feat(cloud-native): disable timezone for pgsql

[iromli]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #8786

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	❕	7 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The provided code changes cover various updates and modifications to the Dockerfiles and configuration files for different components of the Jans platform, including the Auth Server, Casa, Config API, FIDO2 Server, Keycloak Link, and SCIM Server. The changes primarily involve updating the build dates, dependencies, and configuration settings for these components.

From an application security perspective, the changes do not appear to introduce any immediate security vulnerabilities. However, there are a few areas that require careful review and consideration:

1. Time Zone Handling: Several of the configuration files (jans-pgsql.properties) have added a setting to disable time zone handling. This change could potentially impact the application's handling of date/time-related data and introduce security issues if not properly addressed, such as incorrect logging, auditing, and session management.

2. Dependency Management: The Dockerfiles update various dependencies, such as Jetty, Jython, and Python packages. It is important to ensure that these dependencies are kept up-to-date and that any known vulnerabilities are addressed.

3. Secure Configuration: The Dockerfiles and configuration files set up various environment variables and configuration settings. These should be reviewed to ensure that sensitive information (e.g., passwords, secrets) is properly managed and not exposed.

4. Least Privilege: The Dockerfiles create a non-root user to run the applications, which is a good security practice. However, it is essential to verify that the applications are running with the least amount of privileges required to perform their functions.

5. Logging and Monitoring: The Dockerfiles include configurations for logging and Prometheus monitoring. These should be reviewed to ensure that relevant security-related information is being captured and that the logging does not expose any sensitive data.

Overall, the changes appear to be focused on maintaining and updating the Jans platform components, and they do not introduce any obvious security concerns. However, it is recommended to thoroughly review the changes, especially the time zone handling and secure configuration aspects, to ensure that the application's security posture is not compromised.

Files Changed:

1. docker-jans-auth-server/Dockerfile: Updates the build date and includes standard Jans Auth Server configuration.
2. docker-jans-auth-server/templates/jans-pgsql.properties: Adds a setting to disable time zone handling.
3. docker-jans-casa/Dockerfile: Updates the build date and includes standard Jans Casa configuration.
4. docker-jans-casa/templates/jans-pgsql.properties: Adds a setting to disable time zone handling.
5. docker-jans-config-api/Dockerfile: Updates the build date and includes standard Jans Config API configuration.
6. docker-jans-config-api/templates/jans-pgsql.properties: Adds a setting to disable time zone handling.
7. docker-jans-fido2/Dockerfile: Updates the build date and includes standard Jans FIDO2 Server configuration.
8. docker-jans-fido2/templates/jans-pgsql.properties: Adds a setting to disable time zone handling.
9. docker-jans-keycloak-link/templates/jans-pgsql.properties: Adds a setting to disable time zone handling.
10. docker-jans-keycloak-link/Dockerfile: Updates the build date and includes standard Jans Keycloak Link configuration.
11. docker-jans-link/templates/jans-pgsql.properties: Adds a setting to disable time zone handling.
12. docker-jans-link/Dockerfile: Updates the build date and includes standard Jans Link configuration.
13. docker-jans-scim/Dockerfile: Updates the build date and includes standard Jans SCIM Server configuration.
14. docker-jans-scim/templates/jans-pgsql.properties: Adds a setting to disable time zone handling.

Powered by DryRun Security