mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-19 01:57:06 +01:00
103 lines
4.2 KiB
XML
103 lines
4.2 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
This suppresses false positives identified on spring security.
|
|
]]></notes>
|
|
<gav regex="true">org\.springframework\.security:spring.*</gav>
|
|
<cpe>cpe:/a:mod_security:mod_security</cpe>
|
|
<cpe>cpe:/a:springsource:spring_framework</cpe>
|
|
<cpe>cpe:/a:vmware:springsource_spring_framework</cpe>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
This suppresses false positives identified on spring security.
|
|
]]></notes>
|
|
<filePath regex="true">.*spring-security-[^\\/]*\.jar$</filePath>
|
|
<cpe>cpe:/a:mod_security:mod_security</cpe>
|
|
<cpe>cpe:/a:springsource:spring_framework</cpe>
|
|
<cpe>cpe:/a:vmware:springsource_spring_framework</cpe>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
This suppreses additional false positives for the xstream library that occur because spring has a copy of this library.
|
|
com.springsource.com.thoughtworks.xstream-1.3.1.jar
|
|
]]></notes>
|
|
<gav regex="true">com\.thoughtworks\.xstream:xstream:.*</gav>
|
|
<cpe>cpe:/a:springsource:spring_framework</cpe>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
Suppresses false positives on velocity tools.
|
|
]]></notes>
|
|
<gav regex="true">org\.apache\.velocity:velocity-tools:.*</gav>
|
|
<cpe>cpe:/a:apache:struts</cpe>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
Sandbox is a php blog platform and should not be flagged as a CPE for java or .net dependencies.
|
|
]]></notes>
|
|
<filePath regex="true">.*\.(jar|dll|exe|ear|war|pom)</filePath>
|
|
<cpe>cpe:/a:sandbox:sandbox</cpe>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
Suppresses false positives on Jersey core client.
|
|
]]></notes>
|
|
<gav regex="true">(com\.sun\.jersey|org\.glassfish\.jersey\.core):jersey-(client|common):.*</gav>
|
|
<cpe>cpe:/a:oracle:glassfish</cpe>
|
|
<cpe>cpe:/a:oracle:oracle_client</cpe>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
Suppresses false positives on the grizzly-framework
|
|
]]></notes>
|
|
<gav regex="true">org\.glassfish\.grizzly:grizzly-framework:.*</gav>
|
|
<cpe>cpe:/a:oracle:glassfish</cpe>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
Suppresses false positives on the grizzly-framework
|
|
]]></notes>
|
|
<gav regex="true">org\.forgerock\.opendj:opendj-ldap-sdk:.*</gav>
|
|
<cpe>cpe:/a:ldap_project:ldap</cpe>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
Suppresses false positives on the org.opensaml:xmltooling
|
|
]]></notes>
|
|
<gav regex="true">org\.opensaml:xmltooling:.*</gav>
|
|
<cpe>cpe:/a:shibboleth:opensaml</cpe>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
Suppresses false positives on the org.opensaml:openws
|
|
]]></notes>
|
|
<gav regex="true">org\.opensaml:openws:.*</gav>
|
|
<cpe>cpe:/a:internet2:opensaml</cpe>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
Suppresses false positives on the org.opensaml:xmltooling
|
|
]]></notes>
|
|
<gav regex="true">org\.opensaml:xmltooling:.*</gav>
|
|
<cpe>cpe:/a:internet2:opensaml</cpe>
|
|
</suppress>
|
|
<suppress base="true">
|
|
<notes><![CDATA[
|
|
Suppresses false positives for python:python.
|
|
]]></notes>
|
|
<filePath regex="true">.*(\.(whl|egg)|\b(site|dist)-packages\b.*)</filePath>
|
|
<cpe>cpe:/a:python:python</cpe>
|
|
<cpe>cpe:/a:python_software_foundation:python</cpe>
|
|
<cpe>cpe:/a:class:class</cpe>
|
|
<cpe>cpe:/a:file:file</cpe>
|
|
<cpe>cpe:/a:gnupg:gnupg</cpe>
|
|
<cpe>cpe:/a:mongodb:mongodb</cpe>
|
|
<cpe>cpe:/a:mozilla:mozilla</cpe>
|
|
<cpe>cpe:/a:openssl:openssl</cpe>
|
|
<cpe>cpe:/a:sendfile:sendfile</cpe>
|
|
<cpe>cpe:/a:sendmail:sendmail</cpe>
|
|
<cpe>cpe:/a:yacc:yacc</cpe>
|
|
</suppress>
|
|
</suppressions> |