fix: Add expected vulnerabilities to tests

afsmeira · afsmeira · commit 106b39458777 · 2026-04-14T14:06:29.000+01:00
diff --git a/docs/multiple-tests/all-patterns/results.xml b/docs/multiple-tests/all-patterns/results.xml
@@ -27,6 +27,18 @@
             message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2025-68161: Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification) (update to 2.25.3)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="1"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: Apache Log4j Core's  XmlLayout https://logging.apache.org/log4j/2.x/ma ...) (update to 2.25.4)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="1"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration) (update to 2.25.4)"
+            severity="warning"
+        />
         <error
             source="vulnerability_critical"
             line="2"
diff --git a/docs/multiple-tests/pattern-vulnerability-critical/results.xml b/docs/multiple-tests/pattern-vulnerability-critical/results.xml
@@ -43,7 +43,13 @@
         <error
             source="vulnerability_critical"
             line="14"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF) (update to 1.15.0)"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 1.15.0)"
+            severity="error"
+        />
+        <error
+            source="vulnerability_critical"
+            line="14"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: Axios is a promise based HTTP client for the browser and Node.js. Prio ...) (update to 1.15.0)"
             severity="error"
         />
     </file>
@@ -52,7 +58,13 @@
         <error
             source="vulnerability_critical"
             line="5"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF) (update to 1.15.0)"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2025-62718: axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization) (update to 1.15.0)"
+            severity="error"
+        />
+        <error
+            source="vulnerability_critical"
+            line="5"
+            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-40175: Axios is a promise based HTTP client for the browser and Node.js. Prio ...) (update to 1.15.0)"
             severity="error"
         />
     </file>
diff --git a/docs/multiple-tests/pattern-vulnerability-high/results.xml b/docs/multiple-tests/pattern-vulnerability-high/results.xml
@@ -112,6 +112,18 @@
             message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-25679: net/url: Incorrect parsing of IPv6 host literals in net/url) (update to 1.25.8)"
             severity="high"
         />
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32280: During chain building, the amount of work that is done is not correctl ...) (update to 1.25.9)"
+            severity="high"
+        />
+        <error
+            source="vulnerability_high"
+            line="5"
+            message="Insecure dependency golang/stdlib@v1.21.4 (CVE-2026-32282: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root) (update to 1.25.9)"
+            severity="high"
+        />
     </file>
 
     <file name="javascript/package-lock.json">
diff --git a/docs/multiple-tests/pattern-vulnerability-medium/results.xml b/docs/multiple-tests/pattern-vulnerability-medium/results.xml
@@ -239,6 +239,18 @@
             message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2021-44832: log4j-core: remote code execution via JDBC Appender) (update to 2.17.1)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="1"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: Apache Log4j Core's  XmlLayout https://logging.apache.org/log4j/2.x/ma ...) (update to 2.25.4)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="1"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration) (update to 2.25.4)"
+            severity="warning"
+        />
     </file>
 
     <file name="java/pom.xml">
@@ -254,6 +266,18 @@
             message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2025-68161: Apache Log4j: Apache Log4j Core: Information disclosure via missing TLS hostname verification) (update to 2.25.3)"
             severity="warning"
         />
+        <error
+            source="vulnerability_medium"
+            line="14"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34480: Apache Log4j Core's  XmlLayout https://logging.apache.org/log4j/2.x/ma ...) (update to 2.25.4)"
+            severity="warning"
+        />
+        <error
+            source="vulnerability_medium"
+            line="14"
+            message="Insecure dependency maven/org.apache.logging.log4j/log4j-core@2.17.0 (CVE-2026-34477: Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration) (update to 2.25.4)"
+            severity="warning"
+        />
     </file>
 
     <file name="javascript/package-lock.json">
@@ -271,8 +295,8 @@
         />
         <error
             source="vulnerability_medium"
-            line="14"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-39865: axios: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption) (update to 1.13.2)"
+            line="23"
+            message="Insecure dependency npm/follow-redirects@1.15.6 (GHSA-r4q5-vmmm-2653: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets) (update to 1.16.0)"
             severity="warning"
         />
     </file>
@@ -292,8 +316,8 @@
         />
         <error
             source="vulnerability_medium"
-            line="5"
-            message="Insecure dependency npm/axios@0.21.0 (CVE-2026-39865: axios: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption) (update to 1.13.2)"
+            line="12"
+            message="Insecure dependency npm/follow-redirects@1.15.6 (GHSA-r4q5-vmmm-2653: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets) (update to 1.16.0)"
             severity="warning"
         />
     </file>
