Skip to content

DDF-1192: Added default OWASP suppression rules.#4

Merged
shaundmorris merged 2 commits intocodice:masterfrom
lessarderic:DDF-1192-owasp-vulnerabilities
May 26, 2015
Merged

DDF-1192: Added default OWASP suppression rules.#4
shaundmorris merged 2 commits intocodice:masterfrom
lessarderic:DDF-1192-owasp-vulnerabilities

Conversation

@lessarderic
Copy link
Contributor

@lessarderic lessarderic commented May 20, 2015

Review on Reviewable

@lessarderic
Copy link
Contributor Author

lessarderic commented May 20, 2015

@shaundmorris, @pklinef

@shaundmorris
Copy link
Member

shaundmorris commented May 20, 2015

Review status: :shipit: all files reviewed, all discussions resolved, all commit checks successful.
Reviewed files:

  • pom.xml @ r1
  • support-owasp/pom.xml @ r1
  • support-owasp/src/main/resources/dependency-check-maven-config.xml @ r1

Comments from the review on Reviewable.io

@lessarderic
Copy link
Contributor Author

lessarderic commented May 20, 2015

@stustison: Please take a look at the last exclusion I added for CVE-2011-2730. I want to make sure my assumption is right.

@shaundmorris
Copy link
Member

shaundmorris commented May 21, 2015

Review status: :shipit: all files reviewed, all discussions resolved, all commit checks successful.
Reviewed files:

  • support-owasp/src/main/resources/dependency-check-maven-config.xml @ r2

Comments from the review on Reviewable.io

@lessarderic
Copy link
Contributor Author

lessarderic commented May 26, 2015

Talked to @stustison and he confirmed we're not using JSP's EL and we can safely suppress CVE-2011-2730.

@shaundmorris shaundmorris self-assigned this May 26, 2015
shaundmorris added a commit that referenced this pull request May 26, 2015
@shaundmorris
Merge pull request #4 from lessarderic/DDF-1192-owasp-vulnerabilities
642e6f7 
DDF-1192: Added default OWASP suppression rules.
@shaundmorris shaundmorris merged commit 642e6f7 into codice:master May 26, 2015
@lessarderic lessarderic deleted the DDF-1192-owasp-vulnerabilities branch August 25, 2015 16:11
@leo-sakh leo-sakh mentioned this pull request May 22, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@shaundmorris shaundmorris

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lessarderic @shaundmorris