Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mosip 33327 #1486

Open
wants to merge 79 commits into
base: develop_module_Wise_Test_Rig
Choose a base branch
from
Open

Mosip 33327 #1486

wants to merge 79 commits into from

Conversation

Sohandey
Copy link
Member

No description provided.

nandhu-kumar and others added 30 commits April 18, 2024 17:43
@nandhu-kumar
ES-932
2782e7f 
Signed-off-by: Nandhukumar <[email protected]>
@nandhu-kumar
Merge remote-tracking branch 'upstream/develop' into develop
a520135
@kamalsinghthoughtworks
Merge pull request #1413 from nandhu-kumar/develop
eb6ac32 
ES-932
@Sohandey
MOSIP-31931
5b1e589 
Signed-off-by: Sohan Kumar Dey <[email protected]>
@lsivanand
Merge pull request #1415 from Sohandey/develop
1d91d91 
MOSIP-31931
@Sohandey
MOSIP-31931
458f98f 
Signed-off-by: Sohan Kumar Dey <[email protected]>
@kamalsinghthoughtworks
Merge pull request #1416 from Sohandey/develop
3570ffc 
MOSIP-31931
@Sohandey
IDA Fixes
5db7b8f 
Signed-off-by: Sohan Kumar Dey <[email protected]>
@lsivanand
Merge pull request #1417 from Sohandey/develop
a0467ec 
IDA Fixes
@pg-techno123
MOSIP-32574
b5c79e4 
Signed-off-by: Pankaj Godiyal <[email protected]>
@kamalsinghthoughtworks
Merge pull request #1418 from pg-techno123/develop
7ff333c 
MOSIP-32574
@Sohandey
MOSIP-30855 MOSIP-30854 MOSIP-30852 MOSIP-30851 MOSIP-30553
00cc3ec 
Signed-off-by: Sohan Kumar Dey <[email protected]>
@kamalsinghthoughtworks
Merge pull request #1421 from Sohandey/develop
1f2c895 
MOSIP-30855 MOSIP-30854 MOSIP-30852 MOSIP-30851 MOSIP-30553
@Sohandey
MOSIP-30855 MOSIP-30854 MOSIP-30852 MOSIP-30851 MOSIP-30553
61c48ce 
Signed-off-by: Sohan Kumar Dey <[email protected]>
@kamalsinghthoughtworks
Merge pull request #1422 from Sohandey/develop
5f42d98 
MOSIP-30855 MOSIP-30854 MOSIP-30852 MOSIP-30851 MOSIP-30553
@Sohandey
MOSIP-30855 MOSIP-30854 MOSIP-30852 MOSIP-30851 MOSIP-30553
c0a28ee 
Signed-off-by: Sohan Kumar Dey <[email protected]>
@lsivanand
Merge pull request #1423 from Sohandey/develop
10d75d0 
MOSIP-30855 MOSIP-30854 MOSIP-30852 MOSIP-30851 MOSIP-30553
@nandhu-kumar
INJIMOB-954
6a44331 
Signed-off-by: Nandhukumar <[email protected]>
@nandhu-kumar
Merge remote-tracking branch 'upstream/develop' into develop
048fcea
@kamalsinghthoughtworks
Merge pull request #1425 from nandhu-kumar/develop
547f3d2 
INJIMOB-954
@nandhu-kumar
INJIMOB-615
4e192da 
Signed-off-by: Nandhukumar <[email protected]>
@nandhu-kumar
Merge remote-tracking branch 'upstream/develop' into develop
243589f
@kamalsinghthoughtworks
Merge pull request #1426 from nandhu-kumar/develop
e3d47fb 
INJIMOB-615
@nandhu-kumar
INJIMOB-615
488d761 
Signed-off-by: Nandhukumar <[email protected]>
@nandhu-kumar
Merge remote-tracking branch 'upstream/develop' into develop
e740274
@nandhu-kumar
INJIMOB-615
4b0dd68 
Signed-off-by: Nandhukumar <[email protected]>
@kamalsinghthoughtworks
Merge pull request #1433 from nandhu-kumar/develop
ba84ac5 
INJIMOB-615
@nandhu-kumar
INJIMOB-615
19a9209 
Signed-off-by: Nandhukumar <[email protected]>
@nandhu-kumar
Merge remote-tracking branch 'upstream/develop' into develop
37a952a
@kamalsinghthoughtworks
Merge pull request #1434 from nandhu-kumar/develop
0707bf9 
INJIMOB-615
nandhu-kumar and others added 21 commits May 28, 2024 15:17
@nandhu-kumar
MOSIP-33302
24721bf 
Signed-off-by: Nandhukumar <[email protected]>
@nandhu-kumar
Merge remote-tracking branch 'upstream/develop' into develop
a4e7621
@nandhu-kumar
Merge branch 'mosip:MOSIP-33327' into MOSIP-33327
ce00a90
@kamalsinghthoughtworks
auth demo service removal in progress
4c34334 
Signed-off-by: kamalsingh <[email protected]>
@kamalsinghthoughtworks
auth demo service removal in progress
94cf3af 
Signed-off-by: kamalsingh <[email protected]>
@Sohandey
Merge pull request #1463 from kamalsinghthoughtworks/feature-branch
2abc1b5 
Auth demo service changes
@nandhu-kumar
Merge remote-tracking branch 'upstream/MOSIP-33327' into MOSIP-33327
76addec
@nandhu-kumar
MOSIP-31671
560d56d 
Signed-off-by: Nandhukumar <[email protected]>
@lsivanand
Merge pull request #1472 from nandhu-kumar/MOSIP-33327
be303c4 
Mosip 33327
@nandhu-kumar
MOSIP-31671
7d66164 
Signed-off-by: Nandhukumar <[email protected]>
@nandhu-kumar
Merge remote-tracking branch 'upstream/MOSIP-33327' into MOSIP-33327
5db7c1c
@lsivanand
Merge pull request #1473 from nandhu-kumar/MOSIP-33327
a983d39 
Mosip 33327
@nandhu-kumar
MOSIP-33327
e14c3f2 
Signed-off-by: Nandhukumar <[email protected]>
@nandhu-kumar
Merge remote-tracking branch 'upstream/MOSIP-33327' into MOSIP-33327
0082f40
@lsivanand
Merge pull request #1478 from nandhu-kumar/MOSIP-33327
571c0b9 
Mosip 33327
@nandhu-kumar
MOSIP-33327
813db2b 
Signed-off-by: Nandhukumar <[email protected]>
@nandhu-kumar
Merge remote-tracking branch 'upstream/MOSIP-33327' into MOSIP-33327
d3abd8b
@lsivanand
Merge pull request #1480 from nandhu-kumar/MOSIP-33327
3bfedb4 
Mosip 33327
@nandhu-kumar
MOSIP-33327
91e517d 
Signed-off-by: Nandhukumar <[email protected]>
@nandhu-kumar
Merge remote-tracking branch 'upstream/MOSIP-33327' into MOSIP-33327
9f86bd6
@lsivanand
Merge pull request #1482 from nandhu-kumar/MOSIP-33327
33b62bd 
Mosip 33327
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 19, 2024
View reviewed changes
AuthenticationUtil/src/main/java/io/mosip/testrig/auth/util/CryptoCoreUtil.java Fixed Show fixed Hide fixed
AuthenticationUtil/src/main/java/io/mosip/testrig/auth/util/CryptoCoreUtil.java Fixed Show fixed Hide fixed
AuthenticationUtil/src/main/java/io/mosip/testrig/auth/util/CryptoCoreUtil.java Fixed Show fixed Hide fixed
AuthenticationUtil/src/main/java/io/mosip/testrig/auth/util/CryptoCoreUtil.java Fixed Show fixed Hide fixed
AuthenticationUtil/src/main/java/io/mosip/testrig/auth/util/CryptoCoreUtil.java Fixed Show fixed Hide fixed
AuthenticationUtil/src/main/java/io/mosip/testrig/auth/util/CryptoCoreUtil.java Fixed Show fixed Hide fixed
AuthenticationUtil/src/main/java/io/mosip/testrig/auth/util/JWSSignAndVerifyController.java Fixed Show fixed Hide fixed
AuthenticationUtil/src/main/java/io/mosip/testrig/auth/util/JWSSignAndVerifyController.java Fixed Show fixed Hide fixed
AuthenticationUtil/src/main/java/io/mosip/testrig/auth/util/Encrypt.java Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 27, 2024
View reviewed changes
automationtests/src/main/java/io/mosip/testrig/apirig/admin/fw/util/CryptoCoreUtil.java

Cipher cipher;
try {
cipher = Cipher.getInstance(RSA_ECB_OAEP_PADDING);

Check failure

Code scanning / CodeQL

Use of a broken or risky cryptographic algorithm High test

Cryptographic algorithm
RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING
Loading
is weak and should not be used.
automationtests/src/main/java/io/mosip/testrig/apirig/admin/fw/util/CryptoCoreUtil.java
CryptoUtils.verifyData(data);
Cipher cipher;
try {
cipher = Objects.isNull(storeType) ? Cipher.getInstance(RSA_ECB_NO_PADDING) : // NOSONAR using the padding for allowing OAEP padding in PKCS11 library

Check failure

Code scanning / CodeQL

Use of a broken or risky cryptographic algorithm High test

Cryptographic algorithm
RSA/ECB/NoPadding
Loading
is weak and should not be used.
automationtests/src/main/java/io/mosip/testrig/apirig/admin/fw/util/CryptoCoreUtil.java
Cipher cipher;
try {
cipher = Objects.isNull(storeType) ? Cipher.getInstance(RSA_ECB_NO_PADDING) : // NOSONAR using the padding for allowing OAEP padding in PKCS11 library
Cipher.getInstance(RSA_ECB_NO_PADDING, storeType); // NOSONAR using the padding for allowing OAEP padding in PKCS11 library

Check failure

Code scanning / CodeQL

Use of a broken or risky cryptographic algorithm High test

Cryptographic algorithm
RSA/ECB/NoPadding
Loading
is weak and should not be used.
automationtests/src/main/java/io/mosip/testrig/apirig/admin/fw/util/CryptoCoreUtil.java
// Used as a hack for softhsm oeap padding decryption usecase will be when we
// will use in HSM
@SuppressWarnings("java:S106")
private static final String RSA_ECB_NO_PADDING = "RSA/ECB/NoPadding"; // NOSONAR using the padding for allowing OAEP padding in PKCS11 library

Check failure

Code scanning / CodeQL

Use of RSA algorithm without OAEP High test

This specification is used to
initialize an RSA cipher
Loading
without OAEP padding.
This specification is used to
initialize an RSA cipher
Loading
without OAEP padding.
automationtests/src/main/java/io/mosip/testrig/apirig/admin/fw/util/CryptoCoreUtil.java
CryptoUtils.verifyData(data);
Cipher cipher;
try {
cipher = Objects.isNull(storeType) ? Cipher.getInstance(RSA_ECB_NO_PADDING) : // NOSONAR using the padding for allowing OAEP padding in PKCS11 library

Check failure

Code scanning / CodeQL

Use of RSA algorithm without OAEP High test

This specification is used to
initialize an RSA cipher
Loading
without OAEP padding.
automationtests/src/main/java/io/mosip/testrig/apirig/admin/fw/util/CryptoCoreUtil.java
Cipher cipher;
try {
cipher = Objects.isNull(storeType) ? Cipher.getInstance(RSA_ECB_NO_PADDING) : // NOSONAR using the padding for allowing OAEP padding in PKCS11 library
Cipher.getInstance(RSA_ECB_NO_PADDING, storeType); // NOSONAR using the padding for allowing OAEP padding in PKCS11 library

Check failure

Code scanning / CodeQL

Use of RSA algorithm without OAEP High test

This specification is used to
initialize an RSA cipher
Loading
without OAEP padding.
automationtests/src/main/java/io/mosip/testrig/apirig/admin/fw/util/Encrypt.java
public static void turnOffSslChecking() throws NoSuchAlgorithmException, KeyManagementException {
// Install the all-trusting trust manager
final SSLContext sc = SSLContext.getInstance(Encrypt.SSL);
sc.init(null, UNQUESTIONING_TRUST_MANAGER, null);

Check failure

Code scanning / CodeQL

`TrustManager` that accepts all certificates High test

This uses
TrustManager
Loading
, which is defined in
Encrypt$
Loading
and trusts any certificate.
...iontests/src/main/java/io/mosip/testrig/apirig/admin/fw/util/JWSSignAndVerifyController.java

}
public static String trimBeginEnd(String pKey) {
pKey = pKey.replaceAll("-*BEGIN([^-]*)-*(\r?\n)?", "");

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High test

This
regular expression
Loading
that depends on a
user-provided value
Loading
may run slow on strings with many repetitions of '-'.
...iontests/src/main/java/io/mosip/testrig/apirig/admin/fw/util/JWSSignAndVerifyController.java
}
public static String trimBeginEnd(String pKey) {
pKey = pKey.replaceAll("-*BEGIN([^-]*)-*(\r?\n)?", "");
pKey = pKey.replaceAll("-*END([^-]*)-*(\r?\n)?", "");

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data High test

This
regular expression
Loading
that depends on a
user-provided value
Loading
may run slow on strings with many repetitions of '-'.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lsivanand lsivanand lsivanand approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Sohandey @lsivanand @nandhu-kumar @kamalsinghthoughtworks @pg-techno123 @Raginikrishnamurthy