实现示例type Advisory = { cve: string; cvss: number; epss: number }
type Policy = { wCvss: number; wEpss: number; block: number; warn: number }
function validCvss(s: number): boolean { return s >= 0 && s <= 10 && Number.isFinite(s) }
function validEpss(p: number): boolean { return p >= 0 && p <= 1 && Number.isFinite(p) }
function score(a: Advisory, p: Policy): number { return a.cvss * p.wCvss + a.epss * 10 * p.wEpss }
function evaluate(list: Advisory[], p: Policy): { blocked: Advisory[]; warned: Advisory[]; passed: Advisory[] } {
const blocked: Advisory[] = []
const warned: Advisory[] = []
const passed: Advisory[] = []
for (const a of list) {
if (!validCvss(a.cvss) || !validEpss(a.epss)) { blocked.push(a); continue }
const s = score(a, p)
if (s >= p.block) blocked.push(a)
else if (s >= p.warn) warned.push(a)
else passed.push(a)
}
return { blocked, warned, passed }
}
审计与CI门禁记录风险分与决策;阻断项直接失败;警告项进入灰度窗口处置。权重与阈值变更需审批并回归验证。
发表评论 取消回复