实现示例type Provider = { name: string; version: string; sha256: string; registry: string } type Module = { source: string; version: string; sha256?: string } const allowRegistries = new Set<string>(['registry.terraform.io','tf.example.com']) function hex64(h: string): boolean { return /^[A-Fa-f0-9]{64}$/.test(h) } function semverLike(v: string): boolean { return /^(\d+\.\d+\.\d+)(?:[-A-Za-z0-9_.]+)?$/.test(v) } function regAllowed(u: string): boolean { try { const x = new URL(`https://${u}`); return allowRegistries.has(x.host) } catch { return false } } function srcAllowed(u: string): boolean { try { const x = new URL(u); return x.protocol === 'https:' } catch { return false } } function evaluate(p: Provider, m: Module): { ok: boolean; errors: string[] } { const errors: string[] = [] if (!p.name || !semverLike(p.version) || !hex64(p.sha256) || !regAllowed(p.registry)) errors.push('provider') if (!srcAllowed(m.source) || !semverLike(m.version)) errors.push('module') if (m.sha256 && !hex64(m.sha256)) errors.push('module-hash') return { ok: errors.length === 0, errors } } 审计与运行治理审计 Provider 与模块版本与哈希、来源域;异常阻断并回退。变更需审批与归档,支持回溯。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复