Impact analysis - Multiple ranges not handled for GIT range #1938
Description
Describe the bug
Multiple ranges on the same branch are not handled for GIT type.
I created a toy example based on the "multiple range example" : https://ossf.github.io/osv-schema/#multiple-range-example.
In order to avoid recreating a toy repository we will reuse the one that we created for the previous issue :
https://github.com/RomainLefeuvre/osv_issue_minimal_example with the following git history :
And this range of events :
"events": [
{
"introduced": "d241812d2722d573a7b096d44d139946d8dcb484" [X]
},
{
"fixed": "ec5e313170f68d3fc575d107a8b92d43ae140249" [B]
},
{
"introduced": "868d891cffe96cd67b2abac82c62ade7219af9b5" [C]
},
{
"fixed": "80f15009d903ac95ffc5a5a07a3a213e4980bb62" [Y]
}
]
}
To Reproduce
Steps to reproduce the behaviour:
- clone https://github.com/RomainLefeuvre/osv.dev
- setup your python virtualenv as described in the osv documentation
- from the root level of the repo, execute
python -m osv.analyze_tool --detect_cherrypicks true --format json "./osv/osv_bug/vuln_2.json"
Result
❯ python -m osv.analyze_tool --format json --detect_cherrypicks true "./osv/osv_bug/vuln_2.json"
AnalyzeResult(has_changes=False, commits={'d241812d2722d573a7b096d44d139946d8dcb484', 'e54222cfdedd86a37dc37d999ebc63dccf3fc9da'})
The following commits are detected
d241812d2722d573a7b096d44d139946d8dcb484(X)e54222cfdedd86a37dc37d999ebc63dccf3fc9da(A)
Expected behaviour
C and D should also be reported as vulnerable