Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNOW-1874066: Adding Soteria tests for JDBC #2026

Open
wants to merge 27 commits into
base: oauth-code-flow
Choose a base branch
from
Open

SNOW-1874066: Adding Soteria tests for JDBC #2026

wants to merge 27 commits into from

Conversation

sfc-gh-pcyrek
Copy link

Overview

SNOW-1874066

Pre-review self checklist

  • PR branch is updated with all the changes from master branch
  • The code is correctly formatted (run mvn -P check-style validate)
  • New public API is not unnecessary exposed (run mvn verify and inspect target/japicmp/japicmp.html)
  • The pull request name is prefixed with SNOW-XXXX:
  • Code is in compliance with internal logging requirements

External contributors - please answer these questions before submitting a pull request. Thanks!

  1. What GitHub issue is this PR addressing? Make sure that there is an accompanying issue to your PR.

    Issue: #NNNN

  2. Fill out the following pre-review checklist:

    • I am adding a new automated test(s) to verify correctness of my new code
    • I am adding new logging messages
    • I am modifying authorization mechanisms
    • I am adding new credentials
    • I am modifying OCSP code
    • I am adding a new dependency or upgrading an existing one
    • I am adding new public/protected component not marked with @SnowflakeJdbcInternalApi (note that public/protected methods/fields in classes marked with this annotation are already internal)

  3. Please describe how your code solves the related issue.

    Please write a short description of how your code change solves the related issue.

sfc-gh-akolodziejczyk and others added 22 commits December 12, 2024 10:59
@sfc-gh-akolodziejczyk
add oauth and okta automated tests
dafbfc8
@sfc-gh-akolodziejczyk
change names to latest to not have errors on old builds
c930cef
@sfc-gh-akolodziejczyk
change rest client implementation
ea41a9a
@sfc-gh-akolodziejczyk
rename auth test to helper
171e414
@sfc-gh-akolodziejczyk
reset http client cache before HttpUtilLatestIT tests
bc17a9b
@sfc-gh-akolodziejczyk
fix formatting
2f38e68
@sfc-gh-pcyrek
Merge remote-tracking branch 'origin/oauth-code-flow' into pcyrek/new…
ee072c6 
…_oauth_tests
@sfc-gh-pcyrek
Merge remote-tracking branch 'origin/SNOW-1739611-other-methods' into…
e004647 
… pcyrek/new_oauth_tests
@sfc-gh-pcyrek
init
05c8300
@sfc-gh-pcyrek
workable example, to be cleaned up
8b44130
@sfc-gh-pcyrek
adding support for snowflake oauth happy path
8b3c7dd
@sfc-gh-pcyrek
temp_auth_test
c91805e
@sfc-gh-pcyrek
merge master
46529ac
@sfc-gh-pcyrek
adding clientscredential
2526678
@sfc-gh-pcyrek
Merge branch 'oauth-code-flow' into pcyrek/new_oauth_tests
6077a16
@sfc-gh-pcyrek
adding remaining tests - temp state
3370b77
@sfc-gh-pcyrek
Merge branch 'oauth-code-flow' into pcyrek/new_oauth_tests
820816a
@sfc-gh-pcyrek
first cleanup
31cdfb5
@sfc-gh-pcyrek
Merge branch 'oauth-code-flow' into pcyrek/new_oauth_tests
d993f1a
@sfc-gh-pcyrek
linters fix 1
0ec7050
@sfc-gh-pcyrek
linters fix 2
b8a6829
@sfc-gh-pcyrek
add wildcards tests
574c371
@sfc-gh-pcyrek sfc-gh-pcyrek marked this pull request as ready for review January 27, 2025 16:31
@sfc-gh-pcyrek sfc-gh-pcyrek requested a review from a team as a code owner January 27, 2025 16:31
semgrep-app-snowflakedb[bot]
semgrep-app-snowflakedb bot reviewed Jan 30, 2025
View reviewed changes
src/main/java/net/snowflake/client/core/auth/oauth/OAuthUtil.java Outdated
}

private static String createDefaultRedirectUri() throws IOException {
try (ServerSocket socket = new ServerSocket(0)) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semgrep identified an issue in your code:

Detected use of a Java socket that is not encrypted. As a result, the traffic could be read by an attacker intercepting the network traffic. Use an SSLSocket created by 'SSLSocketFactory' or 'SSLServerSocketFactory' instead.

To resolve this comment:

🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.

💬 Ignore this finding

Reply with Semgrep commands to ignore this finding.

  • /fp <comment> for false positive
  • /ar <comment> for acceptable risk
  • /other <comment> for all other reasons

Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by unencrypted-socket.

You can view more details about this finding in the Semgrep AppSec Platform.

@sfc-gh-pcyrek sfc-gh-pcyrek changed the base branch from master to oauth-code-flow January 30, 2025 11:41
@sfc-gh-pcyrek sfc-gh-pcyrek changed the title SNOW-1874066: adding Oauth tests for JDBC SNOW-1874066: Adding Soteria tests for JDBC Jan 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@semgrep-app-snowflakedb semgrep-app-snowflakedb[bot] semgrep-app-snowflakedb[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sfc-gh-pcyrek @sfc-gh-akolodziejczyk @sfc-gh-dprzybysz