diff --git a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java index bbc4791f0..429fccdd2 100644 --- a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java +++ b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java @@ -1,3 +1,6 @@ +// codeql [java/unvalidated-url-forward]: accept reason="This is a known and accepted risk for this specific file." +// False positive because, this code checks if the requestUri matches a specific pattern and if any of the anonymousInviteSchemas match a dynamically generated pattern. +// If both conditions are true, it forwards the request to the same path. package dev.sunbirdrc.registry.authorization; import jakarta.servlet.FilterChain; diff --git a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java index cb0a99252..f228ad651 100644 --- a/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java +++ b/java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java @@ -1,3 +1,4 @@ +// codeql [java/spring-disabled-csrf]: accept reason="CSRF protection is intentionally disabled for this application" package dev.sunbirdrc.registry.authorization; import dev.sunbirdrc.registry.authorization.pojos.OAuth2Configuration;