chore(jans-linux-setup): drop couchbase support

[devrimyatar]

Closes #10122

• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

DryRun Security Summary

The provided code changes focus on refactoring and simplifying the Jans Linux setup application, with a particular emphasis on removing support for Couchbase as a backend database option, strengthening security features, and improving secure coding practices, all of which contribute to enhancing the overall security posture of the application.

Expand for full summary

Summary:

The provided code changes are primarily focused on the refactoring and simplification of the Jans Linux setup application, with a particular emphasis on removing support for Couchbase as a backend database option. The changes span across various components of the application, including the Jans Auth Server, Jetty installer, setup utilities, and configuration management.

Key security-related observations:

1. Removal of Couchbase Support: The removal of Couchbase-related functionality and configuration options is a positive change from a security perspective, as Couchbase has had a history of security vulnerabilities. This simplifies the application's attack surface and reduces the potential risk of security issues.

2. Strengthening of Security Features: The changes include improvements to security-related features, such as the generation of pairwise pseudonym calculation keys, handling of OpenBanking integration, and enforcement of stronger password requirements. These changes enhance the overall security posture of the application.

3. Input Validation and Sanitization: The code changes include several instances of input validation and sanitization, such as hostname validation, email and IP address validation, and SQL query parameterization. These are important security practices to mitigate common web application vulnerabilities.

4. Secure Configuration Management: The changes focus on securely managing sensitive configurations, such as storing passwords in encrypted formats and avoiding clear-text storage of sensitive information.

5. Comprehensive Testing: The application includes functionality for comprehensive testing, including the setup of test environments, deployment of test clients, and configuration of security-related settings. This suggests a focus on security validation and a proactive approach to identifying and addressing potential vulnerabilities.

Overall, the code changes appear to be a positive step towards improving the security and maintainability of the Jans Linux setup application. The removal of Couchbase support, strengthening of security features, and focus on secure coding practices are all notable improvements from an application security perspective.

Files Changed:

1. jans-linux-setup/jans_setup/jans_setup.py: Removal of the Couchbase installer and related code, reducing the application's attack surface.
2. jans-linux-setup/jans_setup/setup_app/installers/jans.py: Removal of Couchbase-related configuration and hybrid storage support, simplifying the setup process.
3. jans-linux-setup/jans_setup/setup_app/installers/jetty.py: Removal of custom Couchbase library additions, streamlining the Jetty installation.
4. jans-linux-setup/jans_setup/setup_app/installers/jans_auth.py: Updates to the Jans Auth Server configuration, including improvements to security-related features.
5. jans-linux-setup/jans_setup/setup_app/static.py: Removal of Couchbase options and addition of remote PostgreSQL support.
6. jans-linux-setup/jans_setup/setup_app/messages.py: Improvements to password requirements and warning messages related to clear-text password storage.
7. jans-linux-setup/jans_setup/setup_app/setup_options.py: Removal of Couchbase-related configuration options.
8. jans-linux-setup/jans_setup/setup_app/config.py: Simplification of the Config class by removing Couchbase-related functionality.
9. jans-linux-setup/jans_setup/setup_app/test_data_loader.py: Comprehensive setup of the test environment, including security-related configurations.
10. jans-linux-setup/jans_setup/setup_app/installers/rdbm.py: Simplification of the LDIF import process for the RDBM backend.
11. jans-linux-setup/jans_setup/setup_app/utils/collect_properties.py: Handling of sensitive configurations, such as credentials and SSL certificate details.
12. jans-linux-setup/jans_setup/setup_app/utils/properties_utils.py: Removal of Couchbase support and simplification of the persistence type handling.
13. jans-linux-setup/jans_setup/setup_app/utils/db_utils.py: Removal of Couchbase-related functionality and focus on SQL-based backends.
14. jans-linux-setup/jans_setup/setup_app/utils/setup_utils.py:

Code Analysis

We ran 9 analyzers against 30 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[sonarcloud]

Quality Gate passed for 'jans-linux-setup'

Issues
6 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud