From 65d00c705cc56185c6dd9678f860b3d0415caba6 Mon Sep 17 00:00:00 2001
From: Tejaswini Bandlamudi <96047043+tejaswini-imply@users.noreply.github.com>
Date: Thu, 21 Apr 2022 21:18:20 +0530
Subject: [PATCH] Supress CVE 2022 26612 (#12463)

* supress CVE-2022-26612

* adding packageUrl

* suppressing CVE-2022-26612

* adding packageUrl

* moving to hadoop section
---
 owasp-dependency-check-suppressions.xml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index abc05abead5..5abf35737ff 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -320,12 +320,14 @@
      <cve>CVE-2018-8029</cve>
   </suppress>
   <suppress>
+     <!-- Suppress cves that aren't applicable to hadoop client -->
      <notes><![CDATA[
      file name: hadoop-*-2.8.5.jar
      ]]></notes>
      <packageUrl regex="true">^pkg:maven/org\.apache\.hadoop/hadoop\-.*@.*$</packageUrl>
      <cve>CVE-2018-11765</cve>
      <cve>CVE-2020-9492</cve>
+     <cve>CVE-2022-26612</cve>
   </suppress>
   <suppress>
     <notes><![CDATA[
@@ -479,4 +481,5 @@
     <packageUrl regex="true">^pkg:maven/org\.asynchttpclient/async-http-client-netty-utils@2.5.3$</packageUrl>
     <cve>CVE-2021-43138</cve>
   </suppress>
+
 </suppressions>