Threema-Android-mirror/dependencyCheckSuppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <!-- You can add <suppress>...</suppress> entries in here. -->

    <!-- Ignore CVE-2020-8908: Used by exoplayer, but vulnerable code (createTempDir)
    is not used. -->
    <suppress>
        <notes><![CDATA[
        file name: guava-27.1-android.jar
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
        <cve>CVE-2020-8908</cve>
    </suppress>

    <!-- Ignore CVE-2021-29425: Vulnerable code (FileNameUtils.normalize) not used. -->
    <suppress>
        <notes><![CDATA[
        file name: commons-io-2.6.jar
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/commons\-io/commons\-io@.*$</packageUrl>
        <cve>CVE-2021-29425</cve>
    </suppress>

    <!-- Ignore CVE-2018-20200: It requires hooking into the running application, CVE is disputed.
    https://github.com/square/okhttp/issues/4967 -->
    <suppress>
        <notes><![CDATA[
        file name: okhttp-3.12.0.jar
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.squareup\.okhttp3/okhttp@.*$</packageUrl>
        <cve>CVE-2018-20200</cve>
    </suppress>

    <!-- Ignore wrong matches. -->
    <suppress>
        <packageUrl regex="true">^pkg:maven/org\.saltyrtc/saltyrtc\-task\-webrtc@.*$</packageUrl>
        <cpe>cpe:/a:webrtc_project:webrtc</cpe>
    </suppress>
    <suppress>
        <packageUrl regex="true">^pkg:maven/org\.saltyrtc/saltyrtc\-task\-webrtc@.*$</packageUrl>
        <cpe>cpe:/a:tasks:tasks</cpe>
    </suppress>
    <suppress>
        <packageUrl regex="true">^pkg:maven/com\.huawei\.hmf/tasks@.*$</packageUrl>
        <cpe>cpe:/a:tasks:tasks</cpe>
    </suppress>
    <suppress>
        <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib@.*$</packageUrl>
        <cpe>cpe:/a:jetbrains:kotlin</cpe>
    </suppress>
    <suppress>
        <packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-common@.*$</packageUrl>
        <cpe>cpe:/a:jetbrains:kotlin</cpe>
    </suppress>
</suppressions>