diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-12-10 15:01:14 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-12-10 15:01:14 +0100 |
commit | 6cebc7aa1aecb1bc8f87443887a90fe851893954 (patch) | |
tree | 90f9b8b0187a4bb4d033ccd57cc15e72b27791ae /eaaf_core/checks/spotbugs-exclude.xml | |
parent | a126c249b8ed83dce4386331a49d04a42b53e448 (diff) | |
parent | 360df2054cdc5a8bc194f7701b2bfa5a9c39dd0d (diff) | |
download | EAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.tar.gz EAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.tar.bz2 EAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.zip |
Merge branch 'feature/someSmallUpdates' into 'nightlyBuild'
Feature/some small updates
See merge request egiz/eaaf_components!6
Diffstat (limited to 'eaaf_core/checks/spotbugs-exclude.xml')
-rw-r--r-- | eaaf_core/checks/spotbugs-exclude.xml | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/eaaf_core/checks/spotbugs-exclude.xml b/eaaf_core/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..aa11a955 --- /dev/null +++ b/eaaf_core/checks/spotbugs-exclude.xml @@ -0,0 +1,50 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> + <Match> + <!-- bPK requires SHA1 from specification --> + <Class name="at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder" /> + <OR> + <Bug pattern="WEAK_MESSAGE_DIGEST_SHA1" /> + </OR> + </Match> + <Match> + <!-- only redirects to internal addresses --> + <Class name="at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask"/> + <Method name="performRedirectToItself" /> + <Bug pattern="UNVALIDATED_REDIRECT" /> + </Match> + <Match> + <!-- only redirects to internal addresses --> + <Class name="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"/> + <Method name="forwardToErrorHandler" /> + <Bug pattern="UNVALIDATED_REDIRECT" /> + </Match> + <Match> + <!-- the ErrorToken is only single-used as same as a CSRF token --> + <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/> + <Method name="errorHandling" /> + <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" /> + </Match> + <Match> + <!-- Only used to evaluate expressions from pre-compiled process-flows --> + <OR> + <Class name="at.gv.egiz.eaaf.core.impl.idp.process.springweb.SpringWebExpressionEvaluator"/> + <Class name="at.gv.egiz.eaaf.core.impl.idp.process.spring.SpringExpressionEvaluator"/> + </OR> + <Bug pattern="SPEL_INJECTION" /> + </Match> + <Match> + <!-- URL will be only generated from configuration path--> + <Class name="at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl"/> + <Bug pattern="PATH_TRAVERSAL_IN" /> + </Match> + <Match> + <!-- Logging of request parameters is allowed for this classes --> + <OR> + <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask"/> + <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/> + <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController"/> + </OR> + <Bug pattern="CRLF_INJECTION_LOGS" /> + </Match> +</FindBugsFilter> |