You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by ji...@apache.org on 2022/09/20 07:04:30 UTC

[pulsar] 02/02: [cleanup][owasp] Supress false positive netty-tcnative (#17282)

This is an automated email from the ASF dual-hosted git repository.

jianghaiting pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git

commit d2793e4618de06ac0d3a670e28d16d0beb045248
Author: Nicolò Boschi <bo...@gmail.com>
AuthorDate: Mon Aug 29 08:45:25 2022 +0200

    [cleanup][owasp] Supress false positive netty-tcnative (#17282)
    
    (cherry picked from commit 409bb128102308da188f28b49adf7da8bb58ea2a)
---
 src/owasp-dependency-check-false-positives.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/owasp-dependency-check-false-positives.xml b/src/owasp-dependency-check-false-positives.xml
index dc14e83c685..213bf94371d 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -54,6 +54,13 @@
     <packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
     <cpe>cpe:/a:netty:netty</cpe>
   </suppress>
+  <suppress>
+    <notes><![CDATA[
+   file name: netty-tcnative-boringssl-static-2.0.52.Final-osx-aarch_64.jar
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-boringssl\-static@.*$</packageUrl>
+    <cpe>cpe:/a:chromium_project:chromium</cpe>
+  </suppress>
 
   <!-- CVE-2021-23214 is about PostGre server -->
   <suppress>