实现示例type Finding = { module: string; vulnID: string; score: number } type Policy = { block: number; warn: number } function valid(vulnID: string): boolean { return /^GO-\d{4}-\d{4}$/.test(vulnID) || /^CVE-\d{4}-\d{4,}$/.test(vulnID) } function decide(f: Finding, p: Policy): 'block' | 'warn' | 'pass' { if (!valid(f.vulnID)) return 'block' if (f.score >= p.block) return 'block' if (f.score >= p.warn) return 'warn' return 'pass' } function evaluate(list: Finding[], p: Policy): { blocked: Finding[]; warned: Finding[]; passed: Finding[] } { const blocked: Finding[] = [] const warned: Finding[] = [] const passed: Finding[] = [] for (const f of list) { const d = decide(f, p) if (d === 'block') blocked.push(f) else if (d === 'warn') warned.push(f) else passed.push(f) } return { blocked, warned, passed } } 审计与CI门禁阻断项直接失败;审计包含模块、漏洞ID与评分。策略变更需审批与归档。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复