forked from finos/symphony-bdk-java
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.semgrepignore
29 lines (22 loc) · 1.17 KB
/
.semgrepignore
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Common large paths
symphony-bdk-examples/
templates/
# Common test paths
test/
# Semgrep rules folder
.semgrep
# generic.secrets.security.detected-aws-session-token.detected-aws-session-token
# AWS Session Token detected
# Details: https://sg.run/DoRW
# 30┆ final String appSessionToken = ...;
# ⋮┆----------------------------------------
# 40┆ final String appSessionToken = ...;
symphony-bdk-core/src/main/java/com/symphony/bdk/core/auth/impl/AbstractOboAuthenticator.java
# problem-based-packs.insecure-transport.java-stdlib.disallow-old-tls-versions1.disallow-old-tls-versions1
# Detects direct creations of SSLConnectionSocketFactories that don't disallow SSL v2, SSL v3,
# and TLS v1. SSLSocketFactory can be used to validate the identity of the HTTPS server
# against a list of trusted certificates. These protocols are deprecated due to POODLE, man in
# the middle attacks, and other vulnerabilities.
# Details: https://sg.run/l25E
# 240┆ SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext);
symphony-bdk-http/symphony-bdk-http-jersey2/src/main/java/com/symphony/bdk/http/jersey2/ApiClientBuilderJersey2.java