Assign IDs

ossf · Jan 20, 2025 · f4fb481 · f4fb481
1 parent 9863df2
commit f4fb481
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 49 deletions.
diff --git a/osv/malicious/.id-allocator b/osv/malicious/.id-allocator
@@ -1 +1 @@
-a4340de35193c75ccda316da49d24d13b95900327d3e109343392934a7d91c91
+1500123ae0aadb7cf2707f09b1f3426dd8e7d5c6c432706f4afc4be7956b6468
diff --git a/osv/malicious/npm/@sportdigi/scripts/MAL-0000-ossf-package-analysis-b7fcdf4e7d41086f.json b/osv/malicious/npm/@sportdigi/scripts/MAL-0000-ossf-package-analysis-b7fcdf4e7d41086f.json
diff --git a/osv/malicious/npm/@sportdigi/scripts/MAL-2024-10548.json b/osv/malicious/npm/@sportdigi/scripts/MAL-2024-10548.json
@@ -1,5 +1,5 @@
 {
-  "modified": "2024-11-13T02:27:51Z",
+  "modified": "2025-01-20T12:46:30Z",
   "published": "2024-11-10T15:47:01Z",
   "schema_version": "1.5.0",
   "id": "MAL-2024-10548",
@@ -19,7 +19,8 @@
         "9.8.0",
         "9.10.2",
         "9.10.21",
-        "9.10.23"
+        "9.10.23",
+        "25.2.8"
       ]
     }
   ],
@@ -106,6 +107,15 @@
         "versions": [
           "9.10.23"
         ]
+      },
+      {
+        "source": "ossf-package-analysis",
+        "sha256": "b7fcdf4e7d41086f47b2d800ce9243f035322e3ccb527d0ee676a0c92dfd124a",
+        "import_time": "2025-01-20T12:46:09.359010656Z",
+        "modified_time": "2025-01-20T12:45:48Z",
+        "versions": [
+          "25.2.8"
+        ]
       }
     ]
   }

diff --git a/...sf-package-analysis-57280be2b53804d2.json → ...ous/npm/showcase-server/MAL-2025-146.json b/...sf-package-analysis-57280be2b53804d2.json → ...ous/npm/showcase-server/MAL-2025-146.json
@@ -2,9 +2,9 @@
   "modified": "2025-01-20T12:16:00Z",
   "published": "2025-01-20T12:16:00Z",
   "schema_version": "1.5.0",
-  "id": "",
+  "id": "MAL-2025-146",
   "summary": "Malicious code in showcase-server (npm)",
-  "details": "The OpenSSF Package Analysis project identified 'showcase-server' @ 9.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
+  "details": "\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (57280be2b53804d2110161bb386b263b47523fad5da13d238c05f67031cef733)\nThe OpenSSF Package Analysis project identified 'showcase-server' @ 9.9.9 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package communicates with a domain associated with malicious activity.\n",
   "affected": [
     {
       "package": {
@@ -29,10 +29,10 @@
   "database_specific": {
     "malicious-packages-origins": [
       {
-        "source": "ossf-package-analysis",
-        "sha256": "57280be2b53804d2110161bb386b263b47523fad5da13d238c05f67031cef733",
         "import_time": "2025-01-20T12:46:09.226015728Z",
         "modified_time": "2025-01-20T12:16:00Z",
+        "sha256": "57280be2b53804d2110161bb386b263b47523fad5da13d238c05f67031cef733",
+        "source": "ossf-package-analysis",
         "versions": [
           "9.9.9"
         ]
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		a4340de35193c75ccda316da49d24d13b95900327d3e109343392934a7d91c91
		1500123ae0aadb7cf2707f09b1f3426dd8e7d5c6c432706f4afc4be7956b6468