added spring-disabled-csrf-protection, unvalidated-url-forward

.github/workflows/codeql-analysis.yml

@@ -57,6 +57,11 @@ jobs:
                 id: java/URL-forward-from-remote-source
             - exclude:
                 id: java/Disabled-Spring-CSRF-protection
+            - exclude:
+                id: java/unvalidated-url-forward
+            - exclude:
+                java/spring-disabled-csrf-protection
+          
 
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.

java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SchemaAuthFilter.java

@@ -15,7 +15,7 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
-@SuppressWarnings("java/URL-forward-from-remote-source")
+@SuppressWarnings({"java/URL-forward-from-remote-source","unvalidated-url-forward"})
 public class SchemaAuthFilter extends OncePerRequestFilter {
     private static final Logger logger = LoggerFactory.getLogger(SchemaAuthFilter.class);
     private static final String INVITE_URL_PATTERN = "/api/v1/([A-Za-z0-9_])+/invite(/)?";

java/middleware/registry-middleware/authorization/src/main/java/dev/sunbirdrc/registry/authorization/SecurityConfig.java

@@ -26,7 +26,7 @@
 @Configuration
 @EnableWebSecurity
 @ConditionalOnProperty(name = "authentication.enabled", havingValue = "true", matchIfMissing = false)
-@SuppressWarnings("java/Disabled-Spring-CSRF-protection")
+@SuppressWarnings({"java/Disabled-Spring-CSRF-protection","spring-disabled-csrf-protection"})
 public class SecurityConfig {
 
     @Autowired