-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathsuppression.xml
77 lines (76 loc) · 2.87 KB
/
suppression.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?xml version="1.0" encoding="UTF-8"?>
<!--
~
~ _ _ ____ ____
~ _____ _(_) |_ __ _| _ \| __ )
~ / _ \ \ / / | __/ _` | | | | _ \
~ | __/\ V /| | || (_| | |_| | |_) |
~ \___| \_/ |_|\__\__,_|____/|____/
~
~ Copyright (c) 2023
~
~ Licensed under the Business Source License, Version 1.1 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ https://github.com/FgForrest/evitaDB/blob/master/LICENSE
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<!--
Exclude file for Owasp dependency check
-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
Vulnerability suppression - false positives.
Should have been fixed a long ago:
- https://access.redhat.com/errata/RHSA-2017:3454
- https://issues.redhat.com/browse/UNDERTOW-2060
- https://issues.redhat.com/browse/UNDERTOW-2133
]]></notes>
<packageUrl>pkg:maven/io.undertow/undertow-core@2.3.0.Final</packageUrl>
<cve>CVE-2016-6311</cve>
<cve>CVE-2022-2053</cve>
<cve>CVE-2022-1319</cve>
</suppress>
<suppress>
<notes><![CDATA[
Vulnerability suppression - false positives.
Should have been fixed in GraphQL Java 19.0:
- https://github.com/graphql-java/graphql-java/issues/2888
]]></notes>
<packageUrl>pkg:maven/com.graphql-java/java-dataloader@3.2.0</packageUrl>
<cve>CVE-2022-37734</cve>
</suppress>
<suppress>
<notes><![CDATA[
Vulnerability suppression - false positives.
The tool wrongly mistakes JUnit with Fan-platform: https://github.com/github/securitylab/issues/669#issuecomment-1117265726
]]></notes>
<packageUrl regex="true">pkg:maven/org\.junit\..*?/junit-.*$</packageUrl>
<cve>CVE-2022-31514</cve>
</suppress>
<suppress>
<notes><![CDATA[
Vulnerability suppression - false positives.
The problems seem to be already fixed:
- https://github.com/grpc/grpc/pull/10353
- https://github.com/grpc/grpc-node/pull/1606
- https://github.com/grpc/grpc-node/pull/1605
- https://github.com/grpc/grpc/pull/9833
- https://github.com/grpc/grpc/pull/10492
- https://github.com/grpc/grpc/pull/9833
]]></notes>
<packageUrl regex="true">pkg:maven/io\.evitadb/(grpc_workaround_build|evita_external_api_grpc_shared|evita_external_api_grpc|evita_java_driver).*$</packageUrl>
<cve>CVE-2017-8359</cve>
<cve>CVE-2020-7768</cve>
<cve>CVE-2017-7861</cve>
<cve>CVE-2017-9431</cve>
<cve>CVE-2017-7860</cve>
</suppress>
</suppressions>