diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index fb920b028..1f9c79b93 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -48,9 +48,10 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} + config-file: .github/workflows/codeql-config.yml # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. @@ -59,7 +60,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v2 + uses: github/codeql-action/autobuild@v3 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -73,4 +74,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/codeql-config.yml b/.github/workflows/codeql-config.yml new file mode 100644 index 000000000..17c524ef3 --- /dev/null +++ b/.github/workflows/codeql-config.yml @@ -0,0 +1,6 @@ +queries: + - name: "security-extended" + from: github/codeql + exclude: + - java/URL-forward-from-remote-source + - java/Disabled-Spring-CSRF-protection \ No newline at end of file diff --git a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java index 429fccdd2..645870447 100644 --- a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java +++ b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java @@ -15,7 +15,7 @@ import java.util.HashSet; import java.util.List; import java.util.Set; - +@SuppressWarnings("java/URL-forward-from-remote-source") public class SchemaAuthFilter extends OncePerRequestFilter { private static final Logger logger = LoggerFactory.getLogger(SchemaAuthFilter.class); private static final String INVITE_URL_PATTERN = "/api/v1/([A-Za-z0-9_])+/invite(/)?"; diff --git a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java index f228ad651..26975764b 100644 --- a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java +++ b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java @@ -26,6 +26,7 @@ @Configuration @EnableWebSecurity @ConditionalOnProperty(name = "authentication.enabled", havingValue = "true", matchIfMissing = false) +@SuppressWarnings("java/Disabled-Spring-CSRF-protection") public class SecurityConfig { @Autowired