实现示例type Finding = { module: string; vulnID: string; score: number }
type Policy = { block: number; warn: number }
function valid(vulnID: string): boolean { return /^GO-\d{4}-\d{4}$/.test(vulnID) || /^CVE-\d{4}-\d{4,}$/.test(vulnID) }
function decide(f: Finding, p: Policy): 'block' | 'warn' | 'pass' {
if (!valid(f.vulnID)) return 'block'
if (f.score >= p.block) return 'block'
if (f.score >= p.warn) return 'warn'
return 'pass'
}
function evaluate(list: Finding[], p: Policy): { blocked: Finding[]; warned: Finding[]; passed: Finding[] } {
const blocked: Finding[] = []
const warned: Finding[] = []
const passed: Finding[] = []
for (const f of list) {
const d = decide(f, p)
if (d === 'block') blocked.push(f)
else if (d === 'warn') warned.push(f)
else passed.push(f)
}
return { blocked, warned, passed }
}
审计与CI门禁阻断项直接失败;审计包含模块、漏洞ID与评分。策略变更需审批与归档。
发表评论 取消回复