github-advanced-security[bot] commented on code in PR #1420:
URL: https://github.com/apache/syncope/pull/1420#discussion_r3383788973
##########
core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/RESTProperties.java:
##########
@@ -28,7 +31,79 @@
@NestedConfigurationProperty
private final ExecutorProperties batchExecutor = new ExecutorProperties();
+ @NestedConfigurationProperty
+ private final RateLimit rateLimit = new RateLimit();
+
public ExecutorProperties getBatchExecutor() {
return batchExecutor;
}
+
+ public RateLimit getRateLimit() {
+ return rateLimit;
+ }
+
+ public static class RateLimit {
+
+ private boolean enabled;
+
+ private int maxRequests = 300;
+
+ private Duration window = Duration.ofMinutes(1);
+
+ private Duration lock = Duration.ofMinutes(1);
+
+ private String forwardedForHeader = "X-Forwarded-For";
+
+ private final Set<String> excludedAddresses = new HashSet<>();
+
+ private final Set<String> trustedProxies = new HashSet<>();
+
+ public boolean isEnabled() {
+ return enabled;
+ }
+
+ public void setEnabled(final boolean enabled) {
+ this.enabled = enabled;
+ }
+
+ public int getMaxRequests() {
+ return maxRequests;
+ }
+
+ public void setMaxRequests(final int maxRequests) {
+ this.maxRequests = maxRequests;
+ }
+
+ public Duration getWindow() {
+ return window;
+ }
+
+ public void setWindow(final Duration window) {
+ this.window = window;
+ }
+
+ public Duration getLock() {
+ return lock;
+ }
+
+ public void setLock(final Duration lock) {
+ this.lock = lock;
+ }
+
+ public String getForwardedForHeader() {
+ return forwardedForHeader;
+ }
+
+ public void setForwardedForHeader(final String forwardedForHeader) {
+ this.forwardedForHeader = forwardedForHeader;
+ }
+
+ public Set<String> getExcludedAddresses() {
+ return excludedAddresses;
+ }
+
+ public Set<String> getTrustedProxies() {
Review Comment:
## CodeQL / Exposing internal representation
getTrustedProxies exposes the internal representation stored in field
trustedProxies. The value may be modified [after this call to
getTrustedProxies](1).
[Show more
details](https://github.com/apache/syncope/security/code-scanning/2643)
##########
core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/RESTProperties.java:
##########
@@ -28,7 +31,79 @@
@NestedConfigurationProperty
private final ExecutorProperties batchExecutor = new ExecutorProperties();
+ @NestedConfigurationProperty
+ private final RateLimit rateLimit = new RateLimit();
+
public ExecutorProperties getBatchExecutor() {
return batchExecutor;
}
+
+ public RateLimit getRateLimit() {
+ return rateLimit;
+ }
+
+ public static class RateLimit {
+
+ private boolean enabled;
+
+ private int maxRequests = 300;
+
+ private Duration window = Duration.ofMinutes(1);
+
+ private Duration lock = Duration.ofMinutes(1);
+
+ private String forwardedForHeader = "X-Forwarded-For";
+
+ private final Set<String> excludedAddresses = new HashSet<>();
+
+ private final Set<String> trustedProxies = new HashSet<>();
+
+ public boolean isEnabled() {
+ return enabled;
+ }
+
+ public void setEnabled(final boolean enabled) {
+ this.enabled = enabled;
+ }
+
+ public int getMaxRequests() {
+ return maxRequests;
+ }
+
+ public void setMaxRequests(final int maxRequests) {
+ this.maxRequests = maxRequests;
+ }
+
+ public Duration getWindow() {
+ return window;
+ }
+
+ public void setWindow(final Duration window) {
+ this.window = window;
+ }
+
+ public Duration getLock() {
+ return lock;
+ }
+
+ public void setLock(final Duration lock) {
+ this.lock = lock;
+ }
+
+ public String getForwardedForHeader() {
+ return forwardedForHeader;
+ }
+
+ public void setForwardedForHeader(final String forwardedForHeader) {
+ this.forwardedForHeader = forwardedForHeader;
+ }
+
+ public Set<String> getExcludedAddresses() {
Review Comment:
## CodeQL / Exposing internal representation
getExcludedAddresses exposes the internal representation stored in field
excludedAddresses. The value may be modified [after this call to
getExcludedAddresses](1).
[Show more
details](https://github.com/apache/syncope/security/code-scanning/2644)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
