Skip to content

add appendslash

DryRunSecurity / Authn/Authz Analyzer succeeded May 14, 2024 in 5s

DryRun Security

Details

Authn/Authz Analyzer Findings: 2 detected

⚠️ Potential Authn/Authz Function Used or Modified dojo/okta.py (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code snippet contains a header with the key 'Authorization' which is typically used to authenticate a user or authorize access to a resource. The value of this header is set to 'Bearer {access_token}', which suggests that the code is handling some form of token-based authentication or authorization.
Filename dojo/okta.py
CodeLink

django-DefectDojo/dojo/okta.py

Lines 79 to 81 in 99d717f

"Authorization": f"Bearer {access_token}",
},
)
⚠️ Potential Authn/Authz Function Used or Modified dojo/okta.py (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code provided appears to contain functions related to authentication and authorization. The code includes an 'OktaMixin' class and an 'OktaOAuth2' class, which are likely used for handling Okta OAuth2 and OpenID Connect authentication. The 'OktaMixin' class contains methods like 'api_url', 'authorization_url', 'access_token_url', and 'oidc_config', which are commonly used in authentication and authorization processes. The 'OktaOAuth2' class extends the 'OktaMixin' class and includes additional attributes and methods related to OAuth2 authentication, such as 'REDIRECT_STATE', 'ACCESS_TOKEN_METHOD', 'SCOPE_SEPARATOR', 'ID_KEY', 'DEFAULT_SCOPE', 'EXTRA_DATA', 'get_user_details', and 'user_data'. These functions and attributes suggest that the code is handling authentication and authorization-related functionality.
Filename dojo/okta.py
CodeLink

django-DefectDojo/dojo/okta.py

Lines 1 to 78 in 99d717f

"""
This script origins from here: https://github.com/python-social-auth/social-core/blob/master/social_core/backends/okta.py
"""
"""
Okta OAuth2 and OpenIdConnect:
https://python-social-auth.readthedocs.io/en/latest/backends/okta.html
"""
from urllib.parse import urljoin
from .oauth import BaseOAuth2
class OktaMixin:
def append_slash(self, url):
"""Make sure we append a slash at the end of the URL otherwise we
have issues with urljoin Example:
>>> urlparse.urljoin('http://www.example.com/api/v3', 'user/1/')
'http://www.example.com/api/user/1/'
"""
if url and not url.endswith("/"):
url = f"{url}/"
return url
def api_url(self):
return self.append_slash(self.setting("API_URL"))
def authorization_url(self):
return self._url("v1/authorize")
def access_token_url(self):
return self._url("v1/token")
def _url(self, path):
return urljoin(self.append_slash(self.setting("API_URL")), path)
def oidc_config(self):
return self.get_json(
self._url(
"/.well-known/openid-configuration?client_id={}".format(
self.setting("KEY")
)
)
)
class OktaOAuth2(OktaMixin, BaseOAuth2):
"""Okta OAuth authentication backend"""
name = "okta-oauth2"
REDIRECT_STATE = False
ACCESS_TOKEN_METHOD = "POST"
SCOPE_SEPARATOR = " "
ID_KEY = "preferred_username"
DEFAULT_SCOPE = ["openid", "profile", "email"]
EXTRA_DATA = [
("refresh_token", "refresh_token", True),
("expires_in", "expires"),
("token_type", "token_type", True),
]
def get_user_details(self, response):
"""Return user details from Okta account"""
return {
"username": response.get("preferred_username"),
"email": response.get("email") or "",
"first_name": response.get("given_name"),
"last_name": response.get("family_name"),
}
def user_data(self, access_token, *args, **kwargs):
"""Loads user data from Okta"""
return self.get_json(
self._url("v1/userinfo"),
headers={
View more details on DryRunSecurity