diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
new file mode 100644
index 0000000..5db721a
--- /dev/null
+++ b/.github/workflows/codeql.yaml
@@ -0,0 +1,22 @@
+name: Code scanning (CodeQL)
+
+on:
+ pull_request:
+ types: [ready_for_review, opened, reopened, synchronize]
+ branches:
+ - main
+ push:
+ branches:
+ - main
+ schedule:
+ - cron: '0 2 * * *'
+
+jobs:
+ codeql:
+ name: Run codeql
+ uses: Informasjonsforvaltning/workflows/.github/workflows/codeql.yaml@main
+ with:
+ language: java
+ java_version: '21'
+ secrets:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index e08a325..7ca5ad6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
org.springframework.boot
spring-boot-starter-parent
- 3.4.0
+ 3.4.2
@@ -32,9 +32,9 @@
false
- 2.0.21
+ 2.1.10
1.20.4
- 5.2.0
+ 5.3.0
@@ -67,7 +67,7 @@
org.hibernate.validator
hibernate-validator
- 8.0.1.Final
+ 8.0.2.Final
@@ -97,7 +97,7 @@
org.wiremock
wiremock-standalone
- 3.9.2
+ 3.11.0
test
@@ -127,7 +127,7 @@
org.jetbrains.kotlinx
kotlinx-coroutines-core
- 1.9.0
+ 1.10.1
diff --git a/src/main/kotlin/no/digdir/organizationcatalog/adapter/EnhetsregisteretAdapter.kt b/src/main/kotlin/no/digdir/organizationcatalog/adapter/EnhetsregisteretAdapter.kt
index 01d768b..61e29cd 100644
--- a/src/main/kotlin/no/digdir/organizationcatalog/adapter/EnhetsregisteretAdapter.kt
+++ b/src/main/kotlin/no/digdir/organizationcatalog/adapter/EnhetsregisteretAdapter.kt
@@ -82,7 +82,14 @@ class EnhetsregisteretAdapter(private val appProperties: AppProperties) {
}
}
- private fun getOrganizationFromEnhetsregisteret(organizationId: String, isSubordinate: Boolean = false): EnhetsregisteretOrganization? =
+ private fun getOrganizationFromEnhetsregisteret(organizationId: String, isSubordinate: Boolean = false): EnhetsregisteretOrganization? {
+ try {
+ Integer.parseInt(organizationId)
+ } catch (e: NumberFormatException) {
+ LOGGER.warn("Invalid organization identifier for Enhetsregisteret '$organizationId'")
+ return null
+ }
+
URL("${appProperties.enhetsregisteretProxyUrl}/${if (isSubordinate) "underenheter" else "enheter"}/$organizationId")
.openConnection()
.run {
@@ -104,6 +111,7 @@ class EnhetsregisteretAdapter(private val appProperties: AppProperties) {
null
}
}
+ }
fun getOrganizationsFromEnhetsregisteretByType(orgType: EnhetsregisteretType): List {
return getOrganizationsFromEnhetsregisteret("/enheter?organisasjonsform=$orgType&size=10000")
diff --git a/src/main/kotlin/no/digdir/organizationcatalog/security/SecurityConfig.kt b/src/main/kotlin/no/digdir/organizationcatalog/security/SecurityConfig.kt
index 88f45af..03a2600 100644
--- a/src/main/kotlin/no/digdir/organizationcatalog/security/SecurityConfig.kt
+++ b/src/main/kotlin/no/digdir/organizationcatalog/security/SecurityConfig.kt
@@ -37,7 +37,6 @@ open class SecurityConfig(
config
}
}
- .csrf { it.disable() }
.authorizeHttpRequests { authorize ->
authorize.requestMatchers(HttpMethod.OPTIONS).permitAll()
.requestMatchers(HttpMethod.GET).permitAll()