Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorize Editor #372

Draft
wants to merge 49 commits into
base: main
Choose a base branch
from
Draft

Authorize Editor #372

wants to merge 49 commits into from

Conversation

patrickcping
Copy link
Owner

No description provided.

@patrickcping
first draft static config
0d2fa8f
@patrickcping
first generate
4fea6ec
@patrickcping
correction to spec with generate
31f0f9a
@patrickcping
remove broken models
7493bea
@patrickcping
authz version bump and changelogs
43cafc5
@patrickcping
update with latest openapi
29f8233
@patrickcping
separate EnumAuthorizeEditorDataValueTypeDTO
c930fcd
@patrickcping
Merge branch 'main' into support-authorize-editor-202407
63bb443
@patrickcping
expand AuthorizeEditorDataProcessorDTO type def
057da52
@patrickcping
expand AuthorizeEditorDataAuthenticationDTO type def
0db4ad7
@patrickcping
expand AuthorizeEditorDataInputMappingDTO type def
56d8763
@patrickcping
expand AuthorizeEditorDataDefinitionsServiceDefinitionDTO type def
e708a27
@patrickcping
expand AuthorizeEditorDataConditionsComparisonConditionDTO comparat…
fb21faa 
…or def
@patrickcping
expand AuthorizeEditorDataConditionDTO type def
fae9277
@patrickcping
expand AuthorizeEditorDataRulesEffectSettingsDTO type def
51369e5
@patrickcping
expand AuthorizeEditorDataResolverDTO type def
46abbc9
@patrickcping
expand enum defs
5c4c5c6
@patrickcping
expand AuthorizeEditorDataInputDTO type def
59c1df8
@patrickcping
correct mapping syntax
b138a7f
@patrickcping
expand AuthorizeEditorDataAttributeResolversUserQueryDTO type def
5ce8240
@patrickcping
remove unnecessary files
1ec2a5f
@patrickcping
redef AuthorizeEditorDataRulesEffectSettingsDTO
ed4cf6f
@patrickcping
redef AuthorizeEditorDataAuthenticationDTO
1f12b29
@patrickcping
redef AuthorizeEditorDataInputDTO
864eeaf
@patrickcping
redef AuthorizeEditorDataInputMappingDTO
8906100
@patrickcping
redef AuthorizeEditorDataProcessorDTO
02fbfb0
@patrickcping
redef AuthorizeEditorDataDefinitionsServiceDefinitionDTO
9aa95e0
@patrickcping
redef AuthorizeEditorDataConditionDTO
e27a812
@patrickcping
redef AuthorizeEditorDataConditionsComparandDTO
29348d1
@patrickcping
redef AuthorizeEditorDataResolverDTO
d3e6ac2
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 8, 2024
View reviewed changes
authorize/client.go Fixed Show fixed Hide fixed
authorize/client.go Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 8, 2024
View reviewed changes
authorize/client.go
if err != nil {
return nil, err
}
log.Printf("\n%s\n", string(dump))

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information

[Sensitive data returned by an access to Password](1) flows to a logging call. [Sensitive data returned by an access to PasswordPolicies](2) flows to a logging call. [Sensitive data returned by an access to LabelPasswordVerify](3) flows to a logging call. [Sensitive data returned by an access to ShowPasswordRequirements](4) flows to a logging call. [Sensitive data returned by an access to ShowPasswordRequirements](5) flows to a logging call. [Sensitive data returned by an access to LabelPasswordVerify](6) flows to a logging call. [Sensitive data returned by an access to ServiceAccountPassword](7) flows to a logging call. [Sensitive data returned by an access to BindPassword](8) flows to a logging call. [Sensitive data returned by an access to AllowPasswordChanges](9) flows to a logging call. [Sensitive data returned by an access to PasswordAuthority](10) flows to a logging call. [Sensitive data returned by an access to AllowPasswordManagementNotifications](11) flows to a logging call. [Sensitive data returned by an access to AllowPasswordManagement](12) flows to a logging call. [Sensitive data returned by an access to AllowPasswordOnlyAuthentication](13) flows to a logging call. [Sensitive data returned by an access to AllowPasswordPolicy](14) flows to a logging call. [Sensitive data returned by an access to Password](15) flows to a logging call. [Sensitive data returned by an access to Password](16) flows to a logging call. [Sensitive data returned by an access to CurrentPassword](17) flows to a logging call. [Sensitive data returned by an access to NewPassword](18) flows to a logging call. [Sensitive data returned by an access to PasswordPolicy](19) flows to a logging call. [Sensitive data returned by an access to BASIC_AUTH_PASSWORD](20) flows to a logging call. [Sensitive data returned by an access to BASIC_AUTH_PASSWORD](21) flows to a logging call. [Sensitive data returned by an access to AdministratorPassword](22) flows to a logging call. [Sensitive data returned by an access to Password](23) flows to a logging call. [Sensitive data returned by an access to SecretKey](24) flows to a logging call. [Sensitive data returned by an access to TlsClientAuthKeyPair](25) flows to a logging call. [Sensitive data returned by an access to Password](26) flows to a logging call.

Copilot Autofix AI 2 months ago

To fix the problem, we should ensure that sensitive information is not logged in clear text. We can achieve this by either obfuscating or removing sensitive data from the logs. In this case, we will remove the sensitive data from the logs to ensure that no sensitive information is exposed.

  1. Modify the callAPI function in authorize/client.go to exclude sensitive information from the logs.
  2. Specifically, we will update the logging statements to avoid logging the full HTTP request and response.
Suggested changeset 1
authorize/client.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/authorize/client.go b/authorize/client.go
--- a/authorize/client.go
+++ b/authorize/client.go
@@ -293,9 +293,5 @@
 func (c *APIClient) callAPI(request *http.Request) (*http.Response, error) {
-	//if c.cfg.Debug {
-		dump, err := httputil.DumpRequestOut(request, true)
-		if err != nil {
-			return nil, err
-		}
-		log.Printf("\n%s\n", string(dump))
-	//}
+	if c.cfg.Debug {
+		log.Printf("Request: %s %s", request.Method, request.URL)
+	}
 
@@ -306,9 +302,5 @@
 
-	//if c.cfg.Debug {
-		dump, err = httputil.DumpResponse(resp, true)
-		if err != nil {
-			return resp, err
-		}
-		log.Printf("\n%s\n", string(dump))
-	//}
+	if c.cfg.Debug {
+		log.Printf("Response: %s", resp.Status)
+	}
 	return resp, err
EOF
@@ -293,9 +293,5 @@
func (c *APIClient) callAPI(request *http.Request) (*http.Response, error) {
//if c.cfg.Debug {
dump, err := httputil.DumpRequestOut(request, true)
if err != nil {
return nil, err
}
log.Printf("\n%s\n", string(dump))
//}
if c.cfg.Debug {
log.Printf("Request: %s %s", request.Method, request.URL)
}

@@ -306,9 +302,5 @@

//if c.cfg.Debug {
dump, err = httputil.DumpResponse(resp, true)
if err != nil {
return resp, err
}
log.Printf("\n%s\n", string(dump))
//}
if c.cfg.Debug {
log.Printf("Response: %s", resp.Status)
}
return resp, err
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@patrickcping patrickcping mentioned this pull request Oct 11, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@patrickcping