diff options
| author | Albin <albin@mullvad.net> | 2024-07-02 12:37:30 +0200 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2024-07-09 07:27:44 +0200 |
| commit | bcd6bb9279d6bf313eb2215f42f7981752f2bb16 (patch) | |
| tree | 6b52b9eec1e2cc4dee59da20fefc5ef6d212bb29 | |
| parent | c4425f266b821b7e911ae7eb2012b5f64a79f1c2 (diff) | |
| download | mullvadvpn-bcd6bb9279d6bf313eb2215f42f7981752f2bb16.tar.xz mullvadvpn-bcd6bb9279d6bf313eb2215f42f7981752f2bb16.zip | |
Ignore android vulnerabilities reported by osv-scanner
Temporarily ignoring all reported android vulnerabilites
with a one month deadline for osv-scanner that we are
adding to our suite of tools. The reason for this is that
we plan to examine the vulnerabilites and bootstrap this
file with proper ignore reasons (or address by bumping
dependencies).
Also worth mentioning that we're already using the OWASP
Dependency-Check tool for the android code base as of
before.
| -rw-r--r-- | android/gradle/osv-scanner.toml | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/android/gradle/osv-scanner.toml b/android/gradle/osv-scanner.toml new file mode 100644 index 0000000000..25ca2747a1 --- /dev/null +++ b/android/gradle/osv-scanner.toml @@ -0,0 +1,89 @@ +# See repository root `osv-scanner.toml` for instructions and rules for this file. +# +# Temporarily ignoring all reported android vulnerabilites with a one month deadline +# since we plan to examine the vulnerabilites and bootstrap this file with proper +# ignore reasons (or address by bumping dependencies). +# +# Also worth mentioning that we're already using the OWASP Dependency-Check tool +# for the android code base as of before. + +[[IgnoredVulns]] +id = "CVE-2022-45868" # GHSA-22wj-vf5f-wrvj +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2023-3635" # GHSA-w33c-445m-f8w7 +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2024-29025" # GHSA-5jpm-x58v-624v +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2023-44487" # GHSA-xpw8-rcwv-8f8p +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2023-34462" # GHSA-6mjq-h674-j845 +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2024-26308" # GHSA-4265-ccf5-phj5 +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2024-25710" # GHSA-4g9r-vxhx-9pgx +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2020-13956" # GHSA-7r82-7xv7-xcpj +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2023-51775" # GHSA-6qvw-249j-h44c +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2023-31582" # GHSA-7g24-qg88-p43q +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "GHSA-jgvc-jfgh-rjvv" +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[IgnoredVulns]] +id = "CVE-2022-24329" # GHSA-2qp4-g3q3-f92w +ignoreUntil = 2024-08-02 +reason = "See top comment" + +[[PackageOverrides]] +name = "org.bouncycastle:bcprov-jdk15on" +ecosystem = "Maven" +ignore = true +effectiveUntil = 2024-08-02 +reason = "See top comment" + +[[PackageOverrides]] +name = "org.bouncycastle:bcprov-jdk18on" +ecosystem = "Maven" +ignore = true +effectiveUntil = 2024-08-02 +reason = "See top comment" + +[[PackageOverrides]] +name = "org.bouncycastle:bcpkix-jdk18on" +ecosystem = "Maven" +ignore = true +effectiveUntil = 2024-08-02 +reason = "See top comment" |