From afa650ff65ac0be0c69a273ea4adddbff4dd8392 Mon Sep 17 00:00:00 2001
From: Sean Flanigan <sflaniga@redhat.com>
Date: Thu, 5 Apr 2018 09:49:31 +1000
Subject: [PATCH] Remove OWASP dep check (server overloaded)

---
 Jenkinsfile                                   |  2 +-
 .../dependency-suppression.xml                | 66 -------------------
 parent/pom.xml                                | 24 -------
 3 files changed, 1 insertion(+), 91 deletions(-)
 delete mode 100644 build-tools/src/main/resources/zanata-build-tools/dependency-suppression.xml

diff --git a/Jenkinsfile b/Jenkinsfile
index 758933168f..c70cf9635b 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -267,7 +267,7 @@ timestamps {
           // https://philphilphil.wordpress.com/2016/12/28/using-static-code-analysis-tools-with-jenkins-pipeline-jobs/
 
           // archive build artifacts (and cross-referenced source code)
-          archive "**/${jarFiles},**/${warFiles},**/target/site/xref/**,target/buildtime.csv,target/dependencies/**,**/target/dependency-check-report.html"
+          archive "**/${jarFiles},**/${warFiles},**/target/site/xref/**,target/buildtime.csv,target/dependencies/**"
 
           // parse Jacoco test coverage
           step([$class: 'JacocoPublisher'])
diff --git a/build-tools/src/main/resources/zanata-build-tools/dependency-suppression.xml b/build-tools/src/main/resources/zanata-build-tools/dependency-suppression.xml
deleted file mode 100644
index ad53d9afeb..0000000000
--- a/build-tools/src/main/resources/zanata-build-tools/dependency-suppression.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
-    <suppress>
-        <notes><![CDATA[
-        webjars are not npm
-   ]]></notes>
-        <gav regex="true">^org\.webjars\.npm:.*$</gav>
-        <cpe>cpe:/a:npm:npm</cpe>
-    </suppress>
-    <suppress>
-       <notes><![CDATA[
-       file name: okapi-filter-openoffice-0.29.jar
-       ]]></notes>
-       <gav regex="true">^net\.sf\.okapi\.filters:okapi-filter-openoffice:.*$</gav>
-       <cpe>cpe:/a:openoffice:openoffice</cpe>
-    </suppress>
-    <suppress>
-       <notes><![CDATA[
-       file name: owasp-java-html-sanitizer-r239.jar
-       ]]></notes>
-       <gav regex="true">^com\.googlecode\.owasp-java-html-sanitizer:owasp-java-html-sanitizer:.*$</gav>
-       <cve>CVE-2011-4457</cve>
-    </suppress>
-    <suppress>
-       <notes><![CDATA[
-       file name: org.apache.oltu.oauth2.authzserver-1.0.1.jar
-       ]]></notes>
-       <gav regex="true">^org\.apache\.oltu\.oauth2:org\.apache\.oltu\.oauth2\.authzserver:.*$</gav>
-       <cpe>cpe:/a:apache:apache_http_server</cpe>
-    </suppress>
-    <suppress>
-       <notes><![CDATA[
-       file name: org.apache.oltu.oauth2.authzserver-1.0.1.jar
-       ]]></notes>
-       <gav regex="true">^org\.apache\.oltu\.oauth2:org\.apache\.oltu\.oauth2\.authzserver:.*$</gav>
-       <cpe>cpe:/a:apache:http_server</cpe>
-    </suppress>
-    <suppress>
-       <notes><![CDATA[
-       file name: org.apache.oltu.oauth2.resourceserver-1.0.1.jar
-       ]]></notes>
-       <gav regex="true">^org\.apache\.oltu\.oauth2:org\.apache\.oltu\.oauth2\.resourceserver:.*$</gav>
-       <cpe>cpe:/a:apache:apache_http_server</cpe>
-    </suppress>
-    <suppress>
-       <notes><![CDATA[
-       file name: gin-1.5.0.jar
-       ]]></notes>
-       <gav regex="true">^com\.google\.gwt\.inject:gin:.*$</gav>
-       <cpe>cpe:/a:google:web_toolkit</cpe>
-    </suppress>
-    <suppress>
-       <notes><![CDATA[
-       file name: gwt-log-3.2.1.jar
-       ]]></notes>
-       <gav regex="true">^com\.allen-sauer\.gwt\.log:gwt-log:.*$</gav>
-       <cpe>cpe:/a:google:web_toolkit</cpe>
-    </suppress>
-    <suppress>
-       <notes><![CDATA[
-       file name: gwt-servlet-2.8.0.jar
-       ]]></notes>
-       <gav regex="true">^com\.google\.gwt:gwt-servlet:.*$</gav>
-       <cpe>cpe:/a:google:protobuf</cpe>
-    </suppress>
-</suppressions>
diff --git a/parent/pom.xml b/parent/pom.xml
index 7467bd54ec..c37b14488a 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -989,10 +989,6 @@
         </property>
       </activation>
       <properties>
-        <!-- for OWASP: -->
-        <failBuildOnCVSS>10</failBuildOnCVSS>
-        <!-- this is a classpath resource from build-tools -->
-        <suppressionFile>zanata-build-tools/dependency-suppression.xml</suppressionFile>
         <!-- for ossindex: -->
         <audit.failOnError>false</audit.failOnError>
       </properties>
@@ -1024,26 +1020,6 @@
               </execution>
             </executions>
           </plugin>
-          <plugin>
-            <groupId>org.owasp</groupId>
-            <artifactId>dependency-check-maven</artifactId>
-            <version>3.1.2</version>
-            <executions>
-              <execution>
-                <phase>verify</phase>
-                <goals>
-                  <goal>aggregate</goal>
-                </goals>
-              </execution>
-            </executions>
-            <dependencies>
-              <dependency>
-                <groupId>org.zanata</groupId>
-                <artifactId>build-tools</artifactId>
-                <version>${project.version}</version>
-              </dependency>
-            </dependencies>
-          </plugin>
         </plugins>
       </build>
     </profile>