pypa / advisory-database

Advisory database for Python packages published on pypi.org
Creative Commons Attribution 4.0 International
264 stars 65 forks source link

OSV Schema non-compliance #217

Open andrewpollock opened 3 days ago

andrewpollock commented 3 days ago

Hello,

As part of work on https://github.com/orgs/google/projects/62 and in particular https://github.com/google/osv.dev/issues/2188 I've discovered that some of the existing OSV records are not compliant with the OSV JSON Schema:

instance python/vulns/aiocpa/PYSEC-2024-152.yaml: failed instance python/vulns/aiohttp/PYSEC-2023-120.yaml: failed instance python/vulns/aiohttp/PYSEC-2023-246.yaml: failed instance python/vulns/aiohttp/PYSEC-2023-247.yaml: failed instance python/vulns/aiohttp/PYSEC-2023-250.yaml: failed instance python/vulns/aiohttp/PYSEC-2023-251.yaml: failed instance python/vulns/aiohttp/PYSEC-2024-24.yaml: failed instance python/vulns/aiohttp/PYSEC-2024-26.yaml: failed instance python/vulns/ansible-core/PYSEC-2024-36.yaml: failed instance python/vulns/apache-airflow-providers-apache-spark/PYSEC-2023-156.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-103.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-104.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-105.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-106.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-119.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-134.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-136.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-152.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-158.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-170.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-171.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-197.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-202.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-203.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-204.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-218.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-231.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-232.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-264.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-265.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-266.yaml: failed instance python/vulns/apache-airflow/PYSEC-2023-267.yaml: failed instance python/vulns/apache-airflow/PYSEC-2024-13.yaml: failed instance python/vulns/apache-airflow/PYSEC-2024-14.yaml: failed instance python/vulns/apache-airflow/PYSEC-2024-42.yaml: failed instance python/vulns/apache-airflow/PYSEC-2024-46.yaml: failed instance python/vulns/apache-bookkeeper-client/PYSEC-2022-43060.yaml: failed instance python/vulns/apache-dolphinscheduler/PYSEC-2021-876.yaml: failed instance python/vulns/apache-dolphinscheduler/PYSEC-2023-268.yaml: failed instance python/vulns/apache-iotdb/PYSEC-2024-11.yaml: failed instance python/vulns/apache-skywalking/PYSEC-2020-342.yaml: failed instance python/vulns/apache-submarine/PYSEC-2023-240.yaml: failed instance python/vulns/apache-submarine/PYSEC-2023-244.yaml: failed instance python/vulns/apache-submarine/PYSEC-2024-97.yaml: failed instance python/vulns/apache-submarine/PYSEC-2024-98.yaml: failed instance python/vulns/appwrite/PYSEC-2024-2.yaml: failed instance python/vulns/archivebox/PYSEC-2023-229.yaml: failed instance python/vulns/asyncssh/PYSEC-2023-237.yaml: failed instance python/vulns/asyncssh/PYSEC-2023-239.yaml: failed instance python/vulns/asyncua/PYSEC-2023-189.yaml: failed instance python/vulns/asyncua/PYSEC-2023-190.yaml: failed instance python/vulns/authlib/PYSEC-2024-52.yaml: failed instance python/vulns/avro/PYSEC-2023-188.yaml: failed instance python/vulns/black/PYSEC-2024-48.yaml: failed instance python/vulns/borgbackup/PYSEC-2023-164.yaml: failed instance python/vulns/capstone/PYSEC-2017-113.yaml: failed instance python/vulns/cdo-local-uuid/PYSEC-2024-6.yaml: failed instance python/vulns/certifi/PYSEC-2023-135.yaml: failed instance python/vulns/changedetection-io/PYSEC-2024-15.yaml: failed instance python/vulns/chuanhuchatgpt/PYSEC-2024-112.yaml: failed instance python/vulns/chuanhuchatgpt/PYSEC-2024-113.yaml: failed instance python/vulns/chuanhuchatgpt/PYSEC-2024-119.yaml: failed instance python/vulns/chuanhuchatgpt/PYSEC-2024-61.yaml: failed instance python/vulns/chuanhuchatgpt/PYSEC-2024-73.yaml: failed instance python/vulns/cipherbcrypt/PYSEC-2024-55.yaml: failed instance python/vulns/codechecker/PYSEC-2024-54.yaml: failed instance python/vulns/coderedcms/PYSEC-2023-210.yaml: failed instance python/vulns/copyparty/PYSEC-2023-127.yaml: failed instance python/vulns/copyparty/PYSEC-2023-132.yaml: failed instance python/vulns/cryptography/PYSEC-2023-112.yaml: failed instance python/vulns/cryptography/PYSEC-2023-254.yaml: failed instance python/vulns/dash/PYSEC-2024-35.yaml: failed instance python/vulns/dbt-core/PYSEC-2024-66.yaml: failed instance python/vulns/deepspeed/PYSEC-2024-109.yaml: failed instance python/vulns/diffoscope/PYSEC-2024-41.yaml: failed instance python/vulns/dirac/PYSEC-2024-125.yaml: failed instance python/vulns/django-grappelli/PYSEC-2023-211.yaml: failed instance python/vulns/django-photologue/PYSEC-2022-43061.yaml: failed instance python/vulns/django/PYSEC-2023-100.yaml: failed instance python/vulns/django/PYSEC-2023-222.yaml: failed instance python/vulns/django/PYSEC-2023-225.yaml: failed instance python/vulns/django/PYSEC-2023-226.yaml: failed instance python/vulns/django/PYSEC-2024-102.yaml: failed instance python/vulns/django/PYSEC-2024-28.yaml: failed instance python/vulns/django/PYSEC-2024-47.yaml: failed instance python/vulns/django/PYSEC-2024-56.yaml: failed instance python/vulns/django/PYSEC-2024-57.yaml: failed instance python/vulns/django/PYSEC-2024-58.yaml: failed instance python/vulns/django/PYSEC-2024-59.yaml: failed instance python/vulns/django/PYSEC-2024-67.yaml: failed instance python/vulns/django/PYSEC-2024-68.yaml: failed instance python/vulns/django/PYSEC-2024-69.yaml: failed instance python/vulns/django/PYSEC-2024-70.yaml: failed instance python/vulns/dtale/PYSEC-2024-117.yaml: failed instance python/vulns/duckdb/PYSEC-2024-25.yaml: failed instance python/vulns/easy-parse/PYSEC-2023-97.yaml: failed instance python/vulns/ebookmeta/PYSEC-2024-76.yaml: failed instance python/vulns/embedchain/PYSEC-2024-7.yaml: failed instance python/vulns/embedchain/PYSEC-2024-8.yaml: failed instance python/vulns/ethyca-fides/PYSEC-2023-107.yaml: failed instance python/vulns/eve-srp/PYSEC-2023-208.yaml: failed instance python/vulns/exiv2/PYSEC-2021-879.yaml: failed instance python/vulns/exiv2/PYSEC-2023-150.yaml: failed instance python/vulns/exiv2/PYSEC-2024-106.yaml: failed instance python/vulns/exiv2/PYSEC-2024-107.yaml: failed instance python/vulns/fastapi/PYSEC-2024-38.yaml: failed instance python/vulns/fastecdsa/PYSEC-2024-39.yaml: failed instance python/vulns/flask-appbuilder/PYSEC-2023-94.yaml: failed instance python/vulns/flask-security-too/PYSEC-2023-248.yaml: failed instance python/vulns/freetakserver/PYSEC-2022-43054.yaml: failed instance python/vulns/gdal/PYSEC-2019-241.yaml: failed instance python/vulns/gdal/PYSEC-2021-888.yaml: failed instance python/vulns/gdal/PYSEC-2022-43065.yaml: failed instance python/vulns/geonode/PYSEC-2023-176.yaml: failed instance python/vulns/geonode/PYSEC-2023-269.yaml: failed instance python/vulns/gevent/PYSEC-2023-177.yaml: failed instance python/vulns/gitpython/PYSEC-2023-137.yaml: failed instance python/vulns/gitpython/PYSEC-2023-161.yaml: failed instance python/vulns/gitpython/PYSEC-2023-165.yaml: failed instance python/vulns/gitpython/PYSEC-2024-4.yaml: failed instance python/vulns/gradio/PYSEC-2023-249.yaml: failed instance python/vulns/gradio/PYSEC-2023-255.yaml: failed instance python/vulns/gratient/PYSEC-2024-1.yaml: failed instance python/vulns/hail/PYSEC-2023-271.yaml: failed instance python/vulns/homeassistant/PYSEC-2023-214.yaml: failed instance python/vulns/horizon/PYSEC-2012-18.yaml: failed instance python/vulns/horizon/PYSEC-2023-153.yaml: failed instance python/vulns/httpie/PYSEC-2023-242.yaml: failed instance python/vulns/hyperledger/PYSEC-2022-43055.yaml: failed instance python/vulns/idna/PYSEC-2024-60.yaml: failed instance python/vulns/imagecodecs/PYSEC-2023-174.yaml: failed instance python/vulns/indico/PYSEC-2023-129.yaml: failed instance python/vulns/indico/PYSEC-2024-90.yaml: failed instance python/vulns/json2xml/PYSEC-2023-149.yaml: failed instance python/vulns/json-logic/PYSEC-2023-209.yaml: failed instance python/vulns/jupyter-server/PYSEC-2023-155.yaml: failed instance python/vulns/jupyter-server/PYSEC-2023-157.yaml: failed instance python/vulns/jupyter-server/PYSEC-2023-272.yaml: failed instance python/vulns/jwcrypto/PYSEC-2024-104.yaml: failed instance python/vulns/keep/PYSEC-2022-43056.yaml: failed instance python/vulns/keylime/PYSEC-2023-128.yaml: failed instance python/vulns/keylime/PYSEC-2023-160.yaml: failed instance python/vulns/keystone/PYSEC-2012-19.yaml: failed instance python/vulns/keystone/PYSEC-2012-20.yaml: failed instance python/vulns/kiwitcms/PYSEC-2023-273.yaml: failed instance python/vulns/label-studio/PYSEC-2023-274.yaml: failed instance python/vulns/label-studio/PYSEC-2023-275.yaml: failed instance python/vulns/label-studio/PYSEC-2024-126.yaml: failed instance python/vulns/label-studio/PYSEC-2024-127.yaml: failed instance python/vulns/label-studio/PYSEC-2024-128.yaml: failed instance python/vulns/langchain-core/PYSEC-2024-45.yaml: failed instance python/vulns/langchain-experimental/PYSEC-2024-53.yaml: failed instance python/vulns/langchain-experimental/PYSEC-2024-62.yaml: failed instance python/vulns/langchain/PYSEC-2023-146.yaml: failed instance python/vulns/langchain/PYSEC-2023-147.yaml: failed instance python/vulns/langchain/PYSEC-2023-205.yaml: failed instance python/vulns/langchain/PYSEC-2024-118.yaml: failed instance python/vulns/langchain/PYSEC-2024-43.yaml: failed instance python/vulns/lektor/PYSEC-2024-49.yaml: failed instance python/vulns/lief/PYSEC-2022-43137.yaml: failed instance python/vulns/llama-index/PYSEC-2023-148.yaml: failed instance python/vulns/lollms/PYSEC-2024-108.yaml: failed instance python/vulns/lollms/PYSEC-2024-116.yaml: failed instance python/vulns/lollms/PYSEC-2024-122.yaml: failed instance python/vulns/matrix-sydent/PYSEC-2023-139.yaml: failed instance python/vulns/matrix-synapse/PYSEC-2023-180.yaml: failed instance python/vulns/matrix-synapse/PYSEC-2023-185.yaml: failed instance python/vulns/matrix-synapse/PYSEC-2023-199.yaml: failed instance python/vulns/matrix-synapse/PYSEC-2023-230.yaml: failed instance python/vulns/matrix-synapse/PYSEC-2024-50.yaml: failed instance python/vulns/mechanicalsoup/PYSEC-2023-108.yaml: failed instance python/vulns/metagpt/PYSEC-2024-9.yaml: failed instance python/vulns/micropython-copy/PYSEC-2023-256.yaml: failed instance python/vulns/micropython-copy/PYSEC-2024-87.yaml: failed instance python/vulns/micropython-copy/PYSEC-2024-91.yaml: failed instance python/vulns/micropython-copy/PYSEC-2024-92.yaml: failed instance python/vulns/micropython-io/PYSEC-2023-257.yaml: failed instance python/vulns/micropython-io/PYSEC-2024-88.yaml: failed instance python/vulns/micropython-io/PYSEC-2024-93.yaml: failed instance python/vulns/micropython-io/PYSEC-2024-94.yaml: failed instance python/vulns/micropython-os-path/PYSEC-2024-95.yaml: failed instance python/vulns/micropython-os/PYSEC-2023-258.yaml: failed instance python/vulns/micropython-os/PYSEC-2024-89.yaml: failed instance python/vulns/micropython-select/PYSEC-2023-259.yaml: failed instance python/vulns/micropython-string/PYSEC-2024-96.yaml: failed instance python/vulns/mindsdb/PYSEC-2023-140.yaml: failed instance python/vulns/mindsdb/PYSEC-2023-277.yaml: failed instance python/vulns/mindsdb/PYSEC-2023-279.yaml: failed instance python/vulns/mindsdb/PYSEC-2024-74.yaml: failed instance python/vulns/mindsdb/PYSEC-2024-77.yaml: failed instance python/vulns/mindsdb/PYSEC-2024-78.yaml: failed instance python/vulns/mindsdb/PYSEC-2024-79.yaml: failed instance python/vulns/mindsdb/PYSEC-2024-80.yaml: failed instance python/vulns/mindsdb/PYSEC-2024-81.yaml: failed instance python/vulns/mlflow/PYSEC-2023-252.yaml: failed instance python/vulns/mlflow/PYSEC-2023-253.yaml: failed instance python/vulns/mlflow/PYSEC-2023-260.yaml: failed instance python/vulns/mlflow/PYSEC-2023-280.yaml: failed instance python/vulns/mlflow/PYSEC-2023-281.yaml: failed instance python/vulns/mlflow/PYSEC-2024-51.yaml: failed instance python/vulns/modoboa/PYSEC-2023-215.yaml: failed instance python/vulns/modoboa/PYSEC-2023-216.yaml: failed instance python/vulns/modoboa/PYSEC-2023-217.yaml: failed instance python/vulns/modoboa/PYSEC-2023-282.yaml: failed instance python/vulns/modoboa/PYSEC-2023-283.yaml: failed instance python/vulns/modoboa/PYSEC-2023-284.yaml: failed instance python/vulns/moin/PYSEC-2009-11.yaml: failed instance python/vulns/motioneye/PYSEC-2022-43141.yaml: failed instance python/vulns/mycli/PYSEC-2023-213.yaml: failed instance python/vulns/nautobot-device-onboarding/PYSEC-2023-288.yaml: failed instance python/vulns/nautobot/PYSEC-2023-220.yaml: failed instance python/vulns/nautobot/PYSEC-2023-285.yaml: failed instance python/vulns/nautobot/PYSEC-2023-286.yaml: failed instance python/vulns/nautobot/PYSEC-2023-287.yaml: failed instance python/vulns/nautobot/PYSEC-2024-16.yaml: failed instance python/vulns/nonebot2/PYSEC-2024-37.yaml: failed instance python/vulns/nova/PYSEC-2012-21.yaml: failed instance python/vulns/octoprint/PYSEC-2022-43142.yaml: failed instance python/vulns/octoprint/PYSEC-2023-195.yaml: failed instance python/vulns/octoprint/PYSEC-2024-29.yaml: failed instance python/vulns/openc3/PYSEC-2024-100.yaml: failed instance python/vulns/openc3/PYSEC-2024-101.yaml: failed instance python/vulns/openc3/PYSEC-2024-121.yaml: failed instance python/vulns/opencv-contrib-python-headless/PYSEC-2023-182.yaml: failed instance python/vulns/opencv-contrib-python/PYSEC-2023-181.yaml: failed instance python/vulns/opencv-python-headless/PYSEC-2023-184.yaml: failed instance python/vulns/opencv-python/PYSEC-2023-183.yaml: failed instance python/vulns/openslides/PYSEC-2024-99.yaml: failed instance python/vulns/orjson/PYSEC-2024-40.yaml: failed instance python/vulns/pacparser/PYSEC-2022-43062.yaml: failed instance python/vulns/pacparser/PYSEC-2023-93.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2022-43063.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2023-122.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2023-123.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2023-124.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2023-125.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2023-126.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-129.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-130.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-131.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-132.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-133.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-134.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-135.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-136.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-137.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-138.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-139.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-140.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-141.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-142.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-143.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-144.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-145.yaml: failed instance python/vulns/paddlepaddle/PYSEC-2024-146.yaml: failed instance python/vulns/piccolo/PYSEC-2023-173.yaml: failed instance python/vulns/pillow/PYSEC-2023-227.yaml: failed instance python/vulns/pip/PYSEC-2023-228.yaml: failed instance python/vulns/pipreqs/PYSEC-2023-99.yaml: failed instance python/vulns/portage/PYSEC-2024-10.yaml: failed instance python/vulns/pretix/PYSEC-2023-187.yaml: failed instance python/vulns/products-cmfcore/PYSEC-2023-113.yaml: failed instance python/vulns/pyarrow/PYSEC-2023-238.yaml: failed instance python/vulns/pyassimp/PYSEC-2024-120.yaml: failed instance python/vulns/pycryptodomex/PYSEC-2024-3.yaml: failed instance python/vulns/pydash/PYSEC-2023-179.yaml: failed instance python/vulns/pydoris/PYSEC-2022-43150.yaml: failed instance python/vulns/pydrive2/PYSEC-2023-291.yaml: failed instance python/vulns/pygments/PYSEC-2023-117.yaml: failed instance python/vulns/pyinstaller/PYSEC-2023-292.yaml: failed instance python/vulns/pyload-ng/PYSEC-2024-123.yaml: failed instance python/vulns/pyload-ng/PYSEC-2024-17.yaml: failed instance python/vulns/pypinksign/PYSEC-2023-245.yaml: failed instance python/vulns/pyquest/PYSEC-2022-43051.yaml: failed instance python/vulns/pytigergraph/PYSEC-2022-43064.yaml: failed instance python/vulns/pywasm3/PYSEC-2022-43057.yaml: failed instance python/vulns/pywasm3/PYSEC-2022-43058.yaml: failed instance python/vulns/py-xml/PYSEC-2023-95.yaml: failed instance python/vulns/rdiffweb/PYSEC-2022-43156.yaml: failed instance python/vulns/rdiffweb/PYSEC-2022-43157.yaml: failed instance python/vulns/rdiffweb/PYSEC-2022-43158.yaml: failed instance python/vulns/rdiffweb/PYSEC-2022-43159.yaml: failed instance python/vulns/rdiffweb/PYSEC-2022-43160.yaml: failed instance python/vulns/rdiffweb/PYSEC-2022-43161.yaml: failed instance python/vulns/rdiffweb/PYSEC-2023-186.yaml: failed instance python/vulns/remarshal/PYSEC-2023-236.yaml: failed instance python/vulns/requests-xml/PYSEC-2023-96.yaml: failed instance python/vulns/request-util/PYSEC-2022-43052.yaml: failed instance python/vulns/restrictedpython/PYSEC-2023-118.yaml: failed instance python/vulns/restrictedpython/PYSEC-2023-159.yaml: failed instance python/vulns/roundup/PYSEC-2024-63.yaml: failed instance python/vulns/roundup/PYSEC-2024-64.yaml: failed instance python/vulns/roundup/PYSEC-2024-65.yaml: failed instance python/vulns/rpyc/PYSEC-2024-44.yaml: failed instance python/vulns/salt/PYSEC-2023-166.yaml: failed instance python/vulns/salt/PYSEC-2023-169.yaml: failed instance python/vulns/sap-xssec/PYSEC-2023-261.yaml: failed instance python/vulns/scikit-learn/PYSEC-2024-110.yaml: failed instance python/vulns/scipy/PYSEC-2023-114.yaml: failed instance python/vulns/scu-captcha/PYSEC-2022-43166.yaml: failed instance python/vulns/searchor/PYSEC-2023-262.yaml: failed instance python/vulns/selenium/PYSEC-2022-43167.yaml: failed instance python/vulns/selenium/PYSEC-2023-206.yaml: failed instance python/vulns/sentry/PYSEC-2023-115.yaml: failed instance python/vulns/sentry/PYSEC-2023-130.yaml: failed instance python/vulns/sqlfluff/PYSEC-2023-111.yaml: failed instance python/vulns/streamlit/PYSEC-2024-153.yaml: failed instance python/vulns/temporai/PYSEC-2024-21.yaml: failed instance python/vulns/transformers/PYSEC-2023-299.yaml: failed instance python/vulns/transformers/PYSEC-2023-300.yaml: failed instance python/vulns/transformers/PYSEC-2023-301.yaml: failed instance python/vulns/transmute-core/PYSEC-2023-223.yaml: failed instance python/vulns/tryton/PYSEC-2016-40.yaml: failed instance python/vulns/tryton/PYSEC-2016-41.yaml: failed instance python/vulns/tryton/PYSEC-2022-43170.yaml: failed instance python/vulns/tryton/PYSEC-2022-43171.yaml: failed instance python/vulns/tuitse-tsusin/PYSEC-2024-22.yaml: failed instance python/vulns/twisted/PYSEC-2023-224.yaml: failed instance python/vulns/twisted/PYSEC-2024-75.yaml: failed instance python/vulns/urllib3/PYSEC-2023-192.yaml: failed instance python/vulns/urllib3/PYSEC-2023-207.yaml: failed instance python/vulns/urllib3/PYSEC-2023-212.yaml: failed instance python/vulns/vantage6-node/PYSEC-2023-198.yaml: failed instance python/vulns/vantage6-node/PYSEC-2023-303.yaml: failed instance python/vulns/vantage6-node/PYSEC-2024-33.yaml: failed instance python/vulns/vantage6/PYSEC-2023-196.yaml: failed instance python/vulns/vantage6/PYSEC-2023-200.yaml: failed instance python/vulns/vantage6/PYSEC-2023-201.yaml: failed instance python/vulns/vantage6/PYSEC-2024-30.yaml: failed instance python/vulns/vantage6/PYSEC-2024-31.yaml: failed instance python/vulns/vantage6/PYSEC-2024-32.yaml: failed instance python/vulns/vantage6-server/PYSEC-2023-304.yaml: failed instance python/vulns/vantage6-server/PYSEC-2024-34.yaml: failed instance python/vulns/vyper/PYSEC-2022-43053.yaml: failed instance python/vulns/vyper/PYSEC-2023-131.yaml: failed instance python/vulns/vyper/PYSEC-2023-133.yaml: failed instance python/vulns/vyper/PYSEC-2023-142.yaml: failed instance python/vulns/vyper/PYSEC-2023-167.yaml: failed instance python/vulns/vyper/PYSEC-2023-168.yaml: failed instance python/vulns/vyper/PYSEC-2023-191.yaml: failed instance python/vulns/vyper/PYSEC-2023-305.yaml: failed instance python/vulns/vyper/PYSEC-2023-306.yaml: failed instance python/vulns/vyper/PYSEC-2023-307.yaml: failed instance python/vulns/vyper/PYSEC-2024-103.yaml: failed instance python/vulns/vyper/PYSEC-2024-147.yaml: failed instance python/vulns/vyper/PYSEC-2024-148.yaml: failed instance python/vulns/vyper/PYSEC-2024-149.yaml: failed instance python/vulns/vyper/PYSEC-2024-150.yaml: failed instance python/vulns/vyper/PYSEC-2024-151.yaml: failed instance python/vulns/wagtail/PYSEC-2023-219.yaml: failed instance python/vulns/wagtail/PYSEC-2024-86.yaml: failed instance python/vulns/wger/PYSEC-2023-143.yaml: failed instance python/vulns/wger/PYSEC-2023-144.yaml: failed instance python/vulns/whoogle-search/PYSEC-2024-18.yaml: failed instance python/vulns/whoogle-search/PYSEC-2024-19.yaml: failed instance python/vulns/whoogle-search/PYSEC-2024-20.yaml: failed instance python/vulns/whoogle-search/PYSEC-2024-23.yaml: failed instance python/vulns/xalpha/PYSEC-2023-116.yaml: failed instance python/vulns/xblock-drag-and-drop-v2/PYSEC-2022-43175.yaml: failed instance python/vulns/zenml/PYSEC-2024-105.yaml: failed instance python/vulns/zope/PYSEC-2023-193.yaml: failed instance python/vulns/zstd/PYSEC-2023-121.yaml: failed

From a quick inspection, they all seem to have problems with one or both of their published/modified fields.

di commented 2 days ago

Hmm, is something wrong with our usage of https://pypi.org/project/check-jsonschema/ and https://raw.githubusercontent.com/ossf/osv-schema/main/validation/schema.json? These seem to pass the schema check we have configured:

$ python -m check_jsonschema --schemafile https://raw.githubusercontent.com/ossf/osv-schema/main/validation/schema.json vulns/aiocpa/PYSEC-2024-152.yaml
ok -- validation done

Can you give us some more details on how you're validating the schema and what exactly is failing? Taking https://github.com/pypa/advisory-database/blob/main/vulns/aiocpa/PYSEC-2024-152.yaml as an example, this has the required modified field with a valid timestamp, as far as I can tell.

andrewpollock commented 2 days ago

You're right, something is fishy here, I can't see anything immediately untoward here:

$ ~/go/bin/jv ~/gosst/osv/osv-schema/validation/schema.json  aiocpa/PYSEC-2024-152.yaml
schema /usr/local/google/home/apollock/gosst/osv/osv-schema/validation/schema.json: ok

instance aiocpa/PYSEC-2024-152.yaml: failed
jsonschema validation failed with 'file:///usr/local/google/home/apollock/gosst/osv/osv-schema/validation/schema.json#'
- at '/modified': invalid jsonType time.Time

I'm using:

$ ~/go/bin/jv --version
github.com/santhosh-tekuri/jsonschema/cmd/jv v0.7.0
github.com/santhosh-tekuri/jsonschema/v6 v6.0.1
github.com/spf13/pflag v1.0.5
golang.org/x/text v0.14.0
gopkg.in/yaml.v3 v3.0.1

Now I'm wondering if it's having some sort of issue coercing the YAML into JSON for validation purposes? Let me continue to investigate, but treat this as unactionable until further notice. Apologies for the noise.

di commented 2 days ago

Looks like this is https://github.com/santhosh-tekuri/jsonschema/issues/115, and the solution is to wrap all these in quotes?

di commented 2 days ago

If that's the case, we should probably also introduce a CI check to enforce this in the .yaml files.

andrewpollock commented 1 day ago

Looks like this is santhosh-tekuri/jsonschema#115, and the solution is to wrap all these in quotes?

Oh good find!