Skip to content

Import data from OSS-Fuzz#897

Merged
TG1999 merged 1 commit into
aboutcode-org:mainfrom
ziadhany:oss-fuzz
Nov 12, 2023
Merged

Import data from OSS-Fuzz#897
TG1999 merged 1 commit into
aboutcode-org:mainfrom
ziadhany:oss-fuzz

Conversation

@ziadhany

@ziadhany ziadhany commented Sep 4, 2022

Copy link
Copy Markdown
Collaborator

using osv format #780 but we need to add support for oss-fuzz version , version range in univers and edit get_fixed_version

@TG1999

TG1999 commented Nov 18, 2022

Copy link
Copy Markdown
Contributor

@ziadhany please rebase your branch and add tests for oss-fuzz

@ziadhany

ziadhany commented Nov 20, 2022

Copy link
Copy Markdown
Collaborator Author

@ziadhany please rebase your branch and add tests for oss-fuzz

I think we need to add Git Version/Version range aboutcode-org/univers#85 before merge this .

@TG1999

TG1999 commented Nov 21, 2022

Copy link
Copy Markdown
Contributor

@ziadhany does this importer only give Git Version/Version range ? In case it doesn't we can skip over the git version/ version range for now ( add a follow up issue for same in VCIO ) and ingest the rest of the data.

@ziadhany

ziadhany commented Dec 4, 2022

Copy link
Copy Markdown
Collaborator Author

@ziadhany does this importer only give Git Version/Version range ? In case it doesn't we can skip over the git version/ version range for now ( add a follow up issue for same in VCIO ) and ingest the rest of the data.

Most of the data uses the git version, and there are rare cases that use both versions like this :
https://github.com/google/oss-fuzz-vulns/blob/62c05499f6c77a6abf8ad1e84f252b0d1119f1d8/vulns/fluent-bit/OSV-2020-2017.yaml

https://github.com/google/oss-fuzz-vulns/search?p=1&q=fixed

@TG1999

TG1999 commented Dec 4, 2022

Copy link
Copy Markdown
Contributor

@ziadhany let's ingest the data where we can get versions that are parsable by univers for now and add a follow up issue to ingest git versions from OSS-Fuzz.

@ziadhany ziadhany mentioned this pull request Dec 6, 2022
Closed
@pombredanne pombredanne added this to the v32.0.0 milestone Dec 8, 2022
@TG1999

TG1999 commented Dec 14, 2022

Copy link
Copy Markdown
Contributor

@ziadhany please run the importer and improver on this and provide the logs for same.

@ziadhany

ziadhany commented Dec 17, 2022

Copy link
Copy Markdown
Collaborator Author

@ziadhany please run the importer and improver on this and provide the logs for same.

A lot of logs like this and the importer add just 2617 row in vulnerabilities_advisory table .
...

Unsupported fixed version type: '47e220942dfc68de777b91db1c2b3e81d0275e1b' for OSV id: 'OSV-2021-1724'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-80'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '0c4e9f7312637d512fec2b806570bfbea9da1aff'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2021-1694': error:KeyError('oss-fuzz')
Unsupported fixed version type: '0c4e9f7312637d512fec2b806570bfbea9da1aff' for OSV id: 'OSV-2021-1694'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '20face1eeb418935307731d4e2e4bada028c7ba7'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1774': error:KeyError('oss-fuzz')
Unsupported fixed version type: '20face1eeb418935307731d4e2e4bada028c7ba7' for OSV id: 'OSV-2021-1774'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-102'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1208'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '632230836e6a5aa347c037a66f478d752b62242a'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1685': error:KeyError('oss-fuzz')
Unsupported fixed version type: '632230836e6a5aa347c037a66f478d752b62242a' for OSV id: 'OSV-2021-1685'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1097'
Unsupported fixed version type: '4107288ebb23d418ff5c1a9d40c48a4f00950193' for OSV id: 'OSV-2021-1715'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-429'
Unsupported fixed version type: '0ae681ab1fd3475995418d00da1ccfe374f069cc' for OSV id: 'OSV-2020-1877'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-736'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '45e765e59a45b46dcb05e8c729689a7c0574a48c'}, {'fixed': '2a3129365d3bc0d4a41f107ef175920d1505d1f7'}]}], 'versions': ['ghostpdl-9.28rc1', 'ghostpdl-9.28rc2', 'ghostpdl-9.28rc3', 'ghostpdl-9.28rc4', 'ghostpdl-9.50', 'ghostpdl-9.51', 'ghostpdl-9.51rc1', 'ghostpdl-9.51rc2', 'ghostpdl-9.51rc2_test', 'ghostpdl-9.51rc2_test2', 'ghostpdl-9.51rc3', 'ghostpdl-9.52', 'ghostpdl-9.52-test-base-1', 'ghostpdl-9.52-test-base-2', 'ghostpdl-9.52-test-base-3', 'ghostpdl-9.52-test-base-4', 'ghostpdl-9.52-test-base-5', 'ghostpdl-9.52-test-base-6', 'ghostpdl-9.52.1', 'ghostpdl-9.53.0', 'ghostpdl-9.53.0-test-base-0', 'ghostpdl-9.53.0rc1', 'ghostpdl-9.53.0rc2', 'ghostpdl-9.53.1', 'ghostpdl-9.53.2', 'ghostpdl-9.53.3', 'ghostpdl-9.54.0', 'ghostpdl-9.54.0-test-base-0', 'ghostpdl-9.54.0rc1', 'ghostpdl-9.54.0rc1_test', 'ghostpdl-9.54.0rc1_test_002', 'ghostscript-9.50', 'ghostscript-9.51', 'ghostscript-9.52', 'gpdf_alpha1', 'gpdf_gs_text_filter_000', 'gpdf_gs_text_filter_001', 'gpdf_gs_text_filter_002', 'gpdf_gs_text_filter_003', 'gpdf_gs_text_filter_004', 'gpdf_gs_text_filter_005', 'gpdf_gs_text_filter_006', 'gpdf_gs_text_filter_007', 'gpdf_gs_text_filter_008', 'gpdf_gs_text_filter_009', 'gpdf_gs_text_filter_010', 'gpdf_gs_text_filter_011', 'gpdf_gs_text_filter_012', 'gpdf_gs_text_filter_013', 'gpdf_gs_text_filter_014', 'gpdf_gs_text_filter_015', 'gpdf_gs_text_filter_016', 'gpdf_gs_text_filter_017', 'gpdf_gs_text_filter_018', 'gpdf_gs_text_filter_019', 'gpdf_gs_text_filter_020', 'gpdf_gs_text_filter_021', 'gpdf_gs_text_filter_022', 'gpdf_gs_text_filter_023', 'gpdf_gs_text_filter_024', 'gpdf_gs_text_filter_025', 'gpdf_gs_text_filter_026', 'gpdf_gs_text_filter_027', 'gpdf_gs_text_filter_028', 'gpdf_gs_text_filter_029', 'gpdf_gs_text_filter_030', 'gs9.28-temp-for-testing-tag', 'rjj_9.53.2_test', 'robin_test_ref', 'robin_test_rev'], 'ecosystem_specific': {'introduced_range': 'f209fb3a0f50cd0a9974d8627a4ac7f358f60c8a:470897e484fb0bfaa8553e0ccd5b9db91eda008b', 'severity': 'HIGH'}} for OSV id: 'OSV-2021-803': error:KeyError('oss-fuzz')
Unsupported fixed version type: '2a3129365d3bc0d4a41f107ef175920d1505d1f7' for OSV id: 'OSV-2021-803'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '31e249d5cbd561d76dd2149ceee5fe3a2d84d658'}, {'fixed': '067d47b5efa3631ac58a62916136ad21cd9017df'}]}], 'versions': ['ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'null'}} for OSV id: 'OSV-2021-1788': error:KeyError('oss-fuzz')
Unsupported fixed version type: '067d47b5efa3631ac58a62916136ad21cd9017df' for OSV id: 'OSV-2021-1788'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '2be8b436910cfc8b013a13df000c3c854cf3c5c5'}, {'fixed': '067d47b5efa3631ac58a62916136ad21cd9017df'}]}], 'versions': ['ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1752': error:KeyError('oss-fuzz')
Unsupported fixed version type: '067d47b5efa3631ac58a62916136ad21cd9017df' for OSV id: 'OSV-2021-1752'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-270'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-271'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-686'
Unsupported fixed version type: 'd12d2085b5bd08ca1e813d97f3f7f7e630e791a0' for OSV id: 'OSV-2020-1880'
Unsupported fixed version type: 'a464804e35809e6bacee025accc25eecd246f9a4' for OSV id: 'OSV-2020-1880'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-496'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1021'
Unsupported fixed version type: '007b9aefb3f7d67001edf43976b0e58de215be0a' for OSV id: 'OSV-2021-1706'
Unsupported fixed version type: '20610dc28ee3cf7e64ad46f11e9b96fb3befba00' for OSV id: 'OSV-2021-668'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '866d8b4b104e2dcbd8352cf86edff28bbf9ad165'}, {'fixed': '07cfc24d532beadf23d50effa3b8a0bca45b849d'}]}], 'versions': ['ghostpdl-9.56.0-test-base-3'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2021-1741': error:KeyError('oss-fuzz')
Unsupported fixed version type: '07cfc24d532beadf23d50effa3b8a0bca45b849d' for OSV id: 'OSV-2021-1741'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': 'b0e070917438341e342000928ff35aacba0d95fa'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1717': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'b0e070917438341e342000928ff35aacba0d95fa' for OSV id: 'OSV-2021-1717'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-53'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-821'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-949'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '668917a10e7eada030f7d2dddec9f579fddeed3d'}, {'fixed': '889df15d7c69e1fc90c6491f574352cacf9bc065'}]}], 'versions': ['ghostpdl-9.52-test-base-3', 'ghostpdl-9.52-test-base-4', 'ghostpdl-9.52-test-base-5', 'ghostpdl-9.52-test-base-6'], 'ecosystem_specific': {'severity': 'MEDIUM', 'introduced_range': 'unknown:668917a10e7eada030f7d2dddec9f579fddeed3d'}} for OSV id: 'OSV-2020-1874': error:KeyError('oss-fuzz')
Unsupported fixed version type: '889df15d7c69e1fc90c6491f574352cacf9bc065' for OSV id: 'OSV-2020-1874'
Unsupported fixed version type: '3ce8214d8fc77be42eb6ad618c972113d4cb0d24' for OSV id: 'OSV-2021-1708'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-524'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-684'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-85'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-818'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': 'b0855fa22cd6ba447482ee2ae1c5e091428c4bc0'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1781': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'b0855fa22cd6ba447482ee2ae1c5e091428c4bc0' for OSV id: 'OSV-2021-1781'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '0f8c0b5742577e31e419e84fbf0bcd42db0c5f41'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2021-1731': error:KeyError('oss-fuzz')
Unsupported fixed version type: '0f8c0b5742577e31e419e84fbf0bcd42db0c5f41' for OSV id: 'OSV-2021-1731'
Unsupported fixed version type: 'b503c46c124cf5aaa82a71e28f624f2ef2b71e71' for OSV id: 'OSV-2020-1879'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-97'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-339'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-278'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-229'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-772'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-79'
Unsupported fixed version type: '87688cd48fb52c305e159b785bd184232426a766' for OSV id: 'OSV-2020-1869'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-456'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-803'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '1ae55674f6d68eb6215d7d0f82610f636d81ad3d'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2021-1682': error:KeyError('oss-fuzz')
Unsupported fixed version type: '1ae55674f6d68eb6215d7d0f82610f636d81ad3d' for OSV id: 'OSV-2021-1682'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-415'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-888'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': 'f76cc1beb49646169f33437c522df8a14f70633d'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2022-18': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'f76cc1beb49646169f33437c522df8a14f70633d' for OSV id: 'OSV-2022-18'
Unsupported fixed version type: '87688cd48fb52c305e159b785bd184232426a766' for OSV id: 'OSV-2020-1886'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-47'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-829'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-726'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-523'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '1a3c64e7a65025ea024bd65cc726b6ec5dd0e172'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2021-1711': error:KeyError('oss-fuzz')
Unsupported fixed version type: '1a3c64e7a65025ea024bd65cc726b6ec5dd0e172' for OSV id: 'OSV-2021-1711'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1225'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-727'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-232'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '668917a10e7eada030f7d2dddec9f579fddeed3d'}, {'fixed': '0339cbecea80d8a835b316b56d1c75a6fb850e52'}]}], 'versions': ['ghostpdl-9.52-test-base-3', 'ghostpdl-9.52-test-base-4', 'ghostpdl-9.52-test-base-5', 'ghostpdl-9.52-test-base-6'], 'ecosystem_specific': {'introduced_range': 'unknown:668917a10e7eada030f7d2dddec9f579fddeed3d', 'severity': 'MEDIUM'}} for OSV id: 'OSV-2020-1873': error:KeyError('oss-fuzz')
Unsupported fixed version type: '0339cbecea80d8a835b316b56d1c75a6fb850e52' for OSV id: 'OSV-2020-1873'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2021-1806'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-218'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '82b097fe8e76ea92f69ef483f45c0cf491a98d43'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'null'}} for OSV id: 'OSV-2021-1690': error:KeyError('oss-fuzz')
Unsupported fixed version type: '82b097fe8e76ea92f69ef483f45c0cf491a98d43' for OSV id: 'OSV-2021-1690'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1214'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-536'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-643'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': 'e63504054baea4275af88e95418b5282c4394685'}, {'fixed': 'fe8965b8a179c083060b66a7db13cad171ff470b'}, {'introduced': 'bbdfaa56b00f2ba556476f0265e65e4ad370f641'}, {'fixed': 'ad4d12f6d848ebfde2485fd6c806901b7497a1c2'}]}], 'versions': ['ghostpdl-9.28rc2', 'ghostpdl-9.28rc3', 'ghostpdl-9.28rc4', 'ghostpdl-9.50', 'ghostpdl-9.51', 'ghostpdl-9.51rc1', 'ghostpdl-9.51rc2', 'ghostpdl-9.51rc2_test', 'ghostpdl-9.51rc2_test2', 'ghostpdl-9.51rc3', 'ghostpdl-9.52', 'ghostpdl-9.52-test-base-1', 'ghostpdl-9.52-test-base-3', 'ghostpdl-9.52-test-base-4', 'ghostpdl-9.52.1', 'ghostpdl-9.53.0', 'ghostpdl-9.53.0-test-base-0', 'ghostpdl-9.53.0rc1', 'ghostpdl-9.53.0rc2', 'ghostpdl-9.53.1', 'ghostpdl-9.53.2', 'ghostpdl-9.53.3', 'ghostpdl-9.54.0', 'ghostpdl-9.54.0-test-base-0', 'ghostpdl-9.54.0rc1_test', 'ghostscript-9.50', 'ghostscript-9.51', 'ghostscript-9.52', 'gpdf_alpha1', 'rjj_9.53.2_test'], 'ecosystem_specific': {'severity': 'HIGH'}, 'database_specific': {'fixed_range': '2aaa240515d77b486adfd9d217c32d3cad7683f5:ad4d12f6d848ebfde2485fd6c806901b7497a1c2'}} for OSV id: 'OSV-2021-717': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'fe8965b8a179c083060b66a7db13cad171ff470b' for OSV id: 'OSV-2021-717'
Unsupported fixed version type: 'ad4d12f6d848ebfde2485fd6c806901b7497a1c2' for OSV id: 'OSV-2021-717'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-121'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '321a00bd85a497c0b2424b906eb9e9d309e31321'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2021-1771': error:KeyError('oss-fuzz')
Unsupported fixed version type: '321a00bd85a497c0b2424b906eb9e9d309e31321' for OSV id: 'OSV-2021-1771'
Unsupported fixed version type: '9191f693bbfe5b70b91cb068d2fb38316aa0cc5e' for OSV id: 'OSV-2021-1709'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': '8bd3f7dba33341b622b60e13446a9cc101447e76'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2', 'ghostpdl-9.56.0-test-base-3', 'ghostpdl-9.56.0-test-base-4'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2022-3': error:KeyError('oss-fuzz')
Unsupported fixed version type: '8bd3f7dba33341b622b60e13446a9cc101447e76' for OSV id: 'OSV-2022-3'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-54'
Unsupported fixed version type: '141e5067e40d25ed3aa191589d4a325941efa57a' for OSV id: 'OSV-2021-312'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': 'f35924926cb35f08be5a12ded4a00eb2f42aed3e'}, {'fixed': '5fc8e7c0b656d4e2be8f5e316121f06039c35273'}, {'fixed': 'bbecd13cc34f3dcdcedd726e7de12c988da9794a'}, {'fixed': 'f5b7acb59c4f2e88591aab9f355813e0b7b68db5'}]}], 'versions': ['ghostpdl-9.51rc1'], 'ecosystem_specific': {'severity': 'HIGH'}, 'database_specific': {'fixed_range': 'cd5f21df6c710664ff0ba3f100ca5283d9367ed8:f5b7acb59c4f2e88591aab9f355813e0b7b68db5'}} for OSV id: 'OSV-2020-1875': error:KeyError('oss-fuzz')
Unsupported fixed version type: '5fc8e7c0b656d4e2be8f5e316121f06039c35273' for OSV id: 'OSV-2020-1875'
Unsupported fixed version type: 'bbecd13cc34f3dcdcedd726e7de12c988da9794a' for OSV id: 'OSV-2020-1875'
Unsupported fixed version type: 'f5b7acb59c4f2e88591aab9f355813e0b7b68db5' for OSV id: 'OSV-2020-1875'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'ghostscript', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'git://git.ghostscript.com/ghostpdl.git', 'events': [{'introduced': '75fbddf52051987287e62d13c659eb73ba16982f'}, {'fixed': 'd3cd74af319b7b9bc72b6328bdd79fb4ff8082c3'}]}], 'versions': ['ghostpdl-9.56.0-test-base-2'], 'ecosystem_specific': {'severity': 'null'}} for OSV id: 'OSV-2021-1689': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'd3cd74af319b7b9bc72b6328bdd79fb4ff8082c3' for OSV id: 'OSV-2021-1689'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1063'
Unsupported package type: PackageURL(type='generic', namespace=None, name='ghostscript', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-210'
Unsupported package type: PackageURL(type='generic', namespace=None, name='mapserver', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1013'
Unsupported package type: PackageURL(type='generic', namespace=None, name='mapserver', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1026'
Unsupported package type: PackageURL(type='generic', namespace=None, name='mapserver', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1052'
Unsupported package type: PackageURL(type='generic', namespace=None, name='mapserver', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1015'
Unsupported package type: PackageURL(type='generic', namespace=None, name='mapserver', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1041'
Unsupported fixed version type: '277d30749f15d3fd99649c9347867ddc2fe4f32e' for OSV id: 'OSV-2021-900'
Unsupported fixed version type: '26f4aa01153d7bdf182630e5eb410ea5685d9cff' for OSV id: 'OSV-2021-1015'
Unsupported fixed version type: '6c9bb2e4d6d312553185feea2173acc7fe0dabdb' for OSV id: 'OSV-2021-950'
Unsupported fixed version type: '91f768c1cb3bf9105d5296366876b13ac4118516' for OSV id: 'OSV-2021-950'
Unsupported fixed version type: '6c9bb2e4d6d312553185feea2173acc7fe0dabdb' for OSV id: 'OSV-2021-947'
Unsupported fixed version type: '91f768c1cb3bf9105d5296366876b13ac4118516' for OSV id: 'OSV-2021-947'
Unsupported fixed version type: 'e52893244f40dab90888f2990356c40a0ca1cf5e' for OSV id: 'OSV-2021-947'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'postgis', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://git.osgeo.org/gitea/postgis/postgis.git', 'events': [{'introduced': 'e0b9fcce14c44a6a3be8e79a4cb3a2d13e79fc7a'}, {'fixed': 'b1abe27db0869d345ac5c0240a21e322a725fff9'}]}], 'versions': ['3.0.0beta1', '3.0.0rc1'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2020-540': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'b1abe27db0869d345ac5c0240a21e322a725fff9' for OSV id: 'OSV-2020-540'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'postgis', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://git.osgeo.org/gitea/postgis/postgis.git', 'events': [{'introduced': 'f9ed41356bf26b475ae9600eca47d25d240fcdb2'}, {'fixed': 'a1b82509e40fcb5c4065a8fe1bf8b078e8a8373f'}]}], 'versions': ['3.0.0beta1', '3.0.0rc1'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2020-718': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'a1b82509e40fcb5c4065a8fe1bf8b078e8a8373f' for OSV id: 'OSV-2020-718'
Unsupported fixed version type: '3753c84ea46eeb86a0daf8da8c088342515b10dd' for OSV id: 'OSV-2020-290'
Unsupported fixed version type: 'd4852ee6da667d164373600d1bc8d205e2cdef6c' for OSV id: 'OSV-2021-144'
Unsupported fixed version type: '0bcf3488a4989c2724f0c4383401b0d0dcfc3dcc' for OSV id: 'OSV-2018-175'
Unsupported fixed version type: '580add2219c696e425087bc61b952f4ccb295f09' for OSV id: 'OSV-2017-97'
Unsupported package type: PackageURL(type='generic', namespace=None, name='librawspeed', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1128'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'librawspeed', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/darktable-org/rawspeed.git', 'events': [{'introduced': 'a9685b2b81fce6cb3b344a9e2eec001ee23a749f'}, {'fixed': '98d3ec824f0b4e498b175fb937b4217319d01450'}]}], 'versions': ['v3.1'], 'ecosystem_specific': {'severity': 'MEDIUM', 'fixed_range': '688fa9d819177e917b0102e9ce4d5680952ebe55:98d3ec824f0b4e498b175fb937b4217319d01450', 'introduced_range': 'a4bee717f1ce54a16526454f92c22f2b79c7a04f:90dbb09c639869fbb65ad9d7f073b3c22c541732'}} for OSV id: 'OSV-2018-19': error:KeyError('oss-fuzz')
Unsupported fixed version type: '98d3ec824f0b4e498b175fb937b4217319d01450' for OSV id: 'OSV-2018-19'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'librawspeed', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/darktable-org/rawspeed.git', 'events': [{'introduced': '23d5018f6b231d62daa6543094a85747beb9654a'}, {'fixed': 'dbe7591e54bad5e6430d38be6bed051582da76b9'}]}], 'versions': ['v3.1'], 'ecosystem_specific': {'fixed_range': '212b7a8ea10acaaf722509e291ed1f59df8010df:dbe7591e54bad5e6430d38be6bed051582da76b9', 'severity': 'HIGH', 'introduced_range': 'f0e9f60474d98883ab9343f584b73ca046263679:52da2b8fda29aa257088d91fb11877f909d578a2'}} for OSV id: 'OSV-2018-227': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'dbe7591e54bad5e6430d38be6bed051582da76b9' for OSV id: 'OSV-2018-227'
Unsupported package type: PackageURL(type='generic', namespace=None, name='librawspeed', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-1199'
Unsupported fixed version type: '16b0853077eec08bccb74aec29bb395c6eb5e50c' for OSV id: 'OSV-2017-116'
Unsupported fixed version type: 'f1806ea3d0abd164e38da2fafe3d3479feb1d3e8' for OSV id: 'OSV-2017-73'
Unsupported fixed version type: 'e542162d9a96ad3bc7c05abace119cbbf2b184bc' for OSV id: 'OSV-2018-231'
Unsupported fixed version type: 'f8687facbba0b1cf6aa786c5cf7e7685e07bf624' for OSV id: 'OSV-2020-578'
Unsupported fixed version type: 'f15f940425eebf24ce66984db2445733cf500b7b' for OSV id: 'OSV-2020-2065'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-2002'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2061'
Unsupported fixed version type: 'aef502aca2b912fe24764b02161a61eacdf249ba' for OSV id: 'OSV-2020-503'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2076'
Unsupported fixed version type: 'fc461cc6d2b4b99b03cfacea68d84be876f9dea2' for OSV id: 'OSV-2020-1220'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1899'
Unsupported fixed version type: '2c13955d0649b2afc575bc5416dcedeffc8c01ec' for OSV id: 'OSV-2020-502'
Unsupported fixed version type: 'e3b90efed243779b5c4961c2f9d6f1cedfeb1f46' for OSV id: 'OSV-2020-555'
Unsupported fixed version type: '7058df945d4756169b67a1052f25fdc7f0df92ab' for OSV id: 'OSV-2020-1042'
Unsupported fixed version type: '519b0ff554e9713198bc3b3185da809be42be20c' for OSV id: 'OSV-2020-1049'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1855'
Unsupported fixed version type: '992c1c147175126c3fe7ab78216aa0395f9e6c71' for OSV id: 'OSV-2020-2074'
Unsupported fixed version type: '3b13c4cd65a8b93f779ddece7deefac5102ece5e' for OSV id: 'OSV-2020-2074'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1853'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2021-362'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-2007'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-2045'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2021-245'
Unsupported fixed version type: 'f15f940425eebf24ce66984db2445733cf500b7b' for OSV id: 'OSV-2021-245'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2107'
Unsupported fixed version type: '0c970c91788d71c777b91f778f0fda4e58d91839' for OSV id: 'OSV-2020-1172'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2263'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2115'
Unsupported fixed version type: '8159a25f20df4baec6b420201da846a26f7e6bca' for OSV id: 'OSV-2020-1296'
Unsupported fixed version type: '8dca82ab0d4548ab4d064229e293f2edb8f257ba' for OSV id: 'OSV-2020-261'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2021-204'
Unsupported fixed version type: '8159a25f20df4baec6b420201da846a26f7e6bca' for OSV id: 'OSV-2020-1115'
Unsupported fixed version type: 'aef502aca2b912fe24764b02161a61eacdf249ba' for OSV id: 'OSV-2020-692'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2068'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2021-37'
Unsupported fixed version type: 'd8cb746954c9052a428ba30207e2f2d1a08c238d' for OSV id: 'OSV-2020-1186'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1847'
Unsupported fixed version type: '992c1c147175126c3fe7ab78216aa0395f9e6c71' for OSV id: 'OSV-2020-2084'
Unsupported fixed version type: '3b13c4cd65a8b93f779ddece7deefac5102ece5e' for OSV id: 'OSV-2020-2084'
Unsupported fixed version type: '3999b227fc2255371b786ccec62cba3f47af37f5' for OSV id: 'OSV-2020-414'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'openh264', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/cisco/openh264.git', 'events': [{'introduced': '70eeb783515dbfee3e0c781d6667838caba5113b'}, {'fixed': '68b51e8aed5ea83bcbb9da90af03023ce54a5427'}, {'fixed': '989067645537fc54d547126adc5567b5fdc0fae2'}]}], 'versions': ['v2.0.0', 'v2.1.0', 'v2.1.1'], 'ecosystem_specific': {'introduced_range': 'unknown:70eeb783515dbfee3e0c781d6667838caba5113b', 'severity': 'HIGH'}} for OSV id: 'OSV-2020-1203': error:KeyError('oss-fuzz')
Unsupported fixed version type: '68b51e8aed5ea83bcbb9da90af03023ce54a5427' for OSV id: 'OSV-2020-1203'
Unsupported fixed version type: '989067645537fc54d547126adc5567b5fdc0fae2' for OSV id: 'OSV-2020-1203'
Unsupported fixed version type: '4c76c67e9b790fd40650c4e8a2a059603e8ce195' for OSV id: 'OSV-2020-1857'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1857'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2085'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2121'
Unsupported fixed version type: '1e2e87f07903b3dcf142b153bd92329eeb650984' for OSV id: 'OSV-2020-1127'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2141'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2063'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2297'
Unsupported fixed version type: 'f8687facbba0b1cf6aa786c5cf7e7685e07bf624' for OSV id: 'OSV-2020-1258'
Unsupported fixed version type: '519b0ff554e9713198bc3b3185da809be42be20c' for OSV id: 'OSV-2020-1098'
Unsupported fixed version type: 'be82ccf42fc044ae1ea0792837a9415eaf535002' for OSV id: 'OSV-2020-1041'
Unsupported fixed version type: '992c1c147175126c3fe7ab78216aa0395f9e6c71' for OSV id: 'OSV-2020-2274'
Unsupported fixed version type: 'f15f940425eebf24ce66984db2445733cf500b7b' for OSV id: 'OSV-2020-2274'
Unsupported fixed version type: 'be82ccf42fc044ae1ea0792837a9415eaf535002' for OSV id: 'OSV-2020-1312'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2062'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1898'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2067'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2097'
Unsupported fixed version type: 'aef502aca2b912fe24764b02161a61eacdf249ba' for OSV id: 'OSV-2020-681'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2093'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2078'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1852'
Unsupported fixed version type: '992c1c147175126c3fe7ab78216aa0395f9e6c71' for OSV id: 'OSV-2020-1852'
Unsupported fixed version type: 'e3b90efed243779b5c4961c2f9d6f1cedfeb1f46' for OSV id: 'OSV-2020-607'
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2064'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'openh264', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/cisco/openh264.git', 'events': [{'introduced': '519b0ff554e9713198bc3b3185da809be42be20c'}, {'fixed': 'b52786888ddce9d6bc06b7825ba9bffc65924e0c'}, {'fixed': 'f15f940425eebf24ce66984db2445733cf500b7b'}]}], 'versions': ['v2.0.0', 'v2.1.0', 'v2.1.1'], 'ecosystem_specific': {'severity': 'MEDIUM'}, 'database_specific': {'fixed_range': '992c1c147175126c3fe7ab78216aa0395f9e6c71:f15f940425eebf24ce66984db2445733cf500b7b'}} for OSV id: 'OSV-2020-2091': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'b52786888ddce9d6bc06b7825ba9bffc65924e0c' for OSV id: 'OSV-2020-2091'
Unsupported fixed version type: 'f15f940425eebf24ce66984db2445733cf500b7b' for OSV id: 'OSV-2020-2091'
Unsupported fixed version type: '717fe1463d4f2025d8bbfd432a4cf9cdbfc9d35c' for OSV id: 'OSV-2020-1289'
Unsupported fixed version type: '717fe1463d4f2025d8bbfd432a4cf9cdbfc9d35c' for OSV id: 'OSV-2020-1250'
Unsupported fixed version type: 'f1bb6d3acb057785b4d89e8228e23cc4fc9caa12' for OSV id: 'OSV-2020-1854'
Unsupported fixed version type: '2c13955d0649b2afc575bc5416dcedeffc8c01ec' for OSV id: 'OSV-2020-671'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'openh264', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/cisco/openh264.git', 'events': [{'introduced': '84b5847d016eb2f77318feef88d930f13b6fab61'}, {'fixed': '901b92c7f3a8295a7335f9be447e667a7eec8075'}]}], 'versions': ['v2.0.0'], 'ecosystem_specific': {'severity': 'HIGH'}} for OSV id: 'OSV-2020-736': error:KeyError('oss-fuzz')
Unsupported fixed version type: '901b92c7f3a8295a7335f9be447e667a7eec8075' for OSV id: 'OSV-2020-736'
Unsupported fixed version type: '206ed1cb2068e47df8b6e3ab03f062b339e0e5f3' for OSV id: 'OSV-2020-587'
Unsupported fixed version type: '3c6b51d4a1f5682f8144fef1553b0357d3d83aaf' for OSV id: 'OSV-2020-184'
Unsupported fixed version type: '55cb70a24a58fc73b7a2b9d1b2a49845668342cc' for OSV id: 'OSV-2017-52'
Unsupported fixed version type: '473e039b48fd72660dd00f4b52a2880cc0dd5632' for OSV id: 'OSV-2018-18'
Unsupported fixed version type: '46a8443f76cec4b41ec736eca396984c74664f84' for OSV id: 'OSV-2020-1280'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': '17ee4cf670c363de8d2ea4a4897d7a699837873f'}, {'fixed': '19ccebafb7663c422c714e0c67fa4775abf91c43'}]}], 'versions': ['FILE5_29', 'FILE5_30'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2017-134': error:KeyError('oss-fuzz')
Unsupported fixed version type: '19ccebafb7663c422c714e0c67fa4775abf91c43' for OSV id: 'OSV-2017-134'
Unsupported fixed version type: 'a317154a5acbdcc82db79063742481ce83abafe7' for OSV id: 'OSV-2016-1'
Unsupported package type: PackageURL(type='generic', namespace=None, name='file', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-468'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': '1562e15149268477b395ec71309d13f8be99a83b'}, {'fixed': 'dcda2612a5f38a3d9e15c0ac9a7d156d74b3a395'}]}], 'versions': ['FILE5_32', 'FILE5_33', 'FILE5_34', 'FILE5_35', 'FILE5_36'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2020-391': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'dcda2612a5f38a3d9e15c0ac9a7d156d74b3a395' for OSV id: 'OSV-2020-391'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': 'a317154a5acbdcc82db79063742481ce83abafe7'}, {'fixed': '6fc66d12c0ca172f4681adb63c6f662ac33cbc7c'}]}], 'versions': ['FILE5_30', 'FILE5_31', 'FILE5_32', 'FILE5_33', 'FILE5_34', 'FILE5_35', 'FILE5_36', 'FILE5_37', 'FILE5_38', 'FILE5_39'], 'ecosystem_specific': {'severity': 'MEDIUM', 'fixed_range': '100ff6d0edb3441962e518690b327186dbc0e652:6fc66d12c0ca172f4681adb63c6f662ac33cbc7c'}} for OSV id: 'OSV-2017-140': error:KeyError('oss-fuzz')
Unsupported fixed version type: '6fc66d12c0ca172f4681adb63c6f662ac33cbc7c' for OSV id: 'OSV-2017-140'
Unsupported package type: PackageURL(type='generic', namespace=None, name='file', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-534'
Unsupported fixed version type: '87f27958cfbb05d262504976f66db70c24d5061f' for OSV id: 'OSV-2018-15'
Unsupported package type: PackageURL(type='generic', namespace=None, name='file', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-924'
Unsupported fixed version type: '46df39b68e51fd803d382348c0059fcb2e40b5ef' for OSV id: 'OSV-2021-1322'
Unsupported fixed version type: '393dafa41b26a7d8ed593912e0ec1f1e7bd4e406' for OSV id: 'OSV-2017-102'
Unsupported fixed version type: 'c8ef8f414952634d217b2b5e19d38b92d0341bc2' for OSV id: 'OSV-2016-3'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': '583b3c262f0797ab4e7062e029003dde162b82ab'}, {'fixed': '8f3da601845253629efdda72f9341ed9762b3f2d'}]}], 'versions': ['FILE5_29'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2016-7': error:KeyError('oss-fuzz')
Unsupported fixed version type: '8f3da601845253629efdda72f9341ed9762b3f2d' for OSV id: 'OSV-2016-7'
Unsupported fixed version type: '29955546ee23b05359f2a4ed6986de590ed0b9f2' for OSV id: 'OSV-2020-75'
Unsupported fixed version type: 'a9c8d2a9493c4e0cd201db57801f3502e65c686c' for OSV id: 'OSV-2021-1238'
Unsupported fixed version type: '06de62c022138f63de9bcd04074491945eaa8662' for OSV id: 'OSV-2020-1193'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': 'f0a26da7b371127e4460cc6d2da1b410c3d85ad9'}, {'fixed': 'ecca6e54f49f251bb4c16fe145d04c2b45923dc3'}]}], 'versions': ['FILE5_36'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2020-535': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'ecca6e54f49f251bb4c16fe145d04c2b45923dc3' for OSV id: 'OSV-2020-535'
Unsupported fixed version type: '4f1887eb56f4abdf448274afc5abdc8f9d078929' for OSV id: 'OSV-2020-190'
Unsupported fixed version type: '8c16c9e3c9a82f859c3ed47c34c14eea6a3d7b18' for OSV id: 'OSV-2016-2'
Unsupported fixed version type: '8a667072e65294efa6a7b7d9a3bc417e145e0aea' for OSV id: 'OSV-2016-6'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': '17f892b32cc92f7505f02d198142c1a57204582f'}]}], 'versions': ['FILE5_30', 'FILE5_31', 'FILE5_32', 'FILE5_33', 'FILE5_34', 'FILE5_35', 'FILE5_36', 'FILE5_37', 'FILE5_38', 'FILE5_39', 'FILE5_40', 'FILE5_41', 'FILE5_42', 'FILE5_43'], 'ecosystem_specific': {'severity': 'MEDIUM'}} for OSV id: 'OSV-2017-16': error:KeyError('oss-fuzz')
Invalid VersionRange  for affected_pkg: {'package': {'name': 'file', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/file/file.git', 'events': [{'introduced': 'a317154a5acbdcc82db79063742481ce83abafe7'}, {'fixed': '6fc66d12c0ca172f4681adb63c6f662ac33cbc7c'}]}], 'versions': ['FILE5_30', 'FILE5_31', 'FILE5_32', 'FILE5_33', 'FILE5_34', 'FILE5_35', 'FILE5_36', 'FILE5_37', 'FILE5_38', 'FILE5_39'], 'ecosystem_specific': {'fixed_range': '100ff6d0edb3441962e518690b327186dbc0e652:6fc66d12c0ca172f4681adb63c6f662ac33cbc7c', 'severity': 'MEDIUM'}} for OSV id: 'OSV-2017-131': error:KeyError('oss-fuzz')
Unsupported fixed version type: '6fc66d12c0ca172f4681adb63c6f662ac33cbc7c' for OSV id: 'OSV-2017-131'
Unsupported package type: PackageURL(type='generic', namespace=None, name='file', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-952'
Unsupported package type: PackageURL(type='generic', namespace=None, name='file', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-923'
Unsupported fixed version type: '4f1887eb56f4abdf448274afc5abdc8f9d078929' for OSV id: 'OSV-2020-97'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'miniz', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/richgel999/miniz.git', 'events': [{'introduced': '1e7621d96cb9d0821c61db6f4e3ef36ddc19b0cd'}, {'fixed': 'b43f8a0c22d6bae6b5416264232f57a2aca539fe'}]}], 'versions': ['2.2.0'], 'ecosystem_specific': {'severity': 'MEDIUM'}, 'database_specific': {'fixed_range': 'd6566206ce120069708e77eff79cf117957b419a:b43f8a0c22d6bae6b5416264232f57a2aca539fe'}} for OSV id: 'OSV-2020-2151': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'b43f8a0c22d6bae6b5416264232f57a2aca539fe' for OSV id: 'OSV-2020-2151'
Unsupported fixed version type: '9457abb670a2c0a9f907d353bdf257593d0498a5' for OSV id: 'OSV-2020-2103'
Unsupported fixed version type: '488425c1b9fb8c8d0f1ef1ce7d665058880870e2' for OSV id: 'OSV-2021-882'
Unsupported package type: PackageURL(type='generic', namespace=None, name='cyclonedds', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-892'
Unsupported package type: PackageURL(type='generic', namespace=None, name='binutils', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-183'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'unbound', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/NLnetLabs/unbound', 'events': [{'introduced': '9b3f3101e3d0b027ef7a7b4370587724a57abac2'}, {'fixed': 'f37242566b3187c1d715af6d0e4e0c5b75ccafeb'}]}], 'versions': ['release-1.10.0', 'release-1.10.0rc1', 'release-1.10.0rc2', 'release-1.10.1'], 'ecosystem_specific': {'fixed_range': '4ccac696caf8826995c9db78af6074a5a1381f00:f37242566b3187c1d715af6d0e4e0c5b75ccafeb', 'severity': 'MEDIUM', 'introduced_range': 'e149bc70460268f7f559ce10ab7e3678a5baac0f:1e0c957dcd7b0b1e03ff2d8bf58fdbb147ce4978'}} for OSV id: 'OSV-2020-225': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'f37242566b3187c1d715af6d0e4e0c5b75ccafeb' for OSV id: 'OSV-2020-225'
Invalid VersionRange  for affected_pkg: {'package': {'name': 'unbound', 'ecosystem': 'OSS-Fuzz'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/NLnetLabs/unbound', 'events': [{'introduced': '9b3f3101e3d0b027ef7a7b4370587724a57abac2'}, {'fixed': 'f37242566b3187c1d715af6d0e4e0c5b75ccafeb'}]}], 'versions': ['release-1.10.0', 'release-1.10.0rc1', 'release-1.10.0rc2', 'release-1.10.1'], 'ecosystem_specific': {'severity': 'MEDIUM', 'introduced_range': 'e149bc70460268f7f559ce10ab7e3678a5baac0f:1e0c957dcd7b0b1e03ff2d8bf58fdbb147ce4978', 'fixed_range': '4ccac696caf8826995c9db78af6074a5a1381f00:f37242566b3187c1d715af6d0e4e0c5b75ccafeb'}} for OSV id: 'OSV-2020-255': error:KeyError('oss-fuzz')
Unsupported fixed version type: 'f37242566b3187c1d715af6d0e4e0c5b75ccafeb' for OSV id: 'OSV-2020-255'
Unsupported package type: PackageURL(type='generic', namespace=None, name='libdwarf', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-389'
Unsupported fixed version type: '11e404ca3c80893f59b1001f000c9390216c7e7a' for OSV id: 'OSV-2021-419'
Unsupported package type: PackageURL(type='generic', namespace=None, name='tmux', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-473'
Unsupported fixed version type: '5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40' for OSV id: 'OSV-2020-1478'
Unsupported package type: PackageURL(type='generic', namespace=None, name='stb', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2021-1787'
Unsupported fixed version type: '9cd6cdc0e55ec3d4c002313fd5f0e6b255e8e06c' for OSV id: 'OSV-2020-1892'
Unsupported fixed version type: 'b42009b3b9d4ca35bc703f5310eedc74f584be58' for OSV id: 'OSV-2020-1892'
Unsupported fixed version type: '8c15cc9c79bf6f180d74808657046caf2ec0b445' for OSV id: 'OSV-2021-979'
Unsupported fixed version type: 'b42009b3b9d4ca35bc703f5310eedc74f584be58' for OSV id: 'OSV-2020-1521'
Unsupported fixed version type: 'b42009b3b9d4ca35bc703f5310eedc74f584be58' for OSV id: 'OSV-2020-1472'
Unsupported fixed version type: '9cd6cdc0e55ec3d4c002313fd5f0e6b255e8e06c' for OSV id: 'OSV-2020-1897'
Unsupported fixed version type: 'b42009b3b9d4ca35bc703f5310eedc74f584be58' for OSV id: 'OSV-2020-1897'
Unsupported fixed version type: 'b42009b3b9d4ca35bc703f5310eedc74f584be58' for OSV id: 'OSV-2020-1380'
Unsupported package type: PackageURL(type='generic', namespace=None, name='osquery', version=None, qualifiers={}, subpath=None) in OSV: 'OSV-2022-763'
Successfully imported data using vulnerabilities.importers.oss_fuzz.OSS_FuzzImporter

And the improve logs :

Improving data using vulnerabilities.improvers.default.DefaultImprover
Successfully improved data using vulnerabilities.improvers.default.DefaultImprover

@TG1999 TG1999 marked this pull request as ready for review January 3, 2023 16:59
@TG1999

TG1999 commented Jan 12, 2023

Copy link
Copy Markdown
Contributor

@ziadhany please add tests

@TG1999 TG1999 modified the milestones: v32.0.0, v33.0.0 Jan 13, 2023
@ziadhany ziadhany force-pushed the oss-fuzz branch 2 times, most recently from ce96986 to 1f75c02 Compare January 14, 2023 13:32
TG1999
TG1999 requested changes Aug 22, 2023
View reviewed changes

@TG1999 TG1999 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ziadhany Thanks++, some review comments for your consideration.

Comment thread vulnerabilities/importers/oss_fuzz.py
@ziadhany

ziadhany commented Aug 23, 2023

Copy link
Copy Markdown
Collaborator Author

@TG1999
oss-fuzz logs : oss-fuzz-logs.zip

TG1999
TG1999 approved these changes Aug 31, 2023
View reviewed changes

@TG1999 TG1999 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks ++

@TG1999 TG1999 requested a review from pombredanne September 5, 2023 17:34
pombredanne
pombredanne reviewed Sep 7, 2023
View reviewed changes
Comment thread vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-expected1.json
@@ -0,0 +1,20 @@
{

@pombredanne pombredanne Sep 7, 2023

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please rename these expected files to use the same base name as a the test data file with an -expected.json suffix. Here do not use oss-fuzz-expected1.json. Instead use oss-fuzz-data1.yaml-expected.json .... ths way the test data file and the expected results show up side by side.

@ziadhany ziadhany Sep 7, 2023

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

pombredanne
pombredanne approved these changes Sep 7, 2023
View reviewed changes

@pombredanne pombredanne left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with a tiny nit for the test results expected file names

@TG1999

TG1999 commented Nov 10, 2023

Copy link
Copy Markdown
Contributor

@ziadhany thanks++ this looks good and we can merge it, please just resolve the merge conflicts.

@ziadhany
Rename expected files
887d43e 
Add OSSFuzzImprover to IMPROVERS_REGISTRY
Fix oss-fuzz test ( add weakness in expected test file )
Add oss-fuzz tests
Import data from oss_fuzz using osv format

Resolve merge conflicts

Signed-off-by: ziadhany <ziadhany2016@gmail.com>
@ziadhany

ziadhany commented Nov 11, 2023

Copy link
Copy Markdown
Collaborator Author

@ziadhany thanks++ this looks good and we can merge it, please just resolve the merge conflicts.

Done

@TG1999 TG1999 merged commit 8f8190e into aboutcode-org:main Nov 12, 2023
@ziadhany ziadhany deleted the oss-fuzz branch November 13, 2023 10:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pombredanne pombredanne pombredanne approved these changes

@TG1999 TG1999 TG1999 approved these changes

Assignees

No one assigned

Labels

Data collection Priority: high

Projects

None yet

Milestone

v33.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@ziadhany @TG1999 @pombredanne