Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for all osv ecosystems #926

Merged
merged 1 commit into from
Feb 13, 2024
Merged

Add support for all osv ecosystems #926

merged 1 commit into from
Feb 13, 2024

Conversation

ziadhany
Copy link
Collaborator

Signed-off-by: ziadhany ziadhany2016@gmail.com

@ziadhany ziadhany mentioned this pull request Sep 24, 2022
Open
9 tasks
@TG1999 TG1999 added this to the v31.0 milestone Oct 11, 2022
@pombredanne pombredanne modified the milestones: v31.0, v32.0.0 Dec 8, 2022
@ziadhany
Copy link
Collaborator Author

ziadhany commented Jan 12, 2023
edited
Loading

importer logs :

Unsupported package type: PackageURL(type='rubygems', namespace=None, name='sprout', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-229r-pqp6-8w6g'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='rails', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-24fg-p96v-hxh8'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='rails', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-24fg-p96v-hxh8'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='actionpack', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-29gr-w57f-rpfw'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='actionpack', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-29gr-w57f-rpfw'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='actionpack', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-29gr-w57f-rpfw'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='actionpack', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-2xjj-5x6h-8vmf'
....
Invalid version class: None - '1.4.3' for OSV id: 'GHSA-fjgq-224f-fq37'
Unknown version range for ecosystem go for OSV id: 'GHSA-fjgq-224f-fq37'
Invalid version class: None - '3.0.9' for OSV id: 'GHSA-fjgq-224f-fq37'
Unknown version range for ecosystem go for OSV id: 'GHSA-fv6c-rfg3-gvjw'
Invalid version class: None - '0.9.0' for OSV id: 'GHSA-fv6c-rfg3-gvjw'
Invalid file name: advisory-database-main/advisories/github-reviewed/2022/12/GHSA-g3wc-xv93-445q/GHSA-g3wc-xv93-445q.json - unhashable type: 'Version'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='prettytable-rs', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-gfgm-chr3-x6px'
Unknown version range for ecosystem go for OSV id: 'GHSA-gfj4-wg89-m22r'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-gfj4-wg89-m22r'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-gg8r-xjwq-4w92'
Invalid version class: None - '6.3.1' for OSV id: 'GHSA-gg8r-xjwq-4w92'
Invalid file name: advisory-database-main/advisories/github-reviewed/2022/12/GHSA-gg8r-xjwq-4w92/GHSA-gg8r-xjwq-4w92.json - unhashable type: 'Version'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-ghw3-5qvm-3mqc'
Invalid version class: None - '4.2.11' for OSV id: 'GHSA-ghw3-5qvm-3mqc'
Unknown version range for ecosystem go for OSV id: 'GHSA-ghx2-6v4g-9wmm'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-ghx2-6v4g-9wmm'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-gqgq-784q-v9xp'
Unknown version range for ecosystem go for OSV id: 'GHSA-gvfj-fxx3-j323'
Invalid version class: None - '0.3.1' for OSV id: 'GHSA-gvfj-fxx3-j323'
Unknown version range for ecosystem go for OSV id: 'GHSA-gw62-c7w4-x449'
Unknown version range for ecosystem go for OSV id: 'GHSA-gw9m-2m5v-c6x5'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-gw9m-2m5v-c6x5'
Unknown version range for ecosystem go for OSV id: 'GHSA-gxgj-xjcw-fv9p'
Invalid version class: None - '0.0.0-20130808000456-233bccbb1abe' for OSV id: 'GHSA-gxgj-xjcw-fv9p'
Unknown version range for ecosystem go for OSV id: 'GHSA-gxgj-xjcw-fv9p'
Invalid version class: None - '0.0.0-20130808000456-233bccbb1abe' for OSV id: 'GHSA-gxgj-xjcw-fv9p'
Unknown version range for ecosystem go for OSV id: 'GHSA-gxqf-4g4p-q3hc'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-gxqf-4g4p-q3hc'
Unknown version range for ecosystem go for OSV id: 'GHSA-h2ph-vhm7-g4hp'
Invalid version class: None - '2.9.6' for OSV id: 'GHSA-h2ph-vhm7-g4hp'
Unknown version range for ecosystem go for OSV id: 'GHSA-h4q8-96p6-jcgr'
Invalid version class: None - '2.0.0' for OSV id: 'GHSA-h4q8-96p6-jcgr'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-h972-v458-m892'
Invalid version class: None - '3.7.33' for OSV id: 'GHSA-h972-v458-m892'
Unknown version range for ecosystem go for OSV id: 'GHSA-hc5q-26h8-r9wf'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-hc5q-26h8-r9wf'
Unknown version range for ecosystem go for OSV id: 'GHSA-hggr-p7v6-73p5'
Invalid version class: None - '1.0.0' for OSV id: 'GHSA-hggr-p7v6-73p5'
Unknown version range for ecosystem go for OSV id: 'GHSA-hhxg-px5h-jc32'
Invalid version class: None - '0.0.0-20200329073418-5d38f39de352' for OSV id: 'GHSA-hhxg-px5h-jc32'
Unknown version range for ecosystem go for OSV id: 'GHSA-hrm3-3xm6-x33h'
Invalid version class: None - '0.0.0-20200131131040-063a3fb69896' for OSV id: 'GHSA-hrm3-3xm6-x33h'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-hvwx-qh2h-xcfj'
Invalid version class: None - '1.5.0' for OSV id: 'GHSA-hvwx-qh2h-xcfj'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-hvwx-qh2h-xcfj'
Invalid version class: None - '2.1.1' for OSV id: 'GHSA-hvwx-qh2h-xcfj'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-hvwx-qh2h-xcfj'
Invalid version class: None - '10.4.33' for OSV id: 'GHSA-hvwx-qh2h-xcfj'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-hvwx-qh2h-xcfj'
Invalid version class: None - '11.5.20' for OSV id: 'GHSA-hvwx-qh2h-xcfj'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-hvwx-qh2h-xcfj'
Invalid version class: None - '12.1.1' for OSV id: 'GHSA-hvwx-qh2h-xcfj'
Unknown version range for ecosystem go for OSV id: 'GHSA-j453-hm5x-c46w'
Invalid version class: None - '4.2.0' for OSV id: 'GHSA-j453-hm5x-c46w'
Unknown version range for ecosystem go for OSV id: 'GHSA-j593-h5v3-45x6'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-j593-h5v3-45x6'
Unknown version range for ecosystem go for OSV id: 'GHSA-j7qp-mfxf-8xjw'
Invalid version class: None - '0.18.0' for OSV id: 'GHSA-j7qp-mfxf-8xjw'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-j82x-fh8h-326g'
Invalid version class: None - '0.1.9' for OSV id: 'GHSA-j82x-fh8h-326g'
Unknown version range for ecosystem go for OSV id: 'GHSA-j8x2-2m5w-j939'
Invalid version class: None - '1.247355' for OSV id: 'GHSA-j8x2-2m5w-j939'
Unknown version range for ecosystem go for OSV id: 'GHSA-jcr6-mmjj-pchw'
Invalid version class: None - '1.3.0' for OSV id: 'GHSA-jcr6-mmjj-pchw'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-jfp7-79g7-89rf'
Invalid version class: None - '8.7.49' for OSV id: 'GHSA-jfp7-79g7-89rf'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-jfp7-79g7-89rf'
Invalid version class: None - '9.5.38' for OSV id: 'GHSA-jfp7-79g7-89rf'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-jfp7-79g7-89rf'
Invalid version class: None - '10.4.33' for OSV id: 'GHSA-jfp7-79g7-89rf'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-jfp7-79g7-89rf'
Invalid version class: None - '11.5.20' for OSV id: 'GHSA-jfp7-79g7-89rf'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-jfp7-79g7-89rf'
Invalid version class: None - '12.1.1' for OSV id: 'GHSA-jfp7-79g7-89rf'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-jfp7-79g7-89rf'
Invalid version class: None - '10.4.33' for OSV id: 'GHSA-jfp7-79g7-89rf'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-jfp7-79g7-89rf'
Invalid version class: None - '11.5.20' for OSV id: 'GHSA-jfp7-79g7-89rf'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-jfp7-79g7-89rf'
Invalid version class: None - '12.1.1' for OSV id: 'GHSA-jfp7-79g7-89rf'
Unknown version range for ecosystem go for OSV id: 'GHSA-jpf8-h7h7-3ppm'
Invalid version class: None - '0.0.0-20201201191210-20a61371de5b' for OSV id: 'GHSA-jpf8-h7h7-3ppm'
Unknown version range for ecosystem go for OSV id: 'GHSA-jpgg-cp2x-qrw3'
Invalid version class: None - '1.5.2' for OSV id: 'GHSA-jpgg-cp2x-qrw3'
Unknown version range for ecosystem go for OSV id: 'GHSA-jr65-gpj5-cw74'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='libp2p', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-jvgw-gccv-q5p8'
Unknown version range for ecosystem go for OSV id: 'GHSA-jvq8-w7qv-hqp6'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-jvq8-w7qv-hqp6'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-jw6x-4h8h-569x'
Invalid version class: None - '4.1.0' for OSV id: 'GHSA-jw6x-4h8h-569x'
Unknown version range for ecosystem go for OSV id: 'GHSA-jwrv-x6rx-8vfm'
Invalid version class: None - '0.5.0' for OSV id: 'GHSA-jwrv-x6rx-8vfm'
Unknown version range for ecosystem go for OSV id: 'GHSA-m3cq-xcx9-3gvm'
Invalid version class: None - '1.8.5' for OSV id: 'GHSA-m3cq-xcx9-3gvm'
Invalid VersionRange  for affected_pkg: {'package': {'ecosystem': 'Go', 'name': 'github.com/openfga/openfga'}, 'ranges': [{'type': 'ECOSYSTEM', 'events': [{'introduced': '0.3.0'}, {'fixed': '0.3.1'}]}], 'versions': ['0.3.0']} for OSV id: 'GHSA-m3q4-7qmj-657m': error:KeyError('go')
Unknown version range for ecosystem go for OSV id: 'GHSA-m3q4-7qmj-657m'
Invalid version class: None - '0.3.1' for OSV id: 'GHSA-m3q4-7qmj-657m'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-m54v-gv8p-9pqp'
Unknown version range for ecosystem go for OSV id: 'GHSA-m5pr-wm6q-x4g2'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-m5pr-wm6q-x4g2'
Unknown version range for ecosystem go for OSV id: 'GHSA-m7qp-cj9p-gj85'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='rails-html-sanitizer', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-mcvf-2q2m-x72m'
Unknown version range for ecosystem go for OSV id: 'GHSA-mfmp-8mqg-q4wm'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-mfmp-8mqg-q4wm'
Unknown version range for ecosystem go for OSV id: 'GHSA-mfvq-m3jj-8864'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-mfvq-m3jj-8864'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-mgj2-q8wp-29rr'
Invalid version class: None - '10.4.33' for OSV id: 'GHSA-mgj2-q8wp-29rr'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-mgj2-q8wp-29rr'
Invalid version class: None - '11.5.20' for OSV id: 'GHSA-mgj2-q8wp-29rr'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-mgj2-q8wp-29rr'
Invalid version class: None - '12.1.1' for OSV id: 'GHSA-mgj2-q8wp-29rr'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-mgj2-q8wp-29rr'
Invalid version class: None - '10.4.33' for OSV id: 'GHSA-mgj2-q8wp-29rr'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-mgj2-q8wp-29rr'
Invalid version class: None - '11.5.20' for OSV id: 'GHSA-mgj2-q8wp-29rr'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-mgj2-q8wp-29rr'
Invalid version class: None - '12.1.1' for OSV id: 'GHSA-mgj2-q8wp-29rr'
Unknown version range for ecosystem go for OSV id: 'GHSA-mq5q-gpgv-pwxw'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-mq5q-gpgv-pwxw'
Unknown version range for ecosystem go for OSV id: 'GHSA-p228-4mrh-ww7r'
Invalid version class: None - '1.3.50' for OSV id: 'GHSA-p228-4mrh-ww7r'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-p4qr-vq2g-22wp'
Invalid version class: None - '6.0.14' for OSV id: 'GHSA-p4qr-vq2g-22wp'
Unknown version range for ecosystem go for OSV id: 'GHSA-p6fg-723f-hgpw'
Unknown version range for ecosystem go for OSV id: 'GHSA-p82q-rxpm-hjpc'
Invalid version class: None - '1.8.13' for OSV id: 'GHSA-p82q-rxpm-hjpc'
Unknown version range for ecosystem go for OSV id: 'GHSA-pmg2-rph8-p8r6'
Invalid version class: None - '3.6.0' for OSV id: 'GHSA-pmg2-rph8-p8r6'
Unknown version range for ecosystem go for OSV id: 'GHSA-pp3p-6jjh-rmg7'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-pp3p-6jjh-rmg7'
Unknown version range for ecosystem go for OSV id: 'GHSA-ppp9-7jff-5vj2'
Invalid version class: None - '0.3.7' for OSV id: 'GHSA-ppp9-7jff-5vj2'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-pwh3-3pcm-6vjh'
Unknown version range for ecosystem go for OSV id: 'GHSA-pwhr-p68w-296x'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-pwhr-p68w-296x'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-q7qq-9gx2-ggxv'
Invalid version class: None - '4.9.0' for OSV id: 'GHSA-q7qq-9gx2-ggxv'
Unknown version range for ecosystem go for OSV id: 'GHSA-q9qr-jwpw-3qvv'
Invalid version class: None - '0.3.0' for OSV id: 'GHSA-q9qr-jwpw-3qvv'
Unknown version range for ecosystem go for OSV id: 'GHSA-qcf5-m2c6-89f2'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-qcf5-m2c6-89f2'
Unknown version range for ecosystem go for OSV id: 'GHSA-qcw2-492v-57xj'
Invalid version class: None - '0.9.0' for OSV id: 'GHSA-qcw2-492v-57xj'
Unknown version range for ecosystem go for OSV id: 'GHSA-qf9q-3wwx-8qjv'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-qf9q-3wwx-8qjv'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='capnp', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-qqff-4vw4-f6hx'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='capnp', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-qqff-4vw4-f6hx'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='capnp', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-qqff-4vw4-f6hx'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-qqv9-gqh5-7h99'
Unknown version range for ecosystem go for OSV id: 'GHSA-qr52-59r6-49f4'
Invalid version class: None - '0.9.0' for OSV id: 'GHSA-qr52-59r6-49f4'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-qr97-v87p-x965'
Invalid version class: None - '3.0' for OSV id: 'GHSA-qr97-v87p-x965'
Unknown version range for ecosystem go for OSV id: 'GHSA-qrrf-xvcf-p64q'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-qrrf-xvcf-p64q'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='nokogiri', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-qv4q-mr5r-qprj'
Unknown version range for ecosystem go for OSV id: 'GHSA-qvx2-59g8-8hph'
Invalid version class: None - '1.2.1' for OSV id: 'GHSA-qvx2-59g8-8hph'
Unknown version range for ecosystem go for OSV id: 'GHSA-qw36-rw5q-gxcq'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-qw36-rw5q-gxcq'
Unknown version range for ecosystem go for OSV id: 'GHSA-r3p3-5f35-h6mf'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-r3p3-5f35-h6mf'
Unknown version range for ecosystem go for OSV id: 'GHSA-r7hg-2cpp-8wqq'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-r7hg-2cpp-8wqq'
Unknown version range for ecosystem go for OSV id: 'GHSA-r88r-gmrh-7j83'
Invalid version class: None - '2.2.3' for OSV id: 'GHSA-r88r-gmrh-7j83'
Unknown version range for ecosystem go for OSV id: 'GHSA-rgj5-jj5q-v3v7'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-rjf6-wj7r-5fj2'
Invalid version class: None - '3.1.9' for OSV id: 'GHSA-rjf6-wj7r-5fj2'
Unknown version range for ecosystem go for OSV id: 'GHSA-rmhx-9h5h-3xh3'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-rmhx-9h5h-3xh3'
Unknown version range for ecosystem go for OSV id: 'GHSA-rmj9-q58g-9qgg'
Invalid version class: None - '2.0.0' for OSV id: 'GHSA-rmj9-q58g-9qgg'
Unknown version range for ecosystem go for OSV id: 'GHSA-rprg-4v7q-87v7'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='rails-html-sanitizer', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-rrfc-7g8p-99q8'
Unknown version range for ecosystem go for OSV id: 'GHSA-rx2m-xr4x-54hh'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-rx2m-xr4x-54hh'
Unknown version range for ecosystem go for OSV id: 'GHSA-v92p-phmp-xffr'
Invalid version class: None - '0.9.0' for OSV id: 'GHSA-v92p-phmp-xffr'
Unknown version range for ecosystem go for OSV id: 'GHSA-vh43-cc6x-prpr'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-vh43-cc6x-prpr'
Unknown version range for ecosystem go for OSV id: 'GHSA-vp56-r7qv-783v'
Invalid version class: None - '0.12.4' for OSV id: 'GHSA-vp56-r7qv-783v'
Invalid file name: advisory-database-main/advisories/github-reviewed/2022/12/GHSA-vq23-hwg7-hxrh/GHSA-vq23-hwg7-hxrh.json - unhashable type: 'Version'
Unknown version range for ecosystem go for OSV id: 'GHSA-vwg4-846x-f94v'
Invalid version class: None - '0.9.0' for OSV id: 'GHSA-vwg4-846x-f94v'
Invalid file name: advisory-database-main/advisories/github-reviewed/2022/12/GHSA-vx2x-9cff-fhjw/GHSA-vx2x-9cff-fhjw.json - unhashable type: 'Version'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-vxwf-79ch-f7f7'
Invalid version class: None - '4.7.2' for OSV id: 'GHSA-vxwf-79ch-f7f7'
Unknown version range for ecosystem go for OSV id: 'GHSA-w57v-6xp4-rm2v'
Invalid version class: None - '0.9.0' for OSV id: 'GHSA-w57v-6xp4-rm2v'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-w6qf-j4qr-f946'
Invalid version class: None - '2.0.0-beta1' for OSV id: 'GHSA-w6qf-j4qr-f946'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-w9wc-4xcq-8gr6'
Invalid version class: None - '6.0.53' for OSV id: 'GHSA-w9wc-4xcq-8gr6'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-w9wc-4xcq-8gr6'
Invalid version class: None - '5.0.119' for OSV id: 'GHSA-w9wc-4xcq-8gr6'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-wpgc-5cr5-h9gg'
Invalid version class: None - '3.1.9' for OSV id: 'GHSA-wpgc-5cr5-h9gg'
Unknown version range for ecosystem go for OSV id: 'GHSA-x39j-h85h-3f46'
Invalid version class: None - '0.8.1' for OSV id: 'GHSA-x39j-h85h-3f46'
Unknown version range for ecosystem go for OSV id: 'GHSA-x45c-cvp8-q4fm'
Invalid version class: None - '0.1.3' for OSV id: 'GHSA-x45c-cvp8-q4fm'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-x5q4-m45m-fm94'
Invalid version class: None - '1.8.7' for OSV id: 'GHSA-x5q4-m45m-fm94'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-x87m-36g7-6mpw'
Unknown version range for ecosystem go for OSV id: 'GHSA-x9p9-v3x6-68mq'
Invalid version class: None - '0.9.1' for OSV id: 'GHSA-x9p9-v3x6-68mq'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-xj33-8r43-r227'
Invalid version class: None - '8.5.10' for OSV id: 'GHSA-xj33-8r43-r227'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-xj33-8r43-r227'
Invalid version class: None - '9.1.3' for OSV id: 'GHSA-xj33-8r43-r227'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='tendermint-light-client-verifier', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-xqqc-c5gw-c5r5'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='tendermint-light-client', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-xqqc-c5gw-c5r5'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='tendermint-light-client-js', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-xqqc-c5gw-c5r5'
Unknown version range for ecosystem go for OSV id: 'GHSA-xr7p-8q82-878q'
Invalid version class: None - '2.0.0-rc.4' for OSV id: 'GHSA-xr7p-8q82-878q'
Invalid VersionRange  for affected_pkg: {'package': {'ecosystem': 'Go', 'name': 'teler.app'}, 'ranges': [{'type': 'ECOSYSTEM', 'events': [{'introduced': '2.0.0-dev'}, {'fixed': '2.0.0-dev.2'}]}], 'versions': ['2.0.0-dev']} for OSV id: 'GHSA-xr7p-8q82-878q': error:KeyError('go')
Unknown version range for ecosystem go for OSV id: 'GHSA-xr7p-8q82-878q'
Invalid version class: None - '2.0.0-dev.2' for OSV id: 'GHSA-xr7p-8q82-878q'
Unknown version range for ecosystem go for OSV id: 'GHSA-xv6x-456v-24xh'
Invalid version class: None - '2.2.2' for OSV id: 'GHSA-xv6x-456v-24xh'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-xv8h-43h9-v3jq'
Unknown version range for ecosystem go for OSV id: 'GHSA-xxfx-w2rw-gh63'
Invalid version class: None - '0.8.2' for OSV id: 'GHSA-xxfx-w2rw-gh63'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-22m9-m3ww-53h3'
Invalid version class: None - '1.6.3' for OSV id: 'GHSA-22m9-m3ww-53h3'
Unknown version range for ecosystem go for OSV id: 'GHSA-3244-8mff-w398'
Invalid version class: None - '2.2.3' for OSV id: 'GHSA-3244-8mff-w398'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='httparty', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-5pq7-52mg-hr42'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-64wv-c7jw-jw2q'
Invalid version class: None - '3.0.0' for OSV id: 'GHSA-64wv-c7jw-jw2q'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-6m7c-45ff-3328'
Invalid version class: None - '1.4.0' for OSV id: 'GHSA-6m7c-45ff-3328'
Unknown version range for ecosystem go for OSV id: 'GHSA-6rrr-78xp-5jp8'
Invalid version class: None - '2.17.3' for OSV id: 'GHSA-6rrr-78xp-5jp8'
Unknown version range for ecosystem go for OSV id: 'GHSA-6rrr-78xp-5jp8'
Invalid version class: None - '2.16.4' for OSV id: 'GHSA-6rrr-78xp-5jp8'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-7m9r-rq9j-wmmh'
Invalid version class: None - '4.12.5' for OSV id: 'GHSA-7m9r-rq9j-wmmh'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='tokio', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-7rrj-xr53-82p7'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='tokio', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-7rrj-xr53-82p7'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='tokio', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-7rrj-xr53-82p7'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-7vcx-v65q-9wpg'
Invalid version class: None - '4.9.0' for OSV id: 'GHSA-7vcx-v65q-9wpg'
Unknown version range for ecosystem go for OSV id: 'GHSA-8686-4cr3-76wj'
Invalid version class: None - '0.10.0' for OSV id: 'GHSA-8686-4cr3-76wj'
Unknown version range for ecosystem go for OSV id: 'GHSA-89qm-wcmw-3mgg'
Invalid version class: None - '0.12.0' for OSV id: 'GHSA-89qm-wcmw-3mgg'
Invalid file name: advisory-database-main/advisories/github-reviewed/2023/01/GHSA-8f7f-vqg5-jrv9/GHSA-8f7f-vqg5-jrv9.json - unhashable type: 'Version'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-8gcg-vwmw-rxj4'
Invalid version class: None - '1.6.3' for OSV id: 'GHSA-8gcg-vwmw-rxj4'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='bzip2', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-96jv-r488-c2rj'
Unsupported package type: PackageURL(type='pub', namespace=None, name='personnummer', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-9f2c-xxfm-32mj'
Unknown version range for ecosystem go for OSV id: 'GHSA-9h7x-9pmh-7gg8'
Invalid version class: None - '0.10.0' for OSV id: 'GHSA-9h7x-9pmh-7gg8'
Unknown version range for ecosystem go for OSV id: 'GHSA-c653-6hhg-9x92'
Invalid version class: None - '0.19.0' for OSV id: 'GHSA-c653-6hhg-9x92'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-cf5r-3pvm-w64w'
Invalid version class: None - '2.0.6' for OSV id: 'GHSA-cf5r-3pvm-w64w'
Unknown version range for ecosystem go for OSV id: 'GHSA-fpjc-cxr6-w6h8'
Invalid version class: None - '0.10.0' for OSV id: 'GHSA-fpjc-cxr6-w6h8'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-ggj9-6x8j-49w9'
Invalid version class: None - '1.0' for OSV id: 'GHSA-ggj9-6x8j-49w9'
Unknown version range for ecosystem go for OSV id: 'GHSA-gqx8-hxmv-c4v4'
Unknown version range for ecosystem go for OSV id: 'GHSA-h2ph-9r76-37v5'
Invalid version class: None - '0.10.0' for OSV id: 'GHSA-h2ph-9r76-37v5'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-hph3-hv3c-7725'
Invalid version class: None - '1.6.3' for OSV id: 'GHSA-hph3-hv3c-7725'
Unknown version range for ecosystem go for OSV id: 'GHSA-jxgp-jgh3-8jc8'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-m95x-m25c-w9mp'
Invalid version class: None - '4.9.0' for OSV id: 'GHSA-m95x-m25c-w9mp'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='inline_svg', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-p33q-4h4m-j994'
Unknown version range for ecosystem go for OSV id: 'GHSA-pcvh-px2p-vmxw'
Invalid version class: None - '0.10.0' for OSV id: 'GHSA-pcvh-px2p-vmxw'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='git', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-pfpr-3463-c6jh'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-pxqj-xrv5-qvjf'
Invalid version class: None - '4.9.2' for OSV id: 'GHSA-pxqj-xrv5-qvjf'
Unsupported package type: PackageURL(type='crates.io', namespace=None, name='cargo', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-r5w3-xm58-jv6j'
Unknown version range for ecosystem go for OSV id: 'GHSA-v4w5-r2xc-7f8h'
Invalid version class: None - '1.6.4' for OSV id: 'GHSA-v4w5-r2xc-7f8h'
Unsupported package type: PackageURL(type='rubygems', namespace=None, name='pghero', version=None, qualifiers={}, subpath=None) in OSV: 'GHSA-vf99-xw26-86g5'
Unknown version range for ecosystem go for OSV id: 'GHSA-vjhf-8vqx-vqpq'
Invalid version class: None - '1.6.3' for OSV id: 'GHSA-vjhf-8vqx-vqpq'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-wm32-3r4m-jvcc'
Unknown version range for ecosystem packagist for OSV id: 'GHSA-wqqv-jcfr-9f5g'
Invalid version class: None - '4.8.1' for OSV id: 'GHSA-wqqv-jcfr-9f5g'
Unknown version range for ecosystem go for OSV id: 'GHSA-wr3c-g326-486c'
Invalid version class: None - '0.12.0' for OSV id: 'GHSA-wr3c-g326-486c'
Unknown version range for ecosystem go for OSV id: 'GHSA-x22v-qgm2-7qc7'
Invalid version class: None - '0.10.0' for OSV id: 'GHSA-x22v-qgm2-7qc7'
Successfully imported data using vulnerabilities.importers.github_osv.GithubOSVImporter

improver logs :

Improving data using vulnerabilities.improvers.default.DefaultImprover
Invalid vulnerability reference: <VulnerabilityReference: github.com/prometheus/prometheus>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/ipld/go-codec-dagpb>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/coredns/coredns>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/ipld/go-ipfs>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/google/fscrypt>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/google/fscrypt>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/rancher/rancher>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: apache/cayenne>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: apache/cayenne>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/npm/cli>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: https://github.com/symfony/symfony >: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: ://github.com/rochacbruno/quokka>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: ttps://github.com/jenkinsci/gatling-plugin>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: ttps://github.com/jenkinsci/jenkins>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: ttps://github.com/jenkinsci/jenkins>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: ://github.com/google/slo-generator>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/traefik/traefik>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/rancher/rancher>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/rancher/rancher>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/cloudflare/cfrpki>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/argoproj/argo-workflows/v3>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/gen2brain/go-unarr>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/cloudflare/cfrpki>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/rancher/rancher>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/hyperledger/fabric>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference:  https://github.com/yetiforcecompany/yetiforcecrm>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/mattermost/mattermost-server>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/coreos/ignition>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/hashicorp/nomad>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/hashicorp/nomad>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/stripe/smokescreen>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/fluxcd/kustomize-controller>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/argoproj/argo-cd>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/argoproj/argo-cd>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/ipld/go-codec-dagpb>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/open-falcon/falcon-plus>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/opencontainers/runc>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/argoproj/argo-workflows>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/argoproj/argo-cd>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/ethereum/go-ethereum>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/cilium/cilium>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/cilium/cilium>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/stripe/smokescreen>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/pion/dtls>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/pion/dtls>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/pion/dtls>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/mindoc-org/mindoc>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/gphper/ginadmin>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/gphper/ginadmin>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/blevesearch/bleve>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/kubeedge/kubeedge>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/kubeedge/kubeedge>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/kubeedge/kubeedge>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/kubeedge/kubeedge>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: github.com/zitadel/zitadel>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference: https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221>: {'url': ['Enter a valid URL.']}
Invalid vulnerability reference: <VulnerabilityReference:  https://github.com/jenkinsci/osf-builder-suite-xml-linter-plugin>: {'url': ['Enter a valid URL.']}
Successfully improved data using vulnerabilities.improvers.default.DefaultImprover

@TG1999
Copy link
Contributor

TG1999 commented Jan 12, 2023

@ziadhany we should also support nuget, gems and crates

@ziadhany
Copy link
Collaborator Author

@ziadhany we should also support nuget, gems and crates

I don't think we support crates.io in univers (RANGE_CLASS_BY_SCHEMES)

@TG1999
Copy link
Contributor

TG1999 commented Jan 12, 2023

@ziadhany you can use cargo for rust packages.

@TG1999
Copy link
Contributor

TG1999 commented Jan 19, 2023

@ziadhany please attach logs for importer and improver

@ziadhany
Copy link
Collaborator Author

@ziadhany please attach logs for importer and improver

github_osv_logs.zip

TG1999
TG1999 reviewed Jan 24, 2023
View reviewed changes
vulnerabilities/importers/github_osv.py Outdated
try:
yield parse_advisory_data(
raw_data,
supported_ecosystems=[
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

support rubygems as well

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I should add mapper for ecosystems , OSV relay on RANGE_CLASS_BY_SCHEMES : gems but osv call the ecosystem : rubygems

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would make sense to use a variable for the list of ecosystems as it does not help reading to have a long list of values in a function arguments.
And surely you need a mapping for OSV to PURL types that's at https://github.com/nexB/vulnerablecode/pull/926/files#diff-33c32124a3048b04cb219fc5540512cf1c658d638b86bc51e2e74a477de15dd5R33

@TG1999
Copy link
Contributor

TG1999 commented Jan 24, 2023

@ziadhany as I can see the improver logs some URLs doesn't look valid, can you please look into the reason for this ?

@ziadhany ziadhany force-pushed the osv_ecosystem branch 2 times, most recently from c2a9677 to cc3c549 Compare January 27, 2023 01:53
@ziadhany
Copy link
Collaborator Author

@TG1999 I am a little confused, Is this a bug in univers?

vulnerabilities/importers/osv.py:80: in parse_advisory_data
    fixed_version = get_fixed_versions(
vulnerabilities/importers/osv.py:277: in get_fixed_versions
    return dedupe(fixed_versions)
vulnerabilities/utils.py:273: in dedupe
    return list(dict.fromkeys(original))
<attrs generated hash univers.versions.RubygemsVersion>:2: in __hash__
    return hash((
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = GemVersion('2.3.11')

    def __hash__(self):
>       return hash(self.canonical_
segments)
E       TypeError: unhashable type: 'list'

venv/lib/python3.10/site-packages/univers/gem.py:228: TypeError

importer logs : github_osv_importer.log

@TG1999
Copy link
Contributor

TG1999 commented Feb 3, 2023

@ziadhany instead of deduping list of GemVersion, dedupe list of strings and then parse them as GemVersion

@ziadhany
Copy link
Collaborator Author

ziadhany commented Feb 6, 2023
edited
Loading

@ziadhany instead of deduping list of GemVersion, dedupe list of strings and then parse them as GemVersion

@TG1999
I am not using GemVersion explicitly in code, I am using RANGE_CLASS_BY_SCHEMES to determine which univers version should be used for the ecosystem ( RubyGems -> RubygemsVersion which use GemVersion).

All the ecosystems work except ruby, so I think it is a RubygemsVersion bug.
please have a look at line: 47 def test_to_advisories4

@pombredanne
Copy link
Collaborator

@TG1999 I am a little confused, Is this a bug in univers?

vulnerabilities/importers/osv.py:80: in parse_advisory_data
    fixed_version = get_fixed_versions(
vulnerabilities/importers/osv.py:277: in get_fixed_versions
    return dedupe(fixed_versions)
vulnerabilities/utils.py:273: in dedupe
    return list(dict.fromkeys(original))
<attrs generated hash univers.versions.RubygemsVersion>:2: in __hash__
    return hash((
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 

self = GemVersion('2.3.11')

    def __hash__(self):
>       return hash(self.canonical_
segments)
E       TypeError: unhashable type: 'list'

venv/lib/python3.10/site-packages/univers/gem.py:228: TypeError

importer logs : github_osv_importer.log

Yes, this is a univers bug

pombredanne added a commit to ziadhany/univers that referenced this pull request Feb 10, 2023
@pombredanne
Test that GemVersion is hashable
1794018 
Reference: aboutcode-org/vulnerablecode#926
Reference: aboutcode-org/vulnerablecode#608
Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
@TG1999
Copy link
Contributor

TG1999 commented Feb 10, 2023

@ziadhany please update univers to v30.9.2

@TG1999 TG1999 modified the milestones: v32.0.0, v33.0.0 Feb 10, 2023
@DennisClark
Copy link

#749 See that

@TG1999
Copy link
Contributor

TG1999 commented Nov 20, 2023

@ziadhany please resolve the conflicts

@ziadhany
Copy link
Collaborator Author

@ziadhany please resolve the conflicts

Done

@TG1999 TG1999 changed the title add support for all osv ecosystems [WIP] add support for all osv ecosystems Dec 12, 2023
@TG1999 TG1999 marked this pull request as draft December 12, 2023 19:36
@TG1999 TG1999 modified the milestones: v33.0.0, v34.0.0 Jan 9, 2024
@ziadhany ziadhany force-pushed the osv_ecosystem branch 2 times, most recently from 045c60d to b7f4670 Compare January 18, 2024 19:09
@ziadhany ziadhany requested a review from TG1999 January 18, 2024 19:27
@TG1999 TG1999 marked this pull request as ready for review January 30, 2024 17:05
@TG1999 TG1999 changed the title [WIP] add support for all osv ecosystems Add support for all osv ecosystems Jan 30, 2024
TG1999
TG1999 requested changes Feb 5, 2024
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some nits for your consideration!

vulnerabilities/importers/github_osv.py Show resolved Hide resolved
vulnerabilities/importers/osv.py Outdated Show resolved Hide resolved
vulnerabilities/importers/osv.py Outdated Show resolved Hide resolved
@ziadhany
Copy link
Collaborator Author

ziadhany commented Feb 5, 2024

Some nits for your consideration!

Done

TG1999
TG1999 approved these changes Feb 13, 2024
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ziadhany thanks++ please resolve merge conflicts and squash and merge this

@ziadhany
Add a comment to valid_vector
5d18863 
Add a GithubOSVImporter to git_importer parametrize test
Refactor OSV ecosystem mapping
Fix the test
Update univers version and pass nuget test
Resolve merge conflict
Add a test for golang
Fix test by adding cwe to expected files
Resolve merge conflict

Signed-off-by: ziadhany <ziadhany2016@gmail.com>
@ziadhany
Copy link
Collaborator Author

@ziadhany thanks++ please resolve merge conflicts and squash and merge this

Done , but I can't merge because the docs CI is falling

@TG1999 TG1999 merged commit dee6ea2 into aboutcode-org:main Feb 13, 2024
6 of 7 checks passed
@TG1999
Copy link
Contributor

TG1999 commented Feb 13, 2024

@ziadhany thanks++

@ziadhany ziadhany deleted the osv_ecosystem branch February 13, 2024 13:20
@ziadhany ziadhany mentioned this pull request Feb 27, 2024
Closed
TG1999 pushed a commit to TG1999/vulnerablecode that referenced this pull request Jul 19, 2024
@ziadhany @TG1999
Add support for all osv ecosystems (aboutcode-org#926)
27a2946 
Add a GithubOSVImporter to git_importer parametrize test
Refactor OSV ecosystem mapping
Fix the test
Update univers version and pass nuget test
Resolve merge conflict
Add a test for golang
Fix test by adding cwe to expected files
Resolve merge conflict

Signed-off-by: ziadhany <ziadhany2016@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TG1999 TG1999 TG1999 approved these changes

@pombredanne pombredanne Awaiting requested review from pombredanne

Assignees

@TG1999 TG1999

Labels
Data collection Priority: medium
Projects
None yet
Milestone
v35.0.0 - 2-next
Development

Successfully merging this pull request may close these issues.
4 participants
@ziadhany @TG1999 @pombredanne @DennisClark