Skip to content

Commit 3904c96

Browse files
chore(fp): remove unnecessary grpc suppressions (#8505)
Signed-off-by: Chad Wilson <29788154+chadlwilson@users.noreply.github.com> Co-authored-by: Jeremy Long <jeremy.long@gmail.com>
1 parent e070d60 commit 3904c96

1 file changed

Lines changed: 0 additions & 77 deletions

File tree

core/src/main/resources/dependencycheck-base-suppression.xml

Lines changed: 0 additions & 77 deletions
Original file line numberDiff line numberDiff line change
@@ -95,13 +95,6 @@
9595
<packageUrl regex="true">^pkg:maven/org\.zalando/spring\-boot\-etcd@.*$</packageUrl>
9696
<cpe>cpe:/a:etcd:etcd</cpe>
9797
</suppress>
98-
<suppress base="true">
99-
<notes><![CDATA[
100-
FP per #3678
101-
]]></notes>
102-
<packageUrl regex="true">^pkg:maven/com\.salesforce\.servicelibs/reactive\-grpc.*$</packageUrl>
103-
<cpe>cpe:/a:grpc:grpc</cpe>
104-
</suppress>
10598
<suppress base="true">
10699
<notes><![CDATA[
107100
FP per #3685
@@ -236,14 +229,6 @@
236229
<packageUrl regex="true">^pkg:maven/io\.helidon\.microprofile\.server/helidon\-microprofile\-server@.*$</packageUrl>
237230
<cpe>cpe:/a:oracle:http_server</cpe>
238231
</suppress>
239-
<suppress base="true">
240-
<notes><![CDATA[
241-
FP per #3015 & #3016
242-
]]></notes>
243-
<packageUrl regex="true">^pkg:maven/co\.elastic\.apm/apm\-.*$</packageUrl>
244-
<cpe>cpe:/a:grpc:grpc</cpe>
245-
<cpe>cpe:/a:apache:httpclient</cpe>
246-
</suppress>
247232
<suppress base="true">
248233
<notes><![CDATA[
249234
FP per #3005
@@ -272,47 +257,6 @@
272257
<packageUrl regex="true">^pkg:maven/.*vertx-pg-client@.*$</packageUrl>
273258
<cpe>cpe:/a:postgresql:postgresql</cpe>
274259
</suppress>
275-
<suppress base="true">
276-
<notes><![CDATA[
277-
FP per #3002 CPE is for GRPC core
278-
]]></notes>
279-
<packageUrl regex="true">^pkg:maven/io\.opencensus/opencensus\-contrib\-grpc\-metrics@.*$</packageUrl>
280-
<cpe>cpe:/a:grpc:grpc</cpe>
281-
</suppress>
282-
<suppress base="true">
283-
<notes><![CDATA[
284-
FP per #3002 and #5890 - CVE are for GRPC C/ruby/python etc. Suppressing individual CVEs because ODC cannot understand the target SW
285-
field. NVD search to review in future (not that some are marked incorrectly as affecting all languages)
286-
--> https://nvd.nist.gov/vuln/search#/nvd/home?sortOrder=1&sortDirection=1&cpeFilterMode=applicability&cpeName=cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*&resultType=records
287-
]]></notes>
288-
<packageUrl regex="true">^pkg:maven/io\.grpc/grpc\-.*$</packageUrl>
289-
<cve>CVE-2017-7860</cve>
290-
<cve>CVE-2017-7861</cve>
291-
<cve>CVE-2017-8359</cve>
292-
<cve>CVE-2017-9431</cve>
293-
<cve>CVE-2020-7768</cve>
294-
<cve>CVE-2023-1428</cve>
295-
<cve>CVE-2023-32731</cve>
296-
<cve>CVE-2023-32732</cve>
297-
<cve>CVE-2023-33953</cve>
298-
<cve>CVE-2023-4785</cve>
299-
<cve>CVE-2024-11407</cve>
300-
<cve>CVE-2024-7246</cve>
301-
</suppress>
302-
<suppress base="true">
303-
<notes><![CDATA[
304-
FP per #3002, CPE is for GRPC core
305-
]]></notes>
306-
<packageUrl regex="true">^pkg:maven/com\.google\.api\.grpc/grpc\-google\-common\-protos@.*$</packageUrl>
307-
<cpe>cpe:/a:grpc:grpc</cpe>
308-
</suppress>
309-
<suppress base="true">
310-
<notes><![CDATA[
311-
FP per #3002, CPE is for GRPC core
312-
]]></notes>
313-
<packageUrl regex="true">^pkg:maven/com\.lightstep\.tracer/.*$</packageUrl>
314-
<cpe>cpe:/a:grpc:grpc</cpe>
315-
</suppress>
316260
<suppress base="true">
317261
<notes><![CDATA[
318262
FP per #3001
@@ -2866,20 +2810,6 @@
28662810
<gav regex="true">^com\.typesafe\.akka:akka-persistence-cassandra:.*$</gav>
28672811
<cpe>cpe:/a:akka:akka</cpe>
28682812
</suppress>
2869-
<suppress base="true">
2870-
<notes><![CDATA[
2871-
Fp per #2995
2872-
]]></notes>
2873-
<packageUrl regex="true">^pkg:maven/io\.opencensus/opencensus\-contrib\-grpc\-util@.*$</packageUrl>
2874-
<cpe>cpe:/a:grpc:grpc</cpe>
2875-
</suppress>
2876-
<suppress base="true">
2877-
<notes><![CDATA[
2878-
False positive per issue #1259 and #2991
2879-
]]></notes>
2880-
<gav regex="true">^com\.google\.api\.grpc:proto-.*$</gav>
2881-
<cpe>cpe:/a:grpc:grpc</cpe>
2882-
</suppress>
28832813
<suppress base="true">
28842814
<notes><![CDATA[
28852815
FP per issue #942
@@ -4956,13 +4886,6 @@
49564886
<packageUrl regex="true">^pkg:maven/com\.google\.flatbuffers/flatbuffers-java@.*$</packageUrl>
49574887
<cpe regex="true">cpe:/a:flat(_project)?:flat.*</cpe>
49584888
</suppress>
4959-
<suppress base="true">
4960-
<notes><![CDATA[
4961-
FP per issues #5321, #5322, #5323, #5324
4962-
]]></notes>
4963-
<packageUrl regex="true">^pkg:maven/me\.dinowernli/java\-grpc\-prometheus@.*$</packageUrl>
4964-
<cpe>cpe:/a:grpc:grpc</cpe>
4965-
</suppress>
49664889
<suppress base="true">
49674890
<notes><![CDATA[
49684891
FP per issue #5370

0 commit comments

Comments
 (0)