Import data from OSS-Fuzz (#897)

Add OSSFuzzImprover to IMPROVERS_REGISTRY
Fix oss-fuzz test ( add weakness in expected test file )
Add oss-fuzz tests
Import data from oss_fuzz using osv format

Resolve merge conflicts

Signed-off-by: ziadhany <[email protected]>

Author: ziadhany

vulnerabilities/importers/__init__.py

@@ -25,6 +25,7 @@
 from vulnerabilities.importers import npm
 from vulnerabilities.importers import nvd
 from vulnerabilities.importers import openssl
+from vulnerabilities.importers import oss_fuzz
 from vulnerabilities.importers import postgresql
 from vulnerabilities.importers import project_kb_msr2019
 from vulnerabilities.importers import pypa
@@ -65,6 +66,7 @@
     ubuntu_usn.UbuntuUSNImporter,
     fireeye.FireyeImporter,
     apache_kafka.ApacheKafkaImporter,
+    oss_fuzz.OSSFuzzImporter,
 ]
 
 IMPORTERS_REGISTRY = {x.qualified_name: x for x in IMPORTERS_REGISTRY}

vulnerabilities/importers/oss_fuzz.py

@@ -0,0 +1,37 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+import logging
+from pathlib import Path
+from typing import Iterable
+
+import saneyaml
+
+from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import Importer
+from vulnerabilities.importers.osv import parse_advisory_data
+
+logger = logging.getLogger(__name__)
+
+
+class OSSFuzzImporter(Importer):
+    license_url = "https://github.com/google/oss-fuzz-vulns/blob/main/LICENSE"
+    spdx_license_expression = "CC-BY-4.0"
+    url = "git+https://github.com/google/oss-fuzz-vulns"
+
+    def advisory_data(self) -> Iterable[AdvisoryData]:
+        try:
+            self.clone(repo_url=self.url)
+            path = Path(self.vcs_response.dest_dir) / "vulns"
+            for file in path.glob("**/*.yaml"):
+                with open(file) as f:
+                    yaml_data = saneyaml.load(f.read())
+                    yield parse_advisory_data(yaml_data, supported_ecosystem="oss-fuzz")
+        finally:
+            if self.vcs_response:
+                self.vcs_response.delete()

vulnerabilities/improvers/__init__.py

@@ -22,6 +22,7 @@
     valid_versions.IstioImprover,
     valid_versions.DebianOvalImprover,
     valid_versions.UbuntuOvalImprover,
+    valid_versions.OSSFuzzImprover,
 ]
 
 IMPROVERS_REGISTRY = {x.qualified_name: x for x in IMPROVERS_REGISTRY}

vulnerabilities/improvers/valid_versions.py

@@ -35,6 +35,7 @@
 from vulnerabilities.importers.istio import IstioImporter
 from vulnerabilities.importers.nginx import NginxImporter
 from vulnerabilities.importers.npm import NpmImporter
+from vulnerabilities.importers.oss_fuzz import OSSFuzzImporter
 from vulnerabilities.importers.ubuntu import UbuntuImporter
 from vulnerabilities.improver import MAX_CONFIDENCE
 from vulnerabilities.improver import Improver
@@ -477,3 +478,8 @@ class DebianOvalImprover(ValidVersionImprover):
 class UbuntuOvalImprover(ValidVersionImprover):
     importer = UbuntuImporter
     ignorable_versions = []
+
+
+class OSSFuzzImprover(ValidVersionImprover):
+    importer = OSSFuzzImporter
+    ignorable_versions = []

vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data1.yaml

@@ -0,0 +1,41 @@
+id: OSV-2021-933
+summary: Heap-buffer-overflow in print_mac
+details: |
+  OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887
+
+  ```
+  Crash type: Heap-buffer-overflow WRITE 4
+  Crash state:
+  print_mac
+  log_packet
+  dhcp_reply
+  ```
+modified: '2022-04-13T03:04:31.143462Z'
+published: '2021-07-08T00:01:26.369555Z'
+references:
+- type: REPORT
+  url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887
+affected:
+- package:
+    name: dnsmasq
+    ecosystem: OSS-Fuzz
+  ranges:
+  - type: GIT
+    repo: git://thekelleys.org.uk/dnsmasq.git
+    events:
+    - introduced: 96f6444958c29a670f4254722d787f328153605c
+    - fixed: d242cbffa4f20c9f7472f79b3a9e47008b6fe77c
+  versions:
+  - v2.86
+  - v2.86rc1
+  - v2.86rc2
+  - v2.86rc3
+  - v2.86test5
+  - v2.86test6
+  - v2.86test7
+  - v2.87test1
+  - v2.87test2
+  - v2.87test3
+  - v2.87test4
+  ecosystem_specific:
+    severity: HIGH

vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data1.yaml-expected.json

@@ -0,0 +1,20 @@
+{
+  "aliases": [
+    "OSV-2021-933"
+  ],
+  "summary": "Heap-buffer-overflow in print_mac\nOSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887\n\n```\nCrash type: Heap-buffer-overflow WRITE 4\nCrash state:\nprint_mac\nlog_packet\ndhcp_reply\n```",
+  "affected_packages": [
+
+  ],
+  "references": [
+    {
+      "reference_id": "",
+      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887",
+      "severities": [
+
+      ]
+    }
+  ],
+  "date_published": "2021-07-08T00:01:26.369555+00:00",
+  "weaknesses": []
+}

vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data2.yaml

@@ -0,0 +1,33 @@
+id: OSV-2022-145
+summary: Heap-buffer-overflow in print_mac
+details: |
+  OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44581
+
+  ```
+  Crash type: Heap-buffer-overflow WRITE 4
+  Crash state:
+  print_mac
+  log_packet
+  dhcp_reply
+  ```
+modified: '2022-04-13T03:04:31.179893Z'
+published: '2022-02-13T00:01:27.883603Z'
+references:
+- type: REPORT
+  url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44581
+affected:
+- package:
+    name: dnsmasq
+    ecosystem: OSS-Fuzz
+    purl: pkg:generic/dnsmasq
+  ranges:
+  - type: GIT
+    repo: git://thekelleys.org.uk/dnsmasq.git
+    events:
+    - introduced: e426c2d3bc182d790f83039b77a09d55230ca71f
+    - fixed: 03345ecefeb0d82e3c3a4c28f27c3554f0611b39
+  versions:
+  - v2.87test8
+  ecosystem_specific:
+    severity: HIGH
+schema_version: 1.2.0

vulnerabilities/tests/test_data/oss_fuzz/oss-fuzz-data2.yaml-expected.json

@@ -0,0 +1,20 @@
+{
+  "aliases": [
+    "OSV-2022-145"
+  ],
+  "summary": "Heap-buffer-overflow in print_mac\nOSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44581\n\n```\nCrash type: Heap-buffer-overflow WRITE 4\nCrash state:\nprint_mac\nlog_packet\ndhcp_reply\n```",
+  "affected_packages": [
+
+  ],
+  "references": [
+    {
+      "reference_id": "",
+      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44581",
+      "severities": [
+
+      ]
+    }
+  ],
+  "date_published": "2022-02-13T00:01:27.883603+00:00",
+  "weaknesses": []
+}

vulnerabilities/tests/test_oss_fuzz.py

@@ -0,0 +1,36 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+import os
+from unittest import TestCase
+
+import saneyaml
+
+from vulnerabilities.importers.osv import parse_advisory_data
+from vulnerabilities.tests import util_tests
+
+BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+TEST_DATA = os.path.join(BASE_DIR, "test_data/oss_fuzz")
+
+
+class TestOSSFuzzImporter(TestCase):
+    def test_to_advisories1(self):
+        with open(os.path.join(TEST_DATA, "oss-fuzz-data1.yaml")) as f:
+            mock_response = saneyaml.load(f)
+        expected_file = os.path.join(TEST_DATA, "oss-fuzz-data1.yaml-expected.json")
+        imported_data = parse_advisory_data(mock_response, "oss-fuzz")
+        result = imported_data.to_dict()
+        util_tests.check_results_against_json(result, expected_file)
+
+    def test_to_advisorie2(self):
+        with open(os.path.join(TEST_DATA, "oss-fuzz-data2.yaml")) as f:
+            mock_response = saneyaml.load(f)
+        expected_file = os.path.join(TEST_DATA, "oss-fuzz-data2.yaml-expected.json")
+        imported_data = parse_advisory_data(mock_response, "oss-fuzz")
+        result = imported_data.to_dict()
+        util_tests.check_results_against_json(result, expected_file)