Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Import data from OSS-Fuzz #897

Merged
merged 1 commit into from
Nov 12, 2023
Merged

Import data from OSS-Fuzz #897

merged 1 commit into from
Nov 12, 2023

Conversation

ziadhany
Copy link
Collaborator

@ziadhany ziadhany commented Sep 4, 2022

using osv format #780 but we need to add support for oss-fuzz version , version range in univers and edit get_fixed_version

@TG1999
Copy link
Contributor

TG1999 commented Nov 18, 2022

@ziadhany please rebase your branch and add tests for oss-fuzz

@ziadhany
Copy link
Collaborator Author

@ziadhany please rebase your branch and add tests for oss-fuzz

I think we need to add Git Version/Version range aboutcode-org/univers#85 before merge this .

@TG1999
Copy link
Contributor

TG1999 commented Nov 21, 2022

@ziadhany does this importer only give Git Version/Version range ? In case it doesn't we can skip over the git version/ version range for now ( add a follow up issue for same in VCIO ) and ingest the rest of the data.

@ziadhany
Copy link
Collaborator Author

ziadhany commented Dec 4, 2022

@ziadhany does this importer only give Git Version/Version range ? In case it doesn't we can skip over the git version/ version range for now ( add a follow up issue for same in VCIO ) and ingest the rest of the data.

Most of the data uses the git version, and there are rare cases that use both versions like this :
https://github.com/google/oss-fuzz-vulns/blob/62c05499f6c77a6abf8ad1e84f252b0d1119f1d8/vulns/fluent-bit/OSV-2020-2017.yaml

https://github.com/google/oss-fuzz-vulns/search?p=1&q=fixed

@TG1999
Copy link
Contributor

TG1999 commented Dec 4, 2022

@ziadhany let's ingest the data where we can get versions that are parsable by univers for now and add a follow up issue to ingest git versions from OSS-Fuzz.

@ziadhany ziadhany mentioned this pull request Dec 6, 2022
Open
@pombredanne pombredanne added this to the v32.0.0 milestone Dec 8, 2022
@TG1999
Copy link
Contributor

TG1999 commented Dec 14, 2022

@ziadhany please run the importer and improver on this and provide the logs for same.

@ziadhany
Copy link
Collaborator Author

@ziadhany please run the importer and improver on this and provide the logs for same.

A lot of logs like this and the importer add just 2617 row in vulnerabilities_advisory table .
...

Unsupported fixed version type: '47e220942dfc68de777b91db1c2b3e81d0275e1b' for OSV id: 'OSV-2021-1724'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-80'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '0c4e9f7312637d512fec2b806570bfbea9da1aff'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2021-1694': error:KeyError('oss-fuzz')
Unsupported fixed version type: '0c4e9f7312637d512fec2b806570bfbea9da1aff' for OSV id: 'OSV-2021-1694'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '20face1eeb418935307731d4e2e4bada028c7ba7'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1774': error:KeyError('oss-fuzz')
Unsupported fixed version type: '20face1eeb418935307731d4e2e4bada028c7ba7' for OSV id: 'OSV-2021-1774'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-102'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1208'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '632230836e6a5aa347c037a66f478d752b62242a'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1685': error:KeyError('oss-fuzz')
Unsupported fixed version type: '632230836e6a5aa347c037a66f478d752b62242a' for OSV id: 'OSV-2021-1685'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1097'
Unsupported fixed version type: '4107288ebb23d418ff5c1a9d40c48a4f00950193' for OSV id: 'OSV-2021-1715'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-429'
Unsupported fixed version type: '0ae681ab1fd3475995418d00da1ccfe374f069cc' for OSV id: 'OSV-2020-1877'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-736'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '45e765e59a45b46dcb05e8c729689a7c0574a48c'}, {'fixed': '2a3129365d3bc0d4a41f107ef175920d1505d1f7'}]}], 'versions': ['ghostpdl-9.28rc1', 'ghostpdl-9.28rc2', 'ghostpdl-9.28rc3', 'ghostpdl-9.28rc4', 'ghostpdl-9.50', 'ghostpdl-9.51', 'ghostpdl-9.51rc1', 'ghostpdl-9.51rc2', 'ghostpdl-9.51rc2_test', 'ghostpdl-9.51rc2_test2', 'ghostpdl-9.51rc3', 'ghostpdl-9.52', 'ghostpdl-9.52-test-base-1', 'ghostpdl-9.52-test-base-2', 'ghostpdl-9.52-test-base-3', 'ghostpdl-9.52-test-base-4', 'ghostpdl-9.52-test-base-5', 'ghostpdl-9.52-test-base-6', 'ghostpdl-9.52.1', 'ghostpdl-9.53.0', 'ghostpdl-9.53.0-test-base-0', 'ghostpdl-9.53.0rc1', 'ghostpdl-9.53.0rc2', 'ghostpdl-9.53.1', 'ghostpdl-9.53.2', 'ghostpdl-9.53.3', 'ghostpdl-9.54.0', 'ghostpdl-9.54.0-test-base-0', 'ghostpdl-9.54.0rc1', 'ghostpdl-9.54.0rc1_test', 'ghostpdl-9.54.0rc1_test_002', 'ghostscript-9.50', 'ghostscript-9.51', 'ghostscript-9.52', 'gpdf_alpha1', 'gpdf_gs_text_filter_000', 'gpdf_gs_text_filter_001', 'gpdf_gs_text_filter_002', 'gpdf_gs_text_filter_003', 'gpdf_gs_text_filter_004', 'gpdf_gs_text_filter_005', 'gpdf_gs_text_filter_006', 'gpdf_gs_text_filter_007', 'gpdf_gs_text_filter_008', 'gpdf_gs_text_filter_009', 'gpdf_gs_text_filter_010', 'gpdf_gs_text_filter_011', 'gpdf_gs_text_filter_012', 'gpdf_gs_text_filter_013', 'gpdf_gs_text_filter_014', 'gpdf_gs_text_filter_015', 'gpdf_gs_text_filter_016', 'gpdf_gs_text_filter_017', 'gpdf_gs_text_filter_018', 'gpdf_gs_text_filter_019', 'gpdf_gs_text_filter_020', 'gpdf_gs_text_filter_021', 'gpdf_gs_text_filter_022', 'gpdf_gs_text_filter_023', 'gpdf_gs_text_filter_024', 'gpdf_gs_text_filter_025', 'gpdf_gs_text_filter_026', 'gpdf_gs_text_filter_027', 'gpdf_gs_text_filter_028', 'gpdf_gs_text_filter_029', 'gpdf_gs_text_filter_030', 'gs9.28-temp-for-testing-tag', 'rjj_9.53.2_test', 'robin_test_ref', 'robin_test_rev'], 'ecosystem_specific': {'introduced_range': 'f209fb3a0f50cd0a9974d8627a4ac7f358f60c8a:470897e484fb0bfaa8553e0ccd5b9db91eda008b', 'severity': 'HIGH'}} for OSV id: 'OSV-2021-803': error:KeyError('oss-fuzz')
Unsupported fixed version type: '2a3129365d3bc0d4a41f107ef175920d1505d1f7' for OSV id: 'OSV-2021-803'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '31e249d5cbd561d76dd2149ceee5fe3a2d84d658'}, {'fixed': '067d47b5efa3631ac58a62916136ad21cd9017df'}]}], 'versions': ['ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'null'}} for OSV id: 'OSV-2021-1788': error:KeyError('oss-fuzz')
Unsupported fixed version type: '067d47b5efa3631ac58a62916136ad21cd9017df' for OSV id: 'OSV-2021-1788'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '2be8b436910cfc8b013a13df000c3c854cf3c5c5'}, {'fixed': '067d47b5efa3631ac58a62916136ad21cd9017df'}]}], 'versions': ['ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1752': error:KeyError('oss-fuzz')
Unsupported fixed version type: '067d47b5efa3631ac58a62916136ad21cd9017df' for OSV id: 'OSV-2021-1752'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-270'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-271'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-686'
Unsupported fixed version type: 'd12d2085b5bd08ca1e813d97f3f7f7e630e791a0' for OSV id: 'OSV-2020-1880'
Unsupported fixed version type: 'a464804e35809e6bacee025accc25eecd246f9a4' for OSV id: 'OSV-2020-1880'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-496'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1021'
Unsupported fixed version type: '007b9aefb3f7d67001edf43976b0e58de215be0a' for OSV id: 'OSV-2021-1706'
Unsupported fixed version type: '20610dc28ee3cf7e64ad46f11e9b96fb3befba00' for OSV id: 'OSV-2021-668'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '866d8b4b104e2dcbd8352cf86edff28bbf9ad165'}, {'fixed': '07cfc24d532beadf23d50effa3b8a0bca45b849d'}]}], 'versions': ['ghostpdl-9.56.0-test-base-3'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2021-1741': error:KeyError('oss-fuzz')
Unsupported fixed version type: '07cfc24d532beadf23d50effa3b8a0bca45b849d' for OSV id: 'OSV-2021-1741'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': 'b0e070917438341e342000928ff35aacba0d95fa'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1717': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'b0e070917438341e342000928ff35aacba0d95fa' for OSV id: 'OSV-2021-1717'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-53'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-821'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-949'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '668917a10e7eada030f7d2dddec9f579fddeed3d'}, {'fixed': '889df15d7c69e1fc90c6491f574352cacf9bc065'}]}], 'versions': ['ghostpdl-9.52-test-base-3', 'ghostpdl-9.52-test-base-4', 'ghostpdl-9.52-test-base-5', 'ghostpdl-9.52-test-base-6'], 'ecosystem_specific': {'severity': 'MEDIUM', 'introduced_range': 'unknown:668917a10e7eada030f7d2dddec9f579fddeed3d'}} for OSV id: 'OSV-2020-1874': error:KeyError('oss-fuzz')
Unsupported fixed version type: '889df15d7c69e1fc90c6491f574352cacf9bc065' for OSV id: 'OSV-2020-1874'
Unsupported fixed version type: '3ce8214d8fc77be42eb6ad618c972113d4cb0d24' for OSV id: 'OSV-2021-1708'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-524'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-684'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-85'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-818'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': 'b0855fa22cd6ba447482ee2ae1c5e091428c4bc0'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1781': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'b0855fa22cd6ba447482ee2ae1c5e091428c4bc0' for OSV id: 'OSV-2021-1781'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '0f8c0b5742577e31e419e84fbf0bcd42db0c5f41'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1731': error:KeyError('oss-fuzz')
Unsupported fixed version type: '0f8c0b5742577e31e419e84fbf0bcd42db0c5f41' for OSV id: 'OSV-2021-1731'
Unsupported fixed version type: 'b503c46c124cf5aaa82a71e28f624f2ef2b71e71' for OSV id: 'OSV-2020-1879'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-97'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-339'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-278'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-229'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-772'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-79'
Unsupported fixed version type: '87688cd48fb52c305e159b785bd184232426a766' for OSV id: 'OSV-2020-1869'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-456'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-803'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '1ae55674f6d68eb6215d7d0f82610f636d81ad3d'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2021-1682': error:KeyError('oss-fuzz')
Unsupported fixed version type: '1ae55674f6d68eb6215d7d0f82610f636d81ad3d' for OSV id: 'OSV-2021-1682'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-415'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-888'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': 'f76cc1beb49646169f33437c522df8a14f70633d'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2022-18': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'f76cc1beb49646169f33437c522df8a14f70633d' for OSV id: 'OSV-2022-18'
Unsupported fixed version type: '87688cd48fb52c305e159b785bd184232426a766' for OSV id: 'OSV-2020-1886'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-47'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-829'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-726'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-523'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '1a3c64e7a65025ea024bd65cc726b6ec5dd0e172'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2021-1711': error:KeyError('oss-fuzz')
Unsupported fixed version type: '1a3c64e7a65025ea024bd65cc726b6ec5dd0e172' for OSV id: 'OSV-2021-1711'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1225'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-727'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-232'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '668917a10e7eada030f7d2dddec9f579fddeed3d'}, {'fixed': '0339cbecea80d8a835b316b56d1c75a6fb850e52'}]}], 'versions': ['ghostpdl-9.52-test-base-3', 'ghostpdl-9.52-test-base-4', 'ghostpdl-9.52-test-base-5', 'ghostpdl-9.52-test-base-6'], 'ecosystem_specific': {'introduced_range': 'unknown:668917a10e7eada030f7d2dddec9f579fddeed3d', 'severity': 'MEDIUM'}} for OSV id: 'OSV-2020-1873': error:KeyError('oss-fuzz')
Unsupported fixed version type: '0339cbecea80d8a835b316b56d1c75a6fb850e52' for OSV id: 'OSV-2020-1873'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2021-1806'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-218'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '82b097fe8e76ea92f69ef483f45c0cf491a98d43'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'null'}} for OSV id: 'OSV-2021-1690': error:KeyError('oss-fuzz')
Unsupported fixed version type: '82b097fe8e76ea92f69ef483f45c0cf491a98d43' for OSV id: 'OSV-2021-1690'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1214'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-536'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-643'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': 'e63504054baea4275af88e95418b5282c4394685'}, {'fixed': 'fe8965b8a179c083060b66a7db13cad171ff470b'}, {'introduced': 'bbdfaa56b00f2ba556476f0265e65e4ad370f641'}, {'fixed': 'ad4d12f6d848ebfde2485fd6c806901b7497a1c2'}]}], 'versions': ['ghostpdl-9.28rc2', 'ghostpdl-9.28rc3', 'ghostpdl-9.28rc4', 'ghostpdl-9.50', 'ghostpdl-9.51', 'ghostpdl-9.51rc1', 'ghostpdl-9.51rc2', 'ghostpdl-9.51rc2_test', 'ghostpdl-9.51rc2_test2', 'ghostpdl-9.51rc3', 'ghostpdl-9.52', 'ghostpdl-9.52-test-base-1', 'ghostpdl-9.52-test-base-3', 'ghostpdl-9.52-test-base-4', 'ghostpdl-9.52.1', 'ghostpdl-9.53.0', 'ghostpdl-9.53.0-test-base-0', 'ghostpdl-9.53.0rc1', 'ghostpdl-9.53.0rc2', 'ghostpdl-9.53.1', 'ghostpdl-9.53.2', 'ghostpdl-9.53.3', 'ghostpdl-9.54.0', 'ghostpdl-9.54.0-test-base-0', 'ghostpdl-9.54.0rc1_test', 'ghostscript-9.50', 'ghostscript-9.51', 'ghostscript-9.52', 'gpdf_alpha1', 'rjj_9.53.2_test'], 'ecosystem_specific': {'severity': 'HIGH'}, 'database_specific': {'fixed_range': '2aaa240515d77b486adfd9d217c32d3cad7683f5:ad4d12f6d848ebfde2485fd6c806901b7497a1c2'}} for OSV id: 'OSV-2021-717': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'fe8965b8a179c083060b66a7db13cad171ff470b' for OSV id: 'OSV-2021-717'
Unsupported fixed version type: 'ad4d12f6d848ebfde2485fd6c806901b7497a1c2' for OSV id: 'OSV-2021-717'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-121'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '321a00bd85a497c0b2424b906eb9e9d309e31321'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2021-1771': error:KeyError('oss-fuzz')
Unsupported fixed version type: '321a00bd85a497c0b2424b906eb9e9d309e31321' for OSV id: 'OSV-2021-1771'
Unsupported fixed version type: '9191f693bbfe5b70b91cb068d2fb38316aa0cc5e' for OSV id: 'OSV-2021-1709'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '8bd3f7dba33341b622b60e13446a9cc101447e76'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2022-3': error:KeyError('oss-fuzz')
Unsupported fixed version type: '8bd3f7dba33341b622b60e13446a9cc101447e76' for OSV id: 'OSV-2022-3'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-54'
Unsupported fixed version type: '141e5067e40d25ed3aa191589d4a325941efa57a' for OSV id: 'OSV-2021-312'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': 'f35924926cb35f08be5a12ded4a00eb2f42aed3e'}, {'fixed': '5fc8e7c0b656d4e2be8f5e316121f06039c35273'}, {'fixed': 'bbecd13cc34f3dcdcedd726e7de12c988da9794a'}, {'fixed': 'f5b7acb59c4f2e88591aab9f355813e0b7b68db5'}]}], 'versions': ['ghostpdl-9.51rc1'], 'ecosystem_specific': {'severity': 'HIGH'}, 'database_specific': {'fixed_range': 'cd5f21df6c710664ff0ba3f100ca5283d9367ed8:f5b7acb59c4f2e88591aab9f355813e0b7b68db5'}} for OSV id: 'OSV-2020-1875': error:KeyError('oss-fuzz')
Unsupported fixed version type: '5fc8e7c0b656d4e2be8f5e316121f06039c35273' for OSV id: 'OSV-2020-1875'
Unsupported fixed version type: 'bbecd13cc34f3dcdcedd726e7de12c988da9794a' for OSV id: 'OSV-2020-1875'
Unsupported fixed version type: 'f5b7acb59c4f2e88591aab9f355813e0b7b68db5' for OSV id: 'OSV-2020-1875'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': 'd3cd74af319b7b9bc72b6328bdd79fb4ff8082c3'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'null'}} for OSV id: 'OSV-2021-1689': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'd3cd74af319b7b9bc72b6328bdd79fb4ff8082c3' for OSV id: 'OSV-2021-1689'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1063'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-210'
Unsupported package type: PackageURL(type='generic', namespace=None, name='mapserver', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1013'
Unsupported package type: PackageURL(type='generic', namespace=None, name='mapserver', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1026'
Unsupported package type: PackageURL(type='generic', namespace=None, name='mapserver', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1052'
Unsupported package type: PackageURL(type='generic', namespace=None, name='mapserver', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1015'
Unsupported package type: PackageURL(type='generic', namespace=None, name='mapserver', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1041'
Unsupported fixed version type: '277d30749f15d3fd99649c9347867ddc2fe4f32e' for OSV id: 'OSV-2021-900'
Unsupported fixed version type: '26f4aa01153d7bdf182630e5eb410ea5685d9cff' for OSV id: 'OSV-2021-1015'
Unsupported fixed version type: '6c9bb2e4d6d312553185feea2173acc7fe0dabdb' for OSV id: 'OSV-2021-950'
Unsupported fixed version type: '91f768c1cb3bf9105d5296366876b13ac4118516' for OSV id: 'OSV-2021-950'
Unsupported fixed version type: '6c9bb2e4d6d312553185feea2173acc7fe0dabdb' for OSV id: 'OSV-2021-947'
Unsupported fixed version type: '91f768c1cb3bf9105d5296366876b13ac4118516' for OSV id: 'OSV-2021-947'
Unsupported fixed version type: 'e52893244f40dab90888f2990356c40a0ca1cf5e' for OSV id: 'OSV-2021-947'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'postgis', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://git.osgeo.org/gitea/postgis/postgis.git', 'events': [{'introduced': 'e0b9fcce14c44a6a3be8e79a4cb3a2d13e79fc7a'}, {'fixed': 'b1abe27db0869d345ac5c0240a21e322a725fff9'}]}], 'versions': ['3.0.0beta1', '3.0.0rc1'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2020-540': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'b1abe27db0869d345ac5c0240a21e322a725fff9' for OSV id: 'OSV-2020-540'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'postgis', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://git.osgeo.org/gitea/postgis/postgis.git', 'events': [{'introduced': 'f9ed41356bf26b475ae9600eca47d25d240fcdb2'}, {'fixed': 'a1b82509e40fcb5c4065a8fe1bf8b078e8a8373f'}]}], 'versions': ['3.0.0beta1', '3.0.0rc1'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2020-718': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'a1b82509e40fcb5c4065a8fe1bf8b078e8a8373f' for OSV id: 'OSV-2020-718'
Unsupported fixed version type: '3753c84ea46eeb86a0daf8da8c088342515b10dd' for OSV id: 'OSV-2020-290'
Unsupported fixed version type: 'd4852ee6da667d164373600d1bc8d205e2cdef6c' for OSV id: 'OSV-2021-144'
Unsupported fixed version type: '0bcf3488a4989c2724f0c4383401b0d0dcfc3dcc' for OSV id: 'OSV-2018-175'
Unsupported fixed version type: '580add2219c696e425087bc61b952f4ccb295f09' for OSV id: 'OSV-2017-97'
Unsupported package type: PackageURL(type='generic', namespace=None, name='librawspeed', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1128'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'librawspeed', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/darktable-org/rawspeed.git', 'events': [{'introduced': 'a9685b2b81fce6cb3b344a9e2eec001ee23a749f'}, {'fixed': '98d3ec824f0b4e498b175fb937b4217319d01450'}]}], 'versions': ['v3.1'], 'ecosystem_specific': {'severity': 'MEDIUM', 'fixed_range': '688fa9d819177e917b0102e9ce4d5680952ebe55:98d3ec824f0b4e498b175fb937b4217319d01450', 'introduced_range': 'a4bee717f1ce54a16526454f92c22f2b79c7a04f:90dbb09c639869fbb65ad9d7f073b3c22c541732'}} for OSV id: 'OSV-2018-19': error:KeyError('oss-fuzz')
Unsupported fixed version type: '98d3ec824f0b4e498b175fb937b4217319d01450' for OSV id: 'OSV-2018-19'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'librawspeed', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/darktable-org/rawspeed.git', 'events': [{'introduced': '23d5018f6b231d62daa6543094a85747beb9654a'}, {'fixed': 'dbe7591e54bad5e6430d38be6bed051582da76b9'}]}], 'versions': ['v3.1'], 'ecosystem_specific': {'fixed_range': '212b7a8ea10acaaf722509e291ed1f59df8010df:dbe7591e54bad5e6430d38be6bed051582da76b9', 'severity': 'HIGH', 'introduced_range': 'f0e9f60474d98883ab9343f584b73ca046263679:52da2b8fda29aa257088d91fb11877f909d578a2'}} for OSV id: 'OSV-2018-227': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'dbe7591e54bad5e6430d38be6bed051582da76b9' for OSV id: 'OSV-2018-227'
Unsupported package type: PackageURL(type='generic', namespace=None, name='librawspeed', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1199'
Unsupported fixed version type: '16b0853077eec08bccb74aec29bb395c6eb5e50c' for OSV id: 'OSV-2017-116'
Unsupported fixed version type: 'f1806ea3d0abd164e38da2fafe3d3479feb1d3e8' for OSV id: 'OSV-2017-73'
Unsupported fixed version type: 'e542162d9a96ad3bc7c05abace119cbbf2b184bc' for OSV id: 'OSV-2018-231'
Unsupported fixed version type: 'f8687facbba0b1cf6aa786c5cf7e7685e07bf624' for OSV id: 'OSV-2020-578'
Unsupported fixed version type: 'f15f940425eebf24ce66984db2445733cf500b7b' for OSV id: 'OSV-2020-2065'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-2002'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2061'
Unsupported fixed version type: 'aef502aca2b912fe24764b02161a61eacdf249ba' for OSV id: 'OSV-2020-503'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2076'
Unsupported fixed version type: 'fc461cc6d2b4b99b03cfacea68d84be876f9dea2' for OSV id: 'OSV-2020-1220'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1899'
Unsupported fixed version type: '2c13955d0649b2afc575bc5416dcedeffc8c01ec' for OSV id: 'OSV-2020-502'
Unsupported fixed version type: 'e3b90efed243779b5c4961c2f9d6f1cedfeb1f46' for OSV id: 'OSV-2020-555'
Unsupported fixed version type: '7058df945d4756169b67a1052f25fdc7f0df92ab' for OSV id: 'OSV-2020-1042'
Unsupported fixed version type: '519b0ff554e9713198bc3b3185da809be42be20c' for OSV id: 'OSV-2020-1049'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1855'
Unsupported fixed version type: '992c1c147175126c3fe7ab78216aa0395f9e6c71' for OSV id: 'OSV-2020-2074'
Unsupported fixed version type: '3b13c4cd65a8b93f779ddece7deefac5102ece5e' for OSV id: 'OSV-2020-2074'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1853'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2021-362'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-2007'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-2045'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2021-245'
Unsupported fixed version type: 'f15f940425eebf24ce66984db2445733cf500b7b' for OSV id: 'OSV-2021-245'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2107'
Unsupported fixed version type: '0c970c91788d71c777b91f778f0fda4e58d91839' for OSV id: 'OSV-2020-1172'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2263'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2115'
Unsupported fixed version type: '8159a25f20df4baec6b420201da846a26f7e6bca' for OSV id: 'OSV-2020-1296'
Unsupported fixed version type: '8dca82ab0d4548ab4d064229e293f2edb8f257ba' for OSV id: 'OSV-2020-261'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2021-204'
Unsupported fixed version type: '8159a25f20df4baec6b420201da846a26f7e6bca' for OSV id: 'OSV-2020-1115'
Unsupported fixed version type: 'aef502aca2b912fe24764b02161a61eacdf249ba' for OSV id: 'OSV-2020-692'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2068'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2021-37'
Unsupported fixed version type: 'd8cb746954c9052a428ba30207e2f2d1a08c238d' for OSV id: 'OSV-2020-1186'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1847'
Unsupported fixed version type: '992c1c147175126c3fe7ab78216aa0395f9e6c71' for OSV id: 'OSV-2020-2084'
Unsupported fixed version type: '3b13c4cd65a8b93f779ddece7deefac5102ece5e' for OSV id: 'OSV-2020-2084'
Unsupported fixed version type: '3999b227fc2255371b786ccec62cba3f47af37f5' for OSV id: 'OSV-2020-414'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'openh264', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/cisco/openh264.git', 'events': [{'introduced': '70eeb783515dbfee3e0c781d6667838caba5113b'}, {'fixed': '68b51e8aed5ea83bcbb9da90af03023ce54a5427'}, {'fixed': '989067645537fc54d547126adc5567b5fdc0fae2'}]}], 'versions': ['v2.0.0', 'v2.1.0', 'v2.1.1'], 'ecosystem_specific': {'introduced_range': 'unknown:70eeb783515dbfee3e0c781d6667838caba5113b', 'severity': 'HIGH'}} for OSV id: 'OSV-2020-1203': error:KeyError('oss-fuzz')
Unsupported fixed version type: '68b51e8aed5ea83bcbb9da90af03023ce54a5427' for OSV id: 'OSV-2020-1203'
Unsupported fixed version type: '989067645537fc54d547126adc5567b5fdc0fae2' for OSV id: 'OSV-2020-1203'
Unsupported fixed version type: '4c76c67e9b790fd40650c4e8a2a059603e8ce195' for OSV id: 'OSV-2020-1857'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1857'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2085'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2121'
Unsupported fixed version type: '1e2e87f07903b3dcf142b153bd92329eeb650984' for OSV id: 'OSV-2020-1127'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2141'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2063'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2297'
Unsupported fixed version type: 'f8687facbba0b1cf6aa786c5cf7e7685e07bf624' for OSV id: 'OSV-2020-1258'
Unsupported fixed version type: '519b0ff554e9713198bc3b3185da809be42be20c' for OSV id: 'OSV-2020-1098'
Unsupported fixed version type: 'be82ccf42fc044ae1ea0792837a9415eaf535002' for OSV id: 'OSV-2020-1041'
Unsupported fixed version type: '992c1c147175126c3fe7ab78216aa0395f9e6c71' for OSV id: 'OSV-2020-2274'
Unsupported fixed version type: 'f15f940425eebf24ce66984db2445733cf500b7b' for OSV id: 'OSV-2020-2274'
Unsupported fixed version type: 'be82ccf42fc044ae1ea0792837a9415eaf535002' for OSV id: 'OSV-2020-1312'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2062'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1898'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2067'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2097'
Unsupported fixed version type: 'aef502aca2b912fe24764b02161a61eacdf249ba' for OSV id: 'OSV-2020-681'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2093'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2078'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1852'
Unsupported fixed version type: '992c1c147175126c3fe7ab78216aa0395f9e6c71' for OSV id: 'OSV-2020-1852'
Unsupported fixed version type: 'e3b90efed243779b5c4961c2f9d6f1cedfeb1f46' for OSV id: 'OSV-2020-607'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2064'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'openh264', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/cisco/openh264.git', 'events': [{'introduced': '519b0ff554e9713198bc3b3185da809be42be20c'}, {'fixed': 'b52786888ddce9d6bc06b7825ba9bffc65924e0c'}, {'fixed': 'f15f940425eebf24ce66984db2445733cf500b7b'}]}], 'versions': ['v2.0.0', 'v2.1.0', 'v2.1.1'], 'ecosystem_specific': {'severity': 'MEDIUM'}, 'database_specific': {'fixed_range': '992c1c147175126c3fe7ab78216aa0395f9e6c71:f15f940425eebf24ce66984db2445733cf500b7b'}} for OSV id: 'OSV-2020-2091': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2091'
Unsupported fixed version type: 'f15f940425eebf24ce66984db2445733cf500b7b' for OSV id: 'OSV-2020-2091'
Unsupported fixed version type: '717fe1463d4f2025d8bbfd432a4cf9cdbfc9d35c' for OSV id: 'OSV-2020-1289'
Unsupported fixed version type: '717fe1463d4f2025d8bbfd432a4cf9cdbfc9d35c' for OSV id: 'OSV-2020-1250'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1854'
Unsupported fixed version type: '2c13955d0649b2afc575bc5416dcedeffc8c01ec' for OSV id: 'OSV-2020-671'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'openh264', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/cisco/openh264.git', 'events': [{'introduced': '84b5847d016eb2f77318feef88d930f13b6fab61'}, {'fixed': '901b92c7f3a8295a7335f9be447e667a7eec8075'}]}], 'versions': ['v2.0.0'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2020-736': error:KeyError('oss-fuzz')
Unsupported fixed version type: '901b92c7f3a8295a7335f9be447e667a7eec8075' for OSV id: 'OSV-2020-736'
Unsupported fixed version type: '206ed1cb2068e47df8b6e3ab03f062b339e0e5f3' for OSV id: 'OSV-2020-587'
Unsupported fixed version type: '3c6b51d4a1f5682f8144fef1553b0357d3d83aaf' for OSV id: 'OSV-2020-184'
Unsupported fixed version type: '55cb70a24a58fc73b7a2b9d1b2a49845668342cc' for OSV id: 'OSV-2017-52'
Unsupported fixed version type: '473e039b48fd72660dd00f4b52a2880cc0dd5632' for OSV id: 'OSV-2018-18'
Unsupported fixed version type: '46a8443f76cec4b41ec736eca396984c74664f84' for OSV id: 'OSV-2020-1280'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': '17ee4cf670c363de8d2ea4a4897d7a699837873f'}, {'fixed': '19ccebafb7663c422c714e0c67fa4775abf91c43'}]}], 'versions': ['FILE5_29', 'FILE5_30'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2017-134': error:KeyError('oss-fuzz')
Unsupported fixed version type: '19ccebafb7663c422c714e0c67fa4775abf91c43' for OSV id: 'OSV-2017-134'
Unsupported fixed version type: 'a317154a5acbdcc82db79063742481ce83abafe7' for OSV id: 'OSV-2016-1'
Unsupported package type: PackageURL(type='generic', namespace=None, name='file', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-468'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': '1562e15149268477b395ec71309d13f8be99a83b'}, {'fixed': 'dcda2612a5f38a3d9e15c0ac9a7d156d74b3a395'}]}], 'versions': ['FILE5_32', 'FILE5_33', 'FILE5_34', 'FILE5_35', 'FILE5_36'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2020-391': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'dcda2612a5f38a3d9e15c0ac9a7d156d74b3a395' for OSV id: 'OSV-2020-391'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': 'a317154a5acbdcc82db79063742481ce83abafe7'}, {'fixed': '6fc66d12c0ca172f4681adb63c6f662ac33cbc7c'}]}], 'versions': ['FILE5_30', 'FILE5_31', 'FILE5_32', 'FILE5_33', 'FILE5_34', 'FILE5_35', 'FILE5_36', 'FILE5_37', 'FILE5_38', 'FILE5_39'], 'ecosystem_specific': {'severity': 'MEDIUM', 'fixed_range': '100ff6d0edb3441962e518690b327186dbc0e652:6fc66d12c0ca172f4681adb63c6f662ac33cbc7c'}} for OSV id: 'OSV-2017-140': error:KeyError('oss-fuzz')
Unsupported fixed version type: '6fc66d12c0ca172f4681adb63c6f662ac33cbc7c' for OSV id: 'OSV-2017-140'
Unsupported package type: PackageURL(type='generic', namespace=None, name='file', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-534'
Unsupported fixed version type: '87f27958cfbb05d262504976f66db70c24d5061f' for OSV id: 'OSV-2018-15'
Unsupported package type: PackageURL(type='generic', namespace=None, name='file', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-924'
Unsupported fixed version type: '46df39b68e51fd803d382348c0059fcb2e40b5ef' for OSV id: 'OSV-2021-1322'
Unsupported fixed version type: '393dafa41b26a7d8ed593912e0ec1f1e7bd4e406' for OSV id: 'OSV-2017-102'
Unsupported fixed version type: 'c8ef8f414952634d217b2b5e19d38b92d0341bc2' for OSV id: 'OSV-2016-3'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': '583b3c262f0797ab4e7062e029003dde162b82ab'}, {'fixed': '8f3da601845253629efdda72f9341ed9762b3f2d'}]}], 'versions': ['FILE5_29'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2016-7': error:KeyError('oss-fuzz')
Unsupported fixed version type: '8f3da601845253629efdda72f9341ed9762b3f2d' for OSV id: 'OSV-2016-7'
Unsupported fixed version type: '29955546ee23b05359f2a4ed6986de590ed0b9f2' for OSV id: 'OSV-2020-75'
Unsupported fixed version type: 'a9c8d2a9493c4e0cd201db57801f3502e65c686c' for OSV id: 'OSV-2021-1238'
Unsupported fixed version type: '06de62c022138f63de9bcd04074491945eaa8662' for OSV id: 'OSV-2020-1193'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': 'f0a26da7b371127e4460cc6d2da1b410c3d85ad9'}, {'fixed': 'ecca6e54f49f251bb4c16fe145d04c2b45923dc3'}]}], 'versions': ['FILE5_36'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2020-535': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'ecca6e54f49f251bb4c16fe145d04c2b45923dc3' for OSV id: 'OSV-2020-535'
Unsupported fixed version type: '4f1887eb56f4abdf448274afc5abdc8f9d078929' for OSV id: 'OSV-2020-190'
Unsupported fixed version type: '8c16c9e3c9a82f859c3ed47c34c14eea6a3d7b18' for OSV id: 'OSV-2016-2'
Unsupported fixed version type: '8a667072e65294efa6a7b7d9a3bc417e145e0aea' for OSV id: 'OSV-2016-6'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': '17f892b32cc92f7505f02d198142c1a57204582f'}]}], 'versions': ['FILE5_30', 'FILE5_31', 'FILE5_32', 'FILE5_33', 'FILE5_34', 'FILE5_35', 'FILE5_36', 'FILE5_37', 'FILE5_38', 'FILE5_39', 'FILE5_40', 'FILE5_41', 'FILE5_42', 'FILE5_43'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2017-16': error:KeyError('oss-fuzz')
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': 'a317154a5acbdcc82db79063742481ce83abafe7'}, {'fixed': '6fc66d12c0ca172f4681adb63c6f662ac33cbc7c'}]}], 'versions': ['FILE5_30', 'FILE5_31', 'FILE5_32', 'FILE5_33', 'FILE5_34', 'FILE5_35', 'FILE5_36', 'FILE5_37', 'FILE5_38', 'FILE5_39'], 'ecosystem_specific': {'fixed_range': '100ff6d0edb3441962e518690b327186dbc0e652:6fc66d12c0ca172f4681adb63c6f662ac33cbc7c', 'severity': 'MEDIUM'}} for OSV id: 'OSV-2017-131': error:KeyError('oss-fuzz')
Unsupported fixed version type: '6fc66d12c0ca172f4681adb63c6f662ac33cbc7c' for OSV id: 'OSV-2017-131'
Unsupported package type: PackageURL(type='generic', namespace=None, name='file', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-952'
Unsupported package type: PackageURL(type='generic', namespace=None, name='file', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-923'
Unsupported fixed version type: '4f1887eb56f4abdf448274afc5abdc8f9d078929' for OSV id: 'OSV-2020-97'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'miniz', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/richgel999/miniz.git', 'events': [{'introduced': '1e7621d96cb9d0821c61db6f4e3ef36ddc19b0cd'}, {'fixed': 'b43f8a0c22d6bae6b5416264232f57a2aca539fe'}]}], 'versions': ['2.2.0'], 'ecosystem_specific': {'severity': 'MEDIUM'}, 'database_specific': {'fixed_range': 'd6566206ce120069708e77eff79cf117957b419a:b43f8a0c22d6bae6b5416264232f57a2aca539fe'}} for OSV id: 'OSV-2020-2151': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'b43f8a0c22d6bae6b5416264232f57a2aca539fe' for OSV id: 'OSV-2020-2151'
Unsupported fixed version type: '9457abb670a2c0a9f907d353bdf257593d0498a5' for OSV id: 'OSV-2020-2103'
Unsupported fixed version type: '488425c1b9fb8c8d0f1ef1ce7d665058880870e2' for OSV id: 'OSV-2021-882'
Unsupported package type: PackageURL(type='generic', namespace=None, name='cyclonedds', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-892'
Unsupported package type: PackageURL(type='generic', namespace=None, name='binutils', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-183'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'unbound', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/NLnetLabs/unbound', 'events': [{'introduced': '9b3f3101e3d0b027ef7a7b4370587724a57abac2'}, {'fixed': 'f37242566b3187c1d715af6d0e4e0c5b75ccafeb'}]}], 'versions': ['release-1.10.0', 'release-1.10.0rc1', 'release-1.10.0rc2', 'release-1.10.1'], 'ecosystem_specific': {'fixed_range': '4ccac696caf8826995c9db78af6074a5a1381f00:f37242566b3187c1d715af6d0e4e0c5b75ccafeb', 'severity': 'MEDIUM', 'introduced_range': 'e149bc70460268f7f559ce10ab7e3678a5baac0f:1e0c957dcd7b0b1e03ff2d8bf58fdbb147ce4978'}} for OSV id: 'OSV-2020-225': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'f37242566b3187c1d715af6d0e4e0c5b75ccafeb' for OSV id: 'OSV-2020-225'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'unbound', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/NLnetLabs/unbound', 'events': [{'introduced': '9b3f3101e3d0b027ef7a7b4370587724a57abac2'}, {'fixed': 'f37242566b3187c1d715af6d0e4e0c5b75ccafeb'}]}], 'versions': ['release-1.10.0', 'release-1.10.0rc1', 'release-1.10.0rc2', 'release-1.10.1'], 'ecosystem_specific': {'severity': 'MEDIUM', 'introduced_range': 'e149bc70460268f7f559ce10ab7e3678a5baac0f:1e0c957dcd7b0b1e03ff2d8bf58fdbb147ce4978', 'fixed_range': '4ccac696caf8826995c9db78af6074a5a1381f00:f37242566b3187c1d715af6d0e4e0c5b75ccafeb'}} for OSV id: 'OSV-2020-255': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'f37242566b3187c1d715af6d0e4e0c5b75ccafeb' for OSV id: 'OSV-2020-255'
Unsupported package type: PackageURL(type='generic', namespace=None, name='libdwarf', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-389'
Unsupported fixed version type: '11e404ca3c80893f59b1001f000c9390216c7e7a' for OSV id: 'OSV-2021-419'
Unsupported package type: PackageURL(type='generic', namespace=None, name='tmux', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-473'
Unsupported fixed version type: '5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40' for OSV id: 'OSV-2020-1478'
Unsupported package type: PackageURL(type='generic', namespace=None, name='stb', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2021-1787'
Unsupported fixed version type: '9cd6cdc0e55ec3d4c002313fd5f0e6b255e8e06c' for OSV id: 'OSV-2020-1892'
Unsupported fixed version type: 'b42009b3b9d4ca35bc703f5310eedc74f584be58' for OSV id: 'OSV-2020-1892'
Unsupported fixed version type: '8c15cc9c79bf6f180d74808657046caf2ec0b445' for OSV id: 'OSV-2021-979'
Unsupported fixed version type: 'b42009b3b9d4ca35bc703f5310eedc74f584be58' for OSV id: 'OSV-2020-1521'
Unsupported fixed version type: 'b42009b3b9d4ca35bc703f5310eedc74f584be58' for OSV id: 'OSV-2020-1472'
Unsupported fixed version type: '9cd6cdc0e55ec3d4c002313fd5f0e6b255e8e06c' for OSV id: 'OSV-2020-1897'
Unsupported fixed version type: 'b42009b3b9d4ca35bc703f5310eedc74f584be58' for OSV id: 'OSV-2020-1897'
Unsupported fixed version type: 'b42009b3b9d4ca35bc703f5310eedc74f584be58' for OSV id: 'OSV-2020-1380'
Unsupported package type: PackageURL(type='generic', namespace=None, name='osquery', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-763'
Successfully imported data using vulnerabilities.importers.oss_fuzz.OSS_FuzzImporter

And the improve logs :

Improving data using vulnerabilities.improvers.default.DefaultImprover
Successfully improved data using vulnerabilities.improvers.default.DefaultImprover

@TG1999 TG1999 marked this pull request as ready for review January 3, 2023 16:59
@TG1999
Copy link
Contributor

TG1999 commented Jan 12, 2023

@ziadhany please add tests

@TG1999 TG1999 modified the milestones: v32.0.0, v33.0.0 Jan 13, 2023
@ziadhany ziadhany force-pushed the oss-fuzz branch 2 times, most recently from ce96986 to 1f75c02 Compare January 14, 2023 13:32
TG1999
TG1999 requested changes Aug 22, 2023
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ziadhany Thanks++, some review comments for your consideration.

vulnerabilities/importers/oss_fuzz.py Show resolved Hide resolved
@ziadhany
Copy link
Collaborator Author

@TG1999
oss-fuzz logs : oss-fuzz-logs.zip

TG1999
TG1999 approved these changes Aug 31, 2023
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks ++

pombredanne
pombredanne reviewed Sep 7, 2023
View reviewed changes
vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-expected1.json Outdated
@@ -0,0 +1,20 @@
{
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rename these expected files to use the same base name as a the test data file with an -expected.json suffix. Here do not use oss-fuzz-expected1.json. Instead use oss-fuzz-data1.yaml-expected.json .... ths way the test data file and the expected results show up side by side.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

pombredanne
pombredanne approved these changes Sep 7, 2023
View reviewed changes
Copy link
Collaborator

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with a tiny nit for the test results expected file names

@TG1999
Copy link
Contributor

TG1999 commented Nov 10, 2023

@ziadhany thanks++ this looks good and we can merge it, please just resolve the merge conflicts.

@ziadhany
Rename expected files
887d43e 
Add OSSFuzzImprover to IMPROVERS_REGISTRY
Fix oss-fuzz test ( add weakness in expected test file )
Add oss-fuzz tests
Import data from oss_fuzz using osv format

Resolve merge conflicts

Signed-off-by: ziadhany <ziadhany2016@gmail.com>
@ziadhany
Copy link
Collaborator Author

@ziadhany thanks++ this looks good and we can merge it, please just resolve the merge conflicts.

Done

@TG1999 TG1999 merged commit 8f8190e into aboutcode-org:main Nov 12, 2023
7 checks passed
@ziadhany ziadhany deleted the oss-fuzz branch November 13, 2023 10:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pombredanne pombredanne pombredanne approved these changes

@TG1999 TG1999 TG1999 approved these changes

Assignees
No one assigned
Labels
Data collection Priority: high
Projects
None yet
Milestone
v33.0.0
Development

Successfully merging this pull request may close these issues.
3 participants
@ziadhany @TG1999 @pombredanne