From 232c30bcdc04501e2b6c5c7e4713885d89debc88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A1ra=20El-Saig?= <sara.el-saig@lombiq.com>
Date: Thu, 22 Aug 2024 15:18:55 +0200
Subject: [PATCH] Add necessary security exceptions.

---
 .../SecurityScanningUITestContextExtensions.cs           | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/Lombiq.Tests.UI/SecurityScanning/SecurityScanningUITestContextExtensions.cs b/Lombiq.Tests.UI/SecurityScanning/SecurityScanningUITestContextExtensions.cs
index 086aeb301..5508893df 100644
--- a/Lombiq.Tests.UI/SecurityScanning/SecurityScanningUITestContextExtensions.cs
+++ b/Lombiq.Tests.UI/SecurityScanning/SecurityScanningUITestContextExtensions.cs
@@ -85,6 +85,15 @@ public static Task RunAndConfigureAndAssertFullSecurityScanForContinuousIntegrat
                 // There is no need to security scan the admin dashboard.
                 configuration.ExcludeUrlWithRegex(@".*/Admin/.*");
 
+                // There is no need to security scan anything in Lombiq.Tests.UI.Shortcuts.
+                configuration.ExcludeUrlWithRegex(@".*/Lombiq.Tests.UI.Shortcuts/.*");
+
+                configuration.MarkScanRuleAsFalsePositiveForUrlWithRegex(
+                    ".*/(Login|ChangePassword)([?].*)?",
+                    6,
+                    "Path Traversal",
+                    "Setting the returnUrl attribute to a itself yields a false positive");
+
                 // Active scan takes a very long time, this is not practical in CI.
                 configuration.ModifyZapPlan(plan => plan
                     .SetActiveScanMaxDuration(maxActiveScanDurationInMinutes, maxRuleDurationInMinutes));