Commit 2290182b authored by Leo's avatar Leo

refactor(secfixes-check): rewrite error messages in CVE checks

parent 21e85bde
......@@ -193,19 +193,19 @@ local function checkCVE(str, line)
-- Check if we were given just the string 'CVE'
---
if str:len() == 0 then
violation("CVE ID given has no year or ID", line, "50", "SC")
violation("CVE ID is empty", line, "50", "SC")
end
-- CVE Identifirs are made up of only integers and hyphens after the CVE- prefix
if not str:match("^%-[%d%-]*$") then
violation("CVE IDs only have integers and hyphens after the initial CVE", line, "50", "SC")
violation("CVE ID only have integers and hyphens after the initial CVE", line, "50", "SC")
end
-- The value right after CVE- is the year which must always be 4 digits (YYYY)
if not str:match("^%-%d%d%d%d%-") then
violation("CVE IDs have 4 digit year between the first and second hyphens", line, "50", "SC")
violation("CVE ID given does not have year in 4 digit YYYY format", line, "50", "SC")
end
-- The last value of a CVE identifier is a collection of AT LEAST 4 digits
if not str:match("^%-.-%-%d%d%d%d+$") then
violation("CVE IDs are at least 4 digits", line, "50", "SC")
violation("CVE ID given does not have at least 4 digits at the end", line, "50", "SC")
end
local _, n = str:gsub("%-", "")
-- There must be exactly 2 hyphens, as the string is CVE-YYYY-XXXX
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment