Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OSV Schema violation for BIT-prestashop-2023-39526 #474

Closed
andrewpollock opened this issue Jun 14, 2024 · 3 comments
Closed

OSV Schema violation for BIT-prestashop-2023-39526 #474

andrewpollock opened this issue Jun 14, 2024 · 3 comments
Assignees
@gongomgra @juan131
Labels
solved

Comments

@andrewpollock
Copy link

Title

BIT-prestashop-2023-39526

What steps will reproduce the bug?

$ git clone https://github.com/ossf/osv-schema
$ git clone https://github.com/bitnami/vulndb.git
$ go install github.com/santhosh-tekuri/jsonschema/cmd/jv@latest

$ ~/go/bin/jv osv-schema/validation/schema.json vulndb/data/prestashop/BIT-prestashop-2023-39526.json
schema /usr/local/google/home/apollock/gosst/osv/osv-schema/validation/schema.json: ok

instance vulndb/data/prestashop/BIT-prestashop-2023-39526.json: failed
jsonschema validation failed with 'file:///usr/local/google/home/apollock/gosst/osv/osv-schema/validation/schema.json#'
- at '/affected/0/ranges/0': allOf failed
  - at '/affected/0/ranges/0': not failed

What is the expected behavior?

The record passes schema validation

What do you see instead?

The record does not pass schema validation

Additional information

I believe that instead of:

      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.5"
            },
            {
              "introduced": "8.1.0"
            },
            {
              "last_affected": "8.1.0"
            }
          ]
        }
      ]

it should be:

      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.0.5"
            }            
          ]
        },
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "8.1.0"
            },
            {
              "last_affected": "8.1.0"
            }
          ]
        }
      ]

That is, there should be two distinct range objects in the ranges array so that the events array has only one introduced and fixed or last_affected object per events array.
@gongomgra
Copy link
Collaborator

Please check issue/475

@gongomgra
Copy link
Collaborator

We have updated the Prestashop records in our database to solve this issue. Please check pr/484 for further information. We are closing this ticket as solved.

@andrewpollock
Copy link
Author

Confirmed:

$ ~/go/bin/jv osv-schema/validation/schema.json vulndb/data/prestashop/BIT-prestashop-2023-39526.json
schema osv-schema/validation/schema.json: ok

instance vulndb/data/prestashop/BIT-prestashop-2023-39526.json: ok

@gongomgra gongomgra removed the triage label Jun 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gongomgra gongomgra

@juan131 juan131

Labels
solved
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gongomgra @juan131 @andrewpollock