fix(jans-cli-tui): SSA expire date should be greater than now

[devrimyatar]

closes #8830

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request are focused on improving the date selection functionality in the jans-cli-tui application, specifically in the SSA (Software Session Authorization) management feature and the date picker widget.

The changes in the ssa.py file ensure that the user cannot select a date in the past when creating or editing an SSA entry, which is a reasonable security measure to prevent potential abuse or backdating of SSA entries. The changes in the jans_date_picker.py file introduce a min_date parameter to the date picker widget, which allows the application to restrict the selectable date range based on the application's requirements. This can help prevent potential vulnerabilities related to date and time handling, such as time-based attacks or logic flaws.

Overall, the changes in this pull request appear to be focused on improving the usability and security of the date-related functionality in the jans-cli-tui application, which is an important aspect of any application that deals with date and time-related functionality.

Files Changed:

1. jans-cli-tui/cli_tui/plugins/010_auth_server/ssa.py:

   • The changes set the min_date parameter of the DateSelectWidget to the current date (datetime.now), ensuring that the user cannot select a date in the past when creating or editing an SSA entry.
   • The rest of the code appears to be handling the functionality of the SSA management feature, including searching, adding, editing, and deleting SSA entries.

2. jans-cli-tui/cli_tui/wui_components/jans_date_picker.py:

   • The JansSelectDate class now accepts an optional min_date parameter, which can be used to set a minimum date for the date picker.
   • The set_value method has been added to check if the new value is greater than or equal to the min_date before updating the value attribute.
   • The up, down, left, and _add_months methods have been updated to use the new set_value method to ensure that the selected date is always greater than or equal to the min_date.

Powered by DryRun Security

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Powered by DryRun Security

[sonarcloud]

Quality Gate passed for 'jans-cli'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud