-
Notifications
You must be signed in to change notification settings - Fork 198
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Import data from OSS-Fuzz #897
Conversation
@ziadhany please rebase your branch and add tests for oss-fuzz |
I think we need to add Git Version/Version range aboutcode-org/univers#85 before merge this . |
@ziadhany does this importer only give |
Most of the data uses the git version, and there are rare cases that use both versions like this : |
@ziadhany let's ingest the data where we can get versions that are parsable by univers for now and add a follow up issue to ingest git versions from OSS-Fuzz. |
@ziadhany please run the importer and improver on this and provide the logs for same. |
A lot of logs like this and the importer add just 2617 row in vulnerabilities_advisory table .
And the improve logs :
|
@ziadhany please add tests |
ce96986
to
1f75c02
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ziadhany Thanks++, some review comments for your consideration.
@TG1999 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thanks ++
@@ -0,0 +1,20 @@ | |||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please rename these expected files to use the same base name as a the test data file with an -expected.json
suffix. Here do not use oss-fuzz-expected1.json
. Instead use oss-fuzz-data1.yaml-expected.json
.... ths way the test data file and the expected results show up side by side.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with a tiny nit for the test results expected file names
@ziadhany thanks++ this looks good and we can merge it, please just resolve the merge conflicts. |
Add OSSFuzzImprover to IMPROVERS_REGISTRY Fix oss-fuzz test ( add weakness in expected test file ) Add oss-fuzz tests Import data from oss_fuzz using osv format Resolve merge conflicts Signed-off-by: ziadhany <ziadhany2016@gmail.com>
Done |
using osv format #780 but we need to add support for oss-fuzz version , version range in univers and edit
get_fixed_version