Thomas Darimont thomasdarimont

## readme.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                thomasdarimont
                / readme.md
            
            
              Created
              February 16, 2023 09:11
            
              
                C# top-level statements to lowered C#
              
          
    Original C# using top-level statements
// See https://aka.ms/new-console-template for more information
var a = 2;
int s = 0; 
var inc = (int x) => s = x + 1;
var c = inc(a);
Console.WriteLine("c={0} s={1}", c ,s); // c=3 s=3

  
## main.go
/*
 This is an example about how to use a public client written in Golang to authenticate using Keycloak.
 This example is only for demonstration purposes and lacks important
*/
package main

import (
	"encoding/json"
	"errors"
	"log"

## xaclm-policy-example.xml
<Policy PolicyId="SamplePolicy"
          RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">

    <!-- This Policy only applies to requests on the SampleServer -->
    <Target>
      <Subjects>
        <AnySubject/>
      </Subjects>
      <Resources>
        <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">

## readme.md

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              0 stars
            
          
                thomasdarimont
                / readme.md
            
            
              Last active
              August 5, 2022 09:04
            
              
                Keycloak X helmchart example
              
          
    ---
# Source: keycloakx/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: keycloak-keycloakx
  namespace: default
  labels:
    helm.sh/chart: keycloakx-1.5.0


## Dockerfile
FROM quay.io/keycloak/keycloak:18.0.0 as builder

USER 0

RUN microdnf remove -y java-11-openjdk-headless && \
    microdnf install -y java-17-openjdk-headless && \
    microdnf clean all && \
    rm -rf /var/cache/yum/* && \
    alternatives --set java $(alternatives --list | grep jre_17_openjdk | cut -d$'\t' -f3) || echo "ignore bad exit code"

## IpAccessFilter.java
package com.github.thomasdarimont.keycloakx.custom.security;

import io.netty.handler.ipfilter.IpFilterRuleType;
import io.netty.handler.ipfilter.IpSubnetFilterRule;
import io.vertx.core.http.HttpServerRequest;
import lombok.Data;
import lombok.extern.jbosslog.JBossLog;
import org.keycloak.quarkus.runtime.configuration.Configuration;

import javax.ws.rs.ForbiddenException;

## CustomHostnameProvider.java
package com.github.thomasdarimont.keycloak.hostname;

import com.google.auto.service.AutoService;
import org.keycloak.Config;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider;
import org.keycloak.urls.HostnameProvider;
import org.keycloak.urls.HostnameProviderFactory;
import org.keycloak.urls.UrlType;

## keycloak-db-values.yaml
# See https://github.com/bitnami/charts/tree/master/bitnami/postgresql
global:
  postgresql:
    auth:
      username: dbusername
      password: dbpassword
      database: keycloak

## docker-scan-output1.txt
$ docker scan thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT

Testing thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT...

Package manager:   apk
Project name:      docker-image|thomasdarimont/custom-keycloakx
Docker image:      thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
Platform:          linux/amd64
Base image:        alpine:3.15.4

## keycloak-18-custom-findings.txt
docker run --privileged --rm -v /home/tom/.trivy/cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock:z aquasec/trivy:0.27.1 image thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT

docker run --privileged --rm -v /home/tom/.trivy/cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock:z aquasec/trivy:0.27.1 image thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
2022-05-07T11:40:04.324Z	INFO	Detected OS: redhat
2022-05-07T11:40:04.324Z	INFO	Detecting RHEL/CentOS vulnerabilities...
2022-05-07T11:40:04.356Z	INFO	Number of language-specific files: 1
2022-05-07T11:40:04.356Z	INFO	Detecting jar vulnerabilities...

thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT (redhat 8.5)
===========================================================
	/*
	This is an example about how to use a public client written in Golang to authenticate using Keycloak.
	This example is only for demonstration purposes and lacks important
	*/
	package main

	import (
	"encoding/json"
	"errors"
	"log"
	<Policy PolicyId="SamplePolicy"
	RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:permit-overrides">

	<!-- This Policy only applies to requests on the SampleServer -->
	<Target>
	<Subjects>
	<AnySubject/>
	</Subjects>
	<Resources>
	<ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
	FROM quay.io/keycloak/keycloak:18.0.0 as builder

	USER 0

	RUN microdnf remove -y java-11-openjdk-headless && \
	microdnf install -y java-17-openjdk-headless && \
	microdnf clean all && \
	rm -rf /var/cache/yum/* && \
	alternatives --set java $(alternatives --list \| grep jre_17_openjdk \| cut -d$'\t' -f3) \|\| echo "ignore bad exit code"
	package com.github.thomasdarimont.keycloakx.custom.security;

	import io.netty.handler.ipfilter.IpFilterRuleType;
	import io.netty.handler.ipfilter.IpSubnetFilterRule;
	import io.vertx.core.http.HttpServerRequest;
	import lombok.Data;
	import lombok.extern.jbosslog.JBossLog;
	import org.keycloak.quarkus.runtime.configuration.Configuration;

	import javax.ws.rs.ForbiddenException;
	package com.github.thomasdarimont.keycloak.hostname;

	import com.google.auto.service.AutoService;
	import org.keycloak.Config;
	import org.keycloak.models.KeycloakSession;
	import org.keycloak.models.KeycloakSessionFactory;
	import org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider;
	import org.keycloak.urls.HostnameProvider;
	import org.keycloak.urls.HostnameProviderFactory;
	import org.keycloak.urls.UrlType;
	# See https://github.com/bitnami/charts/tree/master/bitnami/postgresql
	global:
	postgresql:
	auth:
	username: dbusername
	password: dbpassword
	database: keycloak
	$ docker scan thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT

	Testing thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT...

	Package manager: apk
	Project name: docker-image\|thomasdarimont/custom-keycloakx
	Docker image: thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
	Platform: linux/amd64
	Base image: alpine:3.15.4
	docker run --privileged --rm -v /home/tom/.trivy/cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock:z aquasec/trivy:0.27.1 image thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT

	docker run --privileged --rm -v /home/tom/.trivy/cache:/root/.cache/ -v /var/run/docker.sock:/var/run/docker.sock:z aquasec/trivy:0.27.1 image thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT
	2022-05-07T11:40:04.324Z INFO Detected OS: redhat
	2022-05-07T11:40:04.324Z INFO Detecting RHEL/CentOS vulnerabilities...
	2022-05-07T11:40:04.356Z INFO Number of language-specific files: 1
	2022-05-07T11:40:04.356Z INFO Detecting jar vulnerabilities...

	thomasdarimont/custom-keycloakx:1.0.0-SNAPSHOT (redhat 8.5)
	===========================================================