From a183f109341b360bdd575a33ac33d8717ab0393c Mon Sep 17 00:00:00 2001 From: Edwin Heuver <139566@student.saxion.nl> Date: Mon, 18 Dec 2023 12:00:39 +0100 Subject: [PATCH] Resolve codeql review comments --- .../boot/starter/examples/caffeine/TestController.java | 7 +++++-- .../examples/ehcache/config/security/SecurityConfig.java | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/examples/caffeine/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/caffeine/TestController.java b/examples/caffeine/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/caffeine/TestController.java index 7bdc3ed7..2880863c 100644 --- a/examples/caffeine/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/caffeine/TestController.java +++ b/examples/caffeine/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/caffeine/TestController.java @@ -20,6 +20,7 @@ import com.giffing.bucket4j.spring.boot.starter.context.properties.Bucket4JConfiguration; import com.giffing.bucket4j.spring.boot.starter.context.properties.RateLimit; import com.giffing.bucket4j.spring.boot.starter.utils.Bucket4JUtils; +import org.springframework.web.util.HtmlUtils; @RestController public class TestController { @@ -107,7 +108,8 @@ public ResponseEntity updateBandwidth( //validate that the filter, ratelimit and bandwidth all exist Bucket4JConfiguration config = configCacheManager.getValue(filterId); if (config == null) { - return ResponseEntity.status(HttpStatus.NOT_FOUND).body("No filter with id '" + filterId + "' could be found."); + String errorMessage = "No filter with id '" + filterId + "' could be found."; + return ResponseEntity.status(HttpStatus.NOT_FOUND).body(HtmlUtils.htmlEscape(errorMessage)); } RateLimit rl = config.getRateLimits().get(limitIndex); if (rl == null) { @@ -115,7 +117,8 @@ public ResponseEntity updateBandwidth( } Optional bw = rl.getBandwidths().stream().filter(x -> Objects.equals(x.getId(), bandwidthId)).findFirst(); if (bw.isEmpty()) { - return ResponseEntity.status(HttpStatus.NOT_FOUND).body("No bandwidth with id '" + bandwidthId + "' could be found."); + String errorMessage = "No bandwidth with id '" + bandwidthId + "' could be found."; + return ResponseEntity.status(HttpStatus.NOT_FOUND).body(HtmlUtils.htmlEscape(errorMessage)); } //replace the bandwidth diff --git a/examples/ehcache/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/ehcache/config/security/SecurityConfig.java b/examples/ehcache/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/ehcache/config/security/SecurityConfig.java index 5f5fc65d..5f9424f4 100644 --- a/examples/ehcache/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/ehcache/config/security/SecurityConfig.java +++ b/examples/ehcache/src/main/java/com/giffing/bucket4j/spring/boot/starter/examples/ehcache/config/security/SecurityConfig.java @@ -15,7 +15,7 @@ public class SecurityConfig { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { - http.csrf(AbstractHttpConfigurer::disable); + http.csrf(x -> x.ignoringRequestMatchers("/filters/**")); http.authorizeHttpRequests(auth -> { auth.requestMatchers("/unsecure").permitAll(); auth.requestMatchers("/actuator/*").permitAll();