Missing documentation: question about filenames #1843
Comments
|
To clarify 1. are there ever capital letters in the id portion of the id/filename (ignoring GHSA of course)? |
|
Hi @kurtseifried! 1. are GHSA advisory ID's and filenames always GHSA-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}? This format may be validated with the following regular expression: /GHSA(?:-[23456789cfghjmpqrvwx]{4}){3}/ 2. are GHSA advisory ID's guaranteed to be unique, e.g. an ID never gets reused? 3. are there ever capital letters in the id portion of the id/filename (ignoring GHSA of course)? If this is not documented can it be added to this repo and other places? |
|
WRT to the {4} it's the regex. Also, what is the process for assigning the GHSA id's, e.g. how do you generate the a1b2-c3d4-e5f6 and ensure it is unique? |
|
Hi again @kurtseifried! We have a line of code that randomly generates a GHSA ID, and then checks to make sure it's truly unique before assigning it to an advisory! |
|
Hey @kurtseifried, We now have information about GHSA ID generation documented on this repository! We'll also be adding it to our documentation. Thanks for chiming in and making our product more clear! |
|
Somewhat related to this: While GHSA IDs may be unique, there can be both a Repository Advisory and a Database Advisory for the exact same GHSA ID, and their content can unfortunately differ, see #224. |
I can't find a clearly documented statement on this so I'll ask to make sure:
If this is documented please let me know (with URL), thanks. If this is not documented can it be added to this repo and other places?
The text was updated successfully, but these errors were encountered: