9 Commits

Author	SHA1	Message	Date
Andreas Svanberg	6bdd5c63ea	Suppress warning about CVE-2024-49203 (#71) ... https://nvd.nist.gov/vuln/detail/CVE-2024-49203 https://github.com/querydsl/querydsl/issues/3757 Basically if you allow untrusted user input to be used in the "ORDER BY" clause you can be vulnerable to SQL injection. I believe this is nonsense and akin to saying every Java application has a security vulnerability because JDBC allows you to execute arbitrary SQL if you do not properly use PreparedStatement with parameters over a string-concatenated Statement. Even if this is considered a valid vulnerability we do not, currently, allow untrusted user input to be used in the "ORDER BY" clause. Fixes #45 Reviewed-on: https://gitea.dsv.su.se/DMC/scipro/pulls/71 Reviewed-by: Tom Zhao <tom.zhao@dsv.su.se> Co-authored-by: Andreas Svanberg <andreass@dsv.su.se> Co-committed-by: Andreas Svanberg <andreass@dsv.su.se>	2025-01-09 12:54:43 +01:00
Andreas Svanberg	9654fea439	Supress bogus security vulnerability	2024-04-22 09:30:47 +02:00
Andreas Svanberg	f1187390ff	3368 3369 Suppress nonsense vulnerabilities	2024-04-16 13:22:37 +02:00
Andreas Svanberg	fa655a50f9	Suppress false security warning.	2023-06-29 09:52:05 +02:00
Andreas Svanberg	0e9c5c2b89	Suppress security warning that's not relevant ... The affected API is not used by SciPro nor any dependencies.	2023-03-23 12:52:29 +01:00
Andreas Svanberg	1174676038	Suppress false positive security vulnerability	2022-07-25 20:31:40 +02:00
Andreas Svanberg	091cd7218c	Suppress false flag security vulnerability ... It only applies to an Amazon hotpatch.	2022-07-04 10:16:41 +02:00
Andreas Svanberg	dd55a9d9e4	Suppress security vulnerability CVE-2021-43113 for itext since it affects version 7, and we use version 2.	2021-12-22 15:57:32 +01:00
Andreas Svanberg	8cac7eb4b3	Suppress false positives from Wicket bundling jQuery versions 1, 2, and 3 while only 3 is actually used.	2021-12-13 16:53:47 +01:00