diff options
| author | Alexander Marsalek <amarsalek@iaik.tugraz.at> | 2021-01-18 10:57:38 +0100 |
|---|---|---|
| committer | Alexander Marsalek <amarsalek@iaik.tugraz.at> | 2021-01-18 12:04:52 +0100 |
| commit | 9afa8f094712729b4486a408e12f4ab3027938b4 (patch) | |
| tree | 3adbbf5d892452ea8b82404f28e95fdadd34ece8 /connector/checks/spotbugs-exclude.xml | |
| parent | 09751b59f7e2da247c32324826607e5f1eef0f10 (diff) | |
| parent | 68e9725d024ccef7b618f462dee5648ca288bdc0 (diff) | |
| download | National_eIDAS_Gateway-9afa8f094712729b4486a408e12f4ab3027938b4.tar.gz National_eIDAS_Gateway-9afa8f094712729b4486a408e12f4ab3027938b4.tar.bz2 National_eIDAS_Gateway-9afa8f094712729b4486a408e12f4ab3027938b4.zip | |
Merge branch 'base' into issue6
# Conflicts:
# eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
# eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleEidasData.java
# eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/DummyErnpClient.java
# eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/ernp/IErnpClient.java
# eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/handler/AbstractEidProcessor.java
# eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/InitialSearchTask.java
# eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/utils/EidasResponseUtils.java
# eidas_modules/authmodule-eIDAS-v2/src/main/resources/eIDAS.Authentication.process.xml
# eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
# eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskFirstTest.java
# eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml
Diffstat (limited to 'connector/checks/spotbugs-exclude.xml')
| -rw-r--r-- | connector/checks/spotbugs-exclude.xml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/connector/checks/spotbugs-exclude.xml b/connector/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..281e3796 --- /dev/null +++ b/connector/checks/spotbugs-exclude.xml @@ -0,0 +1,27 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> + <Match> + <!-- Write only application status into response. Should be removed if we switch to Spring Actuator --> + <Class name="at.asitplus.eidas.specific.connector.controller.MonitoringController" /> + <Method name="startSingleTests" /> + <Bug pattern="XSS_SERVLET" /> + </Match> + <Match> + <!-- CSFR protection is implemented by pendingRequestId that is an one-time token + Endpoint for Metadata generation can be unrestrected by design --> + <OR> + <Class name="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" /> + <Class name="at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint" /> + </OR> + <OR> + <Method name="performGenericAuthenticationProcess" /> + <Method name="pvpMetadataRequest" /> + </OR> + <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" /> + </Match> + <Match> + <!-- Path to application configuration is trusted --> + <Class name="at.asitplus.eidas.specific.connector.MsSpecificSpringBootApplicationContextInitializer" /> + <Bug pattern="PATH_TRAVERSAL_IN" /> + </Match> +</FindBugsFilter> |