Skip to content

Commit

Permalink
updated suppression schema to require a CPE, CVE, or CVSS Below per i…
Browse files Browse the repository at this point in the history 
…ssue #488
  • Loading branch information
@jeremylong
jeremylong committed Apr 24, 2016
1 parent bcc2478 commit deda02f
Show file tree
Hide file tree
Showing 7 changed files with 65 additions and 13 deletions.
2 changes: 1 addition & 1 deletion dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
View file
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress base="true">
<notes><![CDATA[
This suppresses false positives identified on spring security.
Expand Down
58 changes: 58 additions & 0 deletions dependency-check-core/src/main/resources/schema/dependency-suppression.1.1.xsd
View file
@@ -0,0 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<xs:schema id="suppressions"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified"
targetNamespace="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">

<xs:complexType name="regexStringType">
<xs:simpleContent>
<xs:extension base="xs:string">
<xs:attribute name="regex" use="optional" type="xs:boolean" default="false"/>
<xs:attribute name="caseSensitive" use="optional" type="xs:boolean" default="false"/>
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:simpleType name="cvssScoreType">
<xs:restriction base="xs:decimal">
<xs:minInclusive value="0"/>
<xs:maxInclusive value="10"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="cveType">
<xs:restriction base="xs:string">
<xs:pattern value="((\w+\-)?CVE\-\d\d\d\d\-\d+|\d+)"/>
</xs:restriction>
</xs:simpleType>
<xs:simpleType name="sha1Type">
<xs:restriction base="xs:string">
<xs:pattern value="[a-fA-F0-9]{40}"/>
</xs:restriction>
</xs:simpleType>
<xs:element name="suppressions">
<xs:complexType>
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element name="suppress">
<xs:complexType>
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:sequence minOccurs="0" maxOccurs="1">
<xs:element name="notes" type="xs:string"/>
</xs:sequence>
<xs:choice minOccurs="0" maxOccurs="1">
<xs:element name="filePath" type="dc:regexStringType"/>
<xs:element name="sha1" type="dc:sha1Type"/>
<xs:element name="gav" type="dc:regexStringType"/>
</xs:choice>
<xs:choice minOccurs="1" maxOccurs="unbounded">
<xs:element name="cpe" type="dc:regexStringType"/>
<xs:element name="cve" type="dc:cveType"/>
<xs:element name="cwe" type="xs:positiveInteger"/>
<xs:element name="cvssBelow" type="dc:cvssScoreType"/>
</xs:choice>
</xs:sequence>
<xs:attribute name="base" use="optional" type="xs:boolean" default="false"/>
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
2 changes: 1 addition & 1 deletion dependency-check-core/src/main/resources/schema/suppression.xsd
View file
Expand Up @@ -56,4 +56,4 @@
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
</xs:schema>
2 changes: 1 addition & 1 deletion dependency-check-core/src/main/resources/templates/HtmlReport.vsl
View file
Expand Up @@ -79,7 +79,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
setTimeout('$("#modal-content,#modal-background").toggleClass("active");',100);
});
$('#modal-add-header').click(function () {
xml = '<?xml version="1.0" encoding="UTF-8"?>\n<suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">\n ';
xml = '<?xml version="1.0" encoding="UTF-8"?>\n<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">\n ';
xml += $("#modal-text").text().replace(/\n/g,'\n ');
xml += '\n</suppressions>';
$('#modal-text').text(xml).focus().select();
Expand Down
2 changes: 1 addition & 1 deletion dependency-check-core/src/test/resources/commons-fileupload-1.2.1.suppression.xml
View file
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
file name: commons-fileupload-1.2.1.jar
Expand Down
5 changes: 1 addition & 4 deletions dependency-check-core/src/test/resources/suppressions.xml
View file
@@ -1,8 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xmlns='https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression'
xsi:schemaLocation='https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression suppression.xsd'>
<suppressions xmlns='https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd'>
<suppress>
<notes><![CDATA[
This suppresses cpe:/a:csv:csv:1.0 for some.jar in the "c:\path\to" directory.
Expand Down
7 changes: 2 additions & 5 deletions src/site/markdown/general/suppression.md
View file
Expand Up @@ -6,7 +6,7 @@ A sample suppression file would look like:

```xml
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression">
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
file name: some.jar
Expand All @@ -26,10 +26,7 @@ HTML version of the report. The other common scenario would be to ignore all CVE

```xml
<?xml version="1.0" encoding="UTF-8"?>
<suppressions
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xmlns='https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression'
xsi:schemaLocation='https://www.owasp.org/index.php/OWASP_Dependency_Check_Suppression suppression.xsd'>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
This suppresses cpe:/a:csv:csv:1.0 for some.jar in the "c:\path\to" directory.
Expand Down

0 comments on commit deda02f

Please sign in to comment.