Skip to content

Commit

Permalink
CVE vulnerability CVE-2023-35116 (suppressed) and CVE-2023-2976 (fixe…
Browse files Browse the repository at this point in the history 
…d in bundle version 6.7.4) (#2237)

* Update bundle to 6.7.3

* Update bundle version

* Remove deleted module from config

* Add config so CVE scans run on forks

* Suppress false positive CVE-2023-35116 in jackson-databind
  • Loading branch information
@hugohills-regnosys
hugohills-regnosys authored Jul 3, 2023
1 parent 7c9d93b commit b1198aa
Show file tree
Hide file tree
Showing 44 changed files with 64 additions and 45 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/cve-scanning.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,11 @@ on:
- 'pom.xml'
- 'allow-list.xml'
- '.github/workflows/cve-scanning.yml'
pull_request:
paths:
- 'pom.xml'
- 'allow-list.xml'
- '.github/workflows/cve-scanning.yml'

jobs:
build:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/license-scanning.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
module-folder: ["./", "./examples", "./rosetta-source", "./rosetta-project", "./distribution", "./scheme-import"]
module-folder: ["./", "./examples", "./rosetta-source", "./rosetta-project", "./distribution"]
steps:
- uses: actions/checkout@v3
- name: Set up JDK 11
Expand Down
8 changes: 8 additions & 0 deletions allow-list.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,4 +42,12 @@
]]></notes>
<cve>CVE-2020-27225</cve>
</suppress>
<suppress>
<notes><![CDATA[
Suppress false positive CVE-2023-35116 in jackson-databind.
See issue https://github.com/FasterXML/jackson-databind/issues/3972
See CVE https://nvd.nist.gov/vuln/detail/CVE-2023-35116
]]></notes>
<cve>CVE-2023-35116</cve>
</suppress>
</suppressions>
8 changes: 7 additions & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@

<repoServerHost>oss.sonatype.org</repoServerHost>

<rosetta.bundle.version>6.7.0</rosetta.bundle.version>
<rosetta.bundle.version>6.7.4</rosetta.bundle.version>
<rosetta.code-gen.version>${rosetta.bundle.version}</rosetta.code-gen.version>
<rosetta.dsl.version>7.10.0</rosetta.dsl.version>

Expand All @@ -92,6 +92,7 @@
<jsoup.version>1.15.3</jsoup.version>
<jaxb.version>2.3.1</jaxb.version>
<slf4j-api.version>2.0.7</slf4j-api.version>
<guava.version>32.0.1-jre</guava.version>

<!-- test -->
<junit.version>5.9.1</junit.version>
Expand Down Expand Up @@ -365,6 +366,11 @@
<artifactId>slf4j-api</artifactId>
<version>${slf4j-api.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>${guava.version}</version>
</dependency>
<!-- test -->
<dependency>
<groupId>org.junit</groupId>
Expand Down
2 changes: 1 addition & 1 deletion ...sample-files/functions/cme-cleared-confirm-1-17/Basis-ex01-LIBOR-vs-SOFR-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2357,7 +2357,7 @@
} ]
},
"meta" : {
"globalKey" : "880cb4f9"
"globalKey" : "1d53651d"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...n/resources/cdm-sample-files/functions/cme-cleared-confirm-1-17/FRA-ex01-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1051,7 +1051,7 @@
} ]
},
"meta" : {
"globalKey" : "c54779a9"
"globalKey" : "c52f5b93"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...n/resources/cdm-sample-files/functions/cme-cleared-confirm-1-17/FRA-ex02-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1073,7 +1073,7 @@
} ]
},
"meta" : {
"globalKey" : "196feae2"
"globalKey" : "bdcdb2de"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...cdm-sample-files/functions/cme-cleared-confirm-1-17/IRS-ex01-Fixed-Float-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1789,7 +1789,7 @@
} ]
},
"meta" : {
"globalKey" : "76bd250c"
"globalKey" : "7695487a"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...cdm-sample-files/functions/cme-cleared-confirm-1-17/IRS-ex02-Fixed-Float-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2465,7 +2465,7 @@
} ]
},
"meta" : {
"globalKey" : "4ec654bf"
"globalKey" : "a1c2be07"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...s/cme-cleared-confirm-1-17/IRS-ex03-Fixed-Float-with-Amortizing-Schedule-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2547,7 +2547,7 @@
} ]
},
"meta" : {
"globalKey" : "4d6c5846"
"globalKey" : "bef2ef8a"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...functions/cme-cleared-confirm-1-17/IRS-ex04-Fixed-Float-with-Compounding-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3181,7 +3181,7 @@
} ]
},
"meta" : {
"globalKey" : "c368d1b3"
"globalKey" : "6874eaab"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...s/functions/cme-cleared-confirm-1-17/IRS-ex05-Fixed-Float-with-Long-Stub-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2581,7 +2581,7 @@
} ]
},
"meta" : {
"globalKey" : "30c03b14"
"globalKey" : "dc2d6688"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion .../functions/cme-cleared-confirm-1-17/IRS-ex06-Fixed-Float-Non-Deliverable-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1589,7 +1589,7 @@
} ]
},
"meta" : {
"globalKey" : "8b8f06bd"
"globalKey" : "8bb4d8ab"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ctions/cme-cleared-confirm-1-17/IRS-ex07-Fixed-Float-Zero-Coupon-BRL-CDI-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1645,7 +1645,7 @@
} ]
},
"meta" : {
"globalKey" : "fa382d09"
"globalKey" : "fa5e1a93"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ample-files/functions/cme-cleared-confirm-1-17/IRS-ex08-Fixed-Float-Zero-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1475,7 +1475,7 @@
} ]
},
"meta" : {
"globalKey" : "3851b1fe"
"globalKey" : "a98f6896"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...sources/cdm-sample-files/functions/cme-cleared-confirm-1-17/IRS-ex09-OIS-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1457,7 +1457,7 @@
} ]
},
"meta" : {
"globalKey" : "e7289ae9"
"globalKey" : "5206f4e5"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...sources/cdm-sample-files/functions/cme-cleared-confirm-1-17/IRS-ex10-OIS-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1457,7 +1457,7 @@
} ]
},
"meta" : {
"globalKey" : "2bc40cec"
"globalKey" : "97331c64"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...sources/cdm-sample-files/functions/cme-cleared-confirm-1-17/IRS-ex11-OIS-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2265,7 +2265,7 @@
} ]
},
"meta" : {
"globalKey" : "40cb2cec"
"globalKey" : "945cca14"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...s/functions/cme-cleared-confirm-1-17/SWAPTION_TERMINATED_DUE_TO_EXERCISE-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1941,7 +1941,7 @@
} ]
},
"meta" : {
"globalKey" : "f8d88b37"
"globalKey" : "f8f0ce1d"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...le-files/functions/cme-cleared-confirm-1-17/SWAP_CREATED_DUE_TO_EXERCISE-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1705,7 +1705,7 @@
} ]
},
"meta" : {
"globalKey" : "df9189d0"
"globalKey" : "dfa7dcb6"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ources/cdm-sample-files/functions/cme-cleared-confirm-1-17/Swaption-ex01-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3161,7 +3161,7 @@
} ]
},
"meta" : {
"globalKey" : "1c1f17a8"
"globalKey" : "1c06b546"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ources/cdm-sample-files/functions/cme-cleared-confirm-1-17/Swaption-ex02-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2251,7 +2251,7 @@
} ]
},
"meta" : {
"globalKey" : "db8483fe"
"globalKey" : "698f7386"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ctions/cme-cleared-confirm-1-17/Swaption-ex03-Straddle-Physical-Exercise-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3163,7 +3163,7 @@
} ]
},
"meta" : {
"globalKey" : "84a268af"
"globalKey" : "847a8d91"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ce/src/main/resources/cdm-sample-files/functions/dtcc-11-0/DDL_NewTrade1-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1019,7 +1019,7 @@
} ]
},
"meta" : {
"globalKey" : "9759e70f"
"globalKey" : "1ef82c3"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ce/src/main/resources/cdm-sample-files/functions/dtcc-11-0/DDL_NewTrade2-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1113,7 +1113,7 @@
} ]
},
"meta" : {
"globalKey" : "fd397bcd"
"globalKey" : "8b50ca2d"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ce/src/main/resources/cdm-sample-files/functions/dtcc-11-0/DDL_NewTrade3-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -915,7 +915,7 @@
} ]
},
"meta" : {
"globalKey" : "7e4d5644"
"globalKey" : "2a850d94"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ce/src/main/resources/cdm-sample-files/functions/dtcc-11-0/DDL_NewTrade4-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1057,7 +1057,7 @@
} ]
},
"meta" : {
"globalKey" : "d776389c"
"globalKey" : "84b15838"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ce/src/main/resources/cdm-sample-files/functions/dtcc-11-0/DDL_NewTrade5-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -783,7 +783,7 @@
} ]
},
"meta" : {
"globalKey" : "8e150014"
"globalKey" : "1cabd26c"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ce/src/main/resources/cdm-sample-files/functions/dtcc-11-0/DDL_NewTrade6-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -981,7 +981,7 @@
} ]
},
"meta" : {
"globalKey" : "6d405e4c"
"globalKey" : "12274664"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...unctions/fpml-5-10/processes/msg-cleared-alpha-trade-CFTC-SEC-and-canada-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1538,7 +1538,7 @@
} ]
},
"meta" : {
"globalKey" : "c8e3f5b9"
"globalKey" : "6e664fa5"
},
"party" : [ {
"businessUnit" : [ {
Expand Down
2 changes: 1 addition & 1 deletion ...ns/fpml-5-10/processes/msg-ex51-execution-advice-trade-initiation-C01-00-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -963,7 +963,7 @@
} ]
},
"meta" : {
"globalKey" : "bb8512d2"
"globalKey" : "bb5d5160"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...l-5-10/processes/msg-ex52-execution-advice-trade-partial-novation-C02-00-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1578,7 +1578,7 @@
} ]
},
"meta" : {
"globalKey" : "afeef302"
"globalKey" : "afd8b56c"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...esses/msg-ex53-execution-advice-trade-partial-novation-correction-C02-10-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1578,7 +1578,7 @@
} ]
},
"meta" : {
"globalKey" : "397bf93e"
"globalKey" : "396586dc"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...ns/fpml-5-10/processes/msg-ex58-execution-advice-trade-initiation-F01-00-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -899,7 +899,7 @@
} ]
},
"meta" : {
"globalKey" : "a89d04d9"
"globalKey" : "a87550f7"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...functions/fpml-5-10/processes/msg-ex63-execution-advice-trade-initiation-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1300,7 +1300,7 @@
} ]
},
"meta" : {
"globalKey" : "6edd04f9"
"globalKey" : "6ec6d667"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...es/functions/fpml-5-10/processes/msg-new-alpha-trade-CFTC-SEC-and-canada-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1538,7 +1538,7 @@
} ]
},
"meta" : {
"globalKey" : "cbf2e08e"
"globalKey" : "3dd4048e"
},
"party" : [ {
"businessUnit" : [ {
Expand Down
2 changes: 1 addition & 1 deletion ...les/functions/fpml-5-10/processes/msg-new-beta-trade-CFTC-SEC-and-canada-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1424,7 +1424,7 @@
} ]
},
"meta" : {
"globalKey" : "535b9c15"
"globalKey" : "e7f40091"
},
"party" : [ {
"businessUnit" : [ {
Expand Down
2 changes: 1 addition & 1 deletion ...le-files/functions/fpml-5-10/processes/msg-new-trade-CFTC-SEC-and-canada-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1538,7 +1538,7 @@
} ]
},
"meta" : {
"globalKey" : "de00cf57"
"globalKey" : "72664a43"
},
"party" : [ {
"businessUnit" : [ {
Expand Down
2 changes: 1 addition & 1 deletion ...m-sample-files/functions/fpml-5-10/processes/msg-new-trade-CFTC-clearing-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1328,7 +1328,7 @@
} ]
},
"meta" : {
"globalKey" : "ae083cd"
"globalKey" : "fd223625"
},
"party" : [ {
"meta" : {
Expand Down
2 changes: 1 addition & 1 deletion ...s/cdm-sample-files/functions/fpml-5-10/processes/msg-partial-termination-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1429,7 +1429,7 @@
} ]
},
"meta" : {
"globalKey" : "41579434"
"globalKey" : "cefacea8"
},
"party" : [ {
"businessUnit" : [ {
Expand Down
2 changes: 1 addition & 1 deletion ...-sample-files/functions/fpml-5-10/processes/msg-partial-termination-xccy-func-output.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -823,7 +823,7 @@
} ]
},
"meta" : {
"globalKey" : "1ddadcc7"
"globalKey" : "ab7e173b"
},
"party" : [ {
"businessUnit" : [ {
Expand Down
Loading

0 comments on commit b1198aa

Please sign in to comment.