search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.27k stars 1.25k forks source link

[FP]: htmlunit-cssparser-1.12.0.jar flagged with cpe:2.3:a:htmlunit_project:htmlunit:1.12.0:*:*:*:*:*:*:* #4803

Closed cmuchinsky closed 1 year ago

cmuchinsky commented 1 year ago

Package URl

pkg:maven/net.sourceforge.htmlunit/htmlunit-cssparser@1.12.0

CPE

cpe:2.3:a:htmlunit_project:htmlunit:1.12.0:::::::*

CVE

CVE-2020-5529, CVE-2022-28366, CVE-2022-29546

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

7.1.2

Description

htmlunit-cssparser-1.12.0.jar flagged with cpe:2.3:a:htmlunit_project:htmlunit:1.12.0:::::::*

github-actions[bot] commented 1 year ago

Maven Coordinates

<dependency>
   <groupId>net.sourceforge.htmlunit</groupId>
   <artifactId>htmlunit-cssparser</artifactId>
   <version>1.12.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4803
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/net\.sourceforge\.htmlunit/htmlunit-cssparser@.*$</packageUrl>
   <cpe>cpe:/a:htmlunit_project:htmlunit</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2981682314

github-actions[bot] commented 1 year ago

Failed to automatically generate and publish the suppression rule! ❌

jeremylong commented 1 year ago

approved

github-actions[bot] commented 1 year ago

Failed to automatically generate and publish the suppression rule! ❌

jeremylong commented 1 year ago

approved

github-actions[bot] commented 1 year ago

Failed to automatically generate and publish the suppression rule!

Link to action run: https://github.com/jeremylong/DependencyCheck/actions/runs/3027982983

jeremylong commented 1 year ago

Sorry for the noise on this FP report - trying to figure out why some automation is not working...

jeremylong commented 1 year ago

approved

github-actions[bot] commented 1 year ago

Failed to automatically generate and publish the suppression rule!

Link to action run: https://github.com/jeremylong/DependencyCheck/actions/runs/3027999027

jeremylong commented 1 year ago

approved

github-actions[bot] commented 1 year ago

Failed to automatically generate and publish the suppression rule!

Link to action run: https://github.com/jeremylong/DependencyCheck/actions/runs/3028004031

jeremylong commented 1 year ago

approved

github-actions[bot] commented 1 year ago

Failed to automatically generate and publish the suppression rule!

Link to action run: https://github.com/jeremylong/DependencyCheck/actions/runs/3028020420

jeremylong commented 1 year ago

approved

github-actions[bot] commented 1 year ago

Failed to automatically generate and publish the suppression rule!

Link to action run: https://github.com/jeremylong/DependencyCheck/actions/runs/3028029663

jeremylong commented 1 year ago

approved

github-actions[bot] commented 1 year ago

Suppress rule has been added to the generatedSuppressions branch.