Write a Lint rule check for "2 different files: same ghsa: value, only 1 cve: value; Same advisory"

Question

Write a Lint rule check for "2 different files: same ghsa: value, only 1 cve: value; Same advisory"

jasnow opened this issue a year ago · comments

Write a Lint rule check for "2 different files: same ghsa: value, only 1 cve: value" (currently not flagged)
1 file is named "CVE-*" (has cve: and ghsa: values) and 1 file is named "GHSA-" (no cve: value, but has ghsa: value).

Al Snow · Answer 1 · Wed Jul 12 2023 01:40:17 GMT+0800 (China Standard Time)

Minimum test case:

Run grep -v "^cve:" gems/bootstrap/*14040* > gems/bootstrap/GHSA-3wqf-4x89-9g79.yml
Run "rake" and it will be green but you have two copies of the same advisory.

FYI: Verified today that PR #585 does not catch this condition.