Suppress test framework CVEs

CVEs: - CVE-2020-8908 - CVE-2021-37714 - CVE-2022-36033
author: Albin <albin@mullvad.net> 2022-12-08 09:52:14 +0100
committer: Albin <albin@mullvad.net> 2022-12-08 15:38:36 +0100
commit: 93d313aae81be30285d097bd511944f1bb6b00cb (patch)
tree: c8cb016b30399641e321efa77200fd0682ffc5d4 /android
parent: 121fa076394e2a30c5d208413bb5d439986124d4 (diff)
download: mullvadvpn-93d313aae81be30285d097bd511944f1bb6b00cb.tar.xz
mullvadvpn-93d313aae81be30285d097bd511944f1bb6b00cb.zip
1 files changed, 40 insertions, 0 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
index a9d3168fcf..109347ab5a 100644
--- a/android/config/dependency-check-suppression.xml
+++ b/android/config/dependency-check-suppression.xml
@@ -45,4 +45,44 @@
         <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl>
         <cve>CVE-2021-37533</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+        This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+        checks and tracking externally.
+
+        File name: guava-28.2-android.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+        <cve>CVE-2020-8908</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+        This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+        checks and tracking externally.
+
+        File name: guava-28.2-android.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
+        <cve>CVE-2020-8908</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+        This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+        checks and tracking externally.
+
+        File name: jsoup-1.12.2.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.jsoup/jsoup@.*$</packageUrl>
+        <cve>CVE-2021-37714</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+        This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic
+        checks and tracking externally.
+
+        File name: jsoup-1.12.2.jar
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.jsoup/jsoup@.*$</packageUrl>
+        <cve>CVE-2022-36033</cve>
+    </suppress>
 </suppressions>
author	Albin <albin@mullvad.net>	2022-12-08 09:52:14 +0100
committer	Albin <albin@mullvad.net>	2022-12-08 15:38:36 +0100
commit	93d313aae81be30285d097bd511944f1bb6b00cb (patch)
tree	c8cb016b30399641e321efa77200fd0682ffc5d4 /android
parent	121fa076394e2a30c5d208413bb5d439986124d4 (diff)
download	mullvadvpn-93d313aae81be30285d097bd511944f1bb6b00cb.tar.xz mullvadvpn-93d313aae81be30285d097bd511944f1bb6b00cb.zip