From 542b921b3d607059b745333410a7adbaf1cf5ed0 Mon Sep 17 00:00:00 2001
From: Bug Magnet <marco.nikic@mullvad.net>
Date: Wed, 30 Oct 2024 09:57:00 +0100
Subject: [PATCH] Ignore rexml vulnerabilities until 1st of May 2025

---
 ci/ios/upload-vm/osv-scanner.toml | 8 ++++++++
 ios/osv-scanner.toml              | 8 ++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 ci/ios/upload-vm/osv-scanner.toml
 create mode 100644 ios/osv-scanner.toml

diff --git a/ci/ios/upload-vm/osv-scanner.toml b/ci/ios/upload-vm/osv-scanner.toml
new file mode 100644
index 000000000000..6d05cc1f49b4
--- /dev/null
+++ b/ci/ios/upload-vm/osv-scanner.toml
@@ -0,0 +1,8 @@
+# Entire package ignored since there is a constant stream of newly found regular expression attacks.
+# All of these attacks rely on the input being malicious. We only use this package in our trusted
+# build environment with trusted inputs.
+[[PackageOverrides]]
+effectiveUntil = 2025-05-01 # Ignored for 6 months at a time, it is unlikely to be an issue.
+ignore = true
+name = "rexml"
+reason = "The XML payload is generated by Apple tooling which we trust"
\ No newline at end of file
diff --git a/ios/osv-scanner.toml b/ios/osv-scanner.toml
new file mode 100644
index 000000000000..6d05cc1f49b4
--- /dev/null
+++ b/ios/osv-scanner.toml
@@ -0,0 +1,8 @@
+# Entire package ignored since there is a constant stream of newly found regular expression attacks.
+# All of these attacks rely on the input being malicious. We only use this package in our trusted
+# build environment with trusted inputs.
+[[PackageOverrides]]
+effectiveUntil = 2025-05-01 # Ignored for 6 months at a time, it is unlikely to be an issue.
+ignore = true
+name = "rexml"
+reason = "The XML payload is generated by Apple tooling which we trust"
\ No newline at end of file