From 11dacb4210538310b4155444a360598b7952ad7f Mon Sep 17 00:00:00 2001
From: Todd Underwood <todd@toddaunderwood.com>
Date: Wed, 22 Jul 2020 15:10:41 -0700
Subject: [PATCH] =?UTF-8?q?fix:=20Ensures=20SDB=20name=20slug=20is=20inclu?=
 =?UTF-8?q?ded=20in=20update=20SDB=20audit=20logs=20and=20c=E2=80=A6=20(#2?=
 =?UTF-8?q?60)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix: Ensures SDB name slug is included in update SDB audit logs and creates a custom action message for the update SDB endpoint
---
 build.gradle                                  |  5 +++++
 .../event/filter/AuditLoggingFilter.java      |  7 ++++++-
 .../filter/AuditLoggingFilterDetails.java     |  1 +
 .../service/SafeDepositBoxService.java        | 19 ++++++++++++------
 gradle/verification-metadata.xml              | 20 +++++++++----------
 gradle/wrapper/gradle-wrapper.properties      |  5 +++--
 6 files changed, 38 insertions(+), 19 deletions(-)

diff --git a/build.gradle b/build.gradle
index 88e9b49fc..3280e2dbc 100644
--- a/build.gradle
+++ b/build.gradle
@@ -127,6 +127,11 @@ subprojects {
     imports {
       mavenBom("org.springframework.boot:spring-boot-dependencies:${versions.springBoot}")
     }
+    dependencies {
+      //upgrading tomcat manually until Spring-Boot 2.3.2 is released to resolve a security vulnerability
+      dependency 'org.apache.tomcat.embed:tomcat-embed-core:9.0.37'
+      dependency 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.37'
+    }
   }
 
   dependencies {
diff --git a/cerberus-web/src/main/java/com/nike/cerberus/event/filter/AuditLoggingFilter.java b/cerberus-web/src/main/java/com/nike/cerberus/event/filter/AuditLoggingFilter.java
index a9b0a3ddc..642db8d65 100644
--- a/cerberus-web/src/main/java/com/nike/cerberus/event/filter/AuditLoggingFilter.java
+++ b/cerberus-web/src/main/java/com/nike/cerberus/event/filter/AuditLoggingFilter.java
@@ -135,7 +135,12 @@ protected void doFilterInternal(
             .originatingClass(this.getClass().getSimpleName())
             .traceId(getTraceId());
 
-    Optional.ofNullable(sdbAccessRequest.getSdbSlug()).ifPresent(eventContext::sdbNameSlug);
+    if (auditLoggingFilterDetails.getSdbNameSlug() != null
+        && !auditLoggingFilterDetails.getSdbNameSlug().isEmpty()) {
+      eventContext.sdbNameSlug(auditLoggingFilterDetails.getSdbNameSlug());
+    } else {
+      Optional.ofNullable(sdbAccessRequest.getSdbSlug()).ifPresent(eventContext::sdbNameSlug);
+    }
 
     AuditableEvent event = new AuditableEvent(this, eventContext.build());
 
diff --git a/cerberus-web/src/main/java/com/nike/cerberus/event/filter/AuditLoggingFilterDetails.java b/cerberus-web/src/main/java/com/nike/cerberus/event/filter/AuditLoggingFilterDetails.java
index 3b1af41f0..9fbae3b86 100644
--- a/cerberus-web/src/main/java/com/nike/cerberus/event/filter/AuditLoggingFilterDetails.java
+++ b/cerberus-web/src/main/java/com/nike/cerberus/event/filter/AuditLoggingFilterDetails.java
@@ -27,4 +27,5 @@
 @Scope(value = WebApplicationContext.SCOPE_REQUEST, proxyMode = ScopedProxyMode.TARGET_CLASS)
 public class AuditLoggingFilterDetails {
   private String action;
+  private String sdbNameSlug;
 }
diff --git a/cerberus-web/src/main/java/com/nike/cerberus/service/SafeDepositBoxService.java b/cerberus-web/src/main/java/com/nike/cerberus/service/SafeDepositBoxService.java
index 22ec16a17..bdfd98520 100644
--- a/cerberus-web/src/main/java/com/nike/cerberus/service/SafeDepositBoxService.java
+++ b/cerberus-web/src/main/java/com/nike/cerberus/service/SafeDepositBoxService.java
@@ -26,14 +26,12 @@
 import com.nike.cerberus.dao.UserGroupDao;
 import com.nike.cerberus.domain.*;
 import com.nike.cerberus.error.DefaultApiError;
+import com.nike.cerberus.event.filter.AuditLoggingFilterDetails;
 import com.nike.cerberus.record.RoleRecord;
 import com.nike.cerberus.record.SafeDepositBoxRecord;
 import com.nike.cerberus.record.UserGroupRecord;
 import com.nike.cerberus.security.CerberusPrincipal;
-import com.nike.cerberus.util.AwsIamRoleArnParser;
-import com.nike.cerberus.util.DateTimeSupplier;
-import com.nike.cerberus.util.Slugger;
-import com.nike.cerberus.util.UuidSupplier;
+import com.nike.cerberus.util.*;
 import java.time.OffsetDateTime;
 import java.util.LinkedList;
 import java.util.List;
@@ -65,6 +63,7 @@ public class SafeDepositBoxService {
   private final SecureDataService secureDataService;
   private final SecureDataVersionDao secureDataVersionDao;
   private final Boolean userGroupsCaseSensitive;
+  private final AuditLoggingFilterDetails auditLoggingFilterDetails;
 
   @Autowired
   public SafeDepositBoxService(
@@ -80,7 +79,9 @@ public SafeDepositBoxService(
       AwsIamRoleArnParser awsIamRoleArnParser,
       SecureDataService secureDataService,
       SecureDataVersionDao secureDataVersionDao,
-      @Value(USER_GROUPS_CASE_SENSITIVE) Boolean userGroupsCaseSensitive) {
+      @Value(USER_GROUPS_CASE_SENSITIVE) Boolean userGroupsCaseSensitive,
+      SdbAccessRequest sdbAccessRequest,
+      AuditLoggingFilterDetails auditLoggingFilterDetails) {
 
     this.safeDepositBoxDao = safeDepositBoxDao;
     this.userGroupDao = userGroupDao;
@@ -95,6 +96,7 @@ public SafeDepositBoxService(
     this.secureDataService = secureDataService;
     this.secureDataVersionDao = secureDataVersionDao;
     this.userGroupsCaseSensitive = userGroupsCaseSensitive;
+    this.auditLoggingFilterDetails = auditLoggingFilterDetails;
   }
 
   /**
@@ -298,7 +300,6 @@ public SafeDepositBoxV2 updateSafeDepositBoxV2(
       final String id) {
 
     final SafeDepositBoxV2 currentBox = getSDBAndValidatePrincipalAssociationV2(id);
-
     String principalName = authPrincipal.getName();
     final OffsetDateTime now = dateTimeSupplier.get();
     final SafeDepositBoxRecord boxToUpdate =
@@ -316,6 +317,12 @@ public SafeDepositBoxV2 updateSafeDepositBoxV2(
     modifyUserGroupPermissions(currentBox, userGroupPermissionSet, principalName, now);
     modifyIamPrincipalPermissions(currentBox, iamRolePermissionSet, principalName, now);
 
+    auditLoggingFilterDetails.setAction(
+        String.format(
+            "Update details for SDB with name: '%s' and id: '%s'",
+            currentBox.getName(), currentBox.getId()));
+    auditLoggingFilterDetails.setSdbNameSlug(slugger.toSlug(currentBox.getName()));
+
     return getSDBAndValidatePrincipalAssociationV2(id);
   }
 
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index ad957b2dc..7386b79af 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -2864,20 +2864,20 @@
             <sha256 value="c1405c4a383072ec5a0ad3c41a9736063aad718a522fd7bf400dfd7550f2190e" origin="Generated by Gradle"/>
          </artifact>
       </component>
-      <component group="org.apache.tomcat.embed" name="tomcat-embed-core" version="9.0.35">
-         <artifact name="tomcat-embed-core-9.0.35.jar">
-            <sha256 value="e8aa539d4a3c547fcb06a24fc4865bc599cd867045ce5f07ec450e48fae1e99a" origin="Generated by Gradle"/>
+      <component group="org.apache.tomcat.embed" name="tomcat-embed-core" version="9.0.37">
+         <artifact name="tomcat-embed-core-9.0.37.jar">
+            <sha1 value="c3f788de87f17eb57a9e7083736c1820fcbc1046" origin="Maven Central"/>
          </artifact>
-         <artifact name="tomcat-embed-core-9.0.35.pom">
-            <sha256 value="168f70578d9d3b01a0d60f3f68789ba58af3ca7268de7081e61dced401a81874" origin="Generated by Gradle"/>
+         <artifact name="tomcat-embed-core-9.0.37.pom">
+            <sha1 value="d12794b46c936e2e9b1c85787bc799a02ff7509d" origin="Maven Central"/>
          </artifact>
       </component>
-      <component group="org.apache.tomcat.embed" name="tomcat-embed-websocket" version="9.0.35">
-         <artifact name="tomcat-embed-websocket-9.0.35.jar">
-            <sha256 value="a22d3f42478dd1391dda3382f2d48e30e6614661e1450f773e3127e2d1a40903" origin="Generated by Gradle"/>
+      <component group="org.apache.tomcat.embed" name="tomcat-embed-websocket" version="9.0.37">
+         <artifact name="tomcat-embed-websocket-9.0.37.jar">
+            <sha1 value="ee8b7c9081372bf40c41443c93317145a01e343a" origin="Maven Central"/>
          </artifact>
-         <artifact name="tomcat-embed-websocket-9.0.35.pom">
-            <sha256 value="6aa398994392f895c2f583e4989ff9411dd27aa1301502c50ea9b4a1c44ea631" origin="Generated by Gradle"/>
+         <artifact name="tomcat-embed-websocket-9.0.37.pom">
+            <sha1 value="7b2185c59cc0d8ece2b9713437eb774f6f033c5d" origin="Maven Central"/>
          </artifact>
       </component>
       <component group="org.apache.velocity" name="velocity-engine-core" version="2.1">
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index a4b442974..2fdec0704 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,6 @@
+#Wed Jul 22 09:07:19 PDT 2020
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.3-all.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.3-bin.zip
-zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
+zipStoreBase=GRADLE_USER_HOME