aboutsummaryrefslogtreecommitdiff
path: root/ms_specific_connector/checks
diff options
context:
space:
mode:
Diffstat (limited to 'ms_specific_connector/checks')
-rw-r--r--ms_specific_connector/checks/spotbugs-exclude.xml36
1 files changed, 36 insertions, 0 deletions
diff --git a/ms_specific_connector/checks/spotbugs-exclude.xml b/ms_specific_connector/checks/spotbugs-exclude.xml
new file mode 100644
index 00000000..bb41eb27
--- /dev/null
+++ b/ms_specific_connector/checks/spotbugs-exclude.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FindBugsFilter>
+ <Match>
+ <!-- Write only application status into response. Should be removed if we switch to Spring Actuator -->
+ <Class name="at.asitplus.eidas.specific.connector.controller.MonitoringController" />
+ <Method name="startSingleTests" />
+ <Bug pattern="XSS_SERVLET" />
+ </Match>
+ <Match>
+ <!-- CSFR protection is implemented by pendingRequestId that is an one-time token
+ Endpoint for Metadata generation can be unrestrected by design -->
+ <OR>
+ <Class name="at.asitplus.eidas.specific.connector.controller.ProcessEngineSignalController" />
+ <Class name="at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint" />
+ </OR>
+ <OR>
+ <Method name="performGenericAuthenticationProcess" />
+ <Method name="pvpMetadataRequest" />
+ </OR>
+ <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" />
+ </Match>
+ <Match>
+ <!-- Path to application configuration is trusted -->
+ <Class name="at.asitplus.eidas.specific.connector.MsSpecificSpringBootApplicationContextInitializer" />
+ <Bug pattern="PATH_TRAVERSAL_IN" />
+ </Match>
+ <Match>
+ <!-- Builder pattern does not expose date elements -->
+ <OR>
+ <Class name="at.asitplus.eidas.specific.connector.health.IgniteClusterHealthIndicator" />
+ </OR>
+ <OR>
+ <Bug pattern="EI_EXPOSE_REP2" />
+ </OR>
+ </Match>
+</FindBugsFilter>