fix: Ensures SDB name slug is included in update SDB audit logs and c…

build.gradle

@@ -127,6 +127,11 @@ subprojects {
     imports {
       mavenBom("org.springframework.boot:spring-boot-dependencies:${versions.springBoot}")
     }
+    dependencies {
+      //upgrading tomcat manually until Spring-Boot 2.3.2 is released to resolve a security vulnerability
+      dependency 'org.apache.tomcat.embed:tomcat-embed-core:9.0.37'
+      dependency 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.37'
+    }
   }
 
   dependencies {

cerberus-web/src/main/java/com/nike/cerberus/event/filter/AuditLoggingFilter.java

@@ -135,7 +135,12 @@ protected void doFilterInternal(
             .originatingClass(this.getClass().getSimpleName())
             .traceId(getTraceId());
 
-    Optional.ofNullable(sdbAccessRequest.getSdbSlug()).ifPresent(eventContext::sdbNameSlug);
+    if (auditLoggingFilterDetails.getSdbNameSlug() != null
+        && !auditLoggingFilterDetails.getSdbNameSlug().isEmpty()) {
+      eventContext.sdbNameSlug(auditLoggingFilterDetails.getSdbNameSlug());
+    } else {
+      Optional.ofNullable(sdbAccessRequest.getSdbSlug()).ifPresent(eventContext::sdbNameSlug);
+    }
 
     AuditableEvent event = new AuditableEvent(this, eventContext.build());
 

cerberus-web/src/main/java/com/nike/cerberus/event/filter/AuditLoggingFilterDetails.java

@@ -27,4 +27,5 @@
 @Scope(value = WebApplicationContext.SCOPE_REQUEST, proxyMode = ScopedProxyMode.TARGET_CLASS)
 public class AuditLoggingFilterDetails {
   private String action;
+  private String sdbNameSlug;
 }

cerberus-web/src/main/java/com/nike/cerberus/service/SafeDepositBoxService.java

@@ -26,14 +26,12 @@
 import com.nike.cerberus.dao.UserGroupDao;
 import com.nike.cerberus.domain.*;
 import com.nike.cerberus.error.DefaultApiError;
+import com.nike.cerberus.event.filter.AuditLoggingFilterDetails;
 import com.nike.cerberus.record.RoleRecord;
 import com.nike.cerberus.record.SafeDepositBoxRecord;
 import com.nike.cerberus.record.UserGroupRecord;
 import com.nike.cerberus.security.CerberusPrincipal;
-import com.nike.cerberus.util.AwsIamRoleArnParser;
-import com.nike.cerberus.util.DateTimeSupplier;
-import com.nike.cerberus.util.Slugger;
-import com.nike.cerberus.util.UuidSupplier;
+import com.nike.cerberus.util.*;
 import java.time.OffsetDateTime;
 import java.util.LinkedList;
 import java.util.List;
@@ -65,6 +63,7 @@ public class SafeDepositBoxService {
   private final SecureDataService secureDataService;
   private final SecureDataVersionDao secureDataVersionDao;
   private final Boolean userGroupsCaseSensitive;
+  private final AuditLoggingFilterDetails auditLoggingFilterDetails;
 
   @Autowired
   public SafeDepositBoxService(
@@ -80,7 +79,9 @@ public SafeDepositBoxService(
       AwsIamRoleArnParser awsIamRoleArnParser,
       SecureDataService secureDataService,
       SecureDataVersionDao secureDataVersionDao,
-      @Value(USER_GROUPS_CASE_SENSITIVE) Boolean userGroupsCaseSensitive) {
+      @Value(USER_GROUPS_CASE_SENSITIVE) Boolean userGroupsCaseSensitive,
+      SdbAccessRequest sdbAccessRequest,
+      AuditLoggingFilterDetails auditLoggingFilterDetails) {
 
     this.safeDepositBoxDao = safeDepositBoxDao;
     this.userGroupDao = userGroupDao;
@@ -95,6 +96,7 @@ public SafeDepositBoxService(
     this.secureDataService = secureDataService;
     this.secureDataVersionDao = secureDataVersionDao;
     this.userGroupsCaseSensitive = userGroupsCaseSensitive;
+    this.auditLoggingFilterDetails = auditLoggingFilterDetails;
   }
 
   /**
@@ -298,7 +300,6 @@ public SafeDepositBoxV2 updateSafeDepositBoxV2(
       final String id) {
 
     final SafeDepositBoxV2 currentBox = getSDBAndValidatePrincipalAssociationV2(id);
-
     String principalName = authPrincipal.getName();
     final OffsetDateTime now = dateTimeSupplier.get();
     final SafeDepositBoxRecord boxToUpdate =
@@ -316,6 +317,12 @@ public SafeDepositBoxV2 updateSafeDepositBoxV2(
     modifyUserGroupPermissions(currentBox, userGroupPermissionSet, principalName, now);
     modifyIamPrincipalPermissions(currentBox, iamRolePermissionSet, principalName, now);
 
+    auditLoggingFilterDetails.setAction(
+        String.format(
+            "Update details for SDB with name: '%s' and id: '%s'",
+            currentBox.getName(), currentBox.getId()));
+    auditLoggingFilterDetails.setSdbNameSlug(currentBox.getName());
+
     return getSDBAndValidatePrincipalAssociationV2(id);
   }
 

gradle/verification-metadata.xml

@@ -2864,20 +2864,20 @@
             <sha256 value="c1405c4a383072ec5a0ad3c41a9736063aad718a522fd7bf400dfd7550f2190e" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="org.apache.tomcat.embed" name="tomcat-embed-core" version="9.0.35">
-         <artifact name="tomcat-embed-core-9.0.35.jar">
-            <sha256 value="e8aa539d4a3c547fcb06a24fc4865bc599cd867045ce5f07ec450e48fae1e99a" origin="Generated by Gradle"/>
+      <component group="org.apache.tomcat.embed" name="tomcat-embed-core" version="9.0.37">
+         <artifact name="tomcat-embed-core-9.0.37.jar">
+            <sha1 value="c3f788de87f17eb57a9e7083736c1820fcbc1046" origin="Maven Central"/>
          </artifact>
-         <artifact name="tomcat-embed-core-9.0.35.pom">
-            <sha256 value="168f70578d9d3b01a0d60f3f68789ba58af3ca7268de7081e61dced401a81874" origin="Generated by Gradle"/>
+         <artifact name="tomcat-embed-core-9.0.37.pom">
+            <sha1 value="d12794b46c936e2e9b1c85787bc799a02ff7509d" origin="Maven Central"/>
          </artifact>
       </component>
-      <component group="org.apache.tomcat.embed" name="tomcat-embed-websocket" version="9.0.35">
-         <artifact name="tomcat-embed-websocket-9.0.35.jar">
-            <sha256 value="a22d3f42478dd1391dda3382f2d48e30e6614661e1450f773e3127e2d1a40903" origin="Generated by Gradle"/>
+      <component group="org.apache.tomcat.embed" name="tomcat-embed-websocket" version="9.0.37">
+         <artifact name="tomcat-embed-websocket-9.0.37.jar">
+            <sha1 value="ee8b7c9081372bf40c41443c93317145a01e343a" origin="Maven Central"/>
          </artifact>
-         <artifact name="tomcat-embed-websocket-9.0.35.pom">
-            <sha256 value="6aa398994392f895c2f583e4989ff9411dd27aa1301502c50ea9b4a1c44ea631" origin="Generated by Gradle"/>
+         <artifact name="tomcat-embed-websocket-9.0.37.pom">
+            <sha1 value="7b2185c59cc0d8ece2b9713437eb774f6f033c5d" origin="Maven Central"/>
          </artifact>
       </component>
       <component group="org.apache.velocity" name="velocity-engine-core" version="2.1">

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,6 @@
+#Wed Jul 22 09:07:19 PDT 2020
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.3-all.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.3-bin.zip
-zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME