Add semgrep exclude for openssl commands

Signed-off-by: Stewart X Addison <[email protected]>
adoptium · Nov 1, 2024 · 5595def · 5595def
1 parent 6947c6b
commit 5595def
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/tooling/reproducible/repro_common.sh b/tooling/reproducible/repro_common.sh
@@ -388,7 +388,11 @@ function tempSign() {
     echo "Generating temp signatures with openssl and adding them to exe/dll files in ${JDK_DIR}"
     selfCert="test"
 
+    # semgrep needs to ignore this as it objects to the password, but that
+    # is only used for generating a temporary dummy signature required for
+    # the comparison and not used for validating anything
     openssl req -x509 -quiet -newkey rsa:4096 -sha256 -days 3650 -passout pass:test -keyout $selfCert.key -out $selfCert.crt -subj "/CN=example.com" -addext "subjectAltName=DNS:example.com,DNS:*.example.com,IP:10.0.0.1"
+    # nosemgrep
     openssl pkcs12 -export -passout pass:test -passin pass:test -out $selfCert.pfx -inkey $selfCert.key -in $selfCert.crt
     FILES=$(find "${JDK_DIR}" -type f -name '*.exe' -o -name '*.dll')
     for f in $FILES