From 3e2cb4478100a5ea082dde30004067579eef58a4 Mon Sep 17 00:00:00 2001
From: Hendrik Buchwald
 <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
Date: Wed, 4 Dec 2024 15:23:10 +0100
Subject: [PATCH] SONARJAVA-5236 S6437 Remove FP passwordParameter signatures
 (#4947)

APPSEC-2308

Some SQC users reported false positives for the hard-coded credentials rule S6437 in Spring applications. This PR removes the incorrect signatures from the configuration file.
---
 .../org/sonar/java/checks/security/S6437-methods.json | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/java-checks-aws/src/main/resources/org/sonar/java/checks/security/S6437-methods.json b/java-checks-aws/src/main/resources/org/sonar/java/checks/security/S6437-methods.json
index e12aabbe6bd..fb4f47c017a 100644
--- a/java-checks-aws/src/main/resources/org/sonar/java/checks/security/S6437-methods.json
+++ b/java-checks-aws/src/main/resources/org/sonar/java/checks/security/S6437-methods.json
@@ -7015,12 +7015,9 @@
   {"cls":"org.springframework.security.authentication.rcp.RemoteAuthenticationManagerImpl","name":"attemptAuthentication","args":["java.lang.String","java.lang.String"],"indices":[1]},
   {"cls":"org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer$ContextSourceBuilder","name":"managerPassword","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.config.annotation.authentication.configurers.provisioning.UserDetailsManagerConfigurer$UserDetailsBuilder","name":"password","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer","name":"passwordParameter","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer","name":"changePasswordPage","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer$OpaqueTokenConfigurer","name":"introspectionClientCredentials","args":["java.lang.String","java.lang.String"],"indices":[1]},
   {"cls":"org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean","name":"setManagerPassword","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.config.web.server.ServerHttpSecurity$OAuth2ResourceServerSpec$OpaqueTokenSpec","name":"introspectionClientCredentials","args":["java.lang.String","java.lang.String"],"indices":[1]},
-  {"cls":"org.springframework.security.config.web.server.ServerHttpSecurity$PasswordManagementSpec","name":"changePasswordPage","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.convention.versions.UpdateDependenciesExtension$GitHub","name":"setAccessToken","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.core.password.CompromisedPasswordChecker","name":"check","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.core.password.HaveIBeenPwnedRestApiPasswordChecker","name":"check","args":["java.lang.String"],"indices":[0]},
@@ -7156,21 +7153,13 @@
   {"cls":"org.springframework.security.oauth2.server.resource.introspection.NimbusReactiveOpaqueTokenIntrospector","name":"NimbusReactiveOpaqueTokenIntrospector","args":["java.lang.String","java.lang.String","java.lang.String"],"indices":[2]},
   {"cls":"org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector","name":"SpringOpaqueTokenIntrospector","args":["java.lang.String","java.lang.String","java.lang.String"],"indices":[2]},
   {"cls":"org.springframework.security.oauth2.server.resource.introspection.SpringReactiveOpaqueTokenIntrospector","name":"SpringReactiveOpaqueTokenIntrospector","args":["java.lang.String","java.lang.String","java.lang.String"],"indices":[2]},
-  {"cls":"org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver","name":"setBearerTokenHeaderName","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.oauth2.server.resource.web.server.authentication.ServerBearerTokenAuthenticationConverter","name":"setBearerTokenHeaderName","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.provisioning.InMemoryUserDetailsManager","name":"changePassword","args":["java.lang.String","java.lang.String"],"indices":[0,1]},
   {"cls":"org.springframework.security.provisioning.InMemoryUserDetailsManager","name":"updatePassword","args":["org.springframework.security.core.userdetails.UserDetails","java.lang.String"],"indices":[1]},
   {"cls":"org.springframework.security.provisioning.JdbcUserDetailsManager","name":"changePassword","args":["java.lang.String","java.lang.String"],"indices":[0,1]},
   {"cls":"org.springframework.security.provisioning.UserDetailsManager","name":"changePassword","args":["java.lang.String","java.lang.String"],"indices":[0,1]},
   {"cls":"org.springframework.security.rsocket.metadata.BearerTokenMetadata","name":"BearerTokenMetadata","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.rsocket.metadata.UsernamePasswordMetadata","name":"UsernamePasswordMetadata","args":["java.lang.String","java.lang.String"],"indices":[1]},
-  {"cls":"org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter","name":"setPasswordParameter","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.web.authentication.preauth.RequestAttributeAuthenticationFilter","name":"setCredentialsEnvironmentVariable","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter","name":"setCredentialsRequestHeader","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter","name":"setPasswordParameter","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.web.authentication.www.BasicAuthenticationFilter","name":"setCredentialsCharset","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.security.web.http.SecurityHeaders","name":"bearerToken","args":["java.lang.String"],"indices":[0]},
-  {"cls":"org.springframework.security.web.server.ServerFormLoginAuthenticationConverter","name":"setPasswordParameter","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.shell.samples.standard.Commands","name":"changePassword","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.shell.samples.standard.DynamicCommands","name":"authenticate","args":["java.lang.String"],"indices":[0]},
   {"cls":"org.springframework.social.autoconfigure.SocialProperties","name":"setAppSecret","args":["java.lang.String"],"indices":[0]},