diff --git a/clients/osv/src/funTest/assets/vulnerabilities-by-commit-expected-result.json b/clients/osv/src/funTest/assets/vulnerabilities-by-commit-expected-result.json deleted file mode 100644 index 6e56d2a8ac43c..0000000000000 --- a/clients/osv/src/funTest/assets/vulnerabilities-by-commit-expected-result.json +++ /dev/null @@ -1,1963 +0,0 @@ -[ - { - "schema_version": "1.6.0", - "id": "CVE-2021-45931", - "modified": "2025-01-15T02:09:35.531195Z", - "published": "2022-01-01T01:15:08Z", - "details": "HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t::set and hb_set_copy).", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" - } - ], - "affected": [ - { - "ranges": [ - { - "type": "GIT", - "repo": "https://github.com/behdad/harfbuzz", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "9aa6f8a93f035dd0a1e3978da495d830049480c8" - } - ] - }, - { - "type": "GIT", - "repo": "https://github.com/harfbuzz/harfbuzz", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "d3e09bf4654fe5478b6dbf2b26ebab6271317d81" - }, - { - "fixed": "d3e09bf4654fe5478b6dbf2b26ebab6271317d81" - } - ] - } - ], - "versions": [ - "0.6.0", - "0.9.1", - "0.9.10", - "0.9.11", - "0.9.12", - "0.9.13", - "0.9.14", - "0.9.15", - "0.9.16", - "0.9.17", - "0.9.18", - "0.9.19", - "0.9.2", - "0.9.20", - "0.9.21", - "0.9.22", - "0.9.23", - "0.9.24", - "0.9.25", - "0.9.26", - "0.9.27", - "0.9.28", - "0.9.29", - "0.9.3", - "0.9.30", - "0.9.31", - "0.9.32", - "0.9.33", - "0.9.34", - "0.9.35", - "0.9.36", - "0.9.37", - "0.9.38", - "0.9.39", - "0.9.4", - "0.9.40", - "0.9.41", - "0.9.42", - "0.9.5", - "0.9.6", - "0.9.7", - "0.9.8", - "0.9.9", - "1.0.0", - "1.0.1", - "1.0.2", - "1.0.3", - "1.0.4", - "1.0.5", - "1.0.6", - "1.1.0", - "1.1.1", - "1.1.2", - "1.1.3", - "1.2.0", - "1.2.1", - "1.2.2", - "1.2.3", - "1.2.4", - "1.2.5", - "1.2.6", - "1.2.7", - "1.3.0", - "1.3.1", - "1.3.2", - "1.3.3", - "1.3.4", - "1.4.0", - "1.4.1", - "1.4.2", - "1.4.3", - "1.4.4", - "1.4.5", - "1.4.6", - "1.4.7", - "1.4.8", - "1.5.0", - "1.5.1", - "1.6.0", - "1.6.1", - "1.6.2", - "1.6.3", - "1.7.0", - "1.7.1", - "1.7.2", - "1.7.3", - "1.7.4", - "1.7.5", - "1.7.6", - "1.7.7", - "1.8.0", - "1.8.1", - "1.8.2", - "1.8.3", - "1.8.4", - "1.8.5", - "1.8.6", - "1.8.7", - "1.8.8", - "1.9.0", - "2.0.0", - "2.0.1", - "2.0.2", - "2.1.0", - "2.1.1", - "2.1.2", - "2.1.3", - "2.2.0", - "2.3.0", - "2.3.1", - "2.4.0", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.6.3", - "2.6.4", - "2.6.5", - "2.6.6", - "2.6.7", - "2.6.8", - "2.7.0", - "2.7.1", - "2.7.2", - "2.7.3", - "2.7.4", - "2.8.0", - "2.8.1", - "2.8.2", - "2.9.0", - "hb-rename", - "ng-mergepoint", - "ng-start", - "pango-extractpoint", - "pango-start" - ], - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-45931.json" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://security.gentoo.org/glsa/202209-11" - }, - { - "type": "WEB", - "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425" - }, - { - "type": "WEB", - "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml" - }, - { - "type": "FIX", - "url": "https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EAIZKL4O67FN2CWJYHYKZEMNYWNWO3D/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5A7TCR2MY46YK3NHQZB3SLESUH354IEA/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DI6247WOAKB46CZZ6SCDSJVWWCW3GMZH/" - } - ] - }, - { - "schema_version": "1.6.0", - "id": "CVE-2022-33068", - "modified": "2025-01-15T02:27:15.461350Z", - "published": "2022-06-23T17:15:14Z", - "related": [ - "ALSA-2022:8384", - "RHSA-2022:6999", - "RHSA-2022:7000", - "RHSA-2022:7012", - "RHSA-2022:7013", - "RHSA-2022:8384", - "RLSA-2022:8384", - "SUSE-SU-2022:2663-1", - "SUSE-SU-2022:2664-1", - "UBUNTU-CVE-2022-33068", - "USN-5524-1", - "openSUSE-SU-2022:2663-1", - "openSUSE-SU-2024:12168-1" - ], - "details": "An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" - } - ], - "affected": [ - { - "package": { - "ecosystem": "Alpine:v3.17", - "name": "harfbuzz", - "purl": "pkg:apk/alpine/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "4.4.1-r0" - } - ] - } - ], - "versions": [ - "0.9.14-r0", - "0.9.15-r0", - "0.9.15-r1", - "0.9.16-r1", - "0.9.17-r0", - "0.9.18-r0", - "0.9.18-r1", - "0.9.19-r0", - "0.9.22-r0", - "0.9.23-r0", - "0.9.23-r1", - "0.9.24-r0", - "0.9.26-r0", - "0.9.26-r1", - "0.9.28-r0", - "0.9.29-r0", - "0.9.30-r0", - "0.9.32-r0", - "0.9.35-r0", - "0.9.35-r1", - "0.9.36-r0", - "0.9.37-r0", - "0.9.38-r0", - "0.9.38-r1", - "0.9.40-r0", - "0.9.40-r1", - "0.9.40-r2", - "0.9.41-r0", - "0.9.5-r0", - "0.9.5-r1", - "0.9.9-r0", - "1.0.1-r0", - "1.0.3-r0", - "1.0.3-r1", - "1.0.4-r0", - "1.0.6-r0", - "1.0.6-r1", - "1.1.3-r0", - "1.2.0-r0", - "1.2.3-r0", - "1.2.4-r0", - "1.2.4-r1", - "1.2.7-r0", - "1.2.7-r1", - "1.3.0-r0", - "1.3.1-r0", - "1.3.3-r0", - "1.3.4-r0", - "1.3.4-r1", - "1.4.6-r0", - "1.4.6-r1", - "1.4.8-r0", - "1.6.0-r0", - "1.6.3-r0", - "1.6.3-r1", - "1.6.3-r2", - "1.7.6-r0", - "1.7.6-r1", - "1.8.2-r0", - "1.8.3-r0", - "1.8.4-r0", - "1.8.8-r0", - "1.8.8-r1", - "1.9.0-r0", - "2.2.0-r0", - "2.2.0-r1", - "2.3.1-r0", - "2.4.0-r0", - "2.5.0-r0", - "2.5.1-r0", - "2.5.2-r0", - "2.5.3-r0", - "2.6.0-r0", - "2.6.1-r0", - "2.6.2-r0", - "2.6.4-r0", - "2.6.4-r1", - "2.6.4-r2", - "2.6.5-r0", - "2.6.5-r1", - "2.6.6-r0", - "2.6.7-r0", - "2.6.8-r0", - "2.6.8-r1", - "2.7.0-r0", - "2.7.1-r0", - "2.7.2-r0", - "2.7.3-r0", - "2.7.4-r0", - "2.7.4-r1", - "2.8.0-r0", - "2.8.1-r0", - "2.8.2-r0", - "2.9.0-r0", - "2.9.1-r0", - "3.0.0-r0", - "3.0.0-r1", - "3.0.0-r2", - "3.1.0-r0", - "3.1.1-r0", - "3.1.2-r0", - "3.2.0-r0", - "3.3.1-r0", - "3.3.1-r1", - "4.0.0-r0", - "4.0.1-r0", - "4.1.0-r0", - "4.2.0-r0", - "4.2.0-r1", - "4.2.1-r0", - "4.3.0-r0" - ], - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33068.json" - } - }, - { - "package": { - "ecosystem": "Alpine:v3.18", - "name": "harfbuzz", - "purl": "pkg:apk/alpine/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "4.4.1-r0" - } - ] - } - ], - "versions": [ - "0.9.14-r0", - "0.9.15-r0", - "0.9.15-r1", - "0.9.16-r1", - "0.9.17-r0", - "0.9.18-r0", - "0.9.18-r1", - "0.9.19-r0", - "0.9.22-r0", - "0.9.23-r0", - "0.9.23-r1", - "0.9.24-r0", - "0.9.26-r0", - "0.9.26-r1", - "0.9.28-r0", - "0.9.29-r0", - "0.9.30-r0", - "0.9.32-r0", - "0.9.35-r0", - "0.9.35-r1", - "0.9.36-r0", - "0.9.37-r0", - "0.9.38-r0", - "0.9.38-r1", - "0.9.40-r0", - "0.9.40-r1", - "0.9.40-r2", - "0.9.41-r0", - "0.9.5-r0", - "0.9.5-r1", - "0.9.9-r0", - "1.0.1-r0", - "1.0.3-r0", - "1.0.3-r1", - "1.0.4-r0", - "1.0.6-r0", - "1.0.6-r1", - "1.1.3-r0", - "1.2.0-r0", - "1.2.3-r0", - "1.2.4-r0", - "1.2.4-r1", - "1.2.7-r0", - "1.2.7-r1", - "1.3.0-r0", - "1.3.1-r0", - "1.3.3-r0", - "1.3.4-r0", - "1.3.4-r1", - "1.4.6-r0", - "1.4.6-r1", - "1.4.8-r0", - "1.6.0-r0", - "1.6.3-r0", - "1.6.3-r1", - "1.6.3-r2", - "1.7.6-r0", - "1.7.6-r1", - "1.8.2-r0", - "1.8.3-r0", - "1.8.4-r0", - "1.8.8-r0", - "1.8.8-r1", - "1.9.0-r0", - "2.2.0-r0", - "2.2.0-r1", - "2.3.1-r0", - "2.4.0-r0", - "2.5.0-r0", - "2.5.1-r0", - "2.5.2-r0", - "2.5.3-r0", - "2.6.0-r0", - "2.6.1-r0", - "2.6.2-r0", - "2.6.4-r0", - "2.6.4-r1", - "2.6.4-r2", - "2.6.5-r0", - "2.6.5-r1", - "2.6.6-r0", - "2.6.7-r0", - "2.6.8-r0", - "2.6.8-r1", - "2.7.0-r0", - "2.7.1-r0", - "2.7.2-r0", - "2.7.3-r0", - "2.7.4-r0", - "2.7.4-r1", - "2.8.0-r0", - "2.8.1-r0", - "2.8.2-r0", - "2.9.0-r0", - "2.9.1-r0", - "3.0.0-r0", - "3.0.0-r1", - "3.0.0-r2", - "3.1.0-r0", - "3.1.1-r0", - "3.1.2-r0", - "3.2.0-r0", - "3.3.1-r0", - "3.3.1-r1", - "4.0.0-r0", - "4.0.1-r0", - "4.1.0-r0", - "4.2.0-r0", - "4.2.0-r1", - "4.2.1-r0", - "4.3.0-r0" - ], - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33068.json" - } - }, - { - "package": { - "ecosystem": "Alpine:v3.19", - "name": "harfbuzz", - "purl": "pkg:apk/alpine/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "4.4.1-r0" - } - ] - } - ], - "versions": [ - "0.9.14-r0", - "0.9.15-r0", - "0.9.15-r1", - "0.9.16-r1", - "0.9.17-r0", - "0.9.18-r0", - "0.9.18-r1", - "0.9.19-r0", - "0.9.22-r0", - "0.9.23-r0", - "0.9.23-r1", - "0.9.24-r0", - "0.9.26-r0", - "0.9.26-r1", - "0.9.28-r0", - "0.9.29-r0", - "0.9.30-r0", - "0.9.32-r0", - "0.9.35-r0", - "0.9.35-r1", - "0.9.36-r0", - "0.9.37-r0", - "0.9.38-r0", - "0.9.38-r1", - "0.9.40-r0", - "0.9.40-r1", - "0.9.40-r2", - "0.9.41-r0", - "0.9.5-r0", - "0.9.5-r1", - "0.9.9-r0", - "1.0.1-r0", - "1.0.3-r0", - "1.0.3-r1", - "1.0.4-r0", - "1.0.6-r0", - "1.0.6-r1", - "1.1.3-r0", - "1.2.0-r0", - "1.2.3-r0", - "1.2.4-r0", - "1.2.4-r1", - "1.2.7-r0", - "1.2.7-r1", - "1.3.0-r0", - "1.3.1-r0", - "1.3.3-r0", - "1.3.4-r0", - "1.3.4-r1", - "1.4.6-r0", - "1.4.6-r1", - "1.4.8-r0", - "1.6.0-r0", - "1.6.3-r0", - "1.6.3-r1", - "1.6.3-r2", - "1.7.6-r0", - "1.7.6-r1", - "1.8.2-r0", - "1.8.3-r0", - "1.8.4-r0", - "1.8.8-r0", - "1.8.8-r1", - "1.9.0-r0", - "2.2.0-r0", - "2.2.0-r1", - "2.3.1-r0", - "2.4.0-r0", - "2.5.0-r0", - "2.5.1-r0", - "2.5.2-r0", - "2.5.3-r0", - "2.6.0-r0", - "2.6.1-r0", - "2.6.2-r0", - "2.6.4-r0", - "2.6.4-r1", - "2.6.4-r2", - "2.6.5-r0", - "2.6.5-r1", - "2.6.6-r0", - "2.6.7-r0", - "2.6.8-r0", - "2.6.8-r1", - "2.7.0-r0", - "2.7.1-r0", - "2.7.2-r0", - "2.7.3-r0", - "2.7.4-r0", - "2.7.4-r1", - "2.8.0-r0", - "2.8.1-r0", - "2.8.2-r0", - "2.9.0-r0", - "2.9.1-r0", - "3.0.0-r0", - "3.0.0-r1", - "3.0.0-r2", - "3.1.0-r0", - "3.1.1-r0", - "3.1.2-r0", - "3.2.0-r0", - "3.3.1-r0", - "3.3.1-r1", - "4.0.0-r0", - "4.0.1-r0", - "4.1.0-r0", - "4.2.0-r0", - "4.2.0-r1", - "4.2.1-r0", - "4.3.0-r0" - ], - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33068.json" - } - }, - { - "package": { - "ecosystem": "Alpine:v3.20", - "name": "harfbuzz", - "purl": "pkg:apk/alpine/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "4.4.1-r0" - } - ] - } - ], - "versions": [ - "0.9.14-r0", - "0.9.15-r0", - "0.9.15-r1", - "0.9.16-r1", - "0.9.17-r0", - "0.9.18-r0", - "0.9.18-r1", - "0.9.19-r0", - "0.9.22-r0", - "0.9.23-r0", - "0.9.23-r1", - "0.9.24-r0", - "0.9.26-r0", - "0.9.26-r1", - "0.9.28-r0", - "0.9.29-r0", - "0.9.30-r0", - "0.9.32-r0", - "0.9.35-r0", - "0.9.35-r1", - "0.9.36-r0", - "0.9.37-r0", - "0.9.38-r0", - "0.9.38-r1", - "0.9.40-r0", - "0.9.40-r1", - "0.9.40-r2", - "0.9.41-r0", - "0.9.5-r0", - "0.9.5-r1", - "0.9.9-r0", - "1.0.1-r0", - "1.0.3-r0", - "1.0.3-r1", - "1.0.4-r0", - "1.0.6-r0", - "1.0.6-r1", - "1.1.3-r0", - "1.2.0-r0", - "1.2.3-r0", - "1.2.4-r0", - "1.2.4-r1", - "1.2.7-r0", - "1.2.7-r1", - "1.3.0-r0", - "1.3.1-r0", - "1.3.3-r0", - "1.3.4-r0", - "1.3.4-r1", - "1.4.6-r0", - "1.4.6-r1", - "1.4.8-r0", - "1.6.0-r0", - "1.6.3-r0", - "1.6.3-r1", - "1.6.3-r2", - "1.7.6-r0", - "1.7.6-r1", - "1.8.2-r0", - "1.8.3-r0", - "1.8.4-r0", - "1.8.8-r0", - "1.8.8-r1", - "1.9.0-r0", - "2.2.0-r0", - "2.2.0-r1", - "2.3.1-r0", - "2.4.0-r0", - "2.5.0-r0", - "2.5.1-r0", - "2.5.2-r0", - "2.5.3-r0", - "2.6.0-r0", - "2.6.1-r0", - "2.6.2-r0", - "2.6.4-r0", - "2.6.4-r1", - "2.6.4-r2", - "2.6.5-r0", - "2.6.5-r1", - "2.6.6-r0", - "2.6.7-r0", - "2.6.8-r0", - "2.6.8-r1", - "2.7.0-r0", - "2.7.1-r0", - "2.7.2-r0", - "2.7.3-r0", - "2.7.4-r0", - "2.7.4-r1", - "2.8.0-r0", - "2.8.1-r0", - "2.8.2-r0", - "2.9.0-r0", - "2.9.1-r0", - "3.0.0-r0", - "3.0.0-r1", - "3.0.0-r2", - "3.1.0-r0", - "3.1.1-r0", - "3.1.2-r0", - "3.2.0-r0", - "3.3.1-r0", - "3.3.1-r1", - "4.0.0-r0", - "4.0.1-r0", - "4.1.0-r0", - "4.2.0-r0", - "4.2.0-r1", - "4.2.1-r0", - "4.3.0-r0" - ], - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33068.json" - } - }, - { - "package": { - "ecosystem": "Alpine:v3.21", - "name": "harfbuzz", - "purl": "pkg:apk/alpine/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "4.4.1-r0" - } - ] - } - ], - "versions": [ - "0.9.14-r0", - "0.9.15-r0", - "0.9.15-r1", - "0.9.16-r1", - "0.9.17-r0", - "0.9.18-r0", - "0.9.18-r1", - "0.9.19-r0", - "0.9.22-r0", - "0.9.23-r0", - "0.9.23-r1", - "0.9.24-r0", - "0.9.26-r0", - "0.9.26-r1", - "0.9.28-r0", - "0.9.29-r0", - "0.9.30-r0", - "0.9.32-r0", - "0.9.35-r0", - "0.9.35-r1", - "0.9.36-r0", - "0.9.37-r0", - "0.9.38-r0", - "0.9.38-r1", - "0.9.40-r0", - "0.9.40-r1", - "0.9.40-r2", - "0.9.41-r0", - "0.9.5-r0", - "0.9.5-r1", - "0.9.9-r0", - "1.0.1-r0", - "1.0.3-r0", - "1.0.3-r1", - "1.0.4-r0", - "1.0.6-r0", - "1.0.6-r1", - "1.1.3-r0", - "1.2.0-r0", - "1.2.3-r0", - "1.2.4-r0", - "1.2.4-r1", - "1.2.7-r0", - "1.2.7-r1", - "1.3.0-r0", - "1.3.1-r0", - "1.3.3-r0", - "1.3.4-r0", - "1.3.4-r1", - "1.4.6-r0", - "1.4.6-r1", - "1.4.8-r0", - "1.6.0-r0", - "1.6.3-r0", - "1.6.3-r1", - "1.6.3-r2", - "1.7.6-r0", - "1.7.6-r1", - "1.8.2-r0", - "1.8.3-r0", - "1.8.4-r0", - "1.8.8-r0", - "1.8.8-r1", - "1.9.0-r0", - "2.2.0-r0", - "2.2.0-r1", - "2.3.1-r0", - "2.4.0-r0", - "2.5.0-r0", - "2.5.1-r0", - "2.5.2-r0", - "2.5.3-r0", - "2.6.0-r0", - "2.6.1-r0", - "2.6.2-r0", - "2.6.4-r0", - "2.6.4-r1", - "2.6.4-r2", - "2.6.5-r0", - "2.6.5-r1", - "2.6.6-r0", - "2.6.7-r0", - "2.6.8-r0", - "2.6.8-r1", - "2.7.0-r0", - "2.7.1-r0", - "2.7.2-r0", - "2.7.3-r0", - "2.7.4-r0", - "2.7.4-r1", - "2.8.0-r0", - "2.8.1-r0", - "2.8.2-r0", - "2.9.0-r0", - "2.9.1-r0", - "3.0.0-r0", - "3.0.0-r1", - "3.0.0-r2", - "3.1.0-r0", - "3.1.1-r0", - "3.1.2-r0", - "3.2.0-r0", - "3.3.1-r0", - "3.3.1-r1", - "4.0.0-r0", - "4.0.1-r0", - "4.1.0-r0", - "4.2.0-r0", - "4.2.0-r1", - "4.2.1-r0", - "4.3.0-r0" - ], - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33068.json" - } - }, - { - "package": { - "ecosystem": "Debian:11", - "name": "harfbuzz", - "purl": "pkg:deb/debian/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "versions": [ - "10.0.1-1", - "10.1.0-1", - "10.1.0-2", - "2.7.4-1", - "5.1.0-1", - "5.2.0-1", - "5.2.0-2", - "5.3.1-1", - "5.3.1-2", - "6.0.0+dfsg-1", - "6.0.0+dfsg-2", - "6.0.0+dfsg-3", - "6.0.0-1", - "8.0.0-1", - "8.0.0-2", - "8.0.0-3", - "8.0.1-1", - "8.3.0-1", - "8.3.0-2", - "9.0.0-1" - ], - "ecosystem_specific": { - "urgency": "not yet assigned" - }, - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33068.json" - } - }, - { - "package": { - "ecosystem": "Debian:12", - "name": "harfbuzz", - "purl": "pkg:deb/debian/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "5.2.0-2" - } - ] - } - ], - "ecosystem_specific": { - "urgency": "not yet assigned" - }, - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33068.json" - } - }, - { - "package": { - "ecosystem": "Debian:13", - "name": "harfbuzz", - "purl": "pkg:deb/debian/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "5.2.0-2" - } - ] - } - ], - "ecosystem_specific": { - "urgency": "not yet assigned" - }, - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33068.json" - } - }, - { - "ranges": [ - { - "type": "GIT", - "repo": "https://github.com/behdad/harfbuzz", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "aee123fc83388b8f5acfb301d87bd92eccc5b843" - } - ] - }, - { - "type": "GIT", - "repo": "https://github.com/harfbuzz/harfbuzz", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "62e803b36173fd096d7ad460dd1d1db9be542593" - }, - { - "fixed": "62e803b36173fd096d7ad460dd1d1db9be542593" - } - ] - } - ], - "versions": [ - "0.6.0", - "0.9.1", - "0.9.10", - "0.9.11", - "0.9.12", - "0.9.13", - "0.9.14", - "0.9.15", - "0.9.16", - "0.9.17", - "0.9.18", - "0.9.19", - "0.9.2", - "0.9.20", - "0.9.21", - "0.9.22", - "0.9.23", - "0.9.24", - "0.9.25", - "0.9.26", - "0.9.27", - "0.9.28", - "0.9.29", - "0.9.3", - "0.9.30", - "0.9.31", - "0.9.32", - "0.9.33", - "0.9.34", - "0.9.35", - "0.9.36", - "0.9.37", - "0.9.38", - "0.9.39", - "0.9.4", - "0.9.40", - "0.9.41", - "0.9.42", - "0.9.5", - "0.9.6", - "0.9.7", - "0.9.8", - "0.9.9", - "1.0.0", - "1.0.1", - "1.0.2", - "1.0.3", - "1.0.4", - "1.0.5", - "1.0.6", - "1.1.0", - "1.1.1", - "1.1.2", - "1.1.3", - "1.2.0", - "1.2.1", - "1.2.2", - "1.2.3", - "1.2.4", - "1.2.5", - "1.2.6", - "1.2.7", - "1.3.0", - "1.3.1", - "1.3.2", - "1.3.3", - "1.3.4", - "1.4.0", - "1.4.1", - "1.4.2", - "1.4.3", - "1.4.4", - "1.4.5", - "1.4.6", - "1.4.7", - "1.4.8", - "1.5.0", - "1.5.1", - "1.6.0", - "1.6.1", - "1.6.2", - "1.6.3", - "1.7.0", - "1.7.1", - "1.7.2", - "1.7.3", - "1.7.4", - "1.7.5", - "1.7.6", - "1.7.7", - "1.8.0", - "1.8.1", - "1.8.2", - "1.8.3", - "1.8.4", - "1.8.5", - "1.8.6", - "1.8.7", - "1.8.8", - "1.9.0", - "2.0.0", - "2.0.1", - "2.0.2", - "2.1.0", - "2.1.1", - "2.1.2", - "2.1.3", - "2.2.0", - "2.3.0", - "2.3.1", - "2.4.0", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.6.3", - "2.6.4", - "2.6.5", - "2.6.6", - "2.6.7", - "2.6.8", - "2.7.0", - "2.7.1", - "2.7.2", - "2.7.3", - "2.7.4", - "2.8.0", - "2.8.1", - "2.8.2", - "2.9.0", - "2.9.1", - "3.0.0", - "3.1.0", - "3.1.1", - "3.1.2", - "3.2.0", - "3.3.0", - "3.3.1", - "3.3.2", - "3.4.0", - "4.0.0", - "4.0.1", - "4.1.0", - "4.2.0", - "4.2.1", - "4.3.0", - "hb-rename", - "ng-mergepoint", - "ng-start", - "pango-extractpoint", - "pango-start" - ], - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-33068.json" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://security.gentoo.org/glsa/202209-11" - }, - { - "type": "REPORT", - "url": "https://github.com/harfbuzz/harfbuzz/issues/3557" - }, - { - "type": "FIX", - "url": "https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FQBJ24W6TXLSAQWCFW7IBGUMX4AJI3S4/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQMEXOVDL3T2UXKBCON7JSOCE646G7HG/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W56WTC5IY4EIUHVUIHMCXA3BSBZLSZCI/" - }, - { - "type": "ADVISORY", - "url": "https://security.alpinelinux.org/vuln/CVE-2022-33068" - }, - { - "type": "ADVISORY", - "url": "https://security-tracker.debian.org/tracker/CVE-2022-33068" - } - ] - }, - { - "schema_version": "1.6.0", - "id": "CVE-2023-25193", - "modified": "2025-01-15T04:45:08.160317Z", - "published": "2023-02-04T20:15:08Z", - "related": [ - "ALSA-2023:4158", - "ALSA-2023:4159", - "ALSA-2023:4175", - "ALSA-2023:4177", - "ALSA-2024:2410", - "ALSA-2024:2980", - "RHSA-2023:4157", - "RHSA-2023:4158", - "RHSA-2023:4159", - "RHSA-2023:4162", - "RHSA-2023:4163", - "RHSA-2023:4164", - "RHSA-2023:4165", - "RHSA-2023:4169", - "RHSA-2023:4170", - "RHSA-2023:4171", - "RHSA-2023:4175", - "RHSA-2023:4177", - "RHSA-2023:4233", - "RHSA-2024:2410", - "RHSA-2024:2980", - "SUSE-SU-2023:1820-1", - "SUSE-SU-2023:1821-1", - "SUSE-SU-2023:1822-1", - "SUSE-SU-2023:1852-1", - "SUSE-SU-2023:2990-1", - "SUSE-SU-2023:3023-1", - "SUSE-SU-2023:3287-1", - "SUSE-SU-2023:3406-1", - "SUSE-SU-2023:3441-1", - "UBUNTU-CVE-2023-25193", - "USN-6263-1", - "openSUSE-SU-2024:12660-1", - "openSUSE-SU-2024:13075-1", - "openSUSE-SU-2024:13076-1", - "openSUSE-SU-2024:13131-1" - ], - "details": "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" - } - ], - "affected": [ - { - "package": { - "ecosystem": "Debian:11", - "name": "harfbuzz", - "purl": "pkg:deb/debian/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "versions": [ - "10.0.1-1", - "10.1.0-1", - "10.1.0-2", - "2.7.4-1", - "5.1.0-1", - "5.2.0-1", - "5.2.0-2", - "5.3.1-1", - "5.3.1-2", - "6.0.0+dfsg-1", - "6.0.0+dfsg-2", - "6.0.0+dfsg-3", - "6.0.0-1", - "8.0.0-1", - "8.0.0-2", - "8.0.0-3", - "8.0.1-1", - "8.3.0-1", - "8.3.0-2", - "9.0.0-1" - ], - "ecosystem_specific": { - "urgency": "not yet assigned" - }, - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25193.json" - } - }, - { - "package": { - "ecosystem": "Debian:12", - "name": "harfbuzz", - "purl": "pkg:deb/debian/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - } - ] - } - ], - "versions": [ - "10.0.1-1", - "10.1.0-1", - "10.1.0-2", - "6.0.0+dfsg-3", - "8.0.0-1", - "8.0.0-2", - "8.0.0-3", - "8.0.1-1", - "8.3.0-1", - "8.3.0-2", - "9.0.0-1" - ], - "ecosystem_specific": { - "urgency": "not yet assigned" - }, - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25193.json" - } - }, - { - "package": { - "ecosystem": "Debian:13", - "name": "harfbuzz", - "purl": "pkg:deb/debian/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "8.0.0-1" - } - ] - } - ], - "versions": [ - "6.0.0+dfsg-3" - ], - "ecosystem_specific": { - "urgency": "not yet assigned" - }, - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25193.json" - } - }, - { - "ranges": [ - { - "type": "GIT", - "repo": "https://github.com/behdad/harfbuzz", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "afcae83a064843d71d47624bc162e121cc56c08b" - } - ] - }, - { - "type": "GIT", - "repo": "https://github.com/harfbuzz/harfbuzz", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "85be877925ddbf34f74a1229f3ca1716bb6170dc" - }, - { - "fixed": "85be877925ddbf34f74a1229f3ca1716bb6170dc" - } - ] - } - ], - "versions": [ - "0.6.0", - "0.9.1", - "0.9.10", - "0.9.11", - "0.9.12", - "0.9.13", - "0.9.14", - "0.9.15", - "0.9.16", - "0.9.17", - "0.9.18", - "0.9.19", - "0.9.2", - "0.9.20", - "0.9.21", - "0.9.22", - "0.9.23", - "0.9.24", - "0.9.25", - "0.9.26", - "0.9.27", - "0.9.28", - "0.9.29", - "0.9.3", - "0.9.30", - "0.9.31", - "0.9.32", - "0.9.33", - "0.9.34", - "0.9.35", - "0.9.36", - "0.9.37", - "0.9.38", - "0.9.39", - "0.9.4", - "0.9.40", - "0.9.41", - "0.9.42", - "0.9.5", - "0.9.6", - "0.9.7", - "0.9.8", - "0.9.9", - "1.0.0", - "1.0.1", - "1.0.2", - "1.0.3", - "1.0.4", - "1.0.5", - "1.0.6", - "1.1.0", - "1.1.1", - "1.1.2", - "1.1.3", - "1.2.0", - "1.2.1", - "1.2.2", - "1.2.3", - "1.2.4", - "1.2.5", - "1.2.6", - "1.2.7", - "1.3.0", - "1.3.1", - "1.3.2", - "1.3.3", - "1.3.4", - "1.4.0", - "1.4.1", - "1.4.2", - "1.4.3", - "1.4.4", - "1.4.5", - "1.4.6", - "1.4.7", - "1.4.8", - "1.5.0", - "1.5.1", - "1.6.0", - "1.6.1", - "1.6.2", - "1.6.3", - "1.7.0", - "1.7.1", - "1.7.2", - "1.7.3", - "1.7.4", - "1.7.5", - "1.7.6", - "1.7.7", - "1.8.0", - "1.8.1", - "1.8.2", - "1.8.3", - "1.8.4", - "1.8.5", - "1.8.6", - "1.8.7", - "1.8.8", - "1.9.0", - "2.0.0", - "2.0.1", - "2.0.2", - "2.1.0", - "2.1.1", - "2.1.2", - "2.1.3", - "2.2.0", - "2.3.0", - "2.3.1", - "2.4.0", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.6.3", - "2.6.4", - "2.6.5", - "2.6.6", - "2.6.7", - "2.6.8", - "2.7.0", - "2.7.1", - "2.7.2", - "2.7.3", - "2.7.4", - "2.8.0", - "2.8.1", - "2.8.2", - "2.9.0", - "2.9.1", - "3.0.0", - "3.1.0", - "3.1.1", - "3.1.2", - "3.2.0", - "3.3.0", - "3.3.1", - "3.3.2", - "3.4.0", - "4.0.0", - "4.0.1", - "4.1.0", - "4.2.0", - "4.2.1", - "4.3.0", - "4.4.0", - "4.4.1", - "5.0.0", - "5.0.1", - "5.1.0", - "5.2.0", - "5.3.0", - "5.3.1", - "6.0.0", - "hb-rename", - "ng-mergepoint", - "ng-start", - "pango-extractpoint", - "pango-start" - ], - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25193.json" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://security.netapp.com/advisory/ntap-20230725-0006/" - }, - { - "type": "WEB", - "url": "https://chromium.googlesource.com/chromium/src/+/e1f324aa681af54101c1f2d173d92adb80e37088/DEPS#361" - }, - { - "type": "FIX", - "url": "https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc" - }, - { - "type": "WEB", - "url": "https://github.com/harfbuzz/harfbuzz/blob/2822b589bc837fae6f66233e2cf2eef0f6ce8470/src/hb-ot-layout-gsubgpos.hh" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KWCHWSICWVZSAXP2YAXM65JC2GR53547/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZ5M2GSAIHFPLHYJXUPQ2QDJCLWXUGO3/" - }, - { - "type": "ADVISORY", - "url": "https://security-tracker.debian.org/tracker/CVE-2023-25193" - } - ] - }, - { - "schema_version": "1.6.0", - "id": "CVE-2024-56732", - "modified": "2025-01-15T05:17:02.718296Z", - "published": "2024-12-27T20:15:23Z", - "aliases": [ - "GHSA-qmp9-xqm5-jh6m" - ], - "related": [ - "UBUNTU-CVE-2024-56732", - "USN-7214-1" - ], - "details": "HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.", - "affected": [ - { - "package": { - "ecosystem": "Debian:13", - "name": "harfbuzz", - "purl": "pkg:deb/debian/harfbuzz?arch=source" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "10.1.0-2" - } - ] - } - ], - "versions": [ - "10.0.1-1", - "10.1.0-1", - "6.0.0+dfsg-3", - "8.0.0-1", - "8.0.0-2", - "8.0.0-3", - "8.0.1-1", - "8.3.0-1", - "8.3.0-2", - "9.0.0-1" - ], - "ecosystem_specific": { - "urgency": "not yet assigned" - }, - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56732.json" - } - }, - { - "ranges": [ - { - "type": "GIT", - "repo": "https://github.com/harfbuzz/harfbuzz", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "1767f99e2e2196c3fcae27db6d8b60098d3f6d26" - } - ] - } - ], - "versions": [ - "0.6.0", - "0.9.1", - "0.9.10", - "0.9.11", - "0.9.12", - "0.9.13", - "0.9.14", - "0.9.15", - "0.9.16", - "0.9.17", - "0.9.18", - "0.9.19", - "0.9.2", - "0.9.20", - "0.9.21", - "0.9.22", - "0.9.23", - "0.9.24", - "0.9.25", - "0.9.26", - "0.9.27", - "0.9.28", - "0.9.29", - "0.9.3", - "0.9.30", - "0.9.31", - "0.9.32", - "0.9.33", - "0.9.34", - "0.9.35", - "0.9.36", - "0.9.37", - "0.9.38", - "0.9.39", - "0.9.4", - "0.9.40", - "0.9.41", - "0.9.42", - "0.9.5", - "0.9.6", - "0.9.7", - "0.9.8", - "0.9.9", - "1.0.0", - "1.0.1", - "1.0.2", - "1.0.3", - "1.0.4", - "1.0.5", - "1.0.6", - "1.1.0", - "1.1.1", - "1.1.2", - "1.1.3", - "1.2.0", - "1.2.1", - "1.2.2", - "1.2.3", - "1.2.4", - "1.2.5", - "1.2.6", - "1.2.7", - "1.3.0", - "1.3.1", - "1.3.2", - "1.3.3", - "1.3.4", - "1.4.0", - "1.4.1", - "1.4.2", - "1.4.3", - "1.4.4", - "1.4.5", - "1.4.6", - "1.4.7", - "1.4.8", - "1.5.0", - "1.5.1", - "1.6.0", - "1.6.1", - "1.6.2", - "1.6.3", - "1.7.0", - "1.7.1", - "1.7.2", - "1.7.3", - "1.7.4", - "1.7.5", - "1.7.6", - "1.7.7", - "1.8.0", - "1.8.1", - "1.8.2", - "1.8.3", - "1.8.4", - "1.8.5", - "1.8.6", - "1.8.7", - "1.8.8", - "1.9.0", - "10.0.0", - "10.0.1", - "10.1.0", - "2.0.0", - "2.0.1", - "2.0.2", - "2.1.0", - "2.1.1", - "2.1.2", - "2.1.3", - "2.2.0", - "2.3.0", - "2.3.1", - "2.4.0", - "2.5.0", - "2.5.1", - "2.5.2", - "2.5.3", - "2.6.0", - "2.6.1", - "2.6.2", - "2.6.3", - "2.6.4", - "2.6.5", - "2.6.6", - "2.6.7", - "2.6.8", - "2.7.0", - "2.7.1", - "2.7.2", - "2.7.3", - "2.7.4", - "2.8.0", - "2.8.1", - "2.8.2", - "2.9.0", - "2.9.1", - "3.0.0", - "3.1.0", - "3.1.1", - "3.1.2", - "3.2.0", - "3.3.0", - "3.3.1", - "3.3.2", - "3.4.0", - "4.0.0", - "4.0.1", - "4.1.0", - "4.2.0", - "4.2.1", - "4.3.0", - "4.4.0", - "4.4.1", - "5.0.0", - "5.0.1", - "5.1.0", - "5.2.0", - "5.3.0", - "5.3.1", - "6.0.0", - "7.0.0", - "7.0.1", - "7.1.0", - "7.2.0", - "7.3.0", - "8.0.0", - "8.0.1", - "8.1.0", - "8.1.1", - "8.2.0", - "8.2.1", - "8.2.2", - "8.3.0", - "8.3.1", - "8.4.0", - "8.5.0", - "9.0.0", - "hb-rename", - "ng-mergepoint", - "ng-start", - "pango-extractpoint", - "pango-start" - ], - "database_specific": { - "source": "https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56732.json" - } - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-qmp9-xqm5-jh6m" - }, - { - "type": "FIX", - "url": "https://github.com/harfbuzz/harfbuzz/commit/1767f99e2e2196c3fcae27db6d8b60098d3f6d26" - }, - { - "type": "ADVISORY", - "url": "https://security-tracker.debian.org/tracker/CVE-2024-56732" - } - ] - }, - { - "schema_version": "1.6.0", - "id": "OSV-2020-484", - "modified": "2022-04-13T03:04:32.842142Z", - "published": "2020-07-01T00:00:12.297418Z", - "summary": "Heap-buffer-overflow in AAT::KerxSubTableFormat4::driver_context_t::transition", - "details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532\n\n```\nCrash type: Heap-buffer-overflow READ 4\nCrash state:\nAAT::KerxSubTableFormat4::driver_context_t::transition\nvoid AAT::StateTableDriver::apply\n```\n", - "affected": [ - { - "package": { - "ecosystem": "OSS-Fuzz", - "name": "harfbuzz", - "purl": "pkg:generic/harfbuzz" - }, - "ranges": [ - { - "type": "GIT", - "repo": "https://github.com/harfbuzz/harfbuzz.git", - "events": [ - { - "introduced": "4009a05ca7de21fff2176621597cd0cd01e9d80e" - }, - { - "fixed": "cc8e9a436fa408a1c63f4b9afb7643cea76a079c" - } - ] - } - ], - "versions": [ - "2.2.0", - "2.3.0" - ], - "ecosystem_specific": { - "severity": "MEDIUM" - }, - "database_specific": { - "source": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2020-484.yaml" - } - } - ], - "references": [ - { - "type": "REPORT", - "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532" - } - ] - } -] diff --git a/clients/osv/src/funTest/assets/vulnerabilities-by-commit-expected-vulnerability.json b/clients/osv/src/funTest/assets/vulnerabilities-by-commit-expected-vulnerability.json new file mode 100644 index 0000000000000..2a5768594e68a --- /dev/null +++ b/clients/osv/src/funTest/assets/vulnerabilities-by-commit-expected-vulnerability.json @@ -0,0 +1,47 @@ +{ + "schema_version": "1.6.0", + "id": "OSV-2020-484", + "modified": "2022-04-13T03:04:32.842142Z", + "published": "2020-07-01T00:00:12.297418Z", + "summary": "Heap-buffer-overflow in AAT::KerxSubTableFormat4::driver_context_t::transition", + "details": "OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532\n\n```\nCrash type: Heap-buffer-overflow READ 4\nCrash state:\nAAT::KerxSubTableFormat4::driver_context_t::transition\nvoid AAT::StateTableDriver::apply\n```\n", + "affected": [ + { + "package": { + "ecosystem": "OSS-Fuzz", + "name": "harfbuzz", + "purl": "pkg:generic/harfbuzz" + }, + "ranges": [ + { + "type": "GIT", + "repo": "https://github.com/harfbuzz/harfbuzz.git", + "events": [ + { + "introduced": "4009a05ca7de21fff2176621597cd0cd01e9d80e" + }, + { + "fixed": "cc8e9a436fa408a1c63f4b9afb7643cea76a079c" + } + ] + } + ], + "versions": [ + "2.2.0", + "2.3.0" + ], + "ecosystem_specific": { + "severity": "MEDIUM" + }, + "database_specific": { + "source": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2020-484.yaml" + } + } + ], + "references": [ + { + "type": "REPORT", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12532" + } + ] +} diff --git a/clients/osv/src/funTest/kotlin/OsvServiceWrapperFunTest.kt b/clients/osv/src/funTest/kotlin/OsvServiceWrapperFunTest.kt index 7ebaa339c76ab..ebf0e8d4942fc 100644 --- a/clients/osv/src/funTest/kotlin/OsvServiceWrapperFunTest.kt +++ b/clients/osv/src/funTest/kotlin/OsvServiceWrapperFunTest.kt @@ -20,6 +20,7 @@ package org.ossreviewtoolkit.clients.osv import io.kotest.core.spec.style.StringSpec +import io.kotest.matchers.collections.shouldContain import io.kotest.matchers.collections.shouldContainExactlyInAnyOrder import io.kotest.matchers.result.shouldBeSuccess import io.kotest.matchers.shouldBe @@ -60,17 +61,19 @@ private fun Vulnerability.normalizeUrls(): Vulnerability { private val emptyJsonObject = JsonObject(emptyMap()) -private fun List.patchFields() = map { it.patchIgnorableFields().normalizeUrls() } +private fun List.patch() = map { it.patch() } +private fun Vulnerability.patch() = patchIgnorableFields().normalizeUrls() class OsvServiceWrapperFunTest : StringSpec({ "getVulnerabilitiesForPackage() returns the expected vulnerability when queried by commit" { - val expectedResult = getAssetAsString("vulnerabilities-by-commit-expected-result.json") + val expectedVulnerability = OsvService.JSON.decodeFromString( + getAssetAsString("vulnerabilities-by-commit-expected-vulnerability.json") + ) val result = OsvServiceWrapper().getVulnerabilitiesForPackage(VULNERABILITY_FOR_PACKAGE_BY_COMMIT_REQUEST) result.shouldBeSuccess { actualData -> - val expectedData = OsvService.JSON.decodeFromString>(expectedResult) - actualData.patchFields() shouldContainExactlyInAnyOrder expectedData.patchFields() + actualData.patch() shouldContain expectedVulnerability.patch() } } @@ -81,7 +84,7 @@ class OsvServiceWrapperFunTest : StringSpec({ result.shouldBeSuccess { actualData -> val expectedData = OsvService.JSON.decodeFromString>(expectedResult) - actualData.patchFields() shouldContainExactlyInAnyOrder expectedData.patchFields() + actualData.patch() shouldContainExactlyInAnyOrder expectedData.patch() } }