You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by an...@apache.org on 2019/01/03 15:33:01 UTC

[zookeeper] branch master updated: ZOOKEEPER-3217: owasp job flagging slf4j on trunk

This is an automated email from the ASF dual-hosted git repository.

andor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new 4a8fda7  ZOOKEEPER-3217: owasp job flagging slf4j on trunk
4a8fda7 is described below

commit 4a8fda7031d68236441b13bd878936b2607c5244
Author: Enrico Olivelli - Diennea <eo...@apache.org>
AuthorDate: Thu Jan 3 16:32:46 2019 +0100

    ZOOKEEPER-3217: owasp job flagging slf4j on trunk
    
    Disable OWASP checks about slf4j.
    We are not using EventData, so ZooKeeper is not subject to https://nvd.nist.gov/vuln/detail/CVE-2018-8088
    
    Author: Enrico Olivelli - Diennea <eo...@apache.org>
    Author: Enrico Olivelli <eo...@apache.org>
    
    Reviewers: phunt@apache.org, andor@apache.org
    
    Closes #736 from eolivelli/fix/ZOOKEEPER-3217-owasp and squashes the following commits:
    
    7dd4473a1 [Enrico Olivelli] Add missing license header
    dc9bd75cd [Enrico Olivelli - Diennea] ZOOKEEPER-3217 owasp job flagging slf4j on trunk
---
 build.xml             |  1 +
 owaspSuppressions.xml | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/build.xml b/build.xml
index f8a0546..50bc94f 100644
--- a/build.xml
+++ b/build.xml
@@ -1705,6 +1705,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant">
                           reportoutputdirectory="${owasp.out.dir}"
                           reportformat="ALL"
                           failBuildOnCVSS="0">
+            <suppressionfile path="${basedir}/owaspSuppressions.xml" />
 
             <fileset dir="${ivy.lib}">
                 <include name="**/*.jar"/>
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
new file mode 100644
index 0000000..0165b9a
--- /dev/null
+++ b/owaspSuppressions.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
+   <suppress>
+      <!-- ZOOKEEPER-3217 -->
+      <cve>CVE-2018-8088</cve>
+   </suppress>
+</suppressions>