Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

skip org.owasp:dependency-check on extensions-contrib modules and suppress false-positive gRPC CVEs (#15026)

This commit is contained in:
Tejaswini Bandlamudi 2023-09-25 12:14:42 +05:30 committed by GitHub
parent 0850e615b2
commit 48b6d2abf9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 281 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
extensions-contrib/aliyun-oss-extensions/pom.xml
View File

@ -168,6 +168,13 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

7
extensions-contrib/ambari-metrics-emitter/pom.xml
View File

@ -145,6 +145,13 @@
</ignoredUnusedDeclaredDependencies>
</configuration>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

11
extensions-contrib/cassandra-storage/pom.xml
View File

@ -173,4 +173,15 @@
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

11
extensions-contrib/cloudfiles-extensions/pom.xml
View File

@ -160,4 +160,15 @@
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/compressed-bigdecimal/pom.xml
View File

@ -142,4 +142,16 @@
<artifactId>jackson-annotations</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

11
extensions-contrib/distinctcount/pom.xml
View File

@ -101,4 +101,15 @@
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/dropwizard-emitter/pom.xml
View File

@ -114,4 +114,16 @@
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/druid-iceberg-extensions/pom.xml
View File

@ -357,4 +357,16 @@
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/gce-extensions/pom.xml
View File

@ -121,4 +121,16 @@
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/graphite-emitter/pom.xml
View File

@ -110,4 +110,16 @@
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

7
extensions-contrib/influx-extensions/pom.xml
View File

@ -120,6 +120,13 @@
<id>strict</id>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</profile>

12
extensions-contrib/influxdb-emitter/pom.xml
View File

@ -82,4 +82,16 @@
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/kafka-emitter/pom.xml
View File

@ -117,4 +117,16 @@
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

11
extensions-contrib/kubernetes-overlord-extensions/pom.xml
View File

@ -246,4 +246,15 @@
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

11
extensions-contrib/materialized-view-maintenance/pom.xml
View File

@ -128,4 +128,15 @@
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/materialized-view-selection/pom.xml
View File

@ -139,4 +139,16 @@
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/opentsdb-emitter/pom.xml
View File

@ -93,4 +93,16 @@
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/prometheus-emitter/pom.xml
View File

@ -115,4 +115,16 @@
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/redis-cache/pom.xml
View File

@ -116,5 +116,17 @@
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

11
extensions-contrib/sqlserver-metadata-storage/pom.xml
View File

@ -85,4 +85,15 @@
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/statsd-emitter/pom.xml
View File

@ -103,4 +103,16 @@
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

11
extensions-contrib/tdigestsketch/pom.xml
View File

@ -173,4 +173,15 @@
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

7
extensions-contrib/thrift-extensions/pom.xml
View File

@ -192,6 +192,13 @@
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

12
extensions-contrib/time-min-max/pom.xml
View File

@ -107,4 +107,16 @@
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

11
extensions-contrib/virtual-columns/pom.xml
View File

@ -86,4 +86,15 @@
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</build>
</project>

9
owasp-dependency-check-suppressions.xml
View File

@ -792,4 +792,13 @@
<packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio@1..*$</packageUrl>
<cve>CVE-2023-3635</cve> <!-- Suppressed since okio requests in Druid are internal, and not user-facing -->
</suppress>
<suppress>
<notes><![CDATA[
file name: grpc-context-1.27.2.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/io\.grpc/grpc-context@1.27.2$</packageUrl>
<cve>CVE-2023-4785</cve> <!-- Not applicable to gRPC Java - https://nvd.nist.gov/vuln/detail/CVE-2023-4785 -->
<cve>CVE-2023-33953</cve> <!-- Not applicable to gRPC Java - https://cloud.google.com/support/bulletins#gcp-2023-022 -->
</suppress>
</suppressions>