Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: mitigate storing password in the memory #2858

Merged
merged 24 commits into from Apr 13, 2023
Merged

fix: mitigate storing password in the memory #2858

merged 24 commits into from Apr 13, 2023

Conversation

pj892031
Copy link
Contributor

@pj892031 pj892031 commented Mar 31, 2023
edited by pablocarle

Description

In Java is a known issue that passwords stored as String are not under control. It can be minimized by using char arrays instead of String. It will not completely solve the issue, just reduce it a little bit. This PR changes the password stored as a string into array of chars where possible.

Type of change

Please delete options that are not relevant.

  • (fix) Bug fix (non-breaking change which fixes an issue)
  • (refactor) Refactor the code

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas. In JS I did provide JSDoc
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • The java tests in the area I was working on leverage @nested annotations
  • Any dependent changes have been merged and published in downstream modules

@pj892031
base implementation of logins
c64abc4 
Signed-off-by: Pavel Jareš <pavel.jares@broadcom.com>
@pj892031
fix unused import
8085ead 
Signed-off-by: Pavel Jareš <pavel.jares@broadcom.com>
@pj892031
fix another part
3584eba 
Signed-off-by: Pavel Jareš <pavel.jares@broadcom.com>
@github-actions github-actions bot added the Sensitive Sensitive change that requires peer review label Mar 31, 2023
pj892031 and others added 4 commits March 31, 2023 14:53
@pj892031
Merge branch 'v2.x.x' into reboot/mitigateStoringPassword
835387a
@pj892031
fix test
3ba7c64 
Signed-off-by: Pavel Jareš <pavel.jares@broadcom.com>
@pj892031
fix tests
1920e96 
Signed-off-by: Pavel Jareš <pavel.jares@broadcom.com>
@pj892031
fix tests
5a7c9f2 
Signed-off-by: Pavel Jareš <pavel.jares@broadcom.com>
@achmelo achmelo marked this pull request as ready for review April 3, 2023 10:53
pablocarle and others added 4 commits April 3, 2023 15:37
@pablocarle
Merge branch 'v2.x.x' into reboot/mitigateStoringPassword
d24bf71
integration tests wip
a48a9c9 
Signed-off-by: Pablo Hernán Carle <pablo.carle@broadcom.com>
Merge branch 'reboot/mitigateStoringPassword' of https://github.com/z…
fa9f462 
…owe/api-layer into reboot/mitigateStoringPassword
it
30fec51 
Signed-off-by: Pablo Hernán Carle <pablo.carle@broadcom.com>
fix sonar, pr review
ebd198d 
Signed-off-by: Pablo Hernán Carle <pablo.carle@broadcom.com>
achmelo and others added 2 commits April 4, 2023 08:59
@achmelo
remove unused code
146e489 
Signed-off-by: achmelo <a.chmelo@gmail.com>
pr review, some tests break
1698261 
Signed-off-by: Pablo Hernán Carle <pablo.carle@broadcom.com>
Pablo Hernán Carle and others added 4 commits April 4, 2023 16:05
remove unneeded constructor
ef16a27 
Signed-off-by: Pablo Hernán Carle <pablo.carle@broadcom.com>
@pablocarle
Merge branch 'v2.x.x' into reboot/mitigateStoringPassword
932060a
fix tests
b09817d 
Signed-off-by: Pablo Hernán Carle <pablo.carle@broadcom.com>
Merge branch 'reboot/mitigateStoringPassword' of https://github.com/z…
dd3ddd4 
…owe/api-layer into reboot/mitigateStoringPassword
@pablocarle pablocarle changed the title Mitigate storing password in the memory fixMitigate storing password in the memory Apr 5, 2023
@pablocarle pablocarle changed the title fixMitigate storing password in the memory fix: mitigate storing password in the memory Apr 5, 2023
ignore code smells with string constructor
6d60b32 
Signed-off-by: Pablo Hernán Carle <pablo.carle@broadcom.com>
@JirkaAichler JirkaAichler mentioned this pull request Apr 5, 2023
Merged
15 tasks
restore methods in zaasclient and deprecate
1562920 
Signed-off-by: Pablo Hernán Carle <pablo.carle@broadcom.com>
pj892031
pj892031 commented Apr 12, 2023
View reviewed changes
build.gradle Show resolved Hide resolved
@pj892031
code review
d0d1d01 
Signed-off-by: Pavel Jareš <pavel.jares@broadcom.com>
@sonarcloud
Copy link

sonarcloud bot commented Apr 13, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 3 Code Smells

86.2% 86.2% Coverage
0.0% 0.0% Duplication

JirkaAichler
JirkaAichler approved these changes Apr 13, 2023
View reviewed changes
Copy link
Contributor

@JirkaAichler JirkaAichler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@pj892031 pj892031 merged commit b1596eb into v2.x.x Apr 13, 2023
33 checks passed
@delete-merged-branch delete-merged-branch bot deleted the reboot/mitigateStoringPassword branch April 13, 2023 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pablocarle pablocarle pablocarle left review comments

@JirkaAichler JirkaAichler JirkaAichler approved these changes

@achmelo achmelo Awaiting requested review from achmelo

Assignees
No one assigned
Labels
Sensitive Sensitive change that requires peer review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@pj892031 @pablocarle @achmelo @JirkaAichler