Al Snow
Write a lint check for: multiple-cve-1-ghsa-in-1-dir in support of issue #580. ``` git grep "^ghsa:" |sed -e "s,CVE-.*ghsa:,," |sort |uniq -d ``` This script found the advisories fixed in #660.
Write a Lint rule check for "2 different files: same ghsa: value, only 1 cve: value; Same advisory"
Write a Lint rule check for "2 different files: same ghsa: value, only 1 cve: value" (currently not flagged) 1 file is named "CVE-*" (has cve: and ghsa: values) and...
Change github_advisory_sync.rb script to conform to project style guidelines. Such as: a. Fix indentation for related:/url:, patched_versions: and unafffected_versions fields. * "patched_version:" field needs to be moved over 4 spaces...
[Pre537] Add success status response code check to lib/github_advisory_sync.rb for all URLs Currently best mitigation idea is to flag non-successful status response codes and manually replace them from https://archive.org/web data....
Add cvss (cvss_v2, cvss_v3, cvss_v4) values back in as needed using external data in github_advisory_sync.rb. * ~Rest API Example: https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2019-1010218~
Add an explicit ignore list to the github_advisory_sync.rb script. Duplicates because of mixed case Gem names, Use CVE instead of GHSA filename, and Ruby => Gem reclassification. Current list of...