStorePath>${midpoint.home}/keystore.jceks</keyStorePath>

config/false-positives.xml

@@ -0,0 +1,218 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+  <!-- IMPORTANT: It may be bit weird, having first reason for suppresion, then the issue suppresed, but dependency-chek uses strict schema and they decided on that order of elements. When any of suppresion has notes and cve reordered, it will not load suppression file
+  -->
+
+  <suppress>
+    <notes>
+      False Positive. midPoint uses Spring Security, but does not use Spring WebFlux, so it is unaffected.
+    </notes>
+    <cve>CVE-2023-34034</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. H2 is not recommended for production use, only for demo testing use-cases.
+    </notes>
+    <cve>CVE-2021-42392</cve>
+    <cve>CVE-2022-23221</cve>
+    <cve>CVE-2018-14335</cve>
+    <cve>CVE-2022-45868</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint and its dependencies does not use affected functionality of SnakeYaml.
+    </notes>
+    <cve>CVE-2022-1471</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use Spring Security in a way neccessary to cause described vulnerability.
+    </notes>
+    <cve>CVE-2022-31692</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not run as ActiveMQ Artemis server, only client.
+    </notes>
+    <cve>CVE-2022-23913</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use OpenSSL for SSL and crypthography.
+    </notes>
+    <cve>CVE-2023-0217</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use OpenSSL for SSL and crypthography.
+    </notes>
+    <cve>CVE-2023-0401</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use OpenSSL for SSL and crypthography.
+    </notes>
+    <cve>CVE-2023-0464</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use OpenSSL for SSL and crypthography.
+    </notes>
+    <cve>CVE-2023-0216</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use OpenSSL for SSL and crypthography.
+    </notes>
+    <cve>CVE-2022-3996</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use OpenSSL for SSL and crypthography.
+    </notes>
+    <cve>CVE-2022-4450</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use OpenSSL for SSL and crypthography.
+    </notes>
+    <cve>CVE-2023-0286</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use WYSIWYG editors from AdminLTE.
+    </notes>
+    <cve>CVE-2022-24729</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use affected functionality (BeanDeserializer) during JSON / YAML parsing.
+    </notes>
+    <cve>CVE-2022-42004</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use affected functionality (BeanDeserializer) during JSON / YAML parsing.
+    </notes>
+    <cve>CVE-2022-42003</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use Moment.js on server-side.
+    </notes>
+    <cve>CVE-2022-31129</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use Moment.js on server-side.
+    </notes>
+    <cve>CVE-2022-24785</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      Updated Netty Library in upcoming 4.4.5 release.
+    </notes>
+    <cve>CVE-2022-41881</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use affected functionality of library.
+    </notes>
+    <cve>CVE-2022-3171</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use affected functionality of library.
+    </notes>
+    <cve>CVE-2022-3509</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use affected functionality of library.
+    </notes>
+    <cve>CVE-2022-3510</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      Minor. MidPoint integrator and/or MidPoint Administrator is only person able to edit JDBC URL.
+    </notes>
+    <cve>CVE-2022-26520</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      Updated Spring Framework in upcoming midPoint 4.4.5 release.
+    </notes>
+    <cve>CVE-2023-20860</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      Minor. Fixed use of dependency to be not affected by this issue. Fix is available in upcoming midPoint 4.4.5 release.
+    </notes>
+    <cve>CVE-2022-40152</cve>
+  </suppress>
+  <!-- Wicket: Midpoint uses Wicket 9.5 or newer since midPoint 4.4.1 -->
+  <suppress>
+    <notes>
+      False Positive. MidPoint uses Wicket 9.5 in midPoint 4.4.1 and newer versions in other releases.
+    </notes>
+    <cve>CVE-2017-15719</cve>
+  </suppress>
+    <suppress>
+    <notes>
+      False Positive. MidPoint uses Wicket 9.5 in midPoint 4.4.1 and newer versions in other releases. MidPoint does not use WYSIWYG editor.
+    </notes>
+    <cve>CVE-2018-1325</cve>
+  </suppress>
+    <suppress>
+    <notes>
+      False Positive. MidPoint uses Wicket 9.5 in midPoint 4.4.1 and newer versions in other releases.
+    </notes>
+    <cve>CVE-2021-23937</cve>
+  </suppress>
+
+  <!-- Busybox: Busybox is not used by midPoint, but is part of docker container. -->
+  <suppress>
+    <notes>
+      False Positive. busybox is bundled in docker container, but midPoint does not use it during normal run.
+    </notes>
+    <cve>CVE-2022-28391</cve>
+  </suppress>
+    <suppress>
+    <notes>
+      False Positive. busybox is bundled in docker container, but midPoint does not use it during normal run.
+    </notes>
+    <cve>CVE-2022-30065</cve>
+  </suppress>
+
+  <!-- Bootstrap: MidPoint uses newer unaffected version of bootstrap. -->
+  <suppress>
+    <notes>
+      False Positive. MidPoint 4.4.1 uses AdminLTE 2.4.18, which contains Bootstrap 3.4.1 which is not affected.
+    </notes>
+    <cve>CVE-2016-10735</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint 4.4.1 uses AdminLTE 2.4.18, which contains Bootstrap 3.4.1 which is not affected.
+    </notes>
+    <cve>CVE-2018-20676</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint 4.4.1 uses AdminLTE 2.4.18, which contains Bootstrap 3.4.1 which is not affected.
+    </notes>
+    <cve>CVE-2019-8331</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint 4.4.1 uses AdminLTE 2.4.18, which contains Bootstrap 3.4.1 which is not affected.
+    </notes>
+    <cve>CVE-2018-20677</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint and Wicket are not used to display HTML from untrusted sources.
+    </notes>
+    <cve>CVE-2020-11023</cve>
+  </suppress>  
+</suppressions>

gui/admin-gui/src/frontend/scss/_admin-lte-overrides.scss

@@ -7,6 +7,10 @@
 
 .user-panel {
   border-bottom: 0 !important;
+
+  &.info-box {
+    min-height:70px;
+  }
 }
 
 .btn-default {

gui/admin-gui/src/frontend/scss/midpoint.scss

@@ -1745,8 +1745,20 @@ span.yui-skin-sam {
   width: 600px !important;
 }
 
-.login-box {
+@mixin login-box {
   width: 400px !important;
+
+  & .login-card-body .spacer hr {
+    border-color:#dfdfdf;
+  }
+
+  & .login-card-body .spacer span {
+    color:#dfdfdf;
+  }
+
+  & .login-card-body .user-panel.info-box .image img {
+    width:2.4rem;
+  }
 }
 
 .info-box.activity-item-processing > .info-box-content > .progress-description {

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/component/menu/LeftMenuPanel.java

@@ -14,6 +14,7 @@
 import javax.xml.namespace.QName;
 
 import com.evolveum.midpoint.gui.impl.page.admin.role.mining.page.page.PageRoleAnalysis;
+import com.evolveum.midpoint.gui.impl.page.admin.role.mining.page.page.PageRoleAnalysisSession;
 import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
 
 import com.evolveum.midpoint.web.page.admin.resources.PageResourceTemplates;
@@ -87,6 +88,8 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
 
+import static com.evolveum.midpoint.gui.impl.page.admin.role.mining.page.page.PageRoleAnalysisSession.PARAM_IS_WIZARD;
+
 public class LeftMenuPanel extends BasePanel<Void> {
 
     private static final String ID_MENU = "menu";
@@ -396,9 +399,14 @@ private MainMenuItem createRolesMenu() {
         MainMenuItem roleMenu = createMainMenuItem("PageAdmin.menu.top.roles", GuiStyleConstants.CLASS_OBJECT_ROLE_ICON_COLORED
         );
         createBasicAssignmentHolderMenuItems(roleMenu, PageTypes.ROLE);
-//        roleMenu.addMenuItem(new MenuItem("PageAdmin.menu.top.roles.mining", PageRoleMiningSimple.class));
-//        roleMenu.addMenuItem(new MenuItem("RBAM", PageRoleMiningRBAM.class));
-        roleMenu.addMenuItem(new MenuItem("Mining", PageRoleAnalysis.class));
+
+        roleMenu.addMenuItemAtIndex(new MenuItem("PageRoleAnalysis.menu.title",
+                GuiStyleConstants.EVO_CASE_OBJECT_ICON,
+                PageRoleAnalysis.class), 1);
+        roleMenu.addMenuItem(new MenuItem("PageRoleAnalysisSession.menu.title",
+                GuiStyleConstants.CLASS_PLUS_CIRCLE,
+                PageRoleAnalysisSession.class,
+                new PageParameters().add(PARAM_IS_WIZARD, true)));
 
         return roleMenu;
     }