feat(jans-linux-setup): top level wrapper command jans #8737

devrimyatar · 2024-06-19T13:24:26Z

In this PR a command jans is located under directory /opt/jans/bin and this directory is added to $PATH so that command is available without full path. To see help,

# jans -h
usage: jans [-h] {version,cli,tui,logs,status,start,stop,restart,health,info} ...

A top-level wrapper script for Janssen

positional arguments:
  {version,cli,tui,logs,status,start,stop,restart,health,info}
    version             shows version of currently installed Janssen Server
    cli                 invokes jans-cli
    tui                 invokes jans text based user interface
    logs                Shows the log file paths for various Janssen Server modules
    status              Show status of Janssen Server module services
    start               Starts services for Janssen Server ( -service=<service-name> if you want to start just one specific
                        service)
    stop                Stops services for Janssen Server ( -service=<service-name> if you want to stop just one specific
                        service)
    restart             restarts services for Janssen Server ( -service=<service-name> if you want to restart just one
                        specific service)
    health              gets output from Janssen services `health-check` endpoint ( -service=<service-name> if you want to
                        get health status of just one specific service)
    info                lists important URLs (like .well-known, Casa etc)

options:
  -h, --help            show this help message and exit

Signed-off-by: Mustafa Baser <mbaser@mail.com>

dryrunsecurity · 2024-06-19T13:24:38Z

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request are focused on updates to the configuration and setup scripts for the Jans Linux setup. The changes include:

Adding a new script file to the jansScriptFiles list in the config.py file. While this change does not directly introduce any security concerns, it is important to review the contents and purpose of the new script file to ensure it does not contain any vulnerabilities.
Updating the system profile configuration file system_profile_systemd to include a new directory, %(jansOptBinFolder)s, in the PATH environment variable. This change should be reviewed to ensure that the contents of the new directory do not introduce any security risks, such as untrusted executable files or scripts.
Modifying the copy_scripts() function in the JansInstaller class to set the correct permissions for the script files in the Config.jansOptBinFolder directory. This is an important security enhancement, as it ensures that the script files have the appropriate permissions to be executed, preventing potential security vulnerabilities.
Introducing a new top-level Python script that serves as a wrapper for managing the Jans Server services. While this script provides useful functionality, it also includes some potential security concerns, such as the use of the subprocess module for executing system commands and the exposure of health check endpoints. These areas should be reviewed and addressed to improve the overall security of the script.

Files Changed:

jans-linux-setup/jans_setup/setup_app/config.py: The changes update the jansScriptFiles list to include a new script file. This change should be reviewed to ensure the security of the new script file.
jans-linux-setup/jans_setup/templates/system_profile_systemd: The changes update the PATH environment variable to include a new directory, %(jansOptBinFolder)s. The contents of this directory should be reviewed to ensure they do not introduce any security risks.
jans-linux-setup/jans_setup/setup_app/installers/jans.py: The changes in this file ensure that the script files in the Config.jansOptBinFolder directory have the correct permissions set, which is an important security enhancement.
jans-linux-setup/jans_setup/static/scripts/jans: This new script file provides a top-level wrapper for managing the Jans Server services. While it offers useful functionality, it also includes some potential security concerns, such as the use of the subprocess module and the exposure of health check endpoints, which should be reviewed and addressed.