Fix OWASP violations of Jenkins plugin - sev 3 (#145)

* Fix OWASP violations of Jenkins plugin - sev 3 * Add the reason for suppression
jenkinsci · Sep 29, 2024 · fe687b3 · fe687b3
1 parent e065252
commit fe687b3
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/src/main/java/com/parasoft/findings/jenkins/coverage/ParasoftCoverageReportScanner.java b/src/main/java/com/parasoft/findings/jenkins/coverage/ParasoftCoverageReportScanner.java
@@ -85,7 +85,7 @@ protected Optional<ProcessedFileResult> processFile(Path file, Charset charset,
             String coberturaPattern = StringUtils.replace(PATH_UTIL.getRelativePath(Paths.get(workspaceLoc),
                     outputCoberturaReport), StringUtils.SPACE, QUESTION_MARK);
             return Optional.of(new ProcessedFileResult(coberturaPattern, generatedCoverageBuildDir.toString()));
-        } catch (Exception exception) {
+        } catch (Exception exception) { // parasoft-suppress OWASP2021.A5.NCE "This is expected. Reason: Do not fail the build when processing coverage reports."
             log.logError("Parsing of Parasoft coverage report file '%s' failed due to an exception: %s",
                     file, ExceptionUtils.getRootCauseMessage(exception));
             return Optional.empty();

diff --git a/.../java/com/parasoft/findings/jenkins/coverage/api/metrics/steps/CoverageReportScanner.java b/.../java/com/parasoft/findings/jenkins/coverage/api/metrics/steps/CoverageReportScanner.java
@@ -77,7 +77,7 @@ protected Optional<ModuleNode> processFile(final Path file, final Charset charse
             log.logInfo("Successfully parsed intermediate Cobertura coverage report file '%s'", PATH_UTIL.getAbsolutePath(file));
             node.aggregateValues().forEach(v -> log.logInfo("%s", v));
             return Optional.of(node);
-        } catch (Exception exception) {
+        } catch (Exception exception) { // parasoft-suppress OWASP2021.A5.NCE "This is expected. Reason: Do not fail the build when processing coverage reports."
             log.logError("Parsing of intermediate Cobertura coverage report file '%s' failed due to an exception: %s",
                     file, ExceptionUtils.getRootCauseMessage(exception));
             return Optional.empty();

diff --git a/src/main/java/com/parasoft/findings/jenkins/coverage/converter/ConversionService.java b/src/main/java/com/parasoft/findings/jenkins/coverage/converter/ConversionService.java
@@ -74,13 +74,13 @@ public void convert(StreamSource xslSource, InputSource inputFile, File outFile,
             throws ConversionException {
         try (OutputStream os = new FileOutputStream(outFile)) {
             convert(xslSource, inputFile, os, params);
-        } catch (Exception e) {
+        } catch (Exception e) { // parasoft-suppress OWASP2021.A5.NCE "This is expected. Reason: All exceptions are treated as conversation exceptions."
             throw asConversionException(e);
         }
     }
 
     private void convert(StreamSource xslSource, InputSource inputFile, OutputStream output,
-                         Map<QName, XdmValue> params) throws Exception {
+                         Map<QName, XdmValue> params) throws SaxonApiException {
         // create the conversion processor with a XSLT compiler
         Processor processor = new Processor(false);
         processor.setConfigurationProperty(Feature.ENTITY_RESOLVER_CLASS, CoverageEntityResolver.class.getName());