search

wultra / powerauth-restful-integration

Integration libraries used when building PowerAuth protected RESTful
GNU Affero General Public License v3.0
4 stars 4 forks source link

Coverity: Unlogged security exception #558

Closed banterCZ closed 1 month ago

banterCZ commented 1 month ago

445157 Unlogged security exception Each security exception must be logged properly to provide a notification about and a history of security events. This aids in a timely response to limit the severity and scale of attacks. It also provides information to analyze their origins and consequences.

In io.​getlime.​security.​powerauth.​rest.​api.​spring.​service.​oidc.​OidcHandler.​verifyAndDecode(io.​getlime.​security.​powerauth.​rest.​api.​spring.​service.​oidc.​TokenResponse, org.​springframework.​security.​oauth2.​client.​registration.​ClientRegistration, java.​lang.​String): A security exception is caught but not logged. (CWE-778)

banterCZ commented 1 month ago

False positive. The exception is passed as the cause and logged in the handler.