Last active
July 1, 2023 15:59
-
-
Save jasnow/5a57099ee6c80f168dae89319fed2c01 to your computer and use it in GitHub Desktop.
Mocking up Postmodern's better example messages with my-585-06-30 branch data
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
====================================================================== | |
MULTIPLE DOUBLE REPORTED EXAMPLE | |
4) gems /home/t530-dev/Projects/585-652-ruby-advisory-db/spec/../gems/nokogiri | |
must not contain duplicate GHSA IDs | |
Failure/Error: expect(ghsa_ids).to match_array(ghsa_ids.uniq) | |
expected collection contained: ["2qc6-mcvw-92cw", "2rr5-8q37-2w7h", | |
"4hm9-844j-jmxp", "62qp-3fxm-9wxf", "6qvp-r6r3-9p7h", "6wj9-77wq...5c7-m54m", | |
"x2fm-93ww-ggvx", "x7rv-cr6v-4vm4", "xh29-r2w5-wx8m", "xjqg-9jvg-fgx2", "xxx9-3xcr-gjj3"] | |
actual collection contained: ["2qc6-mcvw-92cw", "2rr5-8q37-2w7h", | |
"4hm9-844j-jmxp", "62qp-3fxm-9wxf", "6qvp-r6r3-9p7h", "6wj9-77wq...3ww-ggvx", | |
"x7rv-cr6v-4vm4", "xh29-r2w5-wx8m", "xjqg-9jvg-fgx2", "xxx9-3xcr-gjj3", "xxx9-3xcr-gjj3"] | |
the extra elements were: [ | |
"fq42-c5rg-92c2", "gx8x-g87m-h5q6", "v6gp-9mmm-c6p5", "xxx9-3xcr-gjj3"] | |
1. Sort + uniq the "extra elements: | |
2. Grep to add usages of each "extra elements. | |
-- Example: git grep -E "fq42-c5rg-92c2|gx8x-g87m-h5q6|v6gp-9mmm-c6p5|xxx9-3xcr-gjj3" | |
-- gems/nokogiri/CVE-2018-25032.yml:ghsa: v6gp-9mmm-c6p5 | |
-- gems/nokogiri/CVE-2018-25032.yml:url: https://github.com/ | |
sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5 | |
-- gems/nokogiri/CVE-2021-30560.yml:ghsa: fq42-c5rg-92c2 | |
-- gems/nokogiri/CVE-2021-30560.yml:url: https://github.com/ | |
sparklemotion/nokogiri/security/advisories/GHSA-fq42-c5rg-92c2 | |
-- gems/nokogiri/CVE-2022-23437.yml:ghsa: xxx9-3xcr-gjj3 | |
-- gems/nokogiri/CVE-2022-23437.yml:url: https://github.com/ | |
sparklemotion/nokogiri/security/advisories/GHSA-xxx9-3xcr-gjj3 | |
-- gems/nokogiri/CVE-2022-24839.yml:ghsa: gx8x-g87m-h5q6 | |
-- gems/nokogiri/CVE-2022-24839.yml: - gx8x-g87m-h5q6 | |
3. Grep for filename usage for each "extra elements": | |
-- Example: find . -name "*fq42-c5rg-92c2*" -o -name "*gx8x-g87m-h5q6*" -o \ | |
-name "*v6gp-9mmm-c6p5*" -o -name "*xxx9-3xcr-gjj3*" | |
-- ./gems/nokogiri/GHSA-fq42-c5rg-92c2.yml | |
-- ./gems/nokogiri/GHSA-gx8x-g87m-h5q6.yml | |
-- ./gems/nokogiri/GHSA-v6gp-9mmm-c6p5.yml | |
-- ./gems/nokogiri/GHSA-xxx9-3xcr-gjj3.yml | |
4. Therefore following was "double reported" in ruby-advisory-db database: | |
MSG: "GHSA-fq42-c5rg-92c2.yml" is duplicate of "CVE-2021-30560.yml". | |
MSG: "GHSA-gx8x-g87m-h5q6.yml" is duplicate of "CVE-2022-24839.yml". | |
MSG: "GHSA-xxx9-3xcr-gjj3.yml" is duplicate of "CVE-2022-23437.yml". | |
MSG: "GHSA-v6gp-9mmm-c6p5.yml" is duplicate of "CVE-2018-25032.yml". | |
====================================================================== | |
SINGLE DOUBLE REPORTED EXAMPLE | |
6) gems /home/t530-dev/Projects/585-652-ruby-advisory-db/spec/../gems/user_agent_parser | |
must not contain duplicate GHSA IDs | |
Failure/Error: expect(ghsa_ids).to match_array(ghsa_ids.uniq) | |
expected collection contained: ["pcqq-5962-hvcw"] | |
actual collection contained: ["pcqq-5962-hvcw", "pcqq-5962-hvcw"] | |
the extra elements were: ["pcqq-5962-hvcw"] | |
Guess at steps: | |
1. Sort + uniq the "extra elements: | |
2. Grep to add usages of each "extra elements. | |
-- Example: git grep "pcqq-5962-hvcw" | |
-- gems/user_agent_parser/CVE-2020-5243.yml:ghsa: pcqq-5962-hvcw | |
-- gems/user_agent_parser/CVE-2020-5243.yml:url: https://github.com/ | |
ua-parser/uap-ruby/security/advisories/GHSA-pcqq-5962-hvcw | |
3. Grep for filename usage for each "extra elements": | |
-- Example: find . -name "*pcqq-5962-hvcw*" | |
-- ./gems/user_agent_parser/GHSA-pcqq-5962-hvcw.yml | |
4. Therefore following was "double reported" in ruby-advisory-db database: | |
MSG: "GHSA-pcqq-5962-hvcw.yml is duplicate of CVE-2020-5243.yml." | |
====================================================================== | |
NO DOUBLE REPORTED EXAMPLE | |
7) rubies /home/t530-dev/Projects/585-652-ruby-advisory-db/spec/../rubies/ruby | |
must not contain duplicate GHSA IDs | |
Failure/Error: expect(ghsa_ids).to match_array(ghsa_ids.uniq) | |
expected collection contained: ["252h-69rw-g2rp", "2x97-vvh4-m4q4", | |
"3gpq-xx45-4rr9", "45wv-gc6w-fq7m", "6mch-f8jc-rpmr", "96jc-f6m3...xqq-h2v6", | |
"rx2v-jmvm-3c4h", "v2mw-g73g-923h", "v74x-h8vc-p3j5", "wh77-3w5g-7q6x", "xpr8-vpc7-7vfc"] | |
actual collection contained: ["252h-69rw-g2rp", "2x97-vvh4-m4q4", | |
"3gpq-xx45-4rr9", "45wv-gc6w-fq7m", "6mch-f8jc-rpmr", "96jc-f6m3...xqq-h2v6", | |
"rx2v-jmvm-3c4h", "v2mw-g73g-923h", "v74x-h8vc-p3j5", "wh77-3w5g-7q6x", "xpr8-vpc7-7vfc"] | |
the extra elements were: ["c4h6-p7gp-39x2", "c4h6-p7gp-39x2", "c4h6-p7gp-39x2"] | |
Guess at steps: | |
1. Sort + uniq the "extra elements: | |
2. Grep to add usages of each "extra elements. | |
-- Example: git grep "c4h6-p7gp-39x2" | |
-- rubies/ruby/CVE-2008-2662.yml:ghsa: c4h6-p7gp-39x2 | |
-- rubies/ruby/CVE-2008-2662.yml: - https://github.com/advisories/GHSA-c4h6-p7gp-39x2 | |
-- rubies/ruby/CVE-2008-2663.yml:ghsa: c4h6-p7gp-39x2 | |
-- rubies/ruby/CVE-2008-2663.yml: - https://github.com/advisories/GHSA-c4h6-p7gp-39x2 | |
-- rubies/ruby/CVE-2008-2664.yml:ghsa: c4h6-p7gp-39x2 | |
-- rubies/ruby/CVE-2008-2664.yml: - https://github.com/advisories/GHSA-c4h6-p7gp-39x2 | |
-- rubies/ruby/CVE-2008-2725.yml:ghsa: c4h6-p7gp-39x2 | |
-- rubies/ruby/CVE-2008-2725.yml: - https://github.com/advisories/GHSA-c4h6-p7gp-39x2 | |
3. Grep for filename usage for each "extra elements": | |
-- Example: find . -name "*c4h6-p7gp-39x2*" | |
-- Nothing | |
4. Therefore nothing was "double reported" in ruby-advisory-db database. | |
====================================================================== | |
SINGLE DOUBLE REPORTED EXAMPLE | |
3) gems /home/t530-dev/Projects/585-652-ruby-advisory-db/spec/../gems/dummy2 | |
must not contain duplicate GHSA IDs | |
Failure/Error: expect(ghsa_ids).to match_array(ghsa_ids.uniq) | |
expected collection contained: ["cqf3-vpx7-rxhw", "gj4p-3wh3-2rmf"] | |
actual collection contained: ["cqf3-vpx7-rxhw", "gj4p-3wh3-2rmf", "gj4p-3wh3-2rmf"] | |
the extra elements were: ["gj4p-3wh3-2rmf"] | |
1. Sort + uniq the "extra elements: | |
2. Grep to add usages of each "extra elements. | |
-- Example: git grep "gj4p-3wh3-2rmf" | |
-- gems/yard/CVE-2017-17042.yml:ghsa: gj4p-3wh3-2rmf | |
3. Grep for filename usage for each "extra elements": | |
-- Example: find . -name "*gj4p-3wh3-2rmf" | |
-- ./gems/dummy2/GHSA-gj4p-3wh3-2rmf.yml | |
4. Therefore following was "double reported" in ruby-advisory-db database: | |
MSG: "GHSA-gj4p-3wh3-2rmf.yml" is duplicate of "CVE-2017-17042.yml". | |
====================================================================== | |
SINGLE DOUBLE REPORTED EXAMPLE | |
5) gems /home/t530-dev/Projects/585-652-ruby-advisory-db/spec/../gems/testdir | |
must not contain duplicate GHSA IDs | |
Failure/Error: expect(ghsa_ids).to match_array(ghsa_ids.uniq) | |
expected collection contained: ["5g4r-2qhx-vqfm", "gj4p-3wh3-2rma"] | |
actual collection contained: ["5g4r-2qhx-vqfm", "5g4r-2qhx-vqfm", "gj4p-3wh3-2rma"] | |
the extra elements were: ["5g4r-2qhx-vqfm"] | |
1. Sort + uniq the "extra elements: | |
2. Grep to add usages of each "extra elements. | |
-- Example: git grep "5g4r-2qhx-vqfm" | |
-- gems/trilogy/CVE-2022-31026.yml:ghsa: 5g4r-2qhx-vqfm | |
-- gems/trilogy/CVE-2022-31026.yml:url: https://github.com/ | |
github/trilogy/security/advisories/GHSA-5g4r-2qhx-vqfm | |
3. Grep for filename usage for each "extra elements": | |
-- Example: find . -name "*gj4p-3wh3-2rmf" | |
-- ./gems/testdir/GHSA-5g4r-2qhx-vqfm.yml | |
4. Therefore following was "double reported" in ruby-advisory-db database: | |
MSG: "GHSA-5g4r-2qhx-vqfm.yml" is duplicate of "CVE-2022-31026.yml". | |
====================================================================== | |
EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment