diff options
| -rw-r--r-- | android/config/dependency-check-suppression.xml | 16 | ||||
| -rw-r--r-- | android/e2e/e2e-suppression.xml | 29 |
2 files changed, 15 insertions, 30 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml index ea6bc8c6ce..590a2a5793 100644 --- a/android/config/dependency-check-suppression.xml +++ b/android/config/dependency-check-suppression.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -10,7 +10,7 @@ <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-lite@.*$</packageUrl> <cve>CVE-2021-22569</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -21,7 +21,7 @@ <cve>CVE-2022-3171</cve> <cve>CVE-2022-3510</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -31,7 +31,7 @@ <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-lite@.*$</packageUrl> <cve>CVE-2022-3171</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE affects the Apache Commons Net's FTP client that this app doesn't use. https://www.openwall.com/lists/oss-security/2022/12/03/1 @@ -46,7 +46,7 @@ <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl> <cve>CVE-2021-37533</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -56,7 +56,7 @@ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> <cve>CVE-2020-8908</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -66,7 +66,7 @@ <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> <cve>CVE-2020-8908</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. @@ -76,7 +76,7 @@ <packageUrl regex="true">^pkg:maven/org\.jsoup/jsoup@.*$</packageUrl> <cve>CVE-2021-37714</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only part of the debugAndroidTestRuntimeClasspath so suppressing in automatic checks and tracking externally. diff --git a/android/e2e/e2e-suppression.xml b/android/e2e/e2e-suppression.xml index 6b9f4202da..fcc7c35c01 100644 --- a/android/e2e/e2e-suppression.xml +++ b/android/e2e/e2e-suppression.xml @@ -4,22 +4,7 @@ CVEs in the e2e project are deemed less severe than CVEs in the main projects as CVEs in the e2e project doesn't affect release or debug versions of the app. --> - <suppress> - <notes><![CDATA[ - This CVE is a false positive as the description refers to a GO library (github.com/containers/storage). - ]]></notes> - <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl> - <cve>CVE-2021-20291</cve> - </suppress> - <suppress> - <notes><![CDATA[ - This CVE is a false positive as javalite isn't affected according to: - https://cloud.google.com/support/bulletins#gcp-2022-001 - ]]></notes> - <packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-javalite@.*$</packageUrl> - <cve>CVE-2021-22569</cve> - </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. ]]></notes> @@ -27,7 +12,7 @@ <cve>CVE-2022-3171</cve> <cve>CVE-2022-3510</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. ]]></notes> @@ -37,7 +22,7 @@ <cve>CVE-2022-3510</cve> <cve>CVE-2021-22569</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE affects the Apache Commons Net's FTP client that this app doesn't use. https://www.openwall.com/lists/oss-security/2022/12/03/1 @@ -52,7 +37,7 @@ <packageUrl regex="true">^pkg:maven/commons\-.*/commons\-.*@.*$</packageUrl> <cve>CVE-2021-37533</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. https://nvd.nist.gov/vuln/detail/CVE-2021-29425 @@ -62,7 +47,7 @@ <packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$</packageUrl> <cve>CVE-2021-29425</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. ]]></notes> @@ -76,7 +61,7 @@ <cve>CVE-2022-24823</cve> <cve>CVE-2022-41915</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE is tracked externally and is therefore suppressed in the automatic audit checks. https://nvd.nist.gov/vuln/detail/CVE-2022-25647 @@ -86,7 +71,7 @@ <packageUrl regex="true">^pkg:maven/com\.google\.code\.gson/gson@.*$</packageUrl> <cve>CVE-2022-25647</cve> </suppress> - <suppress> + <suppress until="2023-05-01Z"> <notes><![CDATA[ This CVE only affect Multiplatform Gradle Projects, which this project is not. https://nvd.nist.gov/vuln/detail/CVE-2022-24329 |