fp identified via #1961

jeremylong · Aug 3, 2019 · 06823c1 · 06823c1
1 parent 2556235
commit 06823c1
Showing 1 changed file with 61 additions and 0 deletions.
diff --git a/core/src/main/resources/dependencycheck-base-suppression.xml b/core/src/main/resources/dependencycheck-base-suppression.xml
@@ -113,6 +113,7 @@
             37. <cpe>cpe:/a:zip_project:zip</cpe> is an etherium related project #1788
             38. <cpe>cpe:/a:echo_project:echo</cpe> is a php media wiki project #1786
             39. <cpe>cpe:/a:util-linux_project:util-linux</cpe> c util on linux #2069
+            40. <cpe>cpe:/a:bitmap_project:bitmap</cpe> is a C library #1961
         ]]></notes>
         <filePath regex="true">.*(\.(dll|jar|ear|war|pom|nupkg|nuspec|aar)|pom\.xml|package.json|packages.config)$</filePath>
         <cpe>cpe:/a:sandbox:sandbox</cpe>
@@ -157,6 +158,7 @@
         <cpe>cpe:/a:zip_project:zip</cpe>
         <cpe>cpe:/a:echo_project:echo</cpe>
         <cpe>cpe:/a:util-linux_project:util-linux</cpe>
+        <cpe>cpe:/a:bitmap_project:bitmap</cpe>
     </suppress>
     <suppress base="true">
         <notes><![CDATA[
@@ -174,6 +176,7 @@
             9. sqlserver_project is a node js module (#1388)
             10. auth0 is a javascript library (#1925)
             11. JAR files should not be identified as github
+            12. <cpe>cpe:/a:data-tools_project:data_tools</cpe> is a python project #1961
         ]]></notes>
         <filePath regex="true">.*(\.(jar|ear|war|pom)|pom\.xml)$</filePath>
         <cpe>cpe:/a:dash:dash</cpe>
@@ -189,6 +192,7 @@
         <cpe>cpe:/a:sqlserver_project:sqlserver</cpe>
         <cpe>cpe:/a:auth0:auth0</cpe>
         <cpe>cpe:/a:github:github</cpe>
+        <cpe>cpe:/a:data-tools_project:data_tools</cpe>
     </suppress>
     <suppress base="true">
         <notes><![CDATA[
@@ -828,6 +832,63 @@
         <gav regex="true">io\.dropwizard\.metrics:metrics-jetty:.*</gav>
         <cpe>cpe:/a:jetty:jetty</cpe>
     </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        false positive per issue #1961
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.gagravarr/vorbis\-java\-tika@.*$</packageUrl>
+        <cpe>cpe:/a:apache:tika</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        false positive per issue #1961
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/edu\.usc\.ir/sentiment\-analysis\-parser@.*$</packageUrl>
+        <cpe>cpe:/a:apache:opennlp</cpe>
+        <cpe>cpe:/a:apache:tika</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        Suppresses false positives per #1961.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.avro/avro\-mapred@.*$</packageUrl>
+        <cpe>cpe:/a:apache:hadoop</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        Suppresses false positives per #1961. Scalap is not scala.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.scala\-lang/scalap@.*$</packageUrl>
+        <cpe>cpe:/a:scala-lang:scala</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        Suppresses false positives per #1961. Scalap is not scala.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.scala\-lang/scalap@.*$</packageUrl>
+        <vulnerabilityName>CVE-2017-15288</vulnerabilityName>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        Suppresses false positives per #1961. spark-sketch is not sketch - an vector drawing tool.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.spark/spark\-sketch_2\.10@.*$</packageUrl>
+        <cpe>cpe:/a:sketch:sketch</cpe>
+    </suppress>
+    <suppress base="true">
+        <notes><![CDATA[
+        Suppresses false positives per #1961. parqueet is not hadoop.
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.parquet/parquet\-hadoop@.*$</packageUrl>
+        <cpe>cpe:/a:apache:hadoop</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+        Jetbrains annotations is not the IDE
+        ]]></notes>
+        <packageUrl regex="true">^pkg:maven/com\.intellij/annotations@.*$</packageUrl>
+        <cpe>cpe:/a:jetbrains:intellij_idea</cpe>
+    </suppress>
     <suppress base="true">
         <notes><![CDATA[
         drop wizard false positives. Updated per issue #796.