summaryrefslogtreecommitdiffhomepage
path: root/android/config/dependency-check-suppression.xml
blob: 589b5d5317fae8b08dcbde0fcc1466827b7fda1c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress until="2024-11-01Z">
        <notes><![CDATA[
        This CVE only affect Multiplatform Gradle Projects, which this project is not.
        https://nvd.nist.gov/vuln/detail/CVE-2022-24329
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib.*@.*$</packageUrl>
        <cve>CVE-2022-24329</cve>
    </suppress>
    <suppress until="2024-09-01Z">
        <notes><![CDATA[
          This CVE only affect programs using loadXML and is derived from using ksp.
          We do not use the loadXML, ksp is used to generate navigation paths in our code
          and not for processesing any user input.
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.google\.devtools\.ksp/symbol\-processing.*@.*$</packageUrl>
        <cve>CVE-2018-1000840</cve>
    </suppress>
    <suppress until="2024-09-01Z">
        <notes><![CDATA[
            False-positive related to Drupal rather than Android development.
            https://nvd.nist.gov/vuln/detail/CVE-2014-9152
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/androidx\.test\.services/storage@.*$</packageUrl>
        <cve>CVE-2014-9152</cve>
    </suppress>
    <suppress until="2024-12-01Z">
        <notes><![CDATA[
            False-positive only affecting javascript gRPC packages.
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/io\.grpc/protoc\-gen\-grpc\-kotlin@.*$</packageUrl>
        <cve>CVE-2020-7768</cve>
    </suppress>
    <suppress until="2024-12-01Z">
        <notes><![CDATA[
            No impact on this app since it uses UDS rather than HTTP2.
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/io\.grpc/.*@.*$</packageUrl>
        <cve>CVE-2023-32732</cve>
        <cve>CVE-2023-33953</cve>
        <cve>CVE-2023-44487</cve>
    </suppress>
</suppressions>