[improve][sec] Suppress false positive OWASP reports (#19105)

Signed-off-by: tison <wander4096@gmail.com>
apache · Dec 29, 2022 · 62a2058 · 62a2058
1 parent a8da549
commit 62a2058
Showing 1 changed file with 23 additions and 43 deletions.
diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
@@ -37,6 +37,23 @@
         <vulnerabilityName regex="true">.*</vulnerabilityName>
     </suppress>
 
+    <suppress>
+        <notes><![CDATA[
+       file name: snakeyaml-1.32.jar
+       ]]></notes>
+        <sha1>e80612549feb5c9191c498de628c1aa80693cf0b</sha1>
+        <cve>CVE-2022-1471</cve>
+    </suppress>
+
+    <!-- influxdb dependencies -->
+    <suppress>
+        <notes><![CDATA[
+       file name: msgpack-core-0.9.0.jar
+       ]]></notes>
+        <sha1>87d9ce0b22de48428fa32bb8ad476e18b6969548</sha1>
+        <cve>CVE-2022-41719</cve>
+    </suppress>
+
     <!-- see https://github.com/apache/pulsar/pull/16110 -->
     <suppress>
         <notes><![CDATA[
@@ -375,65 +392,29 @@
     <!-- debezium-related misdetections -->
     <suppress>
         <notes><![CDATA[
-       file name: debezium-connector-mysql-1.9.5.Final.jar
+       file name: debezium-connector-mysql-1.9.7.Final.jar
        ]]></notes>
-        <sha1>b725e5577ba687fab8345b3a08f028bcca4ce17e</sha1>
-        <cve>CVE-2010-1626</cve>
-        <cve>CVE-2009-4028</cve>
-        <cve>CVE-2007-1420</cve>
-        <cve>CVE-2007-5925</cve>
-        <cve>CVE-2007-2691</cve>
-        <cve>CVE-2009-0819</cve>
-        <cve>CVE-2010-1621</cve>
-        <cve>CVE-2010-3677</cve>
-        <cve>CVE-2010-3682</cve>
-        <cve>CVE-2012-5627</cve>
-        <cve>CVE-2015-2575</cve>
+        <sha1>74c623b4a9b231e2f0e8f6053b38abd3bc487ce2</sha1>
         <cve>CVE-2017-15945</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
-       file name: mysql-binlog-connector-java-0.25.6.jar
+       file name: mysql-binlog-connector-java-0.27.2.jar
        ]]></notes>
-        <sha1>af20d92757ee9de6c289c46189bd9350e50e7ad3</sha1>
-        <cve>CVE-2007-1420</cve>
-        <cve>CVE-2007-2691</cve>
-        <cve>CVE-2007-5925</cve>
-        <cve>CVE-2009-0819</cve>
-        <cve>CVE-2009-4028</cve>
-        <cve>CVE-2010-1621</cve>
-        <cve>CVE-2010-1626</cve>
-        <cve>CVE-2010-3677</cve>
-        <cve>CVE-2010-3682</cve>
-        <cve>CVE-2012-5627</cve>
-        <cve>CVE-2015-2575</cve>
+        <sha1>23294cd730e29c00b8ddfbde517dfc955aba090f</sha1>
         <cve>CVE-2017-15945</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
-       file name: debezium-connector-postgres-1.9.5.Final.jar
+       file name: debezium-connector-postgres-1.9.7.Final.jar
        ]]></notes>
-        <sha1>c21d9db465caa2da9780fba0d07d3023b0e2fe46</sha1>
-        <cve>CVE-2007-2138</cve>
-        <cve>CVE-2010-0733</cve>
-        <cve>CVE-2014-0060</cve>
-        <cve>CVE-2014-0061</cve>
-        <cve>CVE-2014-0062</cve>
-        <cve>CVE-2014-0063</cve>
-        <cve>CVE-2014-0064</cve>
-        <cve>CVE-2014-0065</cve>
-        <cve>CVE-2014-0066</cve>
-        <cve>CVE-2014-0067</cve>
-        <cve>CVE-2014-8161</cve>
+        <sha1>300ff0bbf795643e914b7c8a6d6ba812a8354d62</sha1>
         <cve>CVE-2015-0241</cve>
         <cve>CVE-2015-0242</cve>
         <cve>CVE-2015-0243</cve>
         <cve>CVE-2015-0244</cve>
-        <cve>CVE-2015-3165</cve>
         <cve>CVE-2015-3166</cve>
         <cve>CVE-2015-3167</cve>
-        <cve>CVE-2015-5288</cve>
-        <cve>CVE-2015-5289</cve>
         <cve>CVE-2016-0766</cve>
         <cve>CVE-2016-0768</cve>
         <cve>CVE-2016-0773</cve>
@@ -449,7 +430,6 @@
         <cve>CVE-2019-10211</cve>
         <cve>CVE-2020-25694</cve>
         <cve>CVE-2020-25695</cve>
-        <cve>CVE-2021-3393</cve>
         <cve>CVE-2021-23214</cve>
     </suppress>
     <suppress>