refactor(core): move all project libs into sub-project 'modules'

author: Thomas <> 2022-03-08 19:06:10 +0100
committer: Thomas <> 2022-03-08 19:06:10 +0100
commit: 7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921 (patch)
tree: 6e4ec82475f4f30275d3e0a0305ad3c2d340e0d3 /modules/authmodule-eIDAS-v2/checks
parent: 300bd1b44f521a2b33c259be1f8d21eba58c1a31 (diff)
download: National_eIDAS_Gateway-7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921.tar.gz
National_eIDAS_Gateway-7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921.tar.bz2
National_eIDAS_Gateway-7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921.zip
1 files changed, 44 insertions, 0 deletions
diff --git a/modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml b/modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml
new file mode 100644
index 00000000..d961b4d6
--- /dev/null
+++ b/modules/authmodule-eIDAS-v2/checks/spotbugs-exclude.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter>
+    <Match>
+      <!-- Do not check code generated by Apache CXF framework -->
+      <Class name="~szrservices.*"/>
+      <Class name="~at.gv.e_government.reference.namespace.persondata.*" />
+      <Class name="~org.w3._2000._09.xmldsig.*" />
+    </Match>
+    <Match>
+      <!-- Logging of SAML2 responses in case of errors or for debugging is allowed -->
+      <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" />
+      <Method name="getPendingRequestId" />
+      <Bug pattern="CRLF_INJECTION_LOGS" />               
+    </Match>
+    <Match>
+      <!-- CSFR protection is implemented by pendingRequestId that is an one-time token -->
+      <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet" />
+      <Method name="restoreEidasAuthProcess" />
+      <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />               
+    </Match>
+    <Match>
+      <!-- File path is only loaded from configuration -->
+      <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry" />
+      <Method name="initialize" />
+      <Bug pattern="PATH_TRAVERSAL_IN" />               
+    </Match>
+    <Match>
+      <!-- Redirect URL is only loaded from configuration -->
+      <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" />
+      <Method name="execute" />
+      <Bug pattern="UNVALIDATED_REDIRECT" />               
+    </Match>
+  <Match>
+    <!-- Builder pattern does not expose date elements -->
+    <OR>
+      <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData" />
+      <Class name="at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils$JwsResult"/>
+    </OR>
+    <OR>
+      <Bug pattern="EI_EXPOSE_REP" />
+      <Bug pattern="EI_EXPOSE_REP2" />
+    </OR>
+  </Match>        
+</FindBugsFilter>
author	Thomas <>	2022-03-08 19:06:10 +0100
committer	Thomas <>	2022-03-08 19:06:10 +0100
commit	7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921 (patch)
tree	6e4ec82475f4f30275d3e0a0305ad3c2d340e0d3 /modules/authmodule-eIDAS-v2/checks
parent	300bd1b44f521a2b33c259be1f8d21eba58c1a31 (diff)
download	National_eIDAS_Gateway-7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921.tar.gz National_eIDAS_Gateway-7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921.tar.bz2 National_eIDAS_Gateway-7bf7c3c03fd3a1efeaf3f8e3dd75922e2f5f9921.zip