Add a test to ensure that OSS-Fuzz uses the explicit versions correctly

ziadhany · ziadhany · commit fa1dfa2f25e0 · 2025-12-31T09:17:16.000+02:00
Signed-off-by: ziad hany &lt;ziadhany2016@gmail.com&gt;
diff --git a/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-3.yaml b/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-3.yaml
@@ -0,0 +1,38 @@
+id: OSV-2025-68
+summary: UNKNOWN READ in std::__1::__function::__func<cv::PngDecoder::compose_frame
+details: |
+  OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392318892
+
+  ```
+  Crash type: UNKNOWN READ
+  Crash state:
+  std::__1::__function::__func<cv::PngDecoder::compose_frame
+  cv::ParallelLoopBodyWrapper::operator
+  cv::ThreadPool::run
+  ```
+modified: '2025-02-05T14:25:02.989469Z'
+published: '2025-01-28T00:00:46.845996Z'
+references:
+- type: REPORT
+  url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392318892
+affected:
+- package:
+    name: opencv
+    ecosystem: OSS-Fuzz
+    purl: pkg:generic/opencv
+  ranges:
+  - type: GIT
+    repo: https://github.com/opencv/opencv.git
+    events:
+    - introduced: b4d03256663b6ceb2994c367be4664f282c9f1ec
+    - fixed: c21d0ad9d08d364542bb4a6eb971ee3051ccba63
+    - fixed: 43cebe52eba056d9fbb1115928cf698ae44abd60
+  versions:
+  - 4.11.0
+  - 5.0.0-alpha
+  ecosystem_specific:
+    severity: MEDIUM
+  database_specific:
+    introduced_range: a6f72f813d307f77e7597447bdba25dcb5b6447d:ff18c9cc7904e878b10273265196e0238490e692
+    fixed_range: d5f69305cbfdb727865baac0f7cb5c82c5fdaab9:43cebe52eba056d9fbb1115928cf698ae44abd60
+schema_version: 1.6.0
diff --git a/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-3.json b/vulnerabilities/tests/test_data/osv_test/oss-fuzz/oss-fuzz-expected-3.json
@@ -0,0 +1,67 @@
+{
+  "advisory_id": "OSV-2025-68",
+  "aliases": [],
+  "summary": "UNKNOWN READ in std::__1::__function::__func<cv::PngDecoder::compose_frame\nOSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392318892\n\n```\nCrash type: UNKNOWN READ\nCrash state:\nstd::__1::__function::__func<cv::PngDecoder::compose_frame\ncv::ParallelLoopBodyWrapper::operator\ncv::ThreadPool::run\n```",
+  "affected_packages": [
+    {
+      "package": {
+        "type": "generic",
+        "namespace": "",
+        "name": "opencv",
+        "version": "",
+        "qualifiers": "",
+        "subpath": ""
+      },
+      "affected_version_range": null,
+      "fixed_version_range": null,
+      "introduced_by_commit_patches": [
+        {
+          "vcs_url": "https://github.com/opencv/opencv",
+          "commit_hash": "b4d03256663b6ceb2994c367be4664f282c9f1ec",
+          "patch_text": null,
+          "patch_checksum": null
+        }
+      ],
+      "fixed_by_commit_patches": [
+        {
+          "vcs_url": "https://github.com/opencv/opencv",
+          "commit_hash": "c21d0ad9d08d364542bb4a6eb971ee3051ccba63",
+          "patch_text": null,
+          "patch_checksum": null
+        },
+        {
+          "vcs_url": "https://github.com/opencv/opencv",
+          "commit_hash": "43cebe52eba056d9fbb1115928cf698ae44abd60",
+          "patch_text": null,
+          "patch_checksum": null
+        }
+      ]
+    },
+    {
+      "package": {
+        "type": "generic",
+        "namespace": "",
+        "name": "opencv",
+        "version": "",
+        "qualifiers": "",
+        "subpath": ""
+      },
+      "affected_version_range": "vers:generic/4.11.0|5.0.0-alpha",
+      "fixed_version_range": null,
+      "introduced_by_commit_patches": [],
+      "fixed_by_commit_patches": []
+    }
+  ],
+  "references_v2": [
+    {
+      "reference_id": "",
+      "reference_type": "",
+      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392318892"
+    }
+  ],
+  "patches": [],
+  "severities": [],
+  "date_published": "2025-01-28T00:00:46.845996+00:00",
+  "weaknesses": [],
+  "url": "https://test.com"
+}
diff --git a/vulnerabilities/tests/test_osv_v2.py b/vulnerabilities/tests/test_osv_v2.py
@@ -204,6 +204,16 @@ def test_to_advisories_oss_fuzz2(self):
         result = imported_data.to_dict()
         util_tests.check_results_against_json(result, expected_file)
 
+    def test_to_advisories_oss_fuzz3(self):
+        with open(os.path.join(TEST_DATA, "oss-fuzz/oss-fuzz-3.yaml")) as f:
+            mock_response = saneyaml.load(f)
+        expected_file = os.path.join(TEST_DATA, "oss-fuzz/oss-fuzz-expected-3.json")
+        imported_data = parse_advisory_data_v3(
+            mock_response, "generic", advisory_url="https://test.com", advisory_text=""
+        )
+        result = imported_data.to_dict()
+        util_tests.check_results_against_json(result, expected_file)
+
     def test_to_advisories_pypa1(self):
         with open(os.path.join(TEST_DATA, "pypa/pypa-1.yaml")) as f:
             mock_response = saneyaml.load(f)
