diff options
| author | Albin <albin@mullvad.net> | 2022-03-09 10:39:31 +0100 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2022-03-09 11:25:11 +0100 |
| commit | a7a77b1a33af603241fe9104c47ab10ed1bbcf2c (patch) | |
| tree | b6a233cf496ffd1724cff988ea9f08f8d7ca7848 /android | |
| parent | cc2f7c448d34a8befcc0bd89dcaf7d92a0b6f251 (diff) | |
| download | mullvadvpn-a7a77b1a33af603241fe9104c47ab10ed1bbcf2c.tar.xz mullvadvpn-a7a77b1a33af603241fe9104c47ab10ed1bbcf2c.zip | |
Suppress false positive Android CVE
The CVE (CVE-2022-24329) only affects "Multiplatform Gradle Projects"
according to the CVE description, which this is not, and therefore it's
considered a false positive.
Diffstat (limited to 'android')
| -rw-r--r-- | android/build.gradle.kts | 1 | ||||
| -rw-r--r-- | android/config/dependency-check-suppression.xml | 9 |
2 files changed, 10 insertions, 0 deletions
diff --git a/android/build.gradle.kts b/android/build.gradle.kts index 55dcfcb33f..5da21f649a 100644 --- a/android/build.gradle.kts +++ b/android/build.gradle.kts @@ -30,6 +30,7 @@ allprojects { configure<org.owasp.dependencycheck.gradle.extension.DependencyCheckExtension> { failBuildOnCVSS = 0F // All severity levels + suppressionFile = "${rootProject.projectDir}/config/dependency-check-suppression.xml" } } diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml new file mode 100644 index 0000000000..31c3e293ad --- /dev/null +++ b/android/config/dependency-check-suppression.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> + <suppress> + <notes><![CDATA[ + This CVE only affect Multiplatform Gradle Projects, which this project is not. + ]]></notes> + <cve>CVE-2022-24329</cve> + </suppress> +</suppressions> |