SONARJAVA-5236 S6437 Remove FP passwordParameter signatures (#4947)

APPSEC-2308 Some SQC users reported false positives for the hard-coded credentials rule S6437 in Spring applications. This PR removes the incorrect signatures from the configuration file.
SonarSource · Dec 4, 2024 · 3e2cb44 · 3e2cb44
1 parent a8c1c27
commit 3e2cb44
Showing 1 changed file with 0 additions and 11 deletions.
diff --git a/java-checks-aws/src/main/resources/org/sonar/java/checks/security/S6437-methods.json b/java-checks-aws/src/main/resources/org/sonar/java/checks/security/S6437-methods.json
@@ -7015,12 +7015,9 @@
   {"cls":"org.springframework.security.authentication.rcp.RemoteAuthenticationManagerImpl","name":"attemptAuthentication","args":["java.lang.String","java.lang.String"],"indices":[1]},
   {"cls":"org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer$ContextSourceBuilder","name":"managerPassword","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer$UserDetailsBuilder","name":"password","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer","name":"passwordParameter","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer","name":"changePasswordPage","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer$OpaqueTokenConfigurer","name":"introspectionClientCredentials","args":["java.lang.String","java.lang.String"],"indices":[1]},
   {"cls":"org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean","name":"setManagerPassword","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2ResourceServerSpec$OpaqueTokenSpec","name":"introspectionClientCredentials","args":["java.lang.String","java.lang.String"],"indices":[1]},
-  {"cls":"org.springframework.security.config.web.server.ServerHttpSecurity$PasswordManagementSpec","name":"changePasswordPage","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.convention.versions.UpdateDependenciesExtension$GitHub","name":"setAccessToken","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.core.password.CompromisedPasswordChecker","name":"check","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.core.password.HaveIBeenPwnedRestApiPasswordChecker","name":"check","args":["java.lang.String"],"indices":[0]},
@@ -7156,21 +7153,13 @@
   {"cls":"org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector","name":"NimbusReactiveOpaqueTokenIntrospector","args":["java.lang.String","java.lang.String","java.lang.String"],"indices":[2]},
   {"cls":"org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector","name":"SpringOpaqueTokenIntrospector","args":["java.lang.String","java.lang.String","java.lang.String"],"indices":[2]},
   {"cls":"org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector","name":"SpringReactiveOpaqueTokenIntrospector","args":["java.lang.String","java.lang.String","java.lang.String"],"indices":[2]},
-  {"cls":"org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver","name":"setBearerTokenHeaderName","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter","name":"setBearerTokenHeaderName","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.provisioning.InMemoryUserDetailsManager","name":"changePassword","args":["java.lang.String","java.lang.String"],"indices":[0,1]},
   {"cls":"org.springframework.security.provisioning.InMemoryUserDetailsManager","name":"updatePassword","args":["org.springframework.security.core.userdetails.UserDetails","java.lang.String"],"indices":[1]},
   {"cls":"org.springframework.security.provisioning.JdbcUserDetailsManager","name":"changePassword","args":["java.lang.String","java.lang.String"],"indices":[0,1]},
   {"cls":"org.springframework.security.provisioning.UserDetailsManager","name":"changePassword","args":["java.lang.String","java.lang.String"],"indices":[0,1]},
   {"cls":"org.springframework.security.rsocket.metadata.BearerTokenMetadata","name":"BearerTokenMetadata","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.rsocket.metadata.UsernamePasswordMetadata","name":"UsernamePasswordMetadata","args":["java.lang.String","java.lang.String"],"indices":[1]},
-  {"cls":"org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter","name":"setPasswordParameter","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter","name":"setCredentialsEnvironmentVariable","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter","name":"setCredentialsRequestHeader","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter","name":"setPasswordParameter","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.web.authentication.www.BasicAuthenticationFilter","name":"setCredentialsCharset","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.web.http.SecurityHeaders","name":"bearerToken","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.web.server.ServerFormLoginAuthenticationConverter","name":"setPasswordParameter","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.shell.samples.standard.Commands","name":"changePassword","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.shell.samples.standard.DynamicCommands","name":"authenticate","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.social.autoconfigure.SocialProperties","name":"setAppSecret","args":["java.lang.String"],"indices":[0]},