Add suppression for graphql and kafka false positives (helidon-io#4989)

tomas-langer · Sep 29, 2022 · 45fe655 · 45fe655
1 parent 383661e
commit 45fe655
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/etc/dependency-check-suppression.xml b/etc/dependency-check-suppression.xml
@@ -337,5 +337,38 @@
    <cve>CVE-2022-37734</cve>
 </suppress>
 
+<!-- False Positive. This CVE is against graphql-java, not graphql-java-extended-scalars
+     See https://github.com/jeremylong/DependencyCheck/issues/4851
+-->
+<suppress>
+   <notes><![CDATA[
+   file name: graphql-java-extended-scalars-17.1.jar
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/com\.graphql\-java/graphql\-java\-extended\-scalars@.*$</packageUrl>
+   <cve>CVE-2022-37734</cve>
+</suppress>
+
+
+<!-- False Positive. This CVE is against graphql-java, not java-dataloader
+     See https://github.com/jeremylong/DependencyCheck/issues/4851
+-->
+<suppress>
+   <notes><![CDATA[
+   file name: java-dataloader-3.1.0.jar
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/com\.graphql\-java/java\-dataloader@.*$</packageUrl>
+   <cve>CVE-2022-37734</cve>
+</suppress>
+
+<!-- False Postive. This CVE is against the kafka server. This is the kafka client
+-->
+<suppress>
+   <notes><![CDATA[
+   file name: kafka-clients-2.8.1.jar
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/org\.apache\.kafka/kafka\-clients@.*$</packageUrl>
+   <cve>CVE-2022-34917</cve>
+</suppress>
+
 
 </suppressions>