-
Notifications
You must be signed in to change notification settings - Fork 188
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/master'
- Loading branch information
Showing
3 changed files
with
313 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,218 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> | ||
<!-- IMPORTANT: It may be bit weird, having first reason for suppresion, then the issue suppresed, but dependency-chek uses strict schema and they decided on that order of elements. When any of suppresion has notes and cve reordered, it will not load suppression file | ||
--> | ||
|
||
<suppress> | ||
<notes> | ||
False Positive. midPoint uses Spring Security, but does not use Spring WebFlux, so it is unaffected. | ||
</notes> | ||
<cve>CVE-2023-34034</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. H2 is not recommended for production use, only for demo testing use-cases. | ||
</notes> | ||
<cve>CVE-2021-42392</cve> | ||
<cve>CVE-2022-23221</cve> | ||
<cve>CVE-2018-14335</cve> | ||
<cve>CVE-2022-45868</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint and its dependencies does not use affected functionality of SnakeYaml. | ||
</notes> | ||
<cve>CVE-2022-1471</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use Spring Security in a way neccessary to cause described vulnerability. | ||
</notes> | ||
<cve>CVE-2022-31692</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not run as ActiveMQ Artemis server, only client. | ||
</notes> | ||
<cve>CVE-2022-23913</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use OpenSSL for SSL and crypthography. | ||
</notes> | ||
<cve>CVE-2023-0217</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use OpenSSL for SSL and crypthography. | ||
</notes> | ||
<cve>CVE-2023-0401</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use OpenSSL for SSL and crypthography. | ||
</notes> | ||
<cve>CVE-2023-0464</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use OpenSSL for SSL and crypthography. | ||
</notes> | ||
<cve>CVE-2023-0216</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use OpenSSL for SSL and crypthography. | ||
</notes> | ||
<cve>CVE-2022-3996</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use OpenSSL for SSL and crypthography. | ||
</notes> | ||
<cve>CVE-2022-4450</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use OpenSSL for SSL and crypthography. | ||
</notes> | ||
<cve>CVE-2023-0286</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use WYSIWYG editors from AdminLTE. | ||
</notes> | ||
<cve>CVE-2022-24729</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use affected functionality (BeanDeserializer) during JSON / YAML parsing. | ||
</notes> | ||
<cve>CVE-2022-42004</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use affected functionality (BeanDeserializer) during JSON / YAML parsing. | ||
</notes> | ||
<cve>CVE-2022-42003</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use Moment.js on server-side. | ||
</notes> | ||
<cve>CVE-2022-31129</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use Moment.js on server-side. | ||
</notes> | ||
<cve>CVE-2022-24785</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
Updated Netty Library in upcoming 4.4.5 release. | ||
</notes> | ||
<cve>CVE-2022-41881</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use affected functionality of library. | ||
</notes> | ||
<cve>CVE-2022-3171</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use affected functionality of library. | ||
</notes> | ||
<cve>CVE-2022-3509</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint does not use affected functionality of library. | ||
</notes> | ||
<cve>CVE-2022-3510</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
Minor. MidPoint integrator and/or MidPoint Administrator is only person able to edit JDBC URL. | ||
</notes> | ||
<cve>CVE-2022-26520</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
Updated Spring Framework in upcoming midPoint 4.4.5 release. | ||
</notes> | ||
<cve>CVE-2023-20860</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
Minor. Fixed use of dependency to be not affected by this issue. Fix is available in upcoming midPoint 4.4.5 release. | ||
</notes> | ||
<cve>CVE-2022-40152</cve> | ||
</suppress> | ||
<!-- Wicket: Midpoint uses Wicket 9.5 or newer since midPoint 4.4.1 --> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint uses Wicket 9.5 in midPoint 4.4.1 and newer versions in other releases. | ||
</notes> | ||
<cve>CVE-2017-15719</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint uses Wicket 9.5 in midPoint 4.4.1 and newer versions in other releases. MidPoint does not use WYSIWYG editor. | ||
</notes> | ||
<cve>CVE-2018-1325</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint uses Wicket 9.5 in midPoint 4.4.1 and newer versions in other releases. | ||
</notes> | ||
<cve>CVE-2021-23937</cve> | ||
</suppress> | ||
|
||
<!-- Busybox: Busybox is not used by midPoint, but is part of docker container. --> | ||
<suppress> | ||
<notes> | ||
False Positive. busybox is bundled in docker container, but midPoint does not use it during normal run. | ||
</notes> | ||
<cve>CVE-2022-28391</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. busybox is bundled in docker container, but midPoint does not use it during normal run. | ||
</notes> | ||
<cve>CVE-2022-30065</cve> | ||
</suppress> | ||
|
||
<!-- Bootstrap: MidPoint uses newer unaffected version of bootstrap. --> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint 4.4.1 uses AdminLTE 2.4.18, which contains Bootstrap 3.4.1 which is not affected. | ||
</notes> | ||
<cve>CVE-2016-10735</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint 4.4.1 uses AdminLTE 2.4.18, which contains Bootstrap 3.4.1 which is not affected. | ||
</notes> | ||
<cve>CVE-2018-20676</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint 4.4.1 uses AdminLTE 2.4.18, which contains Bootstrap 3.4.1 which is not affected. | ||
</notes> | ||
<cve>CVE-2019-8331</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint 4.4.1 uses AdminLTE 2.4.18, which contains Bootstrap 3.4.1 which is not affected. | ||
</notes> | ||
<cve>CVE-2018-20677</cve> | ||
</suppress> | ||
<suppress> | ||
<notes> | ||
False Positive. MidPoint and Wicket are not used to display HTML from untrusted sources. | ||
</notes> | ||
<cve>CVE-2020-11023</cve> | ||
</suppress> | ||
</suppressions> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
/* | ||
* Copyright (C) 2010-2022 Evolveum and contributors | ||
* | ||
* This work is dual-licensed under the Apache License 2.0 | ||
* and European Union Public License. See LICENSE file for details. | ||
*/ | ||
|
||
def verbose = params.VERBOSE ?: '0' | ||
|
||
podTemplate( | ||
nodeSelector: params.NODE_SELECTOR, | ||
activeDeadlineSeconds: 900, | ||
idleMinutes: 1, | ||
workspaceVolume: dynamicPVC(requestsSize: "10Gi"), | ||
containers: [ | ||
containerTemplate(name: 'jnlp', | ||
image: 'jenkins/inbound-agent:4.13-2-alpine', | ||
runAsUser: '0', | ||
resourceRequestCpu: '1', | ||
resourceLimitCpu: '1', | ||
resourceRequestMemory: '1Gi', | ||
resourceLimitMemory: '1Gi'), | ||
containerTemplate(name: 'maven', | ||
image: params.BUILDER_IMAGE ?: 'maven:3.8.5-openjdk-17', | ||
runAsUser: '0', | ||
ttyEnabled: true, | ||
command: 'cat', | ||
resourceRequestCpu: params.BUILDER_CPU ?: '4', | ||
resourceLimitCpu: params.BUILDER_CPU ?: '4', | ||
resourceRequestMemory: '4Gi', | ||
resourceLimitMemory: '4Gi') | ||
] | ||
) { | ||
node(POD_LABEL) { | ||
try { | ||
stage("checkout") { | ||
sh """#!/bin/bash -ex | ||
if [ "${verbose}" -ge 1 ] | ||
then | ||
df -h | ||
fi | ||
""" | ||
git branch: params.BRANCH ?: 'master', | ||
url: 'https://github.com/Evolveum/midpoint.git' | ||
} | ||
stage("analyze") { | ||
container('maven') { | ||
sh """#!/bin/bash -ex | ||
if [ "${verbose}" -ge 1 ] | ||
then | ||
id | ||
env | sort | ||
mvn --version | ||
fi | ||
|
||
mvn org.owasp:dependency-check-maven:aggregate | ||
""" | ||
dependencyCheckPublisher pattern: 'target/dependency-check-report.xml' | ||
} | ||
} | ||
|
||
currentBuild.result = 'SUCCESS' | ||
} catch (Exception e) { | ||
currentBuild.result = 'FAILURE' // error below will not set result for mailer! | ||
error "Marking build as FAILURE because of: ${e}" | ||
} finally { | ||
try { | ||
// Very basic mails, later we can use https://plugins.jenkins.io/email-ext/ | ||
step([$class: 'Mailer', | ||
notifyEveryUnstableBuild: true, | ||
recipients: env.DEFAULT_MAIL_RECIPIENT, | ||
sendToIndividuals: false]) | ||
|
||
sh """#!/bin/bash -ex | ||
if [ "${verbose}" -ge 1 ] | ||
then | ||
df -h | ||
fi | ||
""" | ||
} catch (Exception e) { | ||
println 'Could not send email: ' + e | ||
} | ||
} | ||
} | ||
} |