-
Notifications
You must be signed in to change notification settings - Fork 22
/
spotbugs-exclude-filter.xml
44 lines (36 loc) · 1.2 KB
/
spotbugs-exclude-filter.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<FindBugsFilter>
<!-- this isn't a server app, need to accept paths -->
<Match>
<Bug pattern="PATH_TRAVERSAL_IN" />
</Match>
<!-- lombok loves -->
<Match>
<Bug pattern="USBR_UNNECESSARY_STORE_BEFORE_RETURN" />
</Match>
<!-- we're ok with methods being exposed, this is a shared library and should be used creatively -->
<Match>
<Bug pattern="OPM_OVERLY_PERMISSIVE_METHOD"/>
</Match>
<!-- False positive - we use the owasp logger plugin - https://github.com/javabeanz/owasp-security-logging/wiki/Log-Forging -->
<Match>
<Bug pattern="CRLF_INJECTION_LOGS"/>
</Match>
<!-- False positive, detects setting different settings the same -->
<Match>
<Bug pattern="PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS">
<Class name="com.accenture.testing.bdd.config.BDDConfig" />
<Method name="getHttpConfig" />
</Bug>
</Match>
<Match>
<Bug pattern="REDOS">
<Class name="com.accenture.testing.bdd.http.RequestState" />
</Bug>
</Match>
<!-- False positives => ignoring, classes are accessing the curel logger -->
<Match>
<Bug pattern="LO_SUSPECT_LOG_CLASS">
<Class name="com.accenture.testing.bdd.api.steps.*"/>
</Bug>
</Match>
</FindBugsFilter>