From 407fee87ea911f990b8a87a7dfdc51275eb952a9 Mon Sep 17 00:00:00 2001
From: Isman Firmansyah <iromli@users.noreply.github.com>
Date: Thu, 23 Dec 2021 18:23:13 +0700
Subject: [PATCH] fix(certmanager): handle issues reported by CodeQL (#160)

* fix(certmanager): avoid implicit string concat in a list

* refactor(certmanager): remove variable that defined multiple times

* refactor(certmanager): parse passed options
---
 docker-jans-certmanager/scripts/bootstrap.py  | 37 ++++++++-----------
 .../scripts/client_api_handler.py             |  1 -
 docker-jans-certmanager/scripts/utils.py      |  2 +-
 3 files changed, 16 insertions(+), 24 deletions(-)

diff --git a/docker-jans-certmanager/scripts/bootstrap.py b/docker-jans-certmanager/scripts/bootstrap.py
index 99ad18f1511..8e521f99b3e 100644
--- a/docker-jans-certmanager/scripts/bootstrap.py
+++ b/docker-jans-certmanager/scripts/bootstrap.py
@@ -1,5 +1,6 @@
 import logging
 import logging.config
+from contextlib import suppress
 
 import click
 
@@ -31,6 +32,16 @@
 }
 
 
+def _parse_opts(opts):
+    parsed_opts = {}
+    for opt in opts:
+        with suppress(ValueError):
+            k, v = opt.split(":", 1)
+            if k and v:
+                parsed_opts[k] = v
+    return parsed_opts
+
+
 # ============
 # CLI commands
 # ============
@@ -61,18 +72,9 @@ def patch(service, dry_run, opts):
         logger.warning("Dry-run mode is enabled!")
 
     logger.info(f"Processing updates for service {service}")
-
-    _opts = {}
-    for opt in opts:
-        try:
-            k, v = opt.split(":", 1)
-            _opts[k] = v
-        except ValueError:
-            k = opt
-            v = ""
-
+    parsed_opts = _parse_opts(opts)
     callback_cls = PATCH_SERVICE_MAP[service]
-    callback_cls(manager, dry_run, **_opts).patch()
+    callback_cls(manager, dry_run, **parsed_opts).patch()
 
 
 @cli.command()
@@ -93,18 +95,9 @@ def prune(service, dry_run, opts):
         logger.warning("Dry-run mode is enabled!")
 
     logger.info(f"Processing updates for service {service}")
-
-    _opts = {}
-    for opt in opts:
-        try:
-            k, v = opt.split(":", 1)
-            _opts[k] = v
-        except ValueError:
-            k = opt
-            v = ""
-
+    parsed_opts = _parse_opts(opts)
     callback_cls = PRUNE_SERVICE_MAP[service]
-    callback_cls(manager, dry_run, **_opts).prune()
+    callback_cls(manager, dry_run, **parsed_opts).prune()
 
 
 if __name__ == "__main__":
diff --git a/docker-jans-certmanager/scripts/client_api_handler.py b/docker-jans-certmanager/scripts/client_api_handler.py
index 259e82affee..cecea9891a8 100644
--- a/docker-jans-certmanager/scripts/client_api_handler.py
+++ b/docker-jans-certmanager/scripts/client_api_handler.py
@@ -33,7 +33,6 @@ def generate_keystore(cert_file, key_file, keystore_file, keystore_password):
 
     def _patch_connector(self, conn_type):
         suffix = f"client_api_{conn_type}"
-        cert_file, key_file = f"{suffix}.crt", f"{suffix}.key"
         cert_cn = self.opts.get(f"{conn_type}-cn", "localhost")
 
         cert_file, key_file = self.generate_x509(suffix, cert_cn)
diff --git a/docker-jans-certmanager/scripts/utils.py b/docker-jans-certmanager/scripts/utils.py
index bd42b3a980d..ad9c1d0128d 100644
--- a/docker-jans-certmanager/scripts/utils.py
+++ b/docker-jans-certmanager/scripts/utils.py
@@ -50,7 +50,7 @@ def export_openid_keys(keystore, keypasswd, alias, export_file):
     cmd = " ".join([
         "java",
         "-Dlog4j.defaultInitOverride=true",
-        "-cp /app/javalibs/*"
+        "-cp /app/javalibs/*",
         "io.jans.as.client.util.KeyExporter",
         "-keystore {}".format(keystore),
         "-keypasswd {}".format(keypasswd),