Suppress CVE-2016-1000031 in dependency check

augustd · augustd · commit bd199f6f2fc4 · 2017-05-03T14:39:43.000-07:00
diff --git a/pom.xml b/pom.xml
@@ -7,7 +7,7 @@
     <packaging>jar</packaging>
 
     <prerequisites>
-        <maven>3.0</maven>
+        <maven>3.1</maven>
     </prerequisites>
 
     <parent>
@@ -291,6 +291,7 @@
                 <version>1.4.4</version>
                 <configuration>
                     <failBuildOnCVSS>1</failBuildOnCVSS>
+                    <suppressionFile>./suppressions.xml</suppressionFile>
                 </configuration>
                 <executions>
                     <execution>
diff --git a/suppressions.xml b/suppressions.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+    <suppress>
+        <notes><![CDATA[
+        This suppresses a specific cve for any test.jar in any directory.
+        ]]></notes>
+        <filePath regex="true">.*\bcommons-fileupload-1.3.2.jar</filePath>
+        <cve>CVE-2016-1000031</cve>
+    </suppress>
+</suppressions>
