-
Notifications
You must be signed in to change notification settings - Fork 8
/
mandatoryTest_6_1_10.js
112 lines (100 loc) · 3.57 KB
/
mandatoryTest_6_1_10.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
import * as cvss2 from '../shared/cvss2.js'
import * as cvss3 from '../shared/cvss3.js'
const cvssV3VectorStringMapping = cvss3.mapping
/** @type {ReadonlyArray<readonly [string, string, Record<string, string>]>} */
const cvssV2VectorStringMapping =
/** @type {ReadonlyArray<readonly [string, string, Record<string, string>]>} */ (
cvss2.mapping.map((mapping) => [
mapping[0],
mapping[1],
Object.fromEntries(
Object.entries(mapping[2]).map(([key, value]) => [key, value.id])
),
])
)
/**
* @param {any} doc
*/
export default function mandatoryTest_6_1_10(doc) {
/** @type {Array<{ message: string; instancePath: string }>} */
const errors = []
let isValid = true
if (Array.isArray(doc.vulnerabilities)) {
/** @type {Array<any>} */
const vulnerabilities = doc.vulnerabilities
vulnerabilities.forEach((vulnerability, vulnerabilityIndex) => {
if (!Array.isArray(vulnerability.scores)) return
/** @type {Array<any>} */
const scores = vulnerability.scores
scores.forEach((score, scoreIndex) => {
if (typeof score.cvss_v2?.vectorString === 'string') {
/** @type {Record<string, unknown>} */
const cvssV2 = score.cvss_v2
const vectorString = /** @type {string} */ (cvssV2.vectorString)
validateCVSSAttributes({
vectorValues: vectorString.split('/'),
vectorMapping: cvssV2VectorStringMapping,
cvss: cvssV2,
onError({ attributeKey }) {
isValid = false
errors.push({
instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v2/${attributeKey}`,
message: 'value is not consistent with the vector string',
})
},
})
}
if (
typeof score.cvss_v3?.vectorString === 'string' &&
(score.cvss_v3.version === '3.1' || score.cvss_v3.version === '3.0')
) {
/** @type {Record<string, unknown>} */
const cvssV3 = score.cvss_v3
const vectorString = /** @type {string} */ (cvssV3.vectorString)
validateCVSSAttributes({
vectorValues: vectorString.split('/').slice(1),
vectorMapping: cvssV3VectorStringMapping,
cvss: cvssV3,
onError({ attributeKey }) {
isValid = false
errors.push({
instancePath: `/vulnerabilities/${vulnerabilityIndex}/scores/${scoreIndex}/cvss_v3/${attributeKey}`,
message: 'value is not consistent with the vector string',
})
},
})
}
})
})
}
return { errors, isValid }
}
/**
* @param {object} params
* @param {string[]} params.vectorValues
* @param {ReadonlyArray<readonly [string, string, { [key: string]: string }]>} params.vectorMapping
* @param {Record<string, unknown>} params.cvss
* @param {(params: { attributeKey: string }) => void} params.onError
*/
function validateCVSSAttributes({
vectorValues,
vectorMapping,
cvss,
onError,
}) {
vectorValues.forEach((str) => {
const [key, value] = str.split(':')
const entry = vectorMapping.find((e) => e[1] === key)
if (!entry) return
const [attributeKey] = entry
const attributeValue = cvss[attributeKey]
if (typeof attributeValue !== 'string') return
const expectedAttributeValue = Object.entries(entry[2]).find(
(e) => e[1] === value
)?.[0]
if (typeof expectedAttributeValue !== 'string') return
if (attributeValue !== expectedAttributeValue) {
onError({ attributeKey })
}
})
}