Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Develop various small improvements #2368

Merged
merged 12 commits into from
Apr 7, 2024
Merged

Develop various small improvements #2368

merged 12 commits into from
Apr 7, 2024

Conversation

tpurschke
Copy link
Contributor

@tpurschke tpurschke commented Mar 28, 2024
edited
Loading

  • add maintenance page during upgrade
  • sample customizing py script with sample data, closes Installer customizable config (settings) Installer customizable config (settings) #2275
  • remove log locking from importer due to stalling importer stops
  • credentials encryption, closes encrypt passwords and keys (ldap_connection, import_credential); closes encrypt passwords and keys #1508
    • breaking change for developer debugging: add the following local file when using -e testkeys=true:
      /etc/fworch/secrets/main_key with content "not4production..not4production.."
  • add custom (user-defined) fields to import
    • cp only so far, other fw types missing
    • user-defined fields are not part of reports yet

@tpurschke tpurschke changed the title Develop div small improvements Develop various small improvements Mar 28, 2024
@tpurschke
adding db pwd encryption
5d6313b 
adding importer custom fields (db only)
@gitguardian GitGuardian
Copy link

gitguardian bot commented Apr 6, 2024
edited
Loading

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id GitGuardian status Secret Commit Filename
- Generic Password 5d6313b roles/database/files/upgrade/8.0.3.sql View secret
- Generic Password f6cfeb7 roles/database/files/upgrade/8.0.3.sql View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

@tpurschke tpurschke marked this pull request as ready for review April 7, 2024 11:29
@tpurschke tpurschke requested a review from abarz722 April 7, 2024 11:29
abarz722
abarz722 approved these changes Apr 7, 2024
View reviewed changes
Copy link
Contributor

@abarz722 abarz722 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only small formal comments

roles/lib/files/FWO.Config.Api/UserConfig.cs
using FWO.Logging;
using FWO.Config.Api.Data;
using FWO.Api.Client;
using FWO.GlobalConstants;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

duplicate

roles/lib/files/FWO.Report/Display/RuleDisplayBase.cs Outdated
@@ -1,4 +1,6 @@
using System.Text;
using FWO.GlobalConstants;
using FWO.GlobalConstants;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

duplicate

roles/lib/files/FWO.Report/ReportBase.cs Outdated
using FWO.Api.Client;
using FWO.GlobalConstants;
using FWO.Api.Client;
using FWO.GlobalConstants;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

duplicate

roles/middleware/files/FWO.Middleware.Server/Ldap.cs Outdated Show resolved Hide resolved
@tpurschke tpurschke requested a review from abarz722 April 7, 2024 13:55
@tpurschke tpurschke merged commit 7742e15 into CactuseSecurity:develop Apr 7, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abarz722 abarz722 Awaiting requested review from abarz722

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tpurschke @abarz722