From fd0abd906664520597f6a39dd8a04ebffaedecc2 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sun, 7 May 2017 10:14:50 -0400
Subject: [PATCH] updated test cases for FP

---
 .../dependencycheck-base-suppression.xml      |  9 ++++
 .../src/it/false-positives/pom.xml            | 46 ++++++++++++++++++-
 .../src/it/false-positives/postbuild.groovy   | 10 ----
 3 files changed, 54 insertions(+), 11 deletions(-)

diff --git a/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml b/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
index b4c75e316..b2f0a6db6 100644
--- a/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
+++ b/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
@@ -584,4 +584,13 @@
         <cpe>cpe:/a:pivotal:spring_framework</cpe>
         <cpe>cpe:/a:pivotal_software:spring_framework</cpe>
      </suppress>
+     <suppress base="true">
+        <notes><![CDATA[
+        False positive per issue #700
+        ]]></notes>
+        <gav regex="true">^org\.springframework\.cloud:spring-cloud-.*$</gav>
+        <cpe>cpe:/a:pivotal:spring_framework</cpe>
+        <cpe>cpe:/a:pivotal_software:spring_framework</cpe>
+        <cpe>cpe:/a:context_project:context</cpe>
+     </suppress>
 </suppressions>
diff --git a/dependency-check-maven/src/it/false-positives/pom.xml b/dependency-check-maven/src/it/false-positives/pom.xml
index 646ca1a47..079ab7818 100644
--- a/dependency-check-maven/src/it/false-positives/pom.xml
+++ b/dependency-check-maven/src/it/false-positives/pom.xml
@@ -22,6 +22,19 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
     <artifactId>test-dataformat-jackson</artifactId>
     <version>1.0.0-SNAPSHOT</version>
     <packaging>jar</packaging>
+    <repositories>
+        <repository>
+            <id>redhat</id>
+            <name>redhat</name>
+            <url>https://maven.repository.redhat.com/ga/</url>
+        </repository>
+        <repository>
+            <id>spring</id>
+            <name>spring</name>
+            <url>http://repo.spring.io/plugins-release/</url>
+        </repository>
+    </repositories>
+    
 	<dependencies>
 		<!-- False Positives from issue #642 -->
 		<dependency>
@@ -29,6 +42,37 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
 			<artifactId>spring-boot</artifactId>
 			<version>1.4.3.RELEASE</version>
 		</dependency>
-		<!-- end issue #642 -->
+		<!-- End Issue #642 -->
+        <!-- False Positives from issue #699 -->
+        <dependency>
+            <groupId>com.splunk</groupId>
+            <artifactId>splunk</artifactId>
+            <version>1.6.2.0</version>
+        </dependency>
+        <!-- End Issue #699 -->
+        <!-- False Positives from issue #700 -->
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-netflix-core</artifactId>
+            <version>1.2.5.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-commons</artifactId>
+            <version>1.1.7.RELEASE</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-context</artifactId>
+            <version>1.1.7.RELEASE</version>
+        </dependency>
+        <!-- End Issue #700 -->
+        <!-- False Positives from issue #713 -->
+        <dependency>
+            <groupId>org.openid4java</groupId>
+            <artifactId>openid4java</artifactId>
+            <version>0.9.7</version>
+        </dependency>
+        <!-- End Issue #713 -->
 	</dependencies>
 </project>
\ No newline at end of file
diff --git a/dependency-check-maven/src/it/false-positives/postbuild.groovy b/dependency-check-maven/src/it/false-positives/postbuild.groovy
index 4ce83a609..7c58af5af 100644
--- a/dependency-check-maven/src/it/false-positives/postbuild.groovy
+++ b/dependency-check-maven/src/it/false-positives/postbuild.groovy
@@ -20,16 +20,6 @@ import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang.StringUtils;
 import java.nio.charset.Charset;
  
-// Save NVD-CVE for next IT (if not already done)
-File datasDwl = new File("target/local-repo/org/owasp/dependency-check-data/3.0", "dc.h2.db");
-File datasSave = new File("target/nvd-cve-backup", "dc.h2.db");
-if (datasDwl.exists() && !datasSave.exists()){
-    System.out.println("Save NVD-CVE into backup");
-    FileUtils.copyFile(datasDwl, datasSave);    
-}
-
-
-
 
 // Check to see if jackson-dataformat-xml-2.4.5.jar was identified.
 //TODO change this to xpath and check for CVE-2016-3720