[syncope] branch master updated: Addressing some CodeQL alerts (#219)
This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 8b00eb5 Addressing some CodeQL alerts (#219) 8b00eb5 is described below commit 8b00eb5a3a79cad853fc434c4c7d0ffe026139cc Author: Francesco Chicchiriccò AuthorDate: Wed Oct 7 17:17:18 2020 +0200 Addressing some CodeQL alerts (#219) --- .../console/panels/PrivilegeDirectoryPanel.java| 2 +- .../console/policies/PolicyRuleDirectoryPanel.java | 2 +- .../console/reports/ReportletDirectoryPanel.java | 2 +- .../client/console/tasks/TaskDirectoryPanel.java | 2 +- .../markup/html/form/ActionLinksTogglePanel.java | 2 - .../client/console/wizards/WizardMgtPanel.java | 2 +- .../syncope/client/console/wizards/any/Groups.java | 2 +- .../apache/syncope/common/lib/AnyOperations.java | 5 +- .../syncope/core/logic/U2FRegistrationLogic.java | 196 +++-- .../apache/syncope/core/logic/SyncopeLogic.java| 2 +- .../core/provisioning/java/MappingManagerImpl.java | 6 +- .../java/cache/MemoryVirAttrCache.java | 2 +- .../PriorityPropagationTaskExecutor.java | 2 +- .../spring/security/JWTAuthenticationProvider.java | 2 +- 14 files changed, 113 insertions(+), 116 deletions(-) diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/PrivilegeDirectoryPanel.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/PrivilegeDirectoryPanel.java index 5b40422..9d7f182 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/PrivilegeDirectoryPanel.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/PrivilegeDirectoryPanel.java @@ -177,7 +177,7 @@ public class PrivilegeDirectoryPanel extends DirectoryPanel< @Override public void onEvent(final IEvent event) { super.onEvent(event); -if (event.getPayload() instanceof ExitEvent && modal != null) { +if (event.getPayload() instanceof ExitEvent) { final AjaxRequestTarget target = ExitEvent.class.cast(event.getPayload()).getTarget(); baseModal.show(false); baseModal.close(target); diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyRuleDirectoryPanel.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyRuleDirectoryPanel.java index 0f27e9f..f67f1d5 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyRuleDirectoryPanel.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyRuleDirectoryPanel.java @@ -278,7 +278,7 @@ public class PolicyRuleDirectoryPanel extends DirectoryPanel @Override public void onEvent(final IEvent event) { super.onEvent(event); -if (event.getPayload() instanceof ExitEvent && modal != null) { +if (event.getPayload() instanceof ExitEvent) { final AjaxRequestTarget target = ExitEvent.class.cast(event.getPayload()).getTarget(); baseModal.show(false); baseModal.close(target); diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/reports/ReportletDirectoryPanel.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/reports/ReportletDirectoryPanel.java index a04d2d3..7d854f0 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/reports/ReportletDirectoryPanel.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/reports/ReportletDirectoryPanel.java @@ -260,7 +260,7 @@ public class ReportletDirectoryPanel extends DirectoryPanel< @Override public void onEvent(final IEvent event) { super.onEvent(event); -if (event.getPayload() instanceof ExitEvent && modal != null) { +if (event.getPayload() instanceof ExitEvent) { final AjaxRequestTarget target = ExitEvent.class.cast(event.getPayload()).getTarget(); baseModal.show(false); baseModal.close(target); diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/tasks/TaskDirectoryPanel.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/tasks/TaskDirectoryPanel.java index 2c94179..1486ab6 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/tasks/TaskDirectoryPanel.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/tasks/TaskDirectoryPanel.java @@ -93,7 +93,7 @@ public abstract class TaskDirectoryPanel @Override public void onEvent(final IEvent event) { super.onEvent(event); -if (event.getPayload() instanceof
[syncope] branch master updated (16cb7fa -> dfdfa2c)
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git. from 16cb7fa Fixing CodeQL analysis (#217) add dfdfa2c Adding security-and-quality query (#218) No new revisions were added by this update. Summary of changes: .github/workflows/codeql-analysis.yml | 1 + 1 file changed, 1 insertion(+)
[syncope] branch master updated: Fixing CodeQL analysis (#217)
This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 16cb7fa Fixing CodeQL analysis (#217) 16cb7fa is described below commit 16cb7fa1764f6be0e6192066522ddc006826739f Author: Francesco Chicchiriccò AuthorDate: Wed Oct 7 14:21:09 2020 +0200 Fixing CodeQL analysis (#217) --- .github/workflows/codeql-analysis.yml | 42 ++- pom.xml | 1 - 2 files changed, 31 insertions(+), 12 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 54f501f..9cd4d4c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,16 +1,27 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at # -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License name: "CodeQL" on: push: -branches: [master] +branches: [master,2_1_X] pull_request: # The branches below must be a subset of the branches above -branches: [master] +branches: [master,2_1_X] schedule: - cron: '0 13 * * 4' @@ -41,6 +52,16 @@ jobs: - run: git checkout HEAD^2 if: ${{ github.event_name == 'pull_request' }} +- name: Setup Java JDK + uses: actions/setup-java@v1.4.3 + with: +java-version: 11 +- uses: actions/cache@v2.1.1 + with: +path: ~/.m2 +key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} +restore-keys: ${{ runner.os }}-m2 + # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v1 @@ -53,8 +74,8 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) -- name: Autobuild - uses: github/codeql-action/autobuild@v1 +#- name: Autobuild +# uses: github/codeql-action/autobuild@v1 # ℹ️ Command-line programs to run using the OS shell. # https://git.io/JvXDl @@ -63,9 +84,8 @@ jobs: #and modify them (or add more) to build your code if your project #uses a compiled language -#- run: | -# make bootstrap -# make release +- run: | + mvn -T 1C -PskipTests,all - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 diff --git a/pom.xml b/pom.xml index 084..58b8694 100644 --- a/pom.xml +++ b/pom.xml @@ -2526,7 +2526,6 @@ under the License. **/*.json **/banner.txt **/target/** -**/codeql-analysis.yml
[syncope] branch master updated: Exclude codeql from rat-plugin
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 6323bd0 Exclude codeql from rat-plugin 6323bd0 is described below commit 6323bd0b14d2be8f788d0c3bbb68c3c717e05a56 Author: Colm O hEigeartaigh AuthorDate: Wed Oct 7 12:38:47 2020 +0100 Exclude codeql from rat-plugin --- pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/pom.xml b/pom.xml index 58b8694..084 100644 --- a/pom.xml +++ b/pom.xml @@ -2526,6 +2526,7 @@ under the License. **/*.json **/banner.txt **/target/** +**/codeql-analysis.yml
[syncope] branch master updated: Update codeql-analysis.yml
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 1990c48 Update codeql-analysis.yml 1990c48 is described below commit 1990c48f3fe07f0c057927cdee6e039e3eca4c82 Author: Colm O hEigeartaigh AuthorDate: Wed Oct 7 12:27:20 2020 +0100 Update codeql-analysis.yml Removing javascript --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9cf53e2..54f501f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,7 +24,7 @@ jobs: matrix: # Override automatic language detection by changing the below list # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] -language: ['java', 'javascript'] +language: ['java'] # Learn more... # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
[syncope] branch master updated: Update codeql-analysis.yml
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 1990c48 Update codeql-analysis.yml 1990c48 is described below commit 1990c48f3fe07f0c057927cdee6e039e3eca4c82 Author: Colm O hEigeartaigh AuthorDate: Wed Oct 7 12:27:20 2020 +0100 Update codeql-analysis.yml Removing javascript --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9cf53e2..54f501f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,7 +24,7 @@ jobs: matrix: # Override automatic language detection by changing the below list # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] -language: ['java', 'javascript'] +language: ['java'] # Learn more... # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
[syncope] branch master updated: Create codeql-analysis.yml
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 2857b4e Create codeql-analysis.yml 2857b4e is described below commit 2857b4e95e498bcc7a4da63740e99cf8a14f1b84 Author: Colm O hEigeartaigh AuthorDate: Wed Oct 7 12:22:54 2020 +0100 Create codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 71 +++ 1 file changed, 71 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 000..9cf53e2 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,71 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +name: "CodeQL" + +on: + push: +branches: [master] + pull_request: +# The branches below must be a subset of the branches above +branches: [master] + schedule: +- cron: '0 13 * * 4' + +jobs: + analyze: +name: Analyze +runs-on: ubuntu-latest + +strategy: + fail-fast: false + matrix: +# Override automatic language detection by changing the below list +# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] +language: ['java', 'javascript'] +# Learn more... +# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection + +steps: +- name: Checkout repository + uses: actions/checkout@v2 + with: +# We must fetch at least the immediate parents so that if this is +# a pull request then we can checkout the head. +fetch-depth: 2 + +# If this run was triggered by a pull request event, then checkout +# the head of the pull request instead of the merge commit. +- run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + +# Initializes the CodeQL tools for scanning. +- name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: +languages: ${{ matrix.language }} +# If you wish to specify custom queries, you can do so here or in a config file. +# By default, queries listed here will override any specified in a config file. +# Prefix the list here with "+" to use these queries and those in the config file. +# queries: ./path/to/local/query, your-org/your-repo/queries@main + +# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). +# If this step fails, then you should remove it and run the build manually (see below) +- name: Autobuild + uses: github/codeql-action/autobuild@v1 + +# ℹ️ Command-line programs to run using the OS shell. +# https://git.io/JvXDl + +# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines +#and modify them (or add more) to build your code if your project +#uses a compiled language + +#- run: | +# make bootstrap +# make release + +- name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1