You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@knox.apache.org by kr...@apache.org on 2018/12/21 03:22:39 UTC

[knox] branch master updated: OWASP false positives

This is an automated email from the ASF dual-hosted git repository.

krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new 89fcabe  OWASP false positives
89fcabe is described below

commit 89fcabec45c2a80fa2f352a638a8b0110a2eaf92
Author: Kevin Risden <kr...@apache.org>
AuthorDate: Thu Dec 20 22:21:59 2018 -0500

    OWASP false positives
    
    Signed-off-by: Kevin Risden <kr...@apache.org>
---
 .../resources/build-tools/dependency-check/suppressions.xml   | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
index ed557c9..5074ddd 100644
--- a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
+++ b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
@@ -32,6 +32,12 @@ limitations under the License.
         <cve>CVE-2015-3250</cve> <!-- Already past 1.0.0-M30 -->
     </suppress>
     <suppress>
+        <notes><![CDATA[file name: apacheds-.*.jar]]></notes>
+        <gav regex="true">^org\.apache\.directory\.server:apacheds-.*$</gav>
+        <cpe>cpe:/a:apache:apache_http_server</cpe>
+        <cpe>cpe:/a:net-ldap_project:net-ldap</cpe>
+    </suppress>
+    <suppress>
         <notes><![CDATA[file name: gateway-.*.jar]]></notes>
         <gav regex="true">^org\.apache\.knox:gateway-.*:.*$</gav>
         <cpe>cpe:/a:apache:ambari</cpe>
@@ -94,6 +100,11 @@ limitations under the License.
         <cpe>cpe:/a:openid:openid</cpe>
     </suppress>
     <suppress>
+        <notes><![CDATA[slf4j-ext and EventData not used]]></notes>
+        <gav regex="true">^org\.slf4j:.*$</gav>
+        <cve>CVE-2018-8088</cve>
+    </suppress>
+    <suppress>
         <notes><![CDATA[file name: xz-.*.jar]]></notes>
         <gav regex="true">^org\.tukaani:xz:.*$</gav>
         <cve>CVE-2015-4035</cve>

Re: [knox] branch master updated: OWASP false positives

Posted by Kevin Risden <kr...@apache.org>.

Ah nice :) Thanks!

Kevin Risden

On Fri, Dec 21, 2018 at 7:07 AM Colm O hEigeartaigh <co...@apache.org> wrote:
>
> FYI I've already raised most of these here:
> https://github.com/jeremylong/DependencyCheck/issues
>
> Colm.
>
> On Fri, Dec 21, 2018 at 3:22 AM <kr...@apache.org> wrote:
>
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > krisden pushed a commit to branch master
> > in repository https://gitbox.apache.org/repos/asf/knox.git
> >
> >
> > The following commit(s) were added to refs/heads/master by this push:
> >      new 89fcabe  OWASP false positives
> > 89fcabe is described below
> >
> > commit 89fcabec45c2a80fa2f352a638a8b0110a2eaf92
> > Author:
Kevin Risden <kr...@apache.org>
> > AuthorDate: Thu Dec 20 22:21:59 2018 -0500
> >
> >     OWASP false positives
> >
> >     Signed-off-by: Kevin Risden <kr...@apache.org>
> > ---
> >  .../resources/build-tools/dependency-check/suppressions.xml   | 11
> > +++++++++++
> >  1 file changed, 11 insertions(+)
> >
> > diff --git
> > a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > index ed557c9..5074ddd 100644
> > ---
> > a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > +++
> > b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > @@ -32,6 +32,12 @@ limitations under the License.
> >          <cve>CVE-2015-3250</cve> <!-- Already past 1.0.0-M30 -->
> >      </suppress>
> >      <suppress>
> > +        <notes><![CDATA[file name: apacheds-.*.jar]]></notes>
> > +        <gav
> > regex="true">^org\.apache\.directory\.server:apacheds-.*$</gav>
> > +        <cpe>cpe:/a:apache:apache_http_server</cpe>
> > +        <cpe>cpe:/a:net-ldap_project:net-ldap</cpe>
> > +    </suppress>
> > +    <suppress>
> >          <notes><![CDATA[file name: gateway-.*.jar]]></notes>
> >          <gav regex="true">^org\.apache\.knox:gateway-.*:.*$</gav>
> >          <cpe>cpe:/a:apache:ambari</cpe>
> > @@ -94,6 +100,11 @@ limitations under the License.
> >          <cpe>cpe:/a:openid:openid</cpe>
> >      </suppress>
> >      <suppress>
> > +        <notes><![CDATA[slf4j-ext and EventData not used]]></notes>
> > +        <gav regex="true">^org\.slf4j:.*$</gav>
> > +        <cve>CVE-2018-8088</cve>
> > +    </suppress>
> > +    <suppress>
> >          <notes><![CDATA[file name: xz-.*.jar]]></notes>
> >          <gav regex="true">^org\.tukaani:xz:.*$</gav>
> >          <cve>CVE-2015-4035</cve>
> >
> >
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com

Re: [knox] branch master updated: OWASP false positives

Posted by Colm O hEigeartaigh <co...@apache.org>.

FYI I've already raised most of these here:
https://github.com/jeremylong/DependencyCheck/issues

Colm.

On Fri, Dec 21, 2018 at 3:22 AM <kr...@apache.org> wrote:

> This is an automated email from the ASF dual-hosted git repository.
>
> krisden pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/knox.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
>      new 89fcabe  OWASP false positives
> 89fcabe is described below
>
> commit 89fcabec45c2a80fa2f352a638a8b0110a2eaf92
> Author: Kevin Risden <kr...@apache.org>
> AuthorDate: Thu Dec 20 22:21:59 2018 -0500
>
>     OWASP false positives
>
>     Signed-off-by: Kevin Risden <kr...@apache.org>
> ---
>  .../resources/build-tools/dependency-check/suppressions.xml   | 11
> +++++++++++
>  1 file changed, 11 insertions(+)
>
> diff --git
> a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> index ed557c9..5074ddd 100644
> ---
> a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> +++
> b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> @@ -32,6 +32,12 @@ limitations under the License.
>          <cve>CVE-2015-3250</cve> <!-- Already past 1.0.0-M30 -->
>      </suppress>
>      <suppress>
> +        <notes><![CDATA[file name: apacheds-.*.jar]]></notes>
> +        <gav
> regex="true">^org\.apache\.directory\.server:apacheds-.*$</gav>
> +        <cpe>cpe:/a:apache:apache_http_server</cpe>
> +        <cpe>cpe:/a:net-ldap_project:net-ldap</cpe>
> +    </suppress>
> +    <suppress>
>          <notes><![CDATA[file name: gateway-.*.jar]]></notes>
>          <gav regex="true">^org\.apache\.knox:gateway-.*:.*$</gav>
>          <cpe>cpe:/a:apache:ambari</cpe>
> @@ -94,6 +100,11 @@ limitations under the License.
>          <cpe>cpe:/a:openid:openid</cpe>
>      </suppress>
>      <suppress>
> +        <notes><![CDATA[slf4j-ext and EventData not used]]></notes>
> +        <gav regex="true">^org\.slf4j:.*$</gav>
> +        <cve>CVE-2018-8088</cve>
> +    </suppress>
> +    <suppress>
>          <notes><![CDATA[file name: xz-.*.jar]]></notes>
>          <gav regex="true">^org\.tukaani:xz:.*$</gav>
>          <cve>CVE-2015-4035</cve>
>
>

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com