Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-9975 Upgraded OWASP Dependency Check from 6.5.3 to 7.1.0 

- Removed unnecessary suppression configurations due to detection improvements

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #6004.
This commit is contained in:
exceptionfactory 2022-04-28 16:26:46 -05:00 committed by Pierre Villard
parent 569929269a
commit 2d5e24c0a2
No known key found for this signature in database
GPG Key ID: F92A93B30C07C6D5
2 changed files with 1 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nifi-dependency-check-maven/suppressions.xml
View File

@ -19,34 +19,14 @@
<packageUrl regex="true">^pkg:maven/org\.apache\.nifi.*$</packageUrl>
<cpe regex="true">^cpe:.*$</cpe>
</suppress>
<suppress>
<notes>Jetty Test Helper is incorrectly identified as part of Jetty Server</notes>
<packageUrl regex="true">^pkg:maven/org\.eclipse\.jetty\.toolchain/jetty-test-helper.*$</packageUrl>
<cpe regex="true">^cpe:.*$</cpe>
</suppress>
<suppress>
<notes>Apache FTP Server library is incorrectly identified with Apache HTTP Server</notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.ftpserver/ftpserver\-core@.*$</packageUrl>
<cpe>cpe:/a:apache:http_server</cpe>
</suppress>
<suppress>
<notes>Meta MX HTTP Client is incorrectly identified as Netty</notes>
<packageUrl regex="true">^pkg:maven/com\.metamx/http\-client@.*$</packageUrl>
<cpe>cpe:/a:netty:netty</cpe>
</suppress>
<suppress>
<notes>Servlet API libraries with the Jetty package are incorrectly associated with Jetty Server</notes>
<packageUrl regex="true">^pkg:maven/org\.mortbay\.jetty/servlet\-api@.*$</packageUrl>
<cpe regex="true">^cpe:/a:.*:jetty:.*$</cpe>
</suppress>
<suppress>
<notes>Testcontainers MySQL is incorrectly identified with MySQL server</notes>
<packageUrl regex="true">^pkg:maven/org\.testcontainers/mysql@.*$</packageUrl>
<cpe>cpe:/a:mysql:mysql</cpe>
</suppress>
<suppress>
<notes>Vorbis Java Tika is incorrectly linked to flac_project</notes>
<packageUrl regex="true">^pkg:maven/org\.gagravarr/vorbis\-java\-tika@.*$</packageUrl>
<cpe>cpe:/a:flac_project:flac</cpe>
</suppress>
</suppressions>

2
pom.xml
View File

@ -1205,7 +1205,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>6.5.3</version>
<version>7.1.0</version>
<executions>
<execution>
<inherited>false</inherited>