This is an automated email from the ASF dual-hosted git repository.
abhishek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new 48b6d2abf9 skip org.owasp:dependency-check on extensions-contrib
modules and suppress false-positive gRPC CVEs (#15026)
48b6d2abf9 is described below
commit 48b6d2abf9728f152bbc60ad73a2bca5699e41cf
Author: Tejaswini Bandlamudi <[email protected]>
AuthorDate: Mon Sep 25 12:14:42 2023 +0530
skip org.owasp:dependency-check on extensions-contrib modules and suppress
false-positive gRPC CVEs (#15026)
---
extensions-contrib/aliyun-oss-extensions/pom.xml | 7 +++++++
extensions-contrib/ambari-metrics-emitter/pom.xml | 7 +++++++
extensions-contrib/cassandra-storage/pom.xml | 11 +++++++++++
extensions-contrib/cloudfiles-extensions/pom.xml | 11 +++++++++++
extensions-contrib/compressed-bigdecimal/pom.xml | 12 ++++++++++++
extensions-contrib/distinctcount/pom.xml | 11 +++++++++++
extensions-contrib/dropwizard-emitter/pom.xml | 12 ++++++++++++
extensions-contrib/druid-iceberg-extensions/pom.xml | 12 ++++++++++++
extensions-contrib/gce-extensions/pom.xml | 12 ++++++++++++
extensions-contrib/graphite-emitter/pom.xml | 12 ++++++++++++
extensions-contrib/influx-extensions/pom.xml | 7 +++++++
extensions-contrib/influxdb-emitter/pom.xml | 12 ++++++++++++
extensions-contrib/kafka-emitter/pom.xml | 12 ++++++++++++
extensions-contrib/kubernetes-overlord-extensions/pom.xml | 11 +++++++++++
extensions-contrib/materialized-view-maintenance/pom.xml | 11 +++++++++++
extensions-contrib/materialized-view-selection/pom.xml | 12 ++++++++++++
extensions-contrib/opentsdb-emitter/pom.xml | 12 ++++++++++++
extensions-contrib/prometheus-emitter/pom.xml | 12 ++++++++++++
extensions-contrib/redis-cache/pom.xml | 12 ++++++++++++
extensions-contrib/sqlserver-metadata-storage/pom.xml | 11 +++++++++++
extensions-contrib/statsd-emitter/pom.xml | 12 ++++++++++++
extensions-contrib/tdigestsketch/pom.xml | 11 +++++++++++
extensions-contrib/thrift-extensions/pom.xml | 7 +++++++
extensions-contrib/time-min-max/pom.xml | 12 ++++++++++++
extensions-contrib/virtual-columns/pom.xml | 11 +++++++++++
owasp-dependency-check-suppressions.xml | 9 +++++++++
26 files changed, 281 insertions(+)
diff --git a/extensions-contrib/aliyun-oss-extensions/pom.xml
b/extensions-contrib/aliyun-oss-extensions/pom.xml
index 34fed68c6c..43f7d558ad 100644
--- a/extensions-contrib/aliyun-oss-extensions/pom.xml
+++ b/extensions-contrib/aliyun-oss-extensions/pom.xml
@@ -168,6 +168,13 @@
</execution>
</executions>
</plugin>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
</plugins>
</build>
</project>
diff --git a/extensions-contrib/ambari-metrics-emitter/pom.xml
b/extensions-contrib/ambari-metrics-emitter/pom.xml
index 8f86205866..61400d1348 100644
--- a/extensions-contrib/ambari-metrics-emitter/pom.xml
+++ b/extensions-contrib/ambari-metrics-emitter/pom.xml
@@ -145,6 +145,13 @@
</ignoredUnusedDeclaredDependencies>
</configuration>
</plugin>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
</plugins>
</build>
</project>
diff --git a/extensions-contrib/cassandra-storage/pom.xml
b/extensions-contrib/cassandra-storage/pom.xml
index 4875a0cba7..458bb76137 100644
--- a/extensions-contrib/cassandra-storage/pom.xml
+++ b/extensions-contrib/cassandra-storage/pom.xml
@@ -173,4 +173,15 @@
</dependency>
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/cloudfiles-extensions/pom.xml
b/extensions-contrib/cloudfiles-extensions/pom.xml
index 25e00afbf8..de4466cca3 100644
--- a/extensions-contrib/cloudfiles-extensions/pom.xml
+++ b/extensions-contrib/cloudfiles-extensions/pom.xml
@@ -160,4 +160,15 @@
</dependency>
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/compressed-bigdecimal/pom.xml
b/extensions-contrib/compressed-bigdecimal/pom.xml
index 76612897ef..5a7b278f8b 100644
--- a/extensions-contrib/compressed-bigdecimal/pom.xml
+++ b/extensions-contrib/compressed-bigdecimal/pom.xml
@@ -142,4 +142,16 @@
<artifactId>jackson-annotations</artifactId>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/distinctcount/pom.xml
b/extensions-contrib/distinctcount/pom.xml
index 6a66b6bc6c..a0c1fb46cb 100644
--- a/extensions-contrib/distinctcount/pom.xml
+++ b/extensions-contrib/distinctcount/pom.xml
@@ -101,4 +101,15 @@
</dependency>
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/dropwizard-emitter/pom.xml
b/extensions-contrib/dropwizard-emitter/pom.xml
index a32f803fd5..e7f48e89b1 100644
--- a/extensions-contrib/dropwizard-emitter/pom.xml
+++ b/extensions-contrib/dropwizard-emitter/pom.xml
@@ -114,4 +114,16 @@
<scope>provided</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/druid-iceberg-extensions/pom.xml
b/extensions-contrib/druid-iceberg-extensions/pom.xml
index 69c75e26d9..2765d2aa59 100644
--- a/extensions-contrib/druid-iceberg-extensions/pom.xml
+++ b/extensions-contrib/druid-iceberg-extensions/pom.xml
@@ -357,4 +357,16 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/gce-extensions/pom.xml
b/extensions-contrib/gce-extensions/pom.xml
index 7de948366f..626b9e27c4 100644
--- a/extensions-contrib/gce-extensions/pom.xml
+++ b/extensions-contrib/gce-extensions/pom.xml
@@ -121,4 +121,16 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/graphite-emitter/pom.xml
b/extensions-contrib/graphite-emitter/pom.xml
index cb6712b9d2..1a2767a033 100644
--- a/extensions-contrib/graphite-emitter/pom.xml
+++ b/extensions-contrib/graphite-emitter/pom.xml
@@ -110,4 +110,16 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/influx-extensions/pom.xml
b/extensions-contrib/influx-extensions/pom.xml
index a8c0acec58..966d93c482 100644
--- a/extensions-contrib/influx-extensions/pom.xml
+++ b/extensions-contrib/influx-extensions/pom.xml
@@ -120,6 +120,13 @@
<id>strict</id>
<build>
<plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
</plugins>
</build>
</profile>
diff --git a/extensions-contrib/influxdb-emitter/pom.xml
b/extensions-contrib/influxdb-emitter/pom.xml
index ffa9b30c7c..83cea085ac 100644
--- a/extensions-contrib/influxdb-emitter/pom.xml
+++ b/extensions-contrib/influxdb-emitter/pom.xml
@@ -82,4 +82,16 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/kafka-emitter/pom.xml
b/extensions-contrib/kafka-emitter/pom.xml
index 92a8257b51..46ca7e6c49 100644
--- a/extensions-contrib/kafka-emitter/pom.xml
+++ b/extensions-contrib/kafka-emitter/pom.xml
@@ -117,4 +117,16 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/kubernetes-overlord-extensions/pom.xml
b/extensions-contrib/kubernetes-overlord-extensions/pom.xml
index 37c097394e..eacd69ed62 100644
--- a/extensions-contrib/kubernetes-overlord-extensions/pom.xml
+++ b/extensions-contrib/kubernetes-overlord-extensions/pom.xml
@@ -246,4 +246,15 @@
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/materialized-view-maintenance/pom.xml
b/extensions-contrib/materialized-view-maintenance/pom.xml
index f54f1e87df..d1e6bfa602 100644
--- a/extensions-contrib/materialized-view-maintenance/pom.xml
+++ b/extensions-contrib/materialized-view-maintenance/pom.xml
@@ -128,4 +128,15 @@
</dependency>
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/materialized-view-selection/pom.xml
b/extensions-contrib/materialized-view-selection/pom.xml
index d877d6fb81..e965b7d775 100644
--- a/extensions-contrib/materialized-view-selection/pom.xml
+++ b/extensions-contrib/materialized-view-selection/pom.xml
@@ -139,4 +139,16 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/opentsdb-emitter/pom.xml
b/extensions-contrib/opentsdb-emitter/pom.xml
index 45a36a1421..d1260b5453 100644
--- a/extensions-contrib/opentsdb-emitter/pom.xml
+++ b/extensions-contrib/opentsdb-emitter/pom.xml
@@ -93,4 +93,16 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/prometheus-emitter/pom.xml
b/extensions-contrib/prometheus-emitter/pom.xml
index ac1ad9ce92..2c0e7bcd6b 100644
--- a/extensions-contrib/prometheus-emitter/pom.xml
+++ b/extensions-contrib/prometheus-emitter/pom.xml
@@ -115,4 +115,16 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/redis-cache/pom.xml
b/extensions-contrib/redis-cache/pom.xml
index 15cb1532c8..5c3d6df507 100644
--- a/extensions-contrib/redis-cache/pom.xml
+++ b/extensions-contrib/redis-cache/pom.xml
@@ -116,5 +116,17 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/sqlserver-metadata-storage/pom.xml
b/extensions-contrib/sqlserver-metadata-storage/pom.xml
index bd276d8793..a311abebf3 100644
--- a/extensions-contrib/sqlserver-metadata-storage/pom.xml
+++ b/extensions-contrib/sqlserver-metadata-storage/pom.xml
@@ -85,4 +85,15 @@
</dependency>
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/statsd-emitter/pom.xml
b/extensions-contrib/statsd-emitter/pom.xml
index 32f8fb5e00..24c493b5b5 100644
--- a/extensions-contrib/statsd-emitter/pom.xml
+++ b/extensions-contrib/statsd-emitter/pom.xml
@@ -103,4 +103,16 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/tdigestsketch/pom.xml
b/extensions-contrib/tdigestsketch/pom.xml
index 948a1deb89..ff17035e7b 100644
--- a/extensions-contrib/tdigestsketch/pom.xml
+++ b/extensions-contrib/tdigestsketch/pom.xml
@@ -173,4 +173,15 @@
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/thrift-extensions/pom.xml
b/extensions-contrib/thrift-extensions/pom.xml
index e58a7f24fc..4908107b36 100644
--- a/extensions-contrib/thrift-extensions/pom.xml
+++ b/extensions-contrib/thrift-extensions/pom.xml
@@ -192,6 +192,13 @@
</execution>
</executions>
</plugin>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
</plugins>
</build>
</project>
diff --git a/extensions-contrib/time-min-max/pom.xml
b/extensions-contrib/time-min-max/pom.xml
index 34eaafe232..3d20d83f24 100644
--- a/extensions-contrib/time-min-max/pom.xml
+++ b/extensions-contrib/time-min-max/pom.xml
@@ -107,4 +107,16 @@
<scope>test</scope>
</dependency>
</dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/extensions-contrib/virtual-columns/pom.xml
b/extensions-contrib/virtual-columns/pom.xml
index b8af5c369c..64f359751c 100644
--- a/extensions-contrib/virtual-columns/pom.xml
+++ b/extensions-contrib/virtual-columns/pom.xml
@@ -86,4 +86,15 @@
</dependency>
</dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <skip>true</skip>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/owasp-dependency-check-suppressions.xml
b/owasp-dependency-check-suppressions.xml
index f8f9db2c15..2813623f7a 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -792,4 +792,13 @@
<packageUrl
regex="true">^pkg:maven/com\.squareup\.okio/okio@1..*$</packageUrl>
<cve>CVE-2023-3635</cve> <!-- Suppressed since okio requests in Druid are
internal, and not user-facing -->
</suppress>
+
+ <suppress>
+ <notes><![CDATA[
+ file name: grpc-context-1.27.2.jar
+ ]]></notes>
+ <packageUrl
regex="true">^pkg:maven/io\.grpc/[email protected]$</packageUrl>
+ <cve>CVE-2023-4785</cve> <!-- Not applicable to gRPC Java -
https://nvd.nist.gov/vuln/detail/CVE-2023-4785 -->
+ <cve>CVE-2023-33953</cve> <!-- Not applicable to gRPC Java -
https://cloud.google.com/support/bulletins#gcp-2023-022 -->
+ </suppress>
</suppressions>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
