Sonar logging issue

Zabuzard · Zabuzard · commit fd4d2cdc3b9e · 2022-09-26T10:38:43.000+02:00
diff --git a/application/src/main/java/org/togetherjava/tjbot/logging/discord/DiscordLogging.java b/application/src/main/java/org/togetherjava/tjbot/logging/discord/DiscordLogging.java
@@ -64,6 +64,11 @@ private static Optional<URI> parseWebhookUri(String webhookUri) {
         }
     }
 
+    // Security warning about configuring logs. It is safe in this case, the only user input are the
+    // webhook URIs, which cannot inject anything malicious.
+    // The only risk is changing the target to an attackers' server, but therefore they need access
+    // to the config.
+    @SuppressWarnings("squid:S4792")
     private static void addDiscordLogAppender(String name, Filter filter, URI webhookUri,
             Configuration logConfig) {
         // NOTE The whole setup is done programmatically in order to allow the webhooks

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,11 @@ private static Optional<URI> parseWebhookUri(String webhookUri) {`
`64`	`64`	`}`
`65`	`65`	`}`
`66`	`66`
	`67`	`+ // Security warning about configuring logs. It is safe in this case, the only user input are the`
	`68`	`+ // webhook URIs, which cannot inject anything malicious.`
	`69`	`+ // The only risk is changing the target to an attackers' server, but therefore they need access`
	`70`	`+ // to the config.`
	`71`	`+ @SuppressWarnings("squid:S4792")`
`67`	`72`	`private static void addDiscordLogAppender(String name, Filter filter, URI webhookUri,`
`68`	`73`	`Configuration logConfig) {`
`69`	`74`	`// NOTE The whole setup is done programmatically in order to allow the webhooks`