You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ol...@apache.org on 2022/10/21 14:59:10 UTC

[sling-org-apache-sling-commons-crypto] 04/08: [spotbugs] exclude XSS_SERVLET

This is an automated email from the ASF dual-hosted git repository.

olli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-commons-crypto.git

commit 22f0b9795062c075b6679e3306f603d11a0a072f
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Fri Oct 21 13:19:56 2022 +0200

    [spotbugs] exclude XSS_SERVLET
    
    * form is created from internal configurations only
    * ciphertext is usually encrypted input and hexadecimal or base64 encoded
    * error message is encoded by web container
---
 spotbugs-exclude.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/spotbugs-exclude.xml b/spotbugs-exclude.xml
index 62cd8b6..9e077fc 100644
--- a/spotbugs-exclude.xml
+++ b/spotbugs-exclude.xml
@@ -28,6 +28,10 @@
     <Class name="org.apache.sling.commons.crypto.webconsole.internal.EncryptWebConsolePlugin"/>
     <Field name="tracker"/>
   </Match>
+  <Match>
+    <Bug pattern="XSS_SERVLET"/>
+    <Class name="org.apache.sling.commons.crypto.webconsole.internal.EncryptWebConsolePlugin"/>
+  </Match>
   <Match>
     <Bug pattern="PATH_TRAVERSAL_IN"/>
     <Class name="org.apache.sling.commons.crypto.internal.FilePasswordProvider"/>