feat(jans-linux-setup): status list must be enabled during tests #8838

[yuriyz]

Description

feat(jans-linux-setup): status list must be enabled during tests #8838

Target issue

closes #8838

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request are focused on improving the test suite for the Jans Authentication Server. The changes include:

1. Enhancing the error handling in the BaseTest.java file to provide more information when a required element is not found within the specified timeout. This change is intended to improve the debugging and troubleshooting capabilities of the test suite.

2. Updating the logging statements in the StatusListHttpTest.java file to make the test output more descriptive. The main functionality of the statusList test method remains the same, verifying the token status list functionality of the Jans Auth Server.

3. Modifying the test_data_loader.py file in the jans-linux-setup project to load test data for the Jans Authentication Server. This includes updating the oxAuth configuration, loading LDIF files, deploying test client keys, and enabling custom scripts and LDAP schema changes.

From an application security perspective, these changes do not introduce any significant security concerns. The updates are focused on improving the test suite and the test data setup, which can help identify and address potential security vulnerabilities more effectively. However, it is important to ensure that the test data and environment are properly isolated from the production environment and that any security-related configurations are reviewed and validated.

Files Changed:

1. jans-auth-server/client/src/test/java/io/jans/as/client/BaseTest.java: The change adds error handling to the waitForRequredElementLoad method, providing more information when the required element is not found within the specified timeout.

2. jans-auth-server/client/src/test/java/io/jans/as/client/ws/rs/token/StatusListHttpTest.java: The changes update the logging statements to include more descriptive information, but the main functionality of the statusList test method remains the same.

3. jans-linux-setup/jans_setup/setup_app/test_data_loader.py: The changes in this file are focused on loading test data for the Jans Authentication Server, including updating the oxAuth configuration, loading LDIF files, deploying test client keys, and enabling custom scripts and LDAP schema changes.

Powered by DryRun Security

[sonarcloud]

Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud