feat(config-api): new endpoint for jans service status and file type script enhancement

[pujavs]

Prepare

• Read PR guidelines
• Read license information

---

Description

1. Issue#9979: fix(jans-tui): Saving a script as a file is not working
2. Issue#9884: feat(jans-config-api): need health APIs for FIDO, KC, SCIM, CASA

Target issue

closes #9884 #9979

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

DryRun Security Summary

The GitHub pull request covers a wide range of updates to the Jans Config API application, including new endpoints, improved functionality, and security-focused enhancements that demonstrate a thoughtful approach to enhancing the overall security posture of the application.

Expand for full summary

Summary:

The changes in this GitHub pull request cover a wide range of updates to the Jans Config API application, including the addition of new endpoints, improvements to existing functionality, and security-related enhancements. From an application security perspective, the changes demonstrate a thoughtful approach to improving the overall security posture of the application.

The key security-related aspects of the changes include:

1. Secure Endpoint Implementation: The new endpoints, such as the /service-status and /server-stat endpoints, are designed with security in mind, including the use of appropriate access controls and input validation.

2. Robust Error Handling and Logging: The changes introduce improved error handling and logging mechanisms, which can help to prevent the leakage of sensitive information and aid in security monitoring and incident response.

3. Secure Configuration Management: The updates to the SMTP, message queue, and cryptographic key management configurations highlight the importance of securely managing the application's infrastructure and dependencies.

4. Privilege Escalation Prevention: The changes to the user and client management functionalities demonstrate a focus on preventing unauthorized privilege escalation, which is a crucial security consideration.

5. Input Validation and Sanitization: The code changes include several instances of input validation and sanitization, which can help to mitigate common web application vulnerabilities, such as SQL injection and command injection.

Overall, the changes in this pull request appear to be a positive step towards improving the security and reliability of the Jans Config API application. However, it is important to continue to monitor the application's security posture, review the implementation details, and ensure that the application is properly configured and maintained to address any potential vulnerabilities that may arise in the future.

Files Changed:

1. ApiConstants.java: This file adds a new constant SERVICE_STATUS_PATH with the value /service-status, which should be reviewed to ensure that the corresponding endpoint is properly secured and implemented.

2. ApiHealthCheck.java: The changes in this file introduce new endpoints for fetching service status and server statistics, which should be carefully reviewed for security considerations, such as input validation, authorization, and sensitive information exposure.

3. CustomScriptResource.java: The changes in this file focus on improving the handling of custom scripts, including the management of script location types and authentication methods. These changes help to ensure that the application does not use disabled or invalid custom scripts, which is a positive security enhancement.

4. server-stat.json: This file contains an example JSON object representing server health-related information. The file should be reviewed to ensure that any sensitive information is properly secured and that the application is designed to handle configuration changes in a secure manner.

5. service-status.json: This file contains an example JSON object representing the status of various services in the application. Similar to the server-stat.json file, the security of this information should be carefully considered.

6. StatusCheckerTimer.java: This class is responsible for gathering system and service status information using external programs. The code should be reviewed to ensure that proper input validation and error handling are in place to prevent potential security vulnerabilities.

7. DataUtil.java: The changes in this file focus on improving the date/time handling capabilities of the application, which is an important aspect of secure data management.

8. TokenService.java: The changes in this file enhance the token search functionality by improving the handling of null or empty input values, which is a positive security practice.

9. jans-config-api-swagger.yaml: This file contains the Swagger configuration for the Jans Config API, and the changes should be reviewed to ensure that the new and updated endpoints are properly secured and access-controlled.

Code Analysis

We ran 9 analyzers against 9 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	4 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[sonarcloud]

Quality Gate passed for 'jans-pycloudlib'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'agama parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'Jans-Keycloak-Link'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'SCIM API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'Fido2 API'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud]

Quality Gate passed for 'jans-config-api-parent'

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud