diff options
| author | Albin <albin@mullvad.net> | 2024-05-06 12:39:18 +0200 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2024-05-06 14:33:30 +0200 |
| commit | 1eba52c23f1b6dfa0887f8ac88dbbb1febdcb40e (patch) | |
| tree | 325ea96d33ebbf31252a419d041942ef744a3826 /android/test | |
| parent | c235dfc50b22e36bcb1e4228d0e9220c0b130663 (diff) | |
| download | mullvadvpn-1eba52c23f1b6dfa0887f8ac88dbbb1febdcb40e.tar.xz mullvadvpn-1eba52c23f1b6dfa0887f8ac88dbbb1febdcb40e.zip | |
Remove outdated suppression rules
Diffstat (limited to 'android/test')
| -rw-r--r-- | android/test/test-suppression.xml | 109 |
1 files changed, 0 insertions, 109 deletions
diff --git a/android/test/test-suppression.xml b/android/test/test-suppression.xml index adebd4c116..2e379e9062 100644 --- a/android/test/test-suppression.xml +++ b/android/test/test-suppression.xml @@ -1,97 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <!-- - CVEs in the e2e project are deemed less severe than CVEs in the main projects as CVEs in the e2e - project doesn't affect release or debug versions of the app. - --> - <suppress until="2023-06-01Z"> - <notes><![CDATA[ - This CVE is tracked externally and is therefore suppressed in the automatic audit checks. - ]]></notes> - <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-java@.*$</packageUrl> - <cve>CVE-2022-3171</cve> - <cve>CVE-2022-3509</cve> - <cve>CVE-2022-3510</cve> - <cve>CVE-2021-22569</cve> - </suppress> - <suppress until="2023-06-01Z"> - <notes><![CDATA[ - These CVEs affects the Apache Commons Net's FTP client that this app doesn't use. - https://www.openwall.com/lists/oss-security/2022/12/03/1 - - File names: - - commons-beanutils-1.9.4.jar - - commons-collections-3.2.2.jar - - commons-digester-2.1.jar - - commons-logging-1.2.jar - - commons-validator-1.7.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl> - <cve>CVE-2021-37533</cve> - </suppress> - <suppress until="2023-06-01Z"> - <notes><![CDATA[ - This CVE is tracked externally and is therefore suppressed in the automatic audit checks. - https://nvd.nist.gov/vuln/detail/CVE-2021-29425 - - File name: commons-io-2.4.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$</packageUrl> - <cve>CVE-2021-29425</cve> - </suppress> - <suppress until="2023-06-01Z"> - <notes><![CDATA[ - These CVEs are tracked externally and is therefore suppressed in the automatic audit checks. - ]]></notes> - <packageUrl regex="true">^pkg:maven/io\.netty/netty\-.*@.*$</packageUrl> - <cve>CVE-2021-37136</cve> - <cve>CVE-2021-37137</cve> - <cve>CVE-2021-43797</cve> - <cve>CVE-2021-21295</cve> - <cve>CVE-2021-21409</cve> - <cve>CVE-2021-21290</cve> - <cve>CVE-2022-24823</cve> - <cve>CVE-2022-41881</cve> - <cve>CVE-2022-41915</cve> - </suppress> - <suppress until="2023-06-01Z"> - <notes><![CDATA[ - This CVE is tracked externally and is therefore suppressed in the automatic audit checks. - https://nvd.nist.gov/vuln/detail/CVE-2022-25647 - - File name: gson-2.8.6.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/com\.google\.code\.gson/gson@.*$</packageUrl> - <cve>CVE-2022-25647</cve> - </suppress> - <suppress until="2023-06-01Z"> - <notes><![CDATA[ - This CVE only affect Multiplatform Gradle Projects, which this project is not. - https://nvd.nist.gov/vuln/detail/CVE-2022-24329 - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib.*@.*$</packageUrl> - <cve>CVE-2022-24329</cve> - </suppress> - <suppress until="2023-06-01Z"> - <notes><![CDATA[ - This CVE is limited to processing of screenshots, which this app doesn't use. - https://nvd.nist.gov/vuln/detail/CVE-2021-4277 - - File name: legacy-support-core-utils-1.0.0.aar - ]]></notes> - <packageUrl regex="true">^pkg:maven/androidx\.legacy/legacy\-support\-core\-utils@.*$</packageUrl> - <cve>CVE-2021-4277</cve> - </suppress> - <suppress until="2023-06-01Z"> - <notes><![CDATA[ - This CVE is limited to processing of screenshots, which this app doesn't use. - https://nvd.nist.gov/vuln/detail/CVE-2021-4277 - - File name: common-30.3.1.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/com\.android\.tools/common@.*$</packageUrl> - <cve>CVE-2021-4277</cve> - </suppress> <suppress until="2024-06-01Z"> <notes><![CDATA[ This CVE only affect the leakCanary build type which is limited to memory leak testing etc. @@ -102,14 +10,6 @@ <packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio.*@.*$</packageUrl> <cve>CVE-2023-3635</cve> </suppress> - <suppress until="2023-12-01Z"> - <notes><![CDATA[ - This CVE only affect certain test cases so suppressing until patched. - https://nvd.nist.gov/vuln/detail/CVE-2023-3782 - ]]></notes> - <packageUrl regex="true">^pkg:maven/com\.squareup\.okhttp3/.*@.*$</packageUrl> - <cve>CVE-2023-3782</cve> - </suppress> <suppress until="2024-09-01Z"> <notes><![CDATA[ False-positive related to Drupal rather than Android development. @@ -118,13 +18,4 @@ <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl> <cve>CVE-2014-9152</cve> </suppress> - <suppress until="2024-05-01Z"> - <notes><![CDATA[ - Suppressing since the affected function isn't used in this project. No upstream fixes - are available at the time of adding this suppression. - https://nvd.nist.gov/vuln/detail/CVE-2024-23080 - ]]></notes> - <packageUrl regex="true">^pkg:maven/joda-time/joda-time@.*$</packageUrl> - <cve>CVE-2024-23080</cve> - </suppress> </suppressions> |