Objective
Should the Contrast Java agent's analysis report False-Positive findings for the Hardcoded Cryptographic Key or Hardcoded Password rules. These findings may be excluded via the following process for Java agent version 6.20.1 or newer.
Process
Add the appropriate property via one of the following agent configurations, with a comma-delimited list of the packages and/or classes to be excluded from the findings for these rules.
.yaml config:
agent:
java:
assess:
rules:
hardcoded_key_exclusion: these.are.your.JavaClasses,that.are.to.BeExcluded
hardcoded_password_exclusion: these.are.your.JavaClasses,that.are.to.BeExcluded
Environment variable:
CONTRAST__AGENT__JAVA__ASSESS__RULES__HARDCODED_KEY_EXCLUSION=these.are.your.JavaClasses,that.are.to.BeExcluded CONTRAST__AGENT__JAVA__ASSESS__RULES__HARDCODED_PASSWORD_EXCLUSION=these.are.your.JavaClasses,that.are.to.BeExcluded
System property:
-Dcontrast.agent.java.assess.rules.hardcoded_key_exclusion=these.are.your.JavaClasses,that.are.to.BeExcluded -Dcontrast.agent.java.assess.rules.hardcoded_password_exclusion=these.are.your.JavaClasses,that.are.to.BeExcluded
Once the appropriate property has been configured, restart your application server and the Contrast agent should no longer report the findings for the excluded packages/classes.