Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OSV Schema non-compliance #217

Open
andrewpollock opened this issue Dec 1, 2024 · 5 comments
Open

OSV Schema non-compliance #217

andrewpollock opened this issue Dec 1, 2024 · 5 comments

Comments

@andrewpollock
Copy link

Hello,

As part of work on https://github.com/orgs/google/projects/62 and in particular google/osv.dev#2188 I've discovered that some of the existing OSV records are not compliant with the OSV JSON Schema:

instance python/vulns/aiocpa/PYSEC-2024-152.yaml: failed
instance python/vulns/aiohttp/PYSEC-2023-120.yaml: failed
instance python/vulns/aiohttp/PYSEC-2023-246.yaml: failed
instance python/vulns/aiohttp/PYSEC-2023-247.yaml: failed
instance python/vulns/aiohttp/PYSEC-2023-250.yaml: failed
instance python/vulns/aiohttp/PYSEC-2023-251.yaml: failed
instance python/vulns/aiohttp/PYSEC-2024-24.yaml: failed
instance python/vulns/aiohttp/PYSEC-2024-26.yaml: failed
instance python/vulns/ansible-core/PYSEC-2024-36.yaml: failed
instance python/vulns/apache-airflow-providers-apache-spark/PYSEC-2023-156.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-103.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-104.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-105.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-106.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-119.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-134.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-136.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-152.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-158.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-170.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-171.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-197.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-202.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-203.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-204.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-218.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-231.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-232.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-264.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-265.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-266.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2023-267.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2024-13.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2024-14.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2024-42.yaml: failed
instance python/vulns/apache-airflow/PYSEC-2024-46.yaml: failed
instance python/vulns/apache-bookkeeper-client/PYSEC-2022-43060.yaml: failed
instance python/vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml: failed
instance python/vulns/apache-dolphinscheduler/PYSEC-2023-268.yaml: failed
instance python/vulns/apache-iotdb/PYSEC-2024-11.yaml: failed
instance python/vulns/apache-skywalking/PYSEC-2020-342.yaml: failed
instance python/vulns/apache-submarine/PYSEC-2023-240.yaml: failed
instance python/vulns/apache-submarine/PYSEC-2023-244.yaml: failed
instance python/vulns/apache-submarine/PYSEC-2024-97.yaml: failed
instance python/vulns/apache-submarine/PYSEC-2024-98.yaml: failed
instance python/vulns/appwrite/PYSEC-2024-2.yaml: failed
instance python/vulns/archivebox/PYSEC-2023-229.yaml: failed
instance python/vulns/asyncssh/PYSEC-2023-237.yaml: failed
instance python/vulns/asyncssh/PYSEC-2023-239.yaml: failed
instance python/vulns/asyncua/PYSEC-2023-189.yaml: failed
instance python/vulns/asyncua/PYSEC-2023-190.yaml: failed
instance python/vulns/authlib/PYSEC-2024-52.yaml: failed
instance python/vulns/avro/PYSEC-2023-188.yaml: failed
instance python/vulns/black/PYSEC-2024-48.yaml: failed
instance python/vulns/borgbackup/PYSEC-2023-164.yaml: failed
instance python/vulns/capstone/PYSEC-2017-113.yaml: failed
instance python/vulns/cdo-local-uuid/PYSEC-2024-6.yaml: failed
instance python/vulns/certifi/PYSEC-2023-135.yaml: failed
instance python/vulns/changedetection-io/PYSEC-2024-15.yaml: failed
instance python/vulns/chuanhuchatgpt/PYSEC-2024-112.yaml: failed
instance python/vulns/chuanhuchatgpt/PYSEC-2024-113.yaml: failed
instance python/vulns/chuanhuchatgpt/PYSEC-2024-119.yaml: failed
instance python/vulns/chuanhuchatgpt/PYSEC-2024-61.yaml: failed
instance python/vulns/chuanhuchatgpt/PYSEC-2024-73.yaml: failed
instance python/vulns/cipherbcrypt/PYSEC-2024-55.yaml: failed
instance python/vulns/codechecker/PYSEC-2024-54.yaml: failed
instance python/vulns/coderedcms/PYSEC-2023-210.yaml: failed
instance python/vulns/copyparty/PYSEC-2023-127.yaml: failed
instance python/vulns/copyparty/PYSEC-2023-132.yaml: failed
instance python/vulns/cryptography/PYSEC-2023-112.yaml: failed
instance python/vulns/cryptography/PYSEC-2023-254.yaml: failed
instance python/vulns/dash/PYSEC-2024-35.yaml: failed
instance python/vulns/dbt-core/PYSEC-2024-66.yaml: failed
instance python/vulns/deepspeed/PYSEC-2024-109.yaml: failed
instance python/vulns/diffoscope/PYSEC-2024-41.yaml: failed
instance python/vulns/dirac/PYSEC-2024-125.yaml: failed
instance python/vulns/django-grappelli/PYSEC-2023-211.yaml: failed
instance python/vulns/django-photologue/PYSEC-2022-43061.yaml: failed
instance python/vulns/django/PYSEC-2023-100.yaml: failed
instance python/vulns/django/PYSEC-2023-222.yaml: failed
instance python/vulns/django/PYSEC-2023-225.yaml: failed
instance python/vulns/django/PYSEC-2023-226.yaml: failed
instance python/vulns/django/PYSEC-2024-102.yaml: failed
instance python/vulns/django/PYSEC-2024-28.yaml: failed
instance python/vulns/django/PYSEC-2024-47.yaml: failed
instance python/vulns/django/PYSEC-2024-56.yaml: failed
instance python/vulns/django/PYSEC-2024-57.yaml: failed
instance python/vulns/django/PYSEC-2024-58.yaml: failed
instance python/vulns/django/PYSEC-2024-59.yaml: failed
instance python/vulns/django/PYSEC-2024-67.yaml: failed
instance python/vulns/django/PYSEC-2024-68.yaml: failed
instance python/vulns/django/PYSEC-2024-69.yaml: failed
instance python/vulns/django/PYSEC-2024-70.yaml: failed
instance python/vulns/dtale/PYSEC-2024-117.yaml: failed
instance python/vulns/duckdb/PYSEC-2024-25.yaml: failed
instance python/vulns/easy-parse/PYSEC-2023-97.yaml: failed
instance python/vulns/ebookmeta/PYSEC-2024-76.yaml: failed
instance python/vulns/embedchain/PYSEC-2024-7.yaml: failed
instance python/vulns/embedchain/PYSEC-2024-8.yaml: failed
instance python/vulns/ethyca-fides/PYSEC-2023-107.yaml: failed
instance python/vulns/eve-srp/PYSEC-2023-208.yaml: failed
instance python/vulns/exiv2/PYSEC-2021-879.yaml: failed
instance python/vulns/exiv2/PYSEC-2023-150.yaml: failed
instance python/vulns/exiv2/PYSEC-2024-106.yaml: failed
instance python/vulns/exiv2/PYSEC-2024-107.yaml: failed
instance python/vulns/fastapi/PYSEC-2024-38.yaml: failed
instance python/vulns/fastecdsa/PYSEC-2024-39.yaml: failed
instance python/vulns/flask-appbuilder/PYSEC-2023-94.yaml: failed
instance python/vulns/flask-security-too/PYSEC-2023-248.yaml: failed
instance python/vulns/freetakserver/PYSEC-2022-43054.yaml: failed
instance python/vulns/gdal/PYSEC-2019-241.yaml: failed
instance python/vulns/gdal/PYSEC-2021-888.yaml: failed
instance python/vulns/gdal/PYSEC-2022-43065.yaml: failed
instance python/vulns/geonode/PYSEC-2023-176.yaml: failed
instance python/vulns/geonode/PYSEC-2023-269.yaml: failed
instance python/vulns/gevent/PYSEC-2023-177.yaml: failed
instance python/vulns/gitpython/PYSEC-2023-137.yaml: failed
instance python/vulns/gitpython/PYSEC-2023-161.yaml: failed
instance python/vulns/gitpython/PYSEC-2023-165.yaml: failed
instance python/vulns/gitpython/PYSEC-2024-4.yaml: failed
instance python/vulns/gradio/PYSEC-2023-249.yaml: failed
instance python/vulns/gradio/PYSEC-2023-255.yaml: failed
instance python/vulns/gratient/PYSEC-2024-1.yaml: failed
instance python/vulns/hail/PYSEC-2023-271.yaml: failed
instance python/vulns/homeassistant/PYSEC-2023-214.yaml: failed
instance python/vulns/horizon/PYSEC-2012-18.yaml: failed
instance python/vulns/horizon/PYSEC-2023-153.yaml: failed
instance python/vulns/httpie/PYSEC-2023-242.yaml: failed
instance python/vulns/hyperledger/PYSEC-2022-43055.yaml: failed
instance python/vulns/idna/PYSEC-2024-60.yaml: failed
instance python/vulns/imagecodecs/PYSEC-2023-174.yaml: failed
instance python/vulns/indico/PYSEC-2023-129.yaml: failed
instance python/vulns/indico/PYSEC-2024-90.yaml: failed
instance python/vulns/json2xml/PYSEC-2023-149.yaml: failed
instance python/vulns/json-logic/PYSEC-2023-209.yaml: failed
instance python/vulns/jupyter-server/PYSEC-2023-155.yaml: failed
instance python/vulns/jupyter-server/PYSEC-2023-157.yaml: failed
instance python/vulns/jupyter-server/PYSEC-2023-272.yaml: failed
instance python/vulns/jwcrypto/PYSEC-2024-104.yaml: failed
instance python/vulns/keep/PYSEC-2022-43056.yaml: failed
instance python/vulns/keylime/PYSEC-2023-128.yaml: failed
instance python/vulns/keylime/PYSEC-2023-160.yaml: failed
instance python/vulns/keystone/PYSEC-2012-19.yaml: failed
instance python/vulns/keystone/PYSEC-2012-20.yaml: failed
instance python/vulns/kiwitcms/PYSEC-2023-273.yaml: failed
instance python/vulns/label-studio/PYSEC-2023-274.yaml: failed
instance python/vulns/label-studio/PYSEC-2023-275.yaml: failed
instance python/vulns/label-studio/PYSEC-2024-126.yaml: failed
instance python/vulns/label-studio/PYSEC-2024-127.yaml: failed
instance python/vulns/label-studio/PYSEC-2024-128.yaml: failed
instance python/vulns/langchain-core/PYSEC-2024-45.yaml: failed
instance python/vulns/langchain-experimental/PYSEC-2024-53.yaml: failed
instance python/vulns/langchain-experimental/PYSEC-2024-62.yaml: failed
instance python/vulns/langchain/PYSEC-2023-146.yaml: failed
instance python/vulns/langchain/PYSEC-2023-147.yaml: failed
instance python/vulns/langchain/PYSEC-2023-205.yaml: failed
instance python/vulns/langchain/PYSEC-2024-118.yaml: failed
instance python/vulns/langchain/PYSEC-2024-43.yaml: failed
instance python/vulns/lektor/PYSEC-2024-49.yaml: failed
instance python/vulns/lief/PYSEC-2022-43137.yaml: failed
instance python/vulns/llama-index/PYSEC-2023-148.yaml: failed
instance python/vulns/lollms/PYSEC-2024-108.yaml: failed
instance python/vulns/lollms/PYSEC-2024-116.yaml: failed
instance python/vulns/lollms/PYSEC-2024-122.yaml: failed
instance python/vulns/matrix-sydent/PYSEC-2023-139.yaml: failed
instance python/vulns/matrix-synapse/PYSEC-2023-180.yaml: failed
instance python/vulns/matrix-synapse/PYSEC-2023-185.yaml: failed
instance python/vulns/matrix-synapse/PYSEC-2023-199.yaml: failed
instance python/vulns/matrix-synapse/PYSEC-2023-230.yaml: failed
instance python/vulns/matrix-synapse/PYSEC-2024-50.yaml: failed
instance python/vulns/mechanicalsoup/PYSEC-2023-108.yaml: failed
instance python/vulns/metagpt/PYSEC-2024-9.yaml: failed
instance python/vulns/micropython-copy/PYSEC-2023-256.yaml: failed
instance python/vulns/micropython-copy/PYSEC-2024-87.yaml: failed
instance python/vulns/micropython-copy/PYSEC-2024-91.yaml: failed
instance python/vulns/micropython-copy/PYSEC-2024-92.yaml: failed
instance python/vulns/micropython-io/PYSEC-2023-257.yaml: failed
instance python/vulns/micropython-io/PYSEC-2024-88.yaml: failed
instance python/vulns/micropython-io/PYSEC-2024-93.yaml: failed
instance python/vulns/micropython-io/PYSEC-2024-94.yaml: failed
instance python/vulns/micropython-os-path/PYSEC-2024-95.yaml: failed
instance python/vulns/micropython-os/PYSEC-2023-258.yaml: failed
instance python/vulns/micropython-os/PYSEC-2024-89.yaml: failed
instance python/vulns/micropython-select/PYSEC-2023-259.yaml: failed
instance python/vulns/micropython-string/PYSEC-2024-96.yaml: failed
instance python/vulns/mindsdb/PYSEC-2023-140.yaml: failed
instance python/vulns/mindsdb/PYSEC-2023-277.yaml: failed
instance python/vulns/mindsdb/PYSEC-2023-279.yaml: failed
instance python/vulns/mindsdb/PYSEC-2024-74.yaml: failed
instance python/vulns/mindsdb/PYSEC-2024-77.yaml: failed
instance python/vulns/mindsdb/PYSEC-2024-78.yaml: failed
instance python/vulns/mindsdb/PYSEC-2024-79.yaml: failed
instance python/vulns/mindsdb/PYSEC-2024-80.yaml: failed
instance python/vulns/mindsdb/PYSEC-2024-81.yaml: failed
instance python/vulns/mlflow/PYSEC-2023-252.yaml: failed
instance python/vulns/mlflow/PYSEC-2023-253.yaml: failed
instance python/vulns/mlflow/PYSEC-2023-260.yaml: failed
instance python/vulns/mlflow/PYSEC-2023-280.yaml: failed
instance python/vulns/mlflow/PYSEC-2023-281.yaml: failed
instance python/vulns/mlflow/PYSEC-2024-51.yaml: failed
instance python/vulns/modoboa/PYSEC-2023-215.yaml: failed
instance python/vulns/modoboa/PYSEC-2023-216.yaml: failed
instance python/vulns/modoboa/PYSEC-2023-217.yaml: failed
instance python/vulns/modoboa/PYSEC-2023-282.yaml: failed
instance python/vulns/modoboa/PYSEC-2023-283.yaml: failed
instance python/vulns/modoboa/PYSEC-2023-284.yaml: failed
instance python/vulns/moin/PYSEC-2009-11.yaml: failed
instance python/vulns/motioneye/PYSEC-2022-43141.yaml: failed
instance python/vulns/mycli/PYSEC-2023-213.yaml: failed
instance python/vulns/nautobot-device-onboarding/PYSEC-2023-288.yaml: failed
instance python/vulns/nautobot/PYSEC-2023-220.yaml: failed
instance python/vulns/nautobot/PYSEC-2023-285.yaml: failed
instance python/vulns/nautobot/PYSEC-2023-286.yaml: failed
instance python/vulns/nautobot/PYSEC-2023-287.yaml: failed
instance python/vulns/nautobot/PYSEC-2024-16.yaml: failed
instance python/vulns/nonebot2/PYSEC-2024-37.yaml: failed
instance python/vulns/nova/PYSEC-2012-21.yaml: failed
instance python/vulns/octoprint/PYSEC-2022-43142.yaml: failed
instance python/vulns/octoprint/PYSEC-2023-195.yaml: failed
instance python/vulns/octoprint/PYSEC-2024-29.yaml: failed
instance python/vulns/openc3/PYSEC-2024-100.yaml: failed
instance python/vulns/openc3/PYSEC-2024-101.yaml: failed
instance python/vulns/openc3/PYSEC-2024-121.yaml: failed
instance python/vulns/opencv-contrib-python-headless/PYSEC-2023-182.yaml: failed
instance python/vulns/opencv-contrib-python/PYSEC-2023-181.yaml: failed
instance python/vulns/opencv-python-headless/PYSEC-2023-184.yaml: failed
instance python/vulns/opencv-python/PYSEC-2023-183.yaml: failed
instance python/vulns/openslides/PYSEC-2024-99.yaml: failed
instance python/vulns/orjson/PYSEC-2024-40.yaml: failed
instance python/vulns/pacparser/PYSEC-2022-43062.yaml: failed
instance python/vulns/pacparser/PYSEC-2023-93.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2022-43063.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2023-122.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2023-123.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2023-124.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2023-125.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2023-126.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-129.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-130.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-131.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-132.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-133.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-134.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-135.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-136.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-137.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-138.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-139.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-140.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-141.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-142.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-143.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-144.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-145.yaml: failed
instance python/vulns/paddlepaddle/PYSEC-2024-146.yaml: failed
instance python/vulns/piccolo/PYSEC-2023-173.yaml: failed
instance python/vulns/pillow/PYSEC-2023-227.yaml: failed
instance python/vulns/pip/PYSEC-2023-228.yaml: failed
instance python/vulns/pipreqs/PYSEC-2023-99.yaml: failed
instance python/vulns/portage/PYSEC-2024-10.yaml: failed
instance python/vulns/pretix/PYSEC-2023-187.yaml: failed
instance python/vulns/products-cmfcore/PYSEC-2023-113.yaml: failed
instance python/vulns/pyarrow/PYSEC-2023-238.yaml: failed
instance python/vulns/pyassimp/PYSEC-2024-120.yaml: failed
instance python/vulns/pycryptodomex/PYSEC-2024-3.yaml: failed
instance python/vulns/pydash/PYSEC-2023-179.yaml: failed
instance python/vulns/pydoris/PYSEC-2022-43150.yaml: failed
instance python/vulns/pydrive2/PYSEC-2023-291.yaml: failed
instance python/vulns/pygments/PYSEC-2023-117.yaml: failed
instance python/vulns/pyinstaller/PYSEC-2023-292.yaml: failed
instance python/vulns/pyload-ng/PYSEC-2024-123.yaml: failed
instance python/vulns/pyload-ng/PYSEC-2024-17.yaml: failed
instance python/vulns/pypinksign/PYSEC-2023-245.yaml: failed
instance python/vulns/pyquest/PYSEC-2022-43051.yaml: failed
instance python/vulns/pytigergraph/PYSEC-2022-43064.yaml: failed
instance python/vulns/pywasm3/PYSEC-2022-43057.yaml: failed
instance python/vulns/pywasm3/PYSEC-2022-43058.yaml: failed
instance python/vulns/py-xml/PYSEC-2023-95.yaml: failed
instance python/vulns/rdiffweb/PYSEC-2022-43156.yaml: failed
instance python/vulns/rdiffweb/PYSEC-2022-43157.yaml: failed
instance python/vulns/rdiffweb/PYSEC-2022-43158.yaml: failed
instance python/vulns/rdiffweb/PYSEC-2022-43159.yaml: failed
instance python/vulns/rdiffweb/PYSEC-2022-43160.yaml: failed
instance python/vulns/rdiffweb/PYSEC-2022-43161.yaml: failed
instance python/vulns/rdiffweb/PYSEC-2023-186.yaml: failed
instance python/vulns/remarshal/PYSEC-2023-236.yaml: failed
instance python/vulns/requests-xml/PYSEC-2023-96.yaml: failed
instance python/vulns/request-util/PYSEC-2022-43052.yaml: failed
instance python/vulns/restrictedpython/PYSEC-2023-118.yaml: failed
instance python/vulns/restrictedpython/PYSEC-2023-159.yaml: failed
instance python/vulns/roundup/PYSEC-2024-63.yaml: failed
instance python/vulns/roundup/PYSEC-2024-64.yaml: failed
instance python/vulns/roundup/PYSEC-2024-65.yaml: failed
instance python/vulns/rpyc/PYSEC-2024-44.yaml: failed
instance python/vulns/salt/PYSEC-2023-166.yaml: failed
instance python/vulns/salt/PYSEC-2023-169.yaml: failed
instance python/vulns/sap-xssec/PYSEC-2023-261.yaml: failed
instance python/vulns/scikit-learn/PYSEC-2024-110.yaml: failed
instance python/vulns/scipy/PYSEC-2023-114.yaml: failed
instance python/vulns/scu-captcha/PYSEC-2022-43166.yaml: failed
instance python/vulns/searchor/PYSEC-2023-262.yaml: failed
instance python/vulns/selenium/PYSEC-2022-43167.yaml: failed
instance python/vulns/selenium/PYSEC-2023-206.yaml: failed
instance python/vulns/sentry/PYSEC-2023-115.yaml: failed
instance python/vulns/sentry/PYSEC-2023-130.yaml: failed
instance python/vulns/sqlfluff/PYSEC-2023-111.yaml: failed
instance python/vulns/streamlit/PYSEC-2024-153.yaml: failed
instance python/vulns/temporai/PYSEC-2024-21.yaml: failed
instance python/vulns/transformers/PYSEC-2023-299.yaml: failed
instance python/vulns/transformers/PYSEC-2023-300.yaml: failed
instance python/vulns/transformers/PYSEC-2023-301.yaml: failed
instance python/vulns/transmute-core/PYSEC-2023-223.yaml: failed
instance python/vulns/tryton/PYSEC-2016-40.yaml: failed
instance python/vulns/tryton/PYSEC-2016-41.yaml: failed
instance python/vulns/tryton/PYSEC-2022-43170.yaml: failed
instance python/vulns/tryton/PYSEC-2022-43171.yaml: failed
instance python/vulns/tuitse-tsusin/PYSEC-2024-22.yaml: failed
instance python/vulns/twisted/PYSEC-2023-224.yaml: failed
instance python/vulns/twisted/PYSEC-2024-75.yaml: failed
instance python/vulns/urllib3/PYSEC-2023-192.yaml: failed
instance python/vulns/urllib3/PYSEC-2023-207.yaml: failed
instance python/vulns/urllib3/PYSEC-2023-212.yaml: failed
instance python/vulns/vantage6-node/PYSEC-2023-198.yaml: failed
instance python/vulns/vantage6-node/PYSEC-2023-303.yaml: failed
instance python/vulns/vantage6-node/PYSEC-2024-33.yaml: failed
instance python/vulns/vantage6/PYSEC-2023-196.yaml: failed
instance python/vulns/vantage6/PYSEC-2023-200.yaml: failed
instance python/vulns/vantage6/PYSEC-2023-201.yaml: failed
instance python/vulns/vantage6/PYSEC-2024-30.yaml: failed
instance python/vulns/vantage6/PYSEC-2024-31.yaml: failed
instance python/vulns/vantage6/PYSEC-2024-32.yaml: failed
instance python/vulns/vantage6-server/PYSEC-2023-304.yaml: failed
instance python/vulns/vantage6-server/PYSEC-2024-34.yaml: failed
instance python/vulns/vyper/PYSEC-2022-43053.yaml: failed
instance python/vulns/vyper/PYSEC-2023-131.yaml: failed
instance python/vulns/vyper/PYSEC-2023-133.yaml: failed
instance python/vulns/vyper/PYSEC-2023-142.yaml: failed
instance python/vulns/vyper/PYSEC-2023-167.yaml: failed
instance python/vulns/vyper/PYSEC-2023-168.yaml: failed
instance python/vulns/vyper/PYSEC-2023-191.yaml: failed
instance python/vulns/vyper/PYSEC-2023-305.yaml: failed
instance python/vulns/vyper/PYSEC-2023-306.yaml: failed
instance python/vulns/vyper/PYSEC-2023-307.yaml: failed
instance python/vulns/vyper/PYSEC-2024-103.yaml: failed
instance python/vulns/vyper/PYSEC-2024-147.yaml: failed
instance python/vulns/vyper/PYSEC-2024-148.yaml: failed
instance python/vulns/vyper/PYSEC-2024-149.yaml: failed
instance python/vulns/vyper/PYSEC-2024-150.yaml: failed
instance python/vulns/vyper/PYSEC-2024-151.yaml: failed
instance python/vulns/wagtail/PYSEC-2023-219.yaml: failed
instance python/vulns/wagtail/PYSEC-2024-86.yaml: failed
instance python/vulns/wger/PYSEC-2023-143.yaml: failed
instance python/vulns/wger/PYSEC-2023-144.yaml: failed
instance python/vulns/whoogle-search/PYSEC-2024-18.yaml: failed
instance python/vulns/whoogle-search/PYSEC-2024-19.yaml: failed
instance python/vulns/whoogle-search/PYSEC-2024-20.yaml: failed
instance python/vulns/whoogle-search/PYSEC-2024-23.yaml: failed
instance python/vulns/xalpha/PYSEC-2023-116.yaml: failed
instance python/vulns/xblock-drag-and-drop-v2/PYSEC-2022-43175.yaml: failed
instance python/vulns/zenml/PYSEC-2024-105.yaml: failed
instance python/vulns/zope/PYSEC-2023-193.yaml: failed
instance python/vulns/zstd/PYSEC-2023-121.yaml: failed

From a quick inspection, they all seem to have problems with one or both of their published/modified fields.
@andrewpollock andrewpollock mentioned this issue Dec 1, 2024
Merged
andrewpollock added a commit to google/osv.dev that referenced this issue Dec 2, 2024
@andrewpollock
feat: pilot enabling strict mode on all JSON Schema compliant sources (
da895ff 
…#2943)

This enables strict mode in the OSV.dev staging environment for all
sources in staging that have been deemed already be publishing 100% OSV
JSON Schema compliant records, with the notable exception of the RustSec
Advisory Database due to
rustsec/advisory-db#2135 and the inclusion of
PyPA despite pypa/advisory-database#217
(because of pypa/advisory-database#208)

Part of #2188
@di
Copy link
Member

di commented Dec 2, 2024

Hmm, is something wrong with our usage of https://pypi.org/project/check-jsonschema/ and https://raw.githubusercontent.com/ossf/osv-schema/main/validation/schema.json? These seem to pass the schema check we have configured:

$ python -m check_jsonschema --schemafile https://raw.githubusercontent.com/ossf/osv-schema/main/validation/schema.json vulns/aiocpa/PYSEC-2024-152.yaml
ok -- validation done

Can you give us some more details on how you're validating the schema and what exactly is failing? Taking https://github.com/pypa/advisory-database/blob/main/vulns/aiocpa/PYSEC-2024-152.yaml as an example, this has the required modified field with a valid timestamp, as far as I can tell.

@andrewpollock
Copy link
Author

You're right, something is fishy here, I can't see anything immediately untoward here:

$ ~/go/bin/jv ~/gosst/osv/osv-schema/validation/schema.json  aiocpa/PYSEC-2024-152.yaml
schema /usr/local/google/home/apollock/gosst/osv/osv-schema/validation/schema.json: ok

instance aiocpa/PYSEC-2024-152.yaml: failed
jsonschema validation failed with 'file:///usr/local/google/home/apollock/gosst/osv/osv-schema/validation/schema.json#'
- at '/modified': invalid jsonType time.Time

I'm using:

$ ~/go/bin/jv --version
github.com/santhosh-tekuri/jsonschema/cmd/jv v0.7.0
github.com/santhosh-tekuri/jsonschema/v6 v6.0.1
github.com/spf13/pflag v1.0.5
golang.org/x/text v0.14.0
gopkg.in/yaml.v3 v3.0.1

Now I'm wondering if it's having some sort of issue coercing the YAML into JSON for validation purposes? Let me continue to investigate, but treat this as unactionable until further notice. Apologies for the noise.

@di
Copy link
Member

di commented Dec 2, 2024

Looks like this is santhosh-tekuri/jsonschema#115, and the solution is to wrap all these in quotes?

@di
Copy link
Member

di commented Dec 2, 2024

If that's the case, we should probably also introduce a CI check to enforce this in the .yaml files.

@andrewpollock
Copy link
Author

Looks like this is santhosh-tekuri/jsonschema#115, and the solution is to wrap all these in quotes?

Oh good find!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@di @andrewpollock