Commit d2e5f6be authored by Leo's avatar Leo

refactor(secfixes-check): use AL50 and check for empty CVE IDs

parent 4c77c1c6
......@@ -134,22 +134,28 @@ local function checkCVE(str, line)
---
str = str:gsub("^CVE", "")
---
-- Check if we were given just the string 'CVE'
---
if str:len() == 0 then
violation("CVE ID given has no year or ID", line, "50", "SC")
end
-- CVE Identifirs are made up of only integers and hyphens after the CVE- prefix
if not str:match("^%-[%d%-]*$") then
violation("only integers and hyphens are valid after CVE-", line, "43", "SC")
violation("CVE IDs only have integers and hyphens after the initial CVE", line, "50", "SC")
end
-- The value right after CVE- is the year which must always be 4 digits (YYYY)
if not str:match("^%-%d%d%d%d%-") then
violation("CVE identifiers have 4 digit year between the first and second hyphens", line, "44", "SC")
violation("CVE IDs have 4 digit year between the first and second hyphens", line, "50", "SC")
end
-- The last value of a CVE identifier is a collection of AT LEAST 4 digits
if not str:match("^%-.-%-%d%d%d%d+$") then
violation("CVE IDs are at least 4 digits", line, "45", "SC")
violation("CVE IDs are at least 4 digits", line, "50", "SC")
end
local _, n = str:gsub("%-", "")
-- There must be exactly 2 hyphens, as the string is CVE-YYYY-XXXX
if n ~= 2 then
violation("CVE identifiers must have exactly 2 hyphens", line, "46", "SC")
violation("CVE IDs must have exactly 2 hyphens", line, "50", "SC")
end
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment