diff options
| author | Albin <albin@mullvad.net> | 2025-02-04 08:30:14 +0100 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2025-02-04 08:30:14 +0100 |
| commit | dfa97420077bc15807cc460ad6b97053caa5fde0 (patch) | |
| tree | 82e7cf53afd8453e3dad0077e4fd2cf6fc76d4ee /android/test | |
| parent | 8d8320b302a08613a2197ff81ef6e59f8c10301c (diff) | |
| download | mullvadvpn-dfa97420077bc15807cc460ad6b97053caa5fde0.tar.xz mullvadvpn-dfa97420077bc15807cc460ad6b97053caa5fde0.zip | |
Remove OWASP dependency check plugin
The OWASP DependencyCheck plugin has been replaced
with `osv-scanner` which covers our use-case.
Diffstat (limited to 'android/test')
| -rw-r--r-- | android/test/e2e/build.gradle.kts | 9 | ||||
| -rw-r--r-- | android/test/mockapi/build.gradle.kts | 9 | ||||
| -rw-r--r-- | android/test/test-suppression.xml | 29 |
3 files changed, 0 insertions, 47 deletions
diff --git a/android/test/e2e/build.gradle.kts b/android/test/e2e/build.gradle.kts index 500a1e27cd..5fc0c600cf 100644 --- a/android/test/e2e/build.gradle.kts +++ b/android/test/e2e/build.gradle.kts @@ -136,15 +136,6 @@ androidComponents { } } -configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> { - // Skip the lintClassPath configuration, which relies on many dependencies that has been flagged - // to have CVEs, as it's related to the lint tooling rather than the project's compilation class - // path. The alternative would be to suppress specific CVEs, however that could potentially - // result in suppressed CVEs in project compilation class path. - skipConfigurations = listOf("lintClassPath") - suppressionFile = "$projectDir/../test-suppression.xml" -} - dependencies { implementation(projects.test.common) implementation(projects.lib.endpoint) diff --git a/android/test/mockapi/build.gradle.kts b/android/test/mockapi/build.gradle.kts index 166a389553..a224b8c53f 100644 --- a/android/test/mockapi/build.gradle.kts +++ b/android/test/mockapi/build.gradle.kts @@ -61,15 +61,6 @@ android { } } -configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> { - // Skip the lintClassPath configuration, which relies on many dependencies that has been flagged - // to have CVEs, as it's related to the lint tooling rather than the project's compilation class - // path. The alternative would be to suppress specific CVEs, however that could potentially - // result in suppressed CVEs in project compilation class path. - skipConfigurations = listOf("lintClassPath") - suppressionFile = "$projectDir/../test-suppression.xml" -} - dependencies { implementation(projects.lib.endpoint) implementation(projects.test.common) diff --git a/android/test/test-suppression.xml b/android/test/test-suppression.xml deleted file mode 100644 index cb6bd25a19..0000000000 --- a/android/test/test-suppression.xml +++ /dev/null @@ -1,29 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress until="2024-09-01Z"> - <notes><![CDATA[ - False-positive related to Drupal rather than Android development. - https://nvd.nist.gov/vuln/detail/CVE-2014-9152 - ]]></notes> - <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl> - <cve>CVE-2014-9152</cve> - </suppress> - <suppress until="2024-12-01Z"> - <notes><![CDATA[ - No impact on this app since it uses UDS rather than HTTP2. - ]]></notes> - <packageUrl regex="true">^pkg:maven/io\.grpc/grpc.*-stub@.*$</packageUrl> - <cve>CVE-2023-32732</cve> - <cve>CVE-2023-33953</cve> - <cve>CVE-2023-44487</cve> - </suppress> - <suppress until="2024-12-01Z"> - <notes><![CDATA[ - Denial of service using protobuf. - Should not be applicable since client and server are always in sync and we are only - communicating locally over UDS. - ]]></notes> - <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf-.*@.*$</packageUrl> - <cve>CVE-2024-7254</cve> - </suppress> -</suppressions> |