Import data from oss_fuzz using osv format

ziadhany · ziadhany · commit 8d615e6efdbe · 2022-12-17T16:25:33.000+02:00
Resolve merge conflicts

Signed-off-by: ziad &lt;ziadhany2016@gmail.com&gt;
diff --git a/vulnerabilities/importers/__init__.py b/vulnerabilities/importers/__init__.py
@@ -17,6 +17,7 @@
 from vulnerabilities.importers import npm
 from vulnerabilities.importers import nvd
 from vulnerabilities.importers import openssl
+from vulnerabilities.importers import oss_fuzz
 from vulnerabilities.importers import postgresql
 from vulnerabilities.importers import pypa
 from vulnerabilities.importers import pysec
@@ -39,6 +40,7 @@
     ubuntu.UbuntuImporter,
     debian_oval.DebianOvalImporter,
     npm.NpmImporter,
+    oss_fuzz.OSS_FuzzImporter,
 ]
 
 IMPORTERS_REGISTRY = {x.qualified_name: x for x in IMPORTERS_REGISTRY}
diff --git a/vulnerabilities/importers/oss_fuzz.py b/vulnerabilities/importers/oss_fuzz.py
@@ -0,0 +1,55 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+import logging
+import os
+from typing import Iterable
+
+import saneyaml
+from fetchcode.vcs.git import fetch_via_git
+
+from vulnerabilities.importer import AdvisoryData
+from vulnerabilities.importer import Importer
+from vulnerabilities.importers.osv import parse_advisory_data
+
+logger = logging.getLogger(__name__)
+
+
+class OSS_FuzzImporter(Importer):
+    license_url = "https://github.com/google/oss-fuzz-vulns/blob/main/LICENSE"
+    spdx_license_expression = "CC-BY-4.0"
+    url = "git+https://github.com/google/oss-fuzz-vulns"
+
+    def advisory_data(self) -> Iterable[AdvisoryData]:
+        for file in fork_and_get_files(self.url):
+            yield parse_advisory_data(file, supported_ecosystem="oss-fuzz")
+
+
+class ForkError(Exception):
+    pass
+
+
+def fork_and_get_files(url) -> dict:
+    """
+    Fetch the github repository and go to vulns directory ,
+    then open directories one by one and return a file .
+    """
+    try:
+        fork_directory = fetch_via_git(url=url)
+    except Exception as e:
+        logger.error(f"Can't clone url {url}")
+        raise ForkError(url) from e
+
+    advisory_dirs = os.path.join(fork_directory.dest_dir, "vulns")
+    for root, _, files in os.walk(advisory_dirs):
+        for file in files:
+            if not file.endswith(".yaml"):
+                logger.warning(f"unsupported file {file}")
+            else:
+                with open(os.path.join(root, file), "r") as f:
+                    yield saneyaml.load(f.read())
