Add plugin io.spring.nohttp

This commit is contained in:
Joe Grandja 2020-08-18 11:00:47 -04:00
parent a604f352ae
commit 12d228c089
2 changed files with 13 additions and 1 deletions

View File

@ -2,7 +2,7 @@ buildscript {
dependencies {
classpath 'io.spring.gradle:spring-build-conventions:0.0.33.RELEASE'
classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
classpath 'io.spring.nohttp:nohttp-gradle:0.0.5.RELEASE'
}
repositories {
maven { url 'https://repo.spring.io/plugins-snapshot' }
@ -10,6 +10,7 @@ buildscript {
}
}
apply plugin: 'io.spring.nohttp'
apply plugin: 'io.spring.convention.root'
group = 'org.springframework.security.experimental'
@ -26,3 +27,7 @@ subprojects {
project.sourceCompatibility = '1.8'
}
}
nohttp {
allowlistFile = project.file("etc/nohttp/allowlist.lines")
}

View File

@ -0,0 +1,7 @@
^http://[^/]*nabble.com.*
^http://blog.opensecurityresearch.com/.*
^http://iharder.sourceforge.net/current/java/base64/
^http://jaspan.com.*
^http://lists.webappsec.org/.*
^http://webblaze.cs.berkeley.edu/.*
^http://www.w3.org/2000/09/xmldsig.*