-
Notifications
You must be signed in to change notification settings - Fork 24
/
spotbugs-security-exclude.xml
56 lines (56 loc) · 1.72 KB
/
spotbugs-security-exclude.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?xml version="1.0"?>
<!--
This file contains some false positive bugs detected by Findbugs. Their
false positive nature has been analyzed individually, and they have been
put here to instruct Findbugs to ignore them.
-->
<FindBugsFilter>
<Match>
<!-- CRLF injection in logs is considered fixed in the logger configuration, e.g. logback.xml.
More info: https://github.com/find-sec-bugs/find-sec-bugs/issues/240
-->
<Bug pattern="CRLF_INJECTION_LOGS" />
</Match>
<Match>
<!-- spotbugs issue https://github.com/spotbugs/spotbugs/issues/811 -->
<!--
<Class name="org.ow2.authzforce.core.pdp.impl.SchemaHandler$OASISCatalogManager" />
-->
<!--<Bug pattern="UPM_UNCALLED_PRIVATE_METHOD" />-->
</Match>
<Match>
<!-- Spotbugs issue with nested classes -->
<Bug pattern="PATH_TRAVERSAL_IN" />
</Match>
<Match>
<!-- Spotbugs issue: https://github.com/spotbugs/spotbugs/issues/756 -->
<!--<Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE" />-->
</Match>
<Match>
<!--
<Class name="org.ow2.authzforce.core.pdp.impl.SchemaHandler$OASISCatalogManager" />
-->
<Bug pattern="URLCONNECTION_SSRF_FD" />
</Match>
<Match>
<Bug pattern="JAXWS_ENDPOINT" />
</Match>
<Match>
<Bug pattern="SF_SWITCH_FALLTHROUGH" />
</Match>
<Match>
<Bug pattern="IMPROPER_UNICODE" />
</Match>
<Match>
<Class name="org.ow2.authzforce.core.pdp.cli.PdpCommandLineCallable" />
<Bug pattern="UWF_NULL_FIELD" />
</Match>
<Match>
<Class name="org.ow2.authzforce.core.xmlns.pdp.Pdp" />
<Bug pattern="EI_EXPOSE_REP2" />
</Match>
<Match>
<Class name="org.ow2.authzforce.core.xmlns.pdp.Pdp" />
<Bug pattern="EI_EXPOSE_REP" />
</Match>
</FindBugsFilter>