Skip to content

scabench/jsonorg-fp1

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
scan-results
scan-results
 
 
src/main/java/scabench
src/main/java/scabench
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 
run-owasp.sh
run-owasp.sh
 
 
run-snyk.sh
run-snyk.sh
 
 

Repository files navigation

json.org CVE-2022-45688 false positive

The project contains a json.org dependency with CVE-2022-45688 but does not invoke the vulnerable class. The vulnerability can therefore not be exploited for a DoS attack.

Metadata-based software composition analyses will produce a false positive, while callgraph-based analyses will not flag this application as vulnerable.

Running Software Composition Analyses

There are several sh scripts to run different analyses, result resports can be found in scan-results.

Generating the SBOM

The pom.xml has a plugin to generate a SBOM in CycloneDX format. To do this, run mvn cyclonedx:makePackageBom, the SBOM can be found in target/ in json and xml format.

About

simple application with a (unreachable!) CVE-2022-45688 vulnerability

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages