summaryrefslogtreecommitdiff
path: root/eaaf_core/checks/spotbugs-exclude.xml
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-10 15:01:14 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-10 15:01:14 +0100
commit6cebc7aa1aecb1bc8f87443887a90fe851893954 (patch)
tree90f9b8b0187a4bb4d033ccd57cc15e72b27791ae /eaaf_core/checks/spotbugs-exclude.xml
parenta126c249b8ed83dce4386331a49d04a42b53e448 (diff)
parent360df2054cdc5a8bc194f7701b2bfa5a9c39dd0d (diff)
downloadEAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.tar.gz
EAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.tar.bz2
EAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.zip
Merge branch 'feature/someSmallUpdates' into 'nightlyBuild'
Feature/some small updates See merge request egiz/eaaf_components!6
Diffstat (limited to 'eaaf_core/checks/spotbugs-exclude.xml')
-rw-r--r--eaaf_core/checks/spotbugs-exclude.xml50
1 files changed, 50 insertions, 0 deletions
diff --git a/eaaf_core/checks/spotbugs-exclude.xml b/eaaf_core/checks/spotbugs-exclude.xml
new file mode 100644
index 00000000..aa11a955
--- /dev/null
+++ b/eaaf_core/checks/spotbugs-exclude.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter>
+ <Match>
+ <!-- bPK requires SHA1 from specification -->
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder" />
+ <OR>
+ <Bug pattern="WEAK_MESSAGE_DIGEST_SHA1" />
+ </OR>
+ </Match>
+ <Match>
+ <!-- only redirects to internal addresses -->
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask"/>
+ <Method name="performRedirectToItself" />
+ <Bug pattern="UNVALIDATED_REDIRECT" />
+ </Match>
+ <Match>
+ <!-- only redirects to internal addresses -->
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"/>
+ <Method name="forwardToErrorHandler" />
+ <Bug pattern="UNVALIDATED_REDIRECT" />
+ </Match>
+ <Match>
+ <!-- the ErrorToken is only single-used as same as a CSRF token -->
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/>
+ <Method name="errorHandling" />
+ <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />
+ </Match>
+ <Match>
+ <!-- Only used to evaluate expressions from pre-compiled process-flows -->
+ <OR>
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.process.springweb.SpringWebExpressionEvaluator"/>
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.process.spring.SpringExpressionEvaluator"/>
+ </OR>
+ <Bug pattern="SPEL_INJECTION" />
+ </Match>
+ <Match>
+ <!-- URL will be only generated from configuration path-->
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl"/>
+ <Bug pattern="PATH_TRAVERSAL_IN" />
+ </Match>
+ <Match>
+ <!-- Logging of request parameters is allowed for this classes -->
+ <OR>
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask"/>
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/>
+ <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController"/>
+ </OR>
+ <Bug pattern="CRLF_INJECTION_LOGS" />
+ </Match>
+</FindBugsFilter>