@@ -10,18 +10,13 @@ class GitHubAdvisorySync
1010 # It writes a set of yaml files, one for each GitHub Advisory that
1111 # is not already present in this repo
1212 #
13- # The min_year argument specifies the earliest year CVE to sync
14- # There are many old CVEs in the GitHub advisory dataset that are not in here
13+ # The min_year argument specifies the earliest year CVE to sync.
1514 # It is more important to sync the newer ones, so this allows the user to
1615 # control how old of CVEs the sync should pull over
17- def self . sync ( min_year : 2018 )
16+ def self . sync ( min_year : 2011 )
1817 gh_advisories = GraphQLAPIClient . new . retrieve_all_rubygem_publishable_advisories
1918
20- # filter out advisories with a CVE year that is before the min_year
21- # The script will write many files for years 2013, 2014 and other earlier years
22- # Since older CVEs are not as interesting, I am leaving it up to the caller to
23- # decide how older they want. The script is really designed to keep data synced
24- # over going forward
19+ # Filter out advisories with a CVE year that is before the min_year
2520 gh_advisories . select! do |advisory |
2621 if advisory . cve_id
2722 _ , cve_year = advisory . cve_id . match ( /^CVE-(\d +)-\d +$/ ) . to_a
@@ -38,7 +33,7 @@ def self.sync(min_year: 2018)
3833
3934 puts "\n Sync completed"
4035 if files_written . empty?
41- puts "Nothing to sync today! All CVEs after #{ min_year }
36+ puts "Nothing to sync today! All CVEs starting from #{ min_year }
4237 else
4338 puts "Wrote these files:\n #{ files_written . to_yaml }
4439 end
@@ -254,8 +249,8 @@ def write_files
254249
255250 data = {
256251 "gem" => vulnerability [ "package" ] [ "name" ] ,
257- "date" => published_day ,
258252 "url" => external_reference ,
253+ "date" => published_day ,
259254 "title" => github_advisory_graphql_object [ "summary" ] ,
260255 "description" => github_advisory_graphql_object [ "description" ] ,
261256 "cvss_v3" => "<FILL IN IF AVAILABLE>" ,
0 commit comments