Update owasp-suppressions.xml

author Malena Ebert <63863184+malena-ebert-sonarsource@users.noreply.github.com>

Mon, 12 Oct 2020 13:16:48 +0000 (15:16 +0200)

committer sonartech <sonartech@sonarsource.com>

Mon, 12 Oct 2020 20:07:58 +0000 (20:07 +0000)
author Malena Ebert <63863184+malena-ebert-sonarsource@users.noreply.github.com>
Mon, 12 Oct 2020 13:16:48 +0000 (15:16 +0200)
committer sonartech <sonartech@sonarsource.com>
Mon, 12 Oct 2020 20:07:58 +0000 (20:07 +0000)
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml

index 96f7512c91fe1beca9188ba819fa94f28be54910..f2ee8bf0694a0583720e41e9023d8642ecce1f69 100644 (file)
--- a/owasp-suppressions.xml
+++ b/owasp-suppressions.xml
@@ -197,4 +197,22 @@
      <packageUrl regex="true">^pkg:maven/com\.sonarsource\.vsts/alm\-gallery\-client@.*$</packageUrl>
      <cpe>cpe:/a:gallery:gallery</cpe>
    </suppress>
+  
+  <!-- False Positive: Version of kotlin lib is not vulnerable to this CVE -->
+  <suppress>
+   <notes><![CDATA[
+   file name: kotlin-stdlib-common-1.4.10.jar
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib(\-common)?@1.4.10$</packageUrl>
+   <cve>CVE-2020-15824</cve>
+  </suppress>
+  
+  <!-- False Positive: The CVE is for hazelcast:1.8.0 not hazelcast-client-protocol -->
+  <suppress>
+   <notes><![CDATA[
+   file name: hazelcast-3.12.9.jar (shaded: com.hazelcast:hazelcast-client-protocol:1.8.0)
+   ]]></notes>
+   <packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast\-client\-protocol@.*$</packageUrl>
+   <cve>CVE-2016-10750</cve>
+  </suppress>
  </suppressions>
author	Malena Ebert <63863184+malena-ebert-sonarsource@users.noreply.github.com>
	Mon, 12 Oct 2020 13:16:48 +0000 (15:16 +0200)
committer	sonartech <sonartech@sonarsource.com>
	Mon, 12 Oct 2020 20:07:58 +0000 (20:07 +0000)