Skip to content

Commit 7d56289

Browse files
TianlongLiangTianlongLiang
authored
Exclude fuzz test python and npm packages in scoreboard scan (#3871)
* exclude fuzz test for scoreboard scan * ci ignore osv-scanner.toml file name inconsistency
1 parent 217ba3b commit 7d56289

File tree

3 files changed

+85
-0
lines changed

3 files changed

+85
-0
lines changed

ci/coding_guidelines_check.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -180,6 +180,7 @@ def check_file_name(path: Path) -> bool:
180180
"docker-compose",
181181
"package-lock",
182182
"vite-env.d",
183+
"osv-scanner",
183184
]:
184185
return True
185186

tests/fuzz/wasm-mutator-fuzz/portal/osv-scanner.toml

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
# GHSA-67hx-6x53-jw92
2+
[[PackageOverrides]]
3+
name = "@babel/traverse"
4+
ecosystem = "npm"
5+
ignore = true
6+
reason = "Accepted known vulnerabilities for testing purposes"
7+
8+
# GHSA-67hx-6x53-jw92
9+
[[PackageOverrides]]
10+
name = "babel-traverse"
11+
ecosystem = "npm"
12+
ignore = true
13+
reason = "Accepted known vulnerabilities for testing purposes"
14+
15+
# GHSA-9c47-m6qq-7p4h
16+
[[PackageOverrides]]
17+
name = "json5"
18+
ecosystem = "npm"
19+
ignore = true
20+
reason = "Dependency not critical for security"
21+
22+
# GHSA-7fh5-64p2-3v2j
23+
[[PackageOverrides]]
24+
name = "postcss"
25+
ecosystem = "npm"
26+
ignore = true
27+
reason = "Vulnerabilities do not affect current use case"
28+
29+
# GHSA-gcx4-mw62-g8wm
30+
[[PackageOverrides]]
31+
name = "rollup"
32+
ecosystem = "npm"
33+
ignore = true
34+
reason = "Legacy build tool under controlled environment"
35+
36+
# GHSA-c2qf-rxjj-qqgw
37+
[[PackageOverrides]]
38+
name = "semver"
39+
ecosystem = "npm"
40+
ignore = true
41+
reason = "Version parsing is managed securely"
42+
43+
# GHSA-353f-5xf4-qw67
44+
# GHSA-c24v-8rfc-w8vw
45+
# GHSA-8jhw-289h-jh2g
46+
# GHSA-64vr-g452-qvp3
47+
# GHSA-9cwx-2883-4wfx
48+
[[PackageOverrides]]
49+
name = "vite"
50+
ecosystem = "npm"
51+
ignore = true
52+
reason = "Development server not exposed to untrusted networks"

tests/fuzz/wasm-mutator-fuzz/server/osv-scanner.toml

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
# GHSA-m2qf-hxjv-5gpq / PYSEC-2023-62
2+
[[PackageOverrides]]
3+
name = "Flask"
4+
ecosystem = "PyPI"
5+
ignore = true
6+
reason = "Accepted known vulnerabilities for testing purposes"
7+
8+
# GHSA-m2qf-hxjv-5gpq / PYSEC-2023-62
9+
[[PackageOverrides]]
10+
name = "flask"
11+
ecosystem = "PyPI"
12+
ignore = true
13+
reason = "Accepted known vulnerabilities for testing purposes"
14+
15+
# GHSA-84pr-m4jr-85g5
16+
# GHSA-hxwh-jpp2-84pm / PYSEC-2024-71
17+
[[PackageOverrides]]
18+
name = "flask-cors"
19+
ecosystem = "PyPI"
20+
ignore = true
21+
reason = "Accepted known vulnerabilities for testing purposes"
22+
23+
# GHSA-2g68-c3qc-8985
24+
# GHSA-hrfv-mqp8-q5rw / PYSEC-2023-221
25+
# GHSA-px8h-6qxv-m22q / PYSEC-2023-57
26+
# GHSA-xg9f-g7g7-2323 / PYSEC-2023-58
27+
# PYSEC-2022-203
28+
[[PackageOverrides]]
29+
name = "werkzeug"
30+
ecosystem = "PyPI"
31+
ignore = true
32+
reason = "Accepted known vulnerabilities for testing purposes"

0 commit comments

Comments
 (0)