[CIN-685] update copyright header for 2025

[azakrzewski-hy]

Update copyright header from:
Copyright (C) 2023 - 2024 Alfresco Software Limited
into:
Copyright (C) 2023 - 2025 Alfresco Software Limited
for files updated this year

[github-actions]

Scan Summary:
PIPELINE_SCAN_VERSION: 24.12.1-0
DEV-STAGE: DEVELOPMENT
PROJECT-NAME: hxinsight-connector
SCAN_ID: 82917175-588c-4734-a462-84f7622641e6
SCAN_STATUS: SUCCESS
SCAN_MESSAGE: Scan successful. Results size: 4388 bytes
====================
Analysis Successful.
====================

==========================
Found 6 Scannable modules.
==========================
alfresco-hxinsight-connector-bulk-ingester-1.0.2-SNAPSHOT-app.jar
alfresco-hxinsight-connector-hxinsight-extension-1.0.2-SNAPSHOT.jar
alfresco-hxinsight-connector-live-ingester-1.0.2-SNAPSHOT-app.jar
alfresco-hxinsight-connector-prediction-applier-1.0.2-SNAPSHOT-app.jar
JS files within spring-security-web-6.4.2.jar
JS files within alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip

===================
Analyzed 6 modules.
===================
alfresco-hxinsight-connector-bulk-ingester-1.0.2-SNAPSHOT-app.jar
alfresco-hxinsight-connector-hxinsight-extension-1.0.2-SNAPSHOT.jar
alfresco-hxinsight-connector-live-ingester-1.0.2-SNAPSHOT-app.jar
alfresco-hxinsight-connector-prediction-applier-1.0.2-SNAPSHOT-app.jar
JS files within spring-security-web-6.4.2.jar
JS files within alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip

==================
Analyzed 2 issues.
==================

details

--------------------------------
Found 1 issues of High severity.
--------------------------------
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): org/springframework/security/spring-security-webauthn.js:199
Details: This call to href() contains a cross-site scripting (XSS) flaw. The application populates the HTTP response with untrusted input, allowing an attacker to embed malicious content, such as Javascript code, which will be executed in the context of the victim's browser. XSS vulnerabilities are commonly exploited to steal or manipulate cookies, modify presentation of content, and compromise confidential information, with new attack vectors being discovered on a regular basis. Use contextual escaping on all untrusted data before using it to construct any portion of an HTTP response. The escaping method should be chosen based on the specific use case of the untrusted data, otherwise it may not protect fully against the attack. For example, if the data is being written to the body of an HTML page, use HTML entity escaping; if the data is being written to an attribute, use attribute escaping; etc. Both the OWASP Java Encoder library and the Microsoft AntiXSS library provide contextual escaping methods. For more details on contextual escaping, see https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md. In addition, as a best practice, always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. References: CWE OWASP Supported Cleansers
https://downloads.veracode.com/securityscan/cwe/v4/java/80.html
----------------------------------
Found 1 issues of Medium severity.
----------------------------------
CWE-601: URL Redirection to Untrusted Site ('Open Redirect'): org/springframework/security/spring-security-webauthn.js:199
Details: This call to href() contains a URL redirection to untrusted site flaw. Writing untrusted input into a URL value could cause the web application to redirect the request to the specified URL, leading to phishing attempts to steal user credentials. Always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. References: CWE OWASP
https://downloads.veracode.com/securityscan/cwe/v4/java/601.html

Total flaws found: 2, New flaws found: 2 as compared to baseline


========================
FAILURE: Found 2 issues!
========================

[07 Jan 2025 14:14:51,0330] PIPELINE-SCAN INFO: Writing Scan Summary to file '/home/runner/work/hxinsight-connector/hxinsight-connector/results.json'.

[tpage-alfresco]

This is fine, but I don't think it's necessary. You actually modified the files in 2024, you just merged the changes in 2025, so pre-commit ran on master and the build failed. I think it should pass again with the next commit to master because it will treat these as historical headers.

As a separate note I'm surprised the formatting changes to the files were allowed/required. At the very least I thought we insisted on annotations on their own lines.

[github-actions]

Scan Summary:
PIPELINE_SCAN_VERSION: 24.12.1-0
DEV-STAGE: DEVELOPMENT
PROJECT-NAME: hxinsight-connector
SCAN_ID: 097f81fc-0d65-47ad-b784-2a7c3f8d4a52
SCAN_STATUS: SUCCESS
SCAN_MESSAGE: Scan successful. Results size: 4388 bytes
====================
Analysis Successful.
====================

==========================
Found 6 Scannable modules.
==========================
alfresco-hxinsight-connector-bulk-ingester-1.0.2-SNAPSHOT-app.jar
alfresco-hxinsight-connector-hxinsight-extension-1.0.2-SNAPSHOT.jar
alfresco-hxinsight-connector-live-ingester-1.0.2-SNAPSHOT-app.jar
alfresco-hxinsight-connector-prediction-applier-1.0.2-SNAPSHOT-app.jar
JS files within spring-security-web-6.4.2.jar
JS files within alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip

===================
Analyzed 6 modules.
===================
alfresco-hxinsight-connector-bulk-ingester-1.0.2-SNAPSHOT-app.jar
alfresco-hxinsight-connector-hxinsight-extension-1.0.2-SNAPSHOT.jar
alfresco-hxinsight-connector-live-ingester-1.0.2-SNAPSHOT-app.jar
alfresco-hxinsight-connector-prediction-applier-1.0.2-SNAPSHOT-app.jar
JS files within spring-security-web-6.4.2.jar
JS files within alfresco-hxinsight-connector-distribution-1.0.2-SNAPSHOT.zip

==================
Analyzed 2 issues.
==================

details

--------------------------------
Found 1 issues of High severity.
--------------------------------
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS): org/springframework/security/spring-security-webauthn.js:199
Details: This call to href() contains a cross-site scripting (XSS) flaw. The application populates the HTTP response with untrusted input, allowing an attacker to embed malicious content, such as Javascript code, which will be executed in the context of the victim's browser. XSS vulnerabilities are commonly exploited to steal or manipulate cookies, modify presentation of content, and compromise confidential information, with new attack vectors being discovered on a regular basis. Use contextual escaping on all untrusted data before using it to construct any portion of an HTTP response. The escaping method should be chosen based on the specific use case of the untrusted data, otherwise it may not protect fully against the attack. For example, if the data is being written to the body of an HTML page, use HTML entity escaping; if the data is being written to an attribute, use attribute escaping; etc. Both the OWASP Java Encoder library and the Microsoft AntiXSS library provide contextual escaping methods. For more details on contextual escaping, see https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md. In addition, as a best practice, always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. References: CWE OWASP Supported Cleansers
https://downloads.veracode.com/securityscan/cwe/v4/java/80.html
----------------------------------
Found 1 issues of Medium severity.
----------------------------------
CWE-601: URL Redirection to Untrusted Site ('Open Redirect'): org/springframework/security/spring-security-webauthn.js:199
Details: This call to href() contains a URL redirection to untrusted site flaw. Writing untrusted input into a URL value could cause the web application to redirect the request to the specified URL, leading to phishing attempts to steal user credentials. Always validate untrusted input to ensure that it conforms to the expected format, using centralized data validation routines when possible. References: CWE OWASP
https://downloads.veracode.com/securityscan/cwe/v4/java/601.html

Total flaws found: 2, New flaws found: 2 as compared to baseline


========================
FAILURE: Found 2 issues!
========================

[07 Jan 2025 14:53:39,0130] PIPELINE-SCAN INFO: Writing Scan Summary to file '/home/runner/work/hxinsight-connector/hxinsight-connector/results.json'.

[tpage-alfresco]

Agreed to close this PR as the files were actually changed in 2024.