Ignore false positive on static analysis tools

Until 2023-01-01Z !
2022-03-29 19:38:10 +02:00 · 2022-03-29 19:38:10 +02:00 · 963b2dfa57
parent 587948c1b9
commit 963b2dfa57
2 changed files with 24 additions and 0 deletions
--- a/build.gradle
+++ b/build.gradle
@ -35,6 +35,13 @@ plugins {
 // https://github.com/jeremylong/DependencyCheck
 apply plugin: 'org.owasp.dependencycheck'

+dependencyCheck {
+    // See https://jeremylong.github.io/DependencyCheck/general/suppression.html
+    suppressionFiles = [
+            "./tools/dependencycheck/suppressions.xml"
+    ]
+}
+
 allprojects {
    apply plugin: "org.jlleitschuh.gradle.ktlint"

--- a/tools/dependencycheck/suppressions.xml
+++ b/tools/dependencycheck/suppressions.xml
@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2023-01-01Z">
+        <notes><![CDATA[
+      file name: ktlint-reporter-checkstyle-0.45.1.jar
+      ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.pinterest\.ktlint/ktlint\-reporter\-checkstyle@.*$</packageUrl>
+        <cve>CVE-2019-10782</cve>
+    </suppress>
+    <suppress until="2023-01-01Z">
+        <notes><![CDATA[
+   file name: ktlint-reporter-checkstyle-0.45.1.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.pinterest\.ktlint/ktlint\-reporter\-checkstyle@.*$</packageUrl>
+        <cve>CVE-2019-9658</cve>
+    </suppress>
+</suppressions>