@@ -420,6 +420,18 @@ def fetch_affected_packages(osv_advisory: osv.Vulnerability) -> list[str]:
420420 return [affected ['package' ]['name' ] for affected in osv_advisory ['affected' ]]
421421
422422
423+ def is_existing_advisory_ahead (
424+ name : str , sa_id : str , proposed_modified_at : str
425+ ) -> bool :
426+ try :
427+ with open (f'advisories/{ name } /D{ sa_id } .json' ) as f :
428+ existing_advisory = typing .cast (osv .Vulnerability , json .load (f ))
429+ # RFC3339 dates are designed to be comparable as strings, so this is safe
430+ return existing_advisory ['modified' ] > proposed_modified_at
431+ except FileNotFoundError :
432+ return False
433+
434+
423435def generate_osv_advisories () -> None :
424436 for file in os .scandir ('cache/advisories' ):
425437 if not file .is_file () or not file .name .endswith ('.json' ):
@@ -442,6 +454,12 @@ def generate_osv_advisories() -> None:
442454 for affected_package in affected_packages :
443455 name = affected_package .removeprefix ('drupal/' )
444456 os .makedirs (f'advisories/{ name } ' , exist_ok = True )
457+ if is_existing_advisory_ahead (name , sa_id , osv_advisory ['modified' ]):
458+ print (
459+ ' \\ - error: current modified date is ahead of the proposed modified date (is your cache up to date?)'
460+ )
461+ exit (1 )
462+
445463 with open (f'advisories/{ name } /D{ sa_id } .json' , 'w' ) as f :
446464 json .dump (osv_advisory , f , indent = 2 )
447465 f .write ('\n ' )
0 commit comments