DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

[FP]: mockito-junit-jupiter reported as `cpe:2.3:a:junit:junit4:4.7.0:*:*:*:*:*:*:*`

Open chadlwilson opened this issue 3 years ago • 2 comments

Package URl

pkg:maven/org.mockito/[email protected]

CPE

cpe:2.3:a:junit:junit4:4.7.0:*:*:*:*:*:*:*

CVE

CVE-2020-15250

ODC Integration

{"label"=>"Gradle Plugin"}

ODC Version

7.1.1

Description

mockito-junit-jupiter are add-ons to mockito itself, and versioned with mockito. It is different to JUnit itself.

chadlwilson avatar Aug 15 '22 10:08 chadlwilson

Error parsing package url: pkg:maven/org.mockito/[email protected].

Error: Error: purl is missing the required "pkg" scheme component.

Please correct the package URL - consider copying the package url from the HTML report.

github-actions[bot] avatar Aug 15 '22 10:08 github-actions[bot]

Maven Coordinates

<dependency>
   <groupId>org.mockito</groupId>
   <artifactId>mockito-junit-jupiter</artifactId>
   <version>4.7.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #4754
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.mockito/mockito-junit-jupiter@.*$</packageUrl>
   <cpe>cpe:/a:junit:junit4</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/2860138535

github-actions[bot] avatar Aug 15 '22 10:08 github-actions[bot]

approved

aikebah avatar Sep 20 '22 19:09 aikebah

Suppress rule has been added to the generatedSuppressions branch.

github-actions[bot] avatar Sep 20 '22 19:09 github-actions[bot]