From 7ac9328710edc3fd9160f65f343856ade60ccf1f Mon Sep 17 00:00:00 2001
From: Rohan McGovern <rmcgover@redhat.com>
Date: Mon, 22 Jul 2024 13:06:39 +1000
Subject: [PATCH] safety: ignore irrelevant Jinja CVE

safety started to complain about CVE-2019-8341 in jinja.
The validity of the CVE is widely disputed, and in any case it is not
exploitable here, so add it to the ignored list.
---
 .safety-policy.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 .safety-policy.yml

diff --git a/.safety-policy.yml b/.safety-policy.yml
new file mode 100644
index 00000000..71098c32
--- /dev/null
+++ b/.safety-policy.yml
@@ -0,0 +1,15 @@
+security:
+  ignore-cvss-severity-below: 4
+  ignore-vulnerabilities:
+    70612:
+      # CVE-2019-8341, jinja2:
+      #
+      # In summary, the CVE says that it is unsafe to use untrusted
+      # user input as Jinja template sources as arbitrary code execution
+      # is possible. This should be obvious, so unsurprisingly Jinja
+      # maintainers and various third-parties reject/dispute the CVE,
+      # including Red Hat in https://bugzilla.redhat.com/show_bug.cgi?id=1677653
+      #
+      reason: >-
+        Not exploitable: user input is not used in any Jinja template sources
+  continue-on-vulnerability-error: False