Skip to content

Commit

Permalink
test(osv): Update expected results
Browse files Browse the repository at this point in the history 
Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
  • Loading branch information
@sschuberth
sschuberth committed Sep 25, 2024
1 parent bc92f57 commit 17f6a7a
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 7 deletions.
2 changes: 2 additions & 0 deletions clients/osv/src/funTest/assets/vulnerabilities-by-commit-expected-result.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,7 @@
"RLSA-2022:8384",
"SUSE-SU-2022:2663-1",
"SUSE-SU-2022:2664-1",
"UBUNTU-CVE-2022-33068",
"USN-5524-1",
"openSUSE-SU-2022:2663-1",
"openSUSE-SU-2024:12168-1"
Expand Down Expand Up @@ -1119,6 +1120,7 @@
"SUSE-SU-2023:3287-1",
"SUSE-SU-2023:3406-1",
"SUSE-SU-2023:3441-1",
"UBUNTU-CVE-2023-25193",
"USN-6263-1",
"openSUSE-SU-2024:12660-1",
"openSUSE-SU-2024:13075-1",
Expand Down
56 changes: 49 additions & 7 deletions clients/osv/src/funTest/assets/vulnerabilities-by-name-and-version-expected-result.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
{
"schema_version": "1.6.0",
"id": "GHSA-462w-v97r-4m45",
"modified": "2024-03-09T05:19:21.366446Z",
"modified": "2024-09-24T21:03:59.802687Z",
"published": "2019-04-10T14:30:24Z",
"aliases": [
"CVE-2019-10906",
Expand All @@ -14,6 +14,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"
}
],
"affected": [
Expand Down Expand Up @@ -135,6 +139,14 @@
"type": "WEB",
"url": "https://lists.apache.org/thread.html/09fc842ff444cd43d9d4c510756fec625ef8eb1175f14fd21de2605f@%3Cdevnull.infra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-217.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/pallets/jinja"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-462w-v97r-4m45"
Expand Down Expand Up @@ -173,14 +185,24 @@
{
"schema_version": "1.6.0",
"id": "GHSA-8r7q-cvjq-x353",
"modified": "2024-02-23T21:30:30.016986Z",
"modified": "2024-09-24T18:48:44.375484Z",
"published": "2022-05-14T04:04:14Z",
"aliases": [
"CVE-2014-1402",
"PYSEC-2014-8"
],
"summary": "Incorrect Privilege Assignment in Jinja2",
"details": "The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.",
"details": "The default configuration for `bccache.FileSystemBytecodeCache` in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with `__jinja2_` in `/tmp`.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"affected": [
{
"package": {
Expand Down Expand Up @@ -288,7 +310,7 @@
"database_specific": {
"github_reviewed_at": "2022-07-07T22:50:31Z",
"github_reviewed": true,
"severity": "MODERATE",
"severity": "HIGH",
"cwe_ids": [
"CWE-266"
],
Expand Down Expand Up @@ -429,7 +451,7 @@
{
"schema_version": "1.6.0",
"id": "GHSA-g3rq-g295-4j3m",
"modified": "2024-02-20T05:33:59.704183Z",
"modified": "2024-09-24T20:47:14.110476Z",
"published": "2021-03-19T21:28:05Z",
"aliases": [
"CVE-2020-28493",
Expand All @@ -442,6 +464,10 @@
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
}
],
"affected": [
Expand Down Expand Up @@ -526,6 +552,10 @@
"type": "WEB",
"url": "https://github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-g3rq-g295-4j3m"
},
{
"type": "PACKAGE",
"url": "https://github.com/pallets/jinja"
Expand All @@ -534,6 +564,10 @@
"type": "WEB",
"url": "https://github.com/pallets/jinja/blob/ab81fd9c277900c85da0c322a2ff9d68a235b2e6/src/jinja2/utils.py%23L20"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2021-66.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVAKCOO7VBVUBM3Q6CBBTPBFNP5NDXF4"
Expand Down Expand Up @@ -848,18 +882,22 @@
{
"schema_version": "1.6.0",
"id": "GHSA-hj2j-77xm-mc5v",
"modified": "2024-02-16T08:19:53.640404Z",
"modified": "2024-09-24T21:04:16.963502Z",
"published": "2019-04-10T14:30:13Z",
"aliases": [
"CVE-2016-10745",
"PYSEC-2019-220"
],
"summary": "High severity vulnerability that affects Jinja2",
"summary": "Jinja2 sandbox escape vulnerability",
"details": "In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"
}
],
"affected": [
Expand Down Expand Up @@ -948,6 +986,10 @@
"type": "PACKAGE",
"url": "https://github.com/pallets/jinja"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/jinja2/PYSEC-2019-220.yaml"
},
{
"type": "WEB",
"url": "https://palletsprojects.com/blog/jinja-281-released"
Expand Down

0 comments on commit 17f6a7a

Please sign in to comment.