[AAE-16206] security code scan fixes #1192

wojciech-piotrowiak · 2023-08-31T09:12:47Z

Security changes suggested by CodeQL

CLAassistant · 2023-08-31T09:12:53Z

All committers have signed the CLA.

...c/main/java/org/activiti/cloud/services/modeling/converter/ProcessModelContentConverter.java

...tifications-graphql-service/services/graphiql/src/main/resources/static/graphiql/graphiql.js

...va/org/activiti/cloud/services/modeling/rest/controller/ConnectorValidationControllerIT.java

sonarcloud · 2023-09-07T11:00:17Z

Please retry analysis of this Pull-Request directly on SonarCloud.

* [AAE-16206] xxe fix * [AAE-16206] xxe fix + regex fix * [AAE-16206] csrf disabled removed * [AAE-16206] test changes because csrf is on * [AAE-16206] XXE XML logic moved * [AAE-16206] init fix * [AAE-16206] init fix * [AAE-16206] init fix

wojciech-piotrowiak self-assigned this Aug 31, 2023

github-advanced-security bot found potential problems Aug 31, 2023

View reviewed changes

...c/main/java/org/activiti/cloud/services/modeling/converter/ProcessModelContentConverter.java Fixed Show resolved Hide resolved

wojciech-piotrowiak commented Aug 31, 2023

View reviewed changes

...c/main/java/org/activiti/cloud/services/modeling/converter/ProcessModelContentConverter.java Show resolved Hide resolved

wojciech-piotrowiak requested review from LorenzoDiGiuseppe, pmartinezga, Giovanni007 and erdemedeiros and removed request for LorenzoDiGiuseppe August 31, 2023 13:14

mauriziovitale reviewed Sep 5, 2023

View reviewed changes

...tifications-graphql-service/services/graphiql/src/main/resources/static/graphiql/graphiql.js Show resolved Hide resolved

wojciech-piotrowiak requested a review from mauriziovitale September 5, 2023 19:55

mauriziovitale approved these changes Sep 6, 2023

View reviewed changes

wojciech-piotrowiak marked this pull request as ready for review September 6, 2023 08:30

wojciech-piotrowiak force-pushed the dev-wpiotrowiak-AAE-16206-XXE-fix branch from 57b33e2 to cf7c097 Compare September 6, 2023 09:34

Giovanni007 reviewed Sep 7, 2023

View reviewed changes

...va/org/activiti/cloud/services/modeling/rest/controller/ConnectorValidationControllerIT.java Outdated Show resolved Hide resolved

wojciech-piotrowiak added 6 commits September 7, 2023 12:35

[AAE-16206] xxe fix

d42c69a

[AAE-16206] xxe fix + regex fix

ee945a7

[AAE-16206] csrf disabled removed

8d8c366

[AAE-16206] test changes because csrf is on

6dda9ac

[AAE-16206] XXE XML logic moved

ecc64ea

[AAE-16206] init fix

5b98a63

wojciech-piotrowiak force-pushed the dev-wpiotrowiak-AAE-16206-XXE-fix branch from 8e5cd84 to 5b98a63 Compare September 7, 2023 10:35

wojciech-piotrowiak added 2 commits September 7, 2023 12:55

[AAE-16206] init fix

f983140

[AAE-16206] init fix

60ad924

Giovanni007 approved these changes Sep 7, 2023

View reviewed changes

eromano merged commit c3a9552 into develop Sep 7, 2023
16 of 17 checks passed

eromano deleted the dev-wpiotrowiak-AAE-16206-XXE-fix branch September 7, 2023 13:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[AAE-16206] security code scan fixes #1192

[AAE-16206] security code scan fixes #1192

wojciech-piotrowiak commented Aug 31, 2023 •

edited

Loading

CLAassistant commented Aug 31, 2023 •

edited

Loading

sonarcloud bot commented Sep 7, 2023

[AAE-16206] security code scan fixes #1192

[AAE-16206] security code scan fixes #1192

Conversation

wojciech-piotrowiak commented Aug 31, 2023 • edited Loading

CLAassistant commented Aug 31, 2023 • edited Loading

sonarcloud bot commented Sep 7, 2023

wojciech-piotrowiak commented Aug 31, 2023 •

edited

Loading

CLAassistant commented Aug 31, 2023 •

edited

Loading