generated from coulomb/repo-seed
55 lines
2.0 KiB
JSON
55 lines
2.0 KiB
JSON
{
|
|
"id": "opencmis-warning-policy",
|
|
"description": "Warning classification policy for local OpenCMIS TCK preparation runs.",
|
|
"warning_policies": [
|
|
{
|
|
"id": "local-loopback-http-transport",
|
|
"match": {
|
|
"message_contains": "HTTPS is not used",
|
|
"source_location": {
|
|
"file": "SecurityTest.java"
|
|
}
|
|
},
|
|
"accepted_when": {
|
|
"scheme": "http",
|
|
"host_scope": "loopback",
|
|
"environments": [
|
|
"local",
|
|
"test",
|
|
"development"
|
|
]
|
|
},
|
|
"classification": "accepted_local_loopback_transport",
|
|
"severity": "info",
|
|
"reason": "OpenCMIS warns about HTTP credentials. This is acceptable for explicit loopback-only local runs and must not be used as a deployment-release claim.",
|
|
"unaccepted_classification": "deployment_transport_blocker",
|
|
"unaccepted_severity": "blocker",
|
|
"unaccepted_reason": "OpenCMIS reported plain HTTP outside the accepted local loopback boundary. Use HTTPS termination or an explicit approved waiver for deployment-like targets."
|
|
},
|
|
{
|
|
"id": "opencmis-inmemory-thin-client-uri",
|
|
"match": {
|
|
"message_contains": "Thin client URI is not set",
|
|
"source_location": {
|
|
"file": "RepositoryInfoTest.java"
|
|
}
|
|
},
|
|
"accepted_when": {
|
|
"target_profile_refs": [
|
|
"opencmis-inmemory-local"
|
|
],
|
|
"environments": [
|
|
"local",
|
|
"test"
|
|
]
|
|
},
|
|
"classification": "accepted_inmemory_self_test_limitation",
|
|
"severity": "info",
|
|
"reason": "The Apache Chemistry in-memory server is a local extension smoke target. Missing thinClientURI is a target-specific self-test limitation, not a guide-board extension defect.",
|
|
"unaccepted_classification": "repository_info_warning",
|
|
"unaccepted_severity": "warning",
|
|
"unaccepted_reason": "A non-in-memory target should expose or intentionally document its thin client URI behavior."
|
|
}
|
|
]
|
|
}
|