Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
coolbeer
/
cryptomator
kopia lustrzana https://github.com/cryptomator/cryptomator.git
1
0
Forkuj 0
Pliki Problemy 0 Wiki
Drzewo: 4fda4a2b2e
Gałęzie Tagi
cryptomator
/
suppression.xml

suppression.xml 2.0 KB
Historia Czysty

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 
  1. <?xml version="1.0" encoding="UTF-8"?>
    2. 

  2. <!-- This file lists false positives found by org.owasp:dependency-check-maven build plugin -->
    3. 

  3. <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    4. 

  4. 	<suppress>
    5. 

  5. 		<notes><![CDATA[ Suppress known vulnerabilities in FUSE libraries for fuse-nio-adapter. For more info, see suppression.xml of https://github.com/cryptomator/fuse-nio-adapter ]]></notes>
    6. 

  6. 		<gav regex="true">^org\.cryptomator:fuse-nio-adapter:.*$</gav>
    7. 

  7. 		<cvssBelow>9</cvssBelow>
    8. 

  8. 	</suppress>
    9. 

  9. 	<suppress>
    10. 

  10. 		<notes><![CDATA[ Suppress known vulnerabilities in FUSE libraries for jfuse (dependency of fuse-nio-adapter). ]]></notes>
    11. 

  11. 		<gav regex="true">^org\.cryptomator:jfuse.*$</gav>
    12. 

  12. 		<cvssBelow>9</cvssBelow>
    13. 

  13. 	</suppress>
    14. 

  14. 

  15. 	<!-- Jetty false positives below -->
    16. 

  16. 	<suppress>
    17. 

  17. 		<notes><![CDATA[
    18. 

  18. 		Suppress all for this javax.servlet api package:
    19. 

  19. 		There are lots of false positives, simply because its version number is way beyond the remaining
    20. 

  20. 		org.eclipse.jetty jar files. Note, that our actual Jetty version is different.
    21. 

  21. 

  22. 		As long as we don't suppress anything in org.eclipse.jetty:jetty-server or :jetty-servlet,
    23. 

  23. 		vulnerabilities will still trigger if we actually use an outdated Jetty version.
    24. 

  24. 		]]></notes>
    25. 

  25. 		<gav>org.eclipse.jetty.toolchain:jetty-servlet-api:4.0.6</gav>
    26. 

  26. 		<cpe regex="true">.*</cpe>
    27. 

  27. 	</suppress>
    28. 

  28. 

  29. 	<suppress>
    30. 

  30. 		<notes><![CDATA[
    31. 

  31.         Incorrectly matched CPE, see https://github.com/jeremylong/DependencyCheck/issues/4177git
    32. 

  32.       ]]></notes>
    33. 

  33. 		<gav regex="true">^org\.cryptomator:.*$</gav>
    34. 

  34. 		<cpe>cpe:/a:cryptomator:cryptomator</cpe>
    35. 

  35. 		<cve>CVE-2022-25366</cve>
    36. 

  36. 	</suppress>
    37. 

  37. 

  38. 	<!-- Apache Commons-cli false positives below -->
    39. 

  39. 	<suppress>
    40. 

  40. 		<notes><![CDATA[
    41. 

  41. 			False positive for commons-cli due, see https://github.com/jeremylong/DependencyCheck/pull/4148
    42. 

  42. 		]]></notes>
    43. 

  43. 		<gav regex="true">^commons\-cli:commons\-cli:.*$</gav>
    44. 

  44. 		<cpe>cpe:/a:apache:james</cpe>
    45. 

  45. 		<!-- while we are at it exclude also these fp -->
    46. 

  46. 		<cpe>cpe:/a:spirit-project:spirit</cpe>
    47. 

  47. 		<cpe>cpe:/a:apache:commons_net</cpe>
    48. 

  48. 	</suppress>
    49. 

  49. </suppressions>
    50.