You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ol...@apache.org on 2022/10/21 14:59:10 UTC
[sling-org-apache-sling-commons-crypto] 04/08: [spotbugs] exclude XSS_SERVLET
This is an automated email from the ASF dual-hosted git repository.
olli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-commons-crypto.git
commit 22f0b9795062c075b6679e3306f603d11a0a072f
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Fri Oct 21 13:19:56 2022 +0200
[spotbugs] exclude XSS_SERVLET
* form is created from internal configurations only
* ciphertext is usually encrypted input and hexadecimal or base64 encoded
* error message is encoded by web container
---
spotbugs-exclude.xml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/spotbugs-exclude.xml b/spotbugs-exclude.xml
index 62cd8b6..9e077fc 100644
--- a/spotbugs-exclude.xml
+++ b/spotbugs-exclude.xml
@@ -28,6 +28,10 @@
<Class name="org.apache.sling.commons.crypto.webconsole.internal.EncryptWebConsolePlugin"/>
<Field name="tracker"/>
</Match>
+ <Match>
+ <Bug pattern="XSS_SERVLET"/>
+ <Class name="org.apache.sling.commons.crypto.webconsole.internal.EncryptWebConsolePlugin"/>
+ </Match>
<Match>
<Bug pattern="PATH_TRAVERSAL_IN"/>
<Class name="org.apache.sling.commons.crypto.internal.FilePasswordProvider"/>