Merge branch 'feature/someSmallUpdates' into 'nightlyBuild'

Feature/some small updates See merge request egiz/eaaf_components!6
author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-12-10 15:01:14 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-12-10 15:01:14 +0100
commit: 6cebc7aa1aecb1bc8f87443887a90fe851893954 (patch)
tree: 90f9b8b0187a4bb4d033ccd57cc15e72b27791ae /eaaf_core/checks
parent: a126c249b8ed83dce4386331a49d04a42b53e448 (diff)
parent: 360df2054cdc5a8bc194f7701b2bfa5a9c39dd0d (diff)
download: EAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.tar.gz
EAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.tar.bz2
EAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.zip
1 files changed, 50 insertions, 0 deletions
diff --git a/eaaf_core/checks/spotbugs-exclude.xml b/eaaf_core/checks/spotbugs-exclude.xml
new file mode 100644
index 00000000..aa11a955
--- /dev/null
+++ b/eaaf_core/checks/spotbugs-exclude.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter>
+    <Match>
+      <!-- bPK requires SHA1 from specification -->
+      <Class name="at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder" />
+      <OR>
+        <Bug pattern="WEAK_MESSAGE_DIGEST_SHA1" />        
+      </OR>        
+    </Match>
+    <Match>
+      <!-- only redirects to internal addresses -->
+      <Class name="at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask"/>
+      <Method name="performRedirectToItself" />
+      <Bug pattern="UNVALIDATED_REDIRECT" />
+    </Match>
+    <Match>
+      <!-- only redirects to internal addresses -->
+      <Class name="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"/>
+      <Method name="forwardToErrorHandler" />
+      <Bug pattern="UNVALIDATED_REDIRECT" />
+    </Match>
+    <Match>
+      <!-- the ErrorToken is only single-used as same as a CSRF token -->
+      <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/>
+      <Method name="errorHandling" />
+      <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />
+    </Match>
+    <Match>
+      <!-- Only used to evaluate expressions from pre-compiled process-flows -->
+      <OR>
+        <Class name="at.gv.egiz.eaaf.core.impl.idp.process.springweb.SpringWebExpressionEvaluator"/>
+        <Class name="at.gv.egiz.eaaf.core.impl.idp.process.spring.SpringExpressionEvaluator"/>
+      </OR>
+      <Bug pattern="SPEL_INJECTION" />
+    </Match>
+    <Match>
+      <!-- URL will be only generated from configuration path-->
+      <Class name="at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl"/>
+      <Bug pattern="PATH_TRAVERSAL_IN" />
+    </Match>
+    <Match>
+      <!-- Logging of request parameters is allowed for this classes -->   
+      <OR>
+        <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask"/>
+        <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/>
+        <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController"/>
+      </OR>
+      <Bug pattern="CRLF_INJECTION_LOGS" />
+    </Match>
+</FindBugsFilter>
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-12-10 15:01:14 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-12-10 15:01:14 +0100
commit	6cebc7aa1aecb1bc8f87443887a90fe851893954 (patch)
tree	90f9b8b0187a4bb4d033ccd57cc15e72b27791ae /eaaf_core/checks
parent	a126c249b8ed83dce4386331a49d04a42b53e448 (diff)
parent	360df2054cdc5a8bc194f7701b2bfa5a9c39dd0d (diff)
download	EAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.tar.gz EAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.tar.bz2 EAAF-Components-6cebc7aa1aecb1bc8f87443887a90fe851893954.zip