[syncope] branch master updated: Addressing some CodeQL alerts (#219)
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 8b00eb5 Addressing some CodeQL alerts (#219)
8b00eb5 is described below
commit 8b00eb5a3a79cad853fc434c4c7d0ffe026139cc
Author: Francesco Chicchiriccò
AuthorDate: Wed Oct 7 17:17:18 2020 +0200
Addressing some CodeQL alerts (#219)
---
.../console/panels/PrivilegeDirectoryPanel.java| 2 +-
.../console/policies/PolicyRuleDirectoryPanel.java | 2 +-
.../console/reports/ReportletDirectoryPanel.java | 2 +-
.../client/console/tasks/TaskDirectoryPanel.java | 2 +-
.../markup/html/form/ActionLinksTogglePanel.java | 2 -
.../client/console/wizards/WizardMgtPanel.java | 2 +-
.../syncope/client/console/wizards/any/Groups.java | 2 +-
.../apache/syncope/common/lib/AnyOperations.java | 5 +-
.../syncope/core/logic/U2FRegistrationLogic.java | 196 +++--
.../apache/syncope/core/logic/SyncopeLogic.java| 2 +-
.../core/provisioning/java/MappingManagerImpl.java | 6 +-
.../java/cache/MemoryVirAttrCache.java | 2 +-
.../PriorityPropagationTaskExecutor.java | 2 +-
.../spring/security/JWTAuthenticationProvider.java | 2 +-
14 files changed, 113 insertions(+), 116 deletions(-)
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/PrivilegeDirectoryPanel.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/PrivilegeDirectoryPanel.java
index 5b40422..9d7f182 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/PrivilegeDirectoryPanel.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/panels/PrivilegeDirectoryPanel.java
@@ -177,7 +177,7 @@ public class PrivilegeDirectoryPanel extends DirectoryPanel<
@Override
public void onEvent(final IEvent event) {
super.onEvent(event);
-if (event.getPayload() instanceof ExitEvent && modal != null) {
+if (event.getPayload() instanceof ExitEvent) {
final AjaxRequestTarget target =
ExitEvent.class.cast(event.getPayload()).getTarget();
baseModal.show(false);
baseModal.close(target);
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyRuleDirectoryPanel.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyRuleDirectoryPanel.java
index 0f27e9f..f67f1d5 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyRuleDirectoryPanel.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/policies/PolicyRuleDirectoryPanel.java
@@ -278,7 +278,7 @@ public class PolicyRuleDirectoryPanel
extends DirectoryPanel
@Override
public void onEvent(final IEvent event) {
super.onEvent(event);
-if (event.getPayload() instanceof ExitEvent && modal != null) {
+if (event.getPayload() instanceof ExitEvent) {
final AjaxRequestTarget target =
ExitEvent.class.cast(event.getPayload()).getTarget();
baseModal.show(false);
baseModal.close(target);
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/reports/ReportletDirectoryPanel.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/reports/ReportletDirectoryPanel.java
index a04d2d3..7d854f0 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/reports/ReportletDirectoryPanel.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/reports/ReportletDirectoryPanel.java
@@ -260,7 +260,7 @@ public class ReportletDirectoryPanel extends DirectoryPanel<
@Override
public void onEvent(final IEvent event) {
super.onEvent(event);
-if (event.getPayload() instanceof ExitEvent && modal != null) {
+if (event.getPayload() instanceof ExitEvent) {
final AjaxRequestTarget target =
ExitEvent.class.cast(event.getPayload()).getTarget();
baseModal.show(false);
baseModal.close(target);
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/tasks/TaskDirectoryPanel.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/tasks/TaskDirectoryPanel.java
index 2c94179..1486ab6 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/tasks/TaskDirectoryPanel.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/tasks/TaskDirectoryPanel.java
@@ -93,7 +93,7 @@ public abstract class TaskDirectoryPanel
@Override
public void onEvent(final IEvent event) {
super.onEvent(event);
-if (event.getPayload() instanceof
[syncope] branch master updated (16cb7fa -> dfdfa2c)
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git. from 16cb7fa Fixing CodeQL analysis (#217) add dfdfa2c Adding security-and-quality query (#218) No new revisions were added by this update. Summary of changes: .github/workflows/codeql-analysis.yml | 1 + 1 file changed, 1 insertion(+)
[syncope] branch master updated: Fixing CodeQL analysis (#217)
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 16cb7fa Fixing CodeQL analysis (#217)
16cb7fa is described below
commit 16cb7fa1764f6be0e6192066522ddc006826739f
Author: Francesco Chicchiriccò
AuthorDate: Wed Oct 7 14:21:09 2020 +0200
Fixing CodeQL analysis (#217)
---
.github/workflows/codeql-analysis.yml | 42 ++-
pom.xml | 1 -
2 files changed, 31 insertions(+), 12 deletions(-)
diff --git a/.github/workflows/codeql-analysis.yml
b/.github/workflows/codeql-analysis.yml
index 54f501f..9cd4d4c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,16 +1,27 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License
name: "CodeQL"
on:
push:
-branches: [master]
+branches: [master,2_1_X]
pull_request:
# The branches below must be a subset of the branches above
-branches: [master]
+branches: [master,2_1_X]
schedule:
- cron: '0 13 * * 4'
@@ -41,6 +52,16 @@ jobs:
- run: git checkout HEAD^2
if: ${{ github.event_name == 'pull_request' }}
+- name: Setup Java JDK
+ uses: actions/setup-java@v1.4.3
+ with:
+java-version: 11
+- uses: actions/cache@v2.1.1
+ with:
+path: ~/.m2
+key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+restore-keys: ${{ runner.os }}-m2
+
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
@@ -53,8 +74,8 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually
(see below)
-- name: Autobuild
- uses: github/codeql-action/autobuild@v1
+#- name: Autobuild
+# uses: github/codeql-action/autobuild@v1
# ℹ️ Command-line programs to run using the OS shell.
# https://git.io/JvXDl
@@ -63,9 +84,8 @@ jobs:
#and modify them (or add more) to build your code if your project
#uses a compiled language
-#- run: |
-# make bootstrap
-# make release
+- run: |
+ mvn -T 1C -PskipTests,all
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
diff --git a/pom.xml b/pom.xml
index 084..58b8694 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2526,7 +2526,6 @@ under the License.
**/*.json
**/banner.txt
**/target/**
-**/codeql-analysis.yml
[syncope] branch master updated: Exclude codeql from rat-plugin
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 6323bd0 Exclude codeql from rat-plugin 6323bd0 is described below commit 6323bd0b14d2be8f788d0c3bbb68c3c717e05a56 Author: Colm O hEigeartaigh AuthorDate: Wed Oct 7 12:38:47 2020 +0100 Exclude codeql from rat-plugin --- pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/pom.xml b/pom.xml index 58b8694..084 100644 --- a/pom.xml +++ b/pom.xml @@ -2526,6 +2526,7 @@ under the License. **/*.json **/banner.txt **/target/** +**/codeql-analysis.yml
[syncope] branch master updated: Update codeql-analysis.yml
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 1990c48 Update codeql-analysis.yml 1990c48 is described below commit 1990c48f3fe07f0c057927cdee6e039e3eca4c82 Author: Colm O hEigeartaigh AuthorDate: Wed Oct 7 12:27:20 2020 +0100 Update codeql-analysis.yml Removing javascript --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9cf53e2..54f501f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,7 +24,7 @@ jobs: matrix: # Override automatic language detection by changing the below list # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] -language: ['java', 'javascript'] +language: ['java'] # Learn more... # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
[syncope] branch master updated: Update codeql-analysis.yml
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 1990c48 Update codeql-analysis.yml 1990c48 is described below commit 1990c48f3fe07f0c057927cdee6e039e3eca4c82 Author: Colm O hEigeartaigh AuthorDate: Wed Oct 7 12:27:20 2020 +0100 Update codeql-analysis.yml Removing javascript --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9cf53e2..54f501f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,7 +24,7 @@ jobs: matrix: # Override automatic language detection by changing the below list # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] -language: ['java', 'javascript'] +language: ['java'] # Learn more... # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
[syncope] branch master updated: Create codeql-analysis.yml
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 2857b4e Create codeql-analysis.yml
2857b4e is described below
commit 2857b4e95e498bcc7a4da63740e99cf8a14f1b84
Author: Colm O hEigeartaigh
AuthorDate: Wed Oct 7 12:22:54 2020 +0100
Create codeql-analysis.yml
---
.github/workflows/codeql-analysis.yml | 71 +++
1 file changed, 71 insertions(+)
diff --git a/.github/workflows/codeql-analysis.yml
b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 000..9cf53e2
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+name: "CodeQL"
+
+on:
+ push:
+branches: [master]
+ pull_request:
+# The branches below must be a subset of the branches above
+branches: [master]
+ schedule:
+- cron: '0 13 * * 4'
+
+jobs:
+ analyze:
+name: Analyze
+runs-on: ubuntu-latest
+
+strategy:
+ fail-fast: false
+ matrix:
+# Override automatic language detection by changing the below list
+# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript',
'python']
+language: ['java', 'javascript']
+# Learn more...
+#
https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+steps:
+- name: Checkout repository
+ uses: actions/checkout@v2
+ with:
+# We must fetch at least the immediate parents so that if this is
+# a pull request then we can checkout the head.
+fetch-depth: 2
+
+# If this run was triggered by a pull request event, then checkout
+# the head of the pull request instead of the merge commit.
+- run: git checkout HEAD^2
+ if: ${{ github.event_name == 'pull_request' }}
+
+# Initializes the CodeQL tools for scanning.
+- name: Initialize CodeQL
+ uses: github/codeql-action/init@v1
+ with:
+languages: ${{ matrix.language }}
+# If you wish to specify custom queries, you can do so here or in a
config file.
+# By default, queries listed here will override any specified in a
config file.
+# Prefix the list here with "+" to use these queries and those in the
config file.
+# queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+# If this step fails, then you should remove it and run the build manually
(see below)
+- name: Autobuild
+ uses: github/codeql-action/autobuild@v1
+
+# ℹ️ Command-line programs to run using the OS shell.
+# https://git.io/JvXDl
+
+# ✏️ If the Autobuild fails above, remove it and uncomment the following
three lines
+#and modify them (or add more) to build your code if your project
+#uses a compiled language
+
+#- run: |
+# make bootstrap
+# make release
+
+- name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v1
