Skip to content

Commit

Permalink
CMR-5336,CMR-5314,CMR-5326,CMR-5328,CMR-5329,CMR-5330: Fix vulnerabil…
Browse files Browse the repository at this point in the history 
…ities.
  • Loading branch information
@CayvonH
CayvonH committed Mar 18, 2019
1 parent 772b0cf commit 566c8b6
Show file tree
Hide file tree
Showing 6 changed files with 214 additions and 0 deletions.
11 changes: 11 additions & 0 deletions acl-lib/resources/security/suppression.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--For non-false positives suppress with <suppress until="YYYY-MM-DD">...-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
<suppress>
<notes><![CDATA[
file name: clansi-1.0.0.jar
]]></notes>
<gav regex="true">^clansi:clansi:.*$</gav>
<cpe>cpe:/a:style_it_project:style_it</cpe>
</suppress>
</suppressions>
11 changes: 11 additions & 0 deletions elastic-utils-lib/resources/security/suppression.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--For non-false positives suppress with <suppress until="YYYY-MM-DD">...-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
<suppress>
<notes><![CDATA[
file name: clansi-1.0.0.jar
]]></notes>
<gav regex="true">^clansi:clansi:.*$</gav>
<cpe>cpe:/a:style_it_project:style_it</cpe>
</suppress>
</suppressions>
27 changes: 27 additions & 0 deletions spatial-lib/resources/security/suppression.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--For non-false positives suppress with <suppress until="YYYY-MM-DD">...-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
<suppress>
<notes><![CDATA[
file name: clansi-1.0.0.jar
]]></notes>
<gav regex="true">^clansi:clansi:.*$</gav>
<cpe>cpe:/a:style_it_project:style_it</cpe>
</suppress>

<!-- Suppressing git vulnerabilities -->
<suppress>
<notes><![CDATA[
file name: mathz-0.3.0.jar
]]></notes>
<gav regex="true">^net\.mikera:mathz:.*$</gav>
<cpe>cpe:/a:git_project:git</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: mathz-0.3.0.jar
]]></notes>
<gav regex="true">^net\.mikera:mathz:.*$</gav>
<cpe>cpe:/a:git:git</cpe>
</suppress>
</suppressions>
11 changes: 11 additions & 0 deletions transmit-lib/resources/security/suppression.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--For non-false positives suppress with <suppress until="YYYY-MM-DD">...-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
<suppress>
<notes><![CDATA[
file name: clansi-1.0.0.jar
]]></notes>
<gav regex="true">^clansi:clansi:.*$</gav>
<cpe>cpe:/a:style_it_project:style_it</cpe>
</suppress>
</suppressions>
77 changes: 77 additions & 0 deletions umm-lib/resources/security/suppression.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--For non-false positives suppress with <suppress until="YYYY-MM-DD">...-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
<suppress>
<notes><![CDATA[
file name: clansi-1.0.0.jar
]]></notes>
<gav regex="true">^clansi:clansi:.*$</gav>
<cpe>cpe:/a:style_it_project:style_it</cpe>
</suppress>

<!-- Suppressing git vulnerabilities -->
<suppress>
<notes><![CDATA[
file name: mathz-0.3.0.jar
]]></notes>
<gav regex="true">^net\.mikera:mathz:.*$</gav>
<cpe>cpe:/a:git_project:git</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: mathz-0.3.0.jar
]]></notes>
<gav regex="true">^net\.mikera:mathz:.*$</gav>
<cpe>cpe:/a:git:git</cpe>
</suppress>

<!-- Elasticsearch version < 1.6.1 suppressions:
The following suppressions all indicate vulnerabitlies in
elasticsearch before version 1.6.1. The version being used is 1.6.2
so they are false positives -->
<suppress>
<notes><![CDATA[
file name: cmr-elastic-utils-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-elastic-utils-lib:.*$</gav>
<cve>CVE-2014-3120</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: cmr-elastic-utils-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-elastic-utils-lib:.*$</gav>
<cve>CVE-2014-6439</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: cmr-elastic-utils-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-elastic-utils-lib:.*$</gav>
<cve>CVE-2015-1427</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: cmr-elastic-utils-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-elastic-utils-lib:.*$</gav>
<cve>CVE-2015-3337</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: cmr-elastic-utils-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-elastic-utils-lib:.*$</gav>
<cve>CVE-2015-5531</cve>
</suppress>

<!-- mintToken vulnerability. False positive, cmr does not do this. -->
<suppress>
<notes><![CDATA[
file name: cmr-common-app-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-common-app-lib:.*$</gav>
<cve>CVE-2018-13661</cve>
</suppress>
</suppressions>
77 changes: 77 additions & 0 deletions umm-spec-lib/resources/security/suppression.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--For non-false positives suppress with <suppress until="YYYY-MM-DD">...-->
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
<suppress>
<notes><![CDATA[
file name: clansi-1.0.0.jar
]]></notes>
<gav regex="true">^clansi:clansi:.*$</gav>
<cpe>cpe:/a:style_it_project:style_it</cpe>
</suppress>

<!-- Suppressing git vulnerabilities -->
<suppress>
<notes><![CDATA[
file name: mathz-0.3.0.jar
]]></notes>
<gav regex="true">^net\.mikera:mathz:.*$</gav>
<cpe>cpe:/a:git_project:git</cpe>
</suppress>
<suppress>
<notes><![CDATA[
file name: mathz-0.3.0.jar
]]></notes>
<gav regex="true">^net\.mikera:mathz:.*$</gav>
<cpe>cpe:/a:git:git</cpe>
</suppress>

<!-- Elasticsearch version < 1.6.1 suppressions:
The following suppressions all indicate vulnerabitlies in
elasticsearch before version 1.6.1. The version being used is 1.6.2
so they are false positives -->
<suppress>
<notes><![CDATA[
file name: cmr-elastic-utils-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-elastic-utils-lib:.*$</gav>
<cve>CVE-2014-3120</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: cmr-elastic-utils-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-elastic-utils-lib:.*$</gav>
<cve>CVE-2014-6439</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: cmr-elastic-utils-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-elastic-utils-lib:.*$</gav>
<cve>CVE-2015-1427</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: cmr-elastic-utils-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-elastic-utils-lib:.*$</gav>
<cve>CVE-2015-3337</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: cmr-elastic-utils-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-elastic-utils-lib:.*$</gav>
<cve>CVE-2015-5531</cve>
</suppress>

<!-- mintToken vulnerability. False positive, cmr does not do this. -->
<suppress>
<notes><![CDATA[
file name: cmr-common-app-lib-0.1.0-SNAPSHOT.jar
]]></notes>
<gav regex="true">^nasa-cmr:cmr-common-app-lib:.*$</gav>
<cve>CVE-2018-13661</cve>
</suppress>
</suppressions>

0 comments on commit 566c8b6

Please sign in to comment.