Skip to content

chore(fp): remove Glassfish server suppressions duplicated into generated/hosted suppressions #8604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
chadlwilson wants to merge 1 commit into
base: main
Choose a base branch
from
+2 −75
Open

chore(fp): remove Glassfish server suppressions duplicated into generated/hosted suppressions #8604

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 2 additions & 75 deletions core/src/main/resources/dependencycheck-base-suppression.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -820,10 +820,9 @@
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppresses false positives on Jersey core client.
Suppresses false positives on Jersey core client, including per issue #582
]]></notes>
<gav regex="true">(com\.sun\.jersey|org\.glassfish\.jersey\.core):jersey-(client|common):.*</gav>
<cpe>cpe:/a:oracle:glassfish:</cpe>
<packageUrl regex="true">^pkg:maven/(com\.sun\.jersey|org\.glassfish\.jersey).*$</packageUrl>
<cpe>cpe:/a:oracle:oracle_client:</cpe>
</suppress>
<suppress base="true">
Expand Down Expand Up @@ -1224,14 +1223,6 @@
<gav regex="true">com\.sun\.jersey\.contribs:jersey-apache-client.*</gav>
<cpe>cpe:/a:apache:httpclient:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppresses false positives on glassfish and grizzly. Updated per issue #672.
]]></notes>
<gav regex="true">org\.glassfish(\.(web|grizzly)):.*(json|faces|jstl|grizzly).*</gav>
<cpe>cpe:/a:oracle:glassfish:</cpe>
<cpe>cpe:/a:oracle:glassfish_server:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Akka FP per #2050
Expand Down Expand Up @@ -1600,28 +1591,6 @@
<gav regex="true">com.microsoft.bingads:microsoft.bingads:.*</gav>
<cpe>cpe:/a:microsoft:bing:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Oracle Jersey is flagged as glassfish.
]]></notes>
<gav regex="true">.*jersey.*</gav>
<cpe>cpe:/a:oracle:glassfish_server:</cpe>
<cpe>cpe:/a:oracle:glassfish:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Oracle HK2 is flagged as glassfish.
]]></notes>
<gav regex="true">.*\bhk2\b.*</gav>
<cpe>cpe:/a:oracle:glassfish:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
HK2-utils is flagged as glassfish.
]]></notes>
<filePath regex="true">.*\bhk2-utils.*\.jar</filePath>
<cpe>cpe:/a:oracle:glassfish:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: petals-se-camel-1.0.0.jar - false positive for apache camel.
Expand Down Expand Up @@ -1872,13 +1841,6 @@
<gav regex="true">io\.dropwizard\.metrics:metrics-httpclient:.*</gav>
<cpe>cpe:/a:apache:httpclient:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
javax.transaction and javax.annotation (#1629) false positives
]]></notes>
<gav regex="true">javax\.(annotation|transaction):javax\.(annotation|transaction)-api:.*</gav>
<cpe>cpe:/a:oracle:glassfish:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positives per #1630
Expand Down Expand Up @@ -2051,13 +2013,6 @@
<gav regex="true">^(?!org\.jenkins-ci\.main:jenkins-war).*$</gav>
<cpe>cpe:/a:jenkins:jenkins:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
filter out non-glassfish core
]]></notes>
<gav regex="true">^(?!org\.glassfish\.main\.core:glassfish).*$</gav>
<cpe>cpe:/a:oracle:glassfish:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Grizzly is not Async Http Client
Expand Down Expand Up @@ -2101,20 +2056,6 @@
<gav regex="true">^org\.apache\.wink:wink-json4j:.*$</gav>
<cpe>cpe:/a:wink:wink:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Glassfish false positives. Added jws per #1640
]]></notes>
<gav regex="true">^javax\.(jws|servlet):javax\.(jws|servlet)-api:.*$</gav>
<cpe>cpe:/a:oracle:glassfish:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Glassfish false positives.
]]></notes>
<gav regex="true">org\.glassfish:javax.el:.*</gav>
<cpe>cpe:/a:oracle:glassfish:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #5086
Expand Down Expand Up @@ -2248,13 +2189,6 @@
<gav regex="true">^(?!com.thoughtworks).*xstream.*$</gav>
<cpe>cpe:/a:x-stream:xstream:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positive per issue #582
]]></notes>
<gav regex="true">^org\.glassfish\.jersey\.ext:jersey-proxy-client:.*$</gav>
<cpe>cpe:/a:oracle:oracle_client:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positive per issue #777
Expand Down Expand Up @@ -2497,13 +2431,6 @@
<gav regex="true">^com\.vaadin\.external\.google:android-json:.*$</gav>
<cpe>cpe:/a:google:android:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
json library is not glassfish server.
]]></notes>
<gav regex="true">^org\.glassfish:javax\.json:.*$</gav>
<cpe>cpe:/a:oracle:glassfish:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: activerecord-oracle_enhanced-adapter-1.1.7.gemspec
Expand Down
Loading