Skip to content
This repository has been archived by the owner on Jan 12, 2024. It is now read-only.

Commit

Permalink
fix: Ensures SDB name slug is included in update SDB audit logs and c… (
Browse files Browse the repository at this point in the history
#260)

* fix: Ensures SDB name slug is included in update SDB audit logs and creates a custom action message for the update SDB endpoint
  • Loading branch information
tunderwood authored Jul 22, 2020
1 parent 06daacd commit 11dacb4
Show file tree
Hide file tree
Showing 6 changed files with 38 additions and 19 deletions.
5 changes: 5 additions & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,11 @@ subprojects {
imports {
mavenBom("org.springframework.boot:spring-boot-dependencies:${versions.springBoot}")
}
dependencies {
//upgrading tomcat manually until Spring-Boot 2.3.2 is released to resolve a security vulnerability
dependency 'org.apache.tomcat.embed:tomcat-embed-core:9.0.37'
dependency 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.37'
}
}

dependencies {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,12 @@ protected void doFilterInternal(
.originatingClass(this.getClass().getSimpleName())
.traceId(getTraceId());

Optional.ofNullable(sdbAccessRequest.getSdbSlug()).ifPresent(eventContext::sdbNameSlug);
if (auditLoggingFilterDetails.getSdbNameSlug() != null
&& !auditLoggingFilterDetails.getSdbNameSlug().isEmpty()) {
eventContext.sdbNameSlug(auditLoggingFilterDetails.getSdbNameSlug());
} else {
Optional.ofNullable(sdbAccessRequest.getSdbSlug()).ifPresent(eventContext::sdbNameSlug);
}

AuditableEvent event = new AuditableEvent(this, eventContext.build());

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,5 @@
@Scope(value = WebApplicationContext.SCOPE_REQUEST, proxyMode = ScopedProxyMode.TARGET_CLASS)
public class AuditLoggingFilterDetails {
private String action;
private String sdbNameSlug;
}
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,12 @@
import com.nike.cerberus.dao.UserGroupDao;
import com.nike.cerberus.domain.*;
import com.nike.cerberus.error.DefaultApiError;
import com.nike.cerberus.event.filter.AuditLoggingFilterDetails;
import com.nike.cerberus.record.RoleRecord;
import com.nike.cerberus.record.SafeDepositBoxRecord;
import com.nike.cerberus.record.UserGroupRecord;
import com.nike.cerberus.security.CerberusPrincipal;
import com.nike.cerberus.util.AwsIamRoleArnParser;
import com.nike.cerberus.util.DateTimeSupplier;
import com.nike.cerberus.util.Slugger;
import com.nike.cerberus.util.UuidSupplier;
import com.nike.cerberus.util.*;
import java.time.OffsetDateTime;
import java.util.LinkedList;
import java.util.List;
Expand Down Expand Up @@ -65,6 +63,7 @@ public class SafeDepositBoxService {
private final SecureDataService secureDataService;
private final SecureDataVersionDao secureDataVersionDao;
private final Boolean userGroupsCaseSensitive;
private final AuditLoggingFilterDetails auditLoggingFilterDetails;

@Autowired
public SafeDepositBoxService(
Expand All @@ -80,7 +79,9 @@ public SafeDepositBoxService(
AwsIamRoleArnParser awsIamRoleArnParser,
SecureDataService secureDataService,
SecureDataVersionDao secureDataVersionDao,
@Value(USER_GROUPS_CASE_SENSITIVE) Boolean userGroupsCaseSensitive) {
@Value(USER_GROUPS_CASE_SENSITIVE) Boolean userGroupsCaseSensitive,
SdbAccessRequest sdbAccessRequest,
AuditLoggingFilterDetails auditLoggingFilterDetails) {

this.safeDepositBoxDao = safeDepositBoxDao;
this.userGroupDao = userGroupDao;
Expand All @@ -95,6 +96,7 @@ public SafeDepositBoxService(
this.secureDataService = secureDataService;
this.secureDataVersionDao = secureDataVersionDao;
this.userGroupsCaseSensitive = userGroupsCaseSensitive;
this.auditLoggingFilterDetails = auditLoggingFilterDetails;
}

/**
Expand Down Expand Up @@ -298,7 +300,6 @@ public SafeDepositBoxV2 updateSafeDepositBoxV2(
final String id) {

final SafeDepositBoxV2 currentBox = getSDBAndValidatePrincipalAssociationV2(id);

String principalName = authPrincipal.getName();
final OffsetDateTime now = dateTimeSupplier.get();
final SafeDepositBoxRecord boxToUpdate =
Expand All @@ -316,6 +317,12 @@ public SafeDepositBoxV2 updateSafeDepositBoxV2(
modifyUserGroupPermissions(currentBox, userGroupPermissionSet, principalName, now);
modifyIamPrincipalPermissions(currentBox, iamRolePermissionSet, principalName, now);

auditLoggingFilterDetails.setAction(
String.format(
"Update details for SDB with name: '%s' and id: '%s'",
currentBox.getName(), currentBox.getId()));
auditLoggingFilterDetails.setSdbNameSlug(slugger.toSlug(currentBox.getName()));

return getSDBAndValidatePrincipalAssociationV2(id);
}

Expand Down
20 changes: 10 additions & 10 deletions gradle/verification-metadata.xml
Original file line number Diff line number Diff line change
Expand Up @@ -2864,20 +2864,20 @@
<sha256 value="c1405c4a383072ec5a0ad3c41a9736063aad718a522fd7bf400dfd7550f2190e" origin="Generated by Gradle"/>
</artifact>
</component>
<component group="org.apache.tomcat.embed" name="tomcat-embed-core" version="9.0.35">
<artifact name="tomcat-embed-core-9.0.35.jar">
<sha256 value="e8aa539d4a3c547fcb06a24fc4865bc599cd867045ce5f07ec450e48fae1e99a" origin="Generated by Gradle"/>
<component group="org.apache.tomcat.embed" name="tomcat-embed-core" version="9.0.37">
<artifact name="tomcat-embed-core-9.0.37.jar">
<sha1 value="c3f788de87f17eb57a9e7083736c1820fcbc1046" origin="Maven Central"/>
</artifact>
<artifact name="tomcat-embed-core-9.0.35.pom">
<sha256 value="168f70578d9d3b01a0d60f3f68789ba58af3ca7268de7081e61dced401a81874" origin="Generated by Gradle"/>
<artifact name="tomcat-embed-core-9.0.37.pom">
<sha1 value="d12794b46c936e2e9b1c85787bc799a02ff7509d" origin="Maven Central"/>
</artifact>
</component>
<component group="org.apache.tomcat.embed" name="tomcat-embed-websocket" version="9.0.35">
<artifact name="tomcat-embed-websocket-9.0.35.jar">
<sha256 value="a22d3f42478dd1391dda3382f2d48e30e6614661e1450f773e3127e2d1a40903" origin="Generated by Gradle"/>
<component group="org.apache.tomcat.embed" name="tomcat-embed-websocket" version="9.0.37">
<artifact name="tomcat-embed-websocket-9.0.37.jar">
<sha1 value="ee8b7c9081372bf40c41443c93317145a01e343a" origin="Maven Central"/>
</artifact>
<artifact name="tomcat-embed-websocket-9.0.35.pom">
<sha256 value="6aa398994392f895c2f583e4989ff9411dd27aa1301502c50ea9b4a1c44ea631" origin="Generated by Gradle"/>
<artifact name="tomcat-embed-websocket-9.0.37.pom">
<sha1 value="7b2185c59cc0d8ece2b9713437eb774f6f033c5d" origin="Maven Central"/>
</artifact>
</component>
<component group="org.apache.velocity" name="velocity-engine-core" version="2.1">
Expand Down
5 changes: 3 additions & 2 deletions gradle/wrapper/gradle-wrapper.properties
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
#Wed Jul 22 09:07:19 PDT 2020
distributionUrl=https\://services.gradle.org/distributions/gradle-6.3-all.zip
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-6.3-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME

0 comments on commit 11dacb4

Please sign in to comment.