@blamejs/exceptd-skills 0.12.10 → 0.12.13

package/lib/schemas/manifest.schema.json

@@ -82,6 +82,22 @@
           "type": "array",
           "items": { "type": "string", "minLength": 1 }
         },
+        "rfc_refs": {
+          "type": "array",
+          "items": { "type": "string", "minLength": 1 }
+        },
+        "cwe_refs": {
+          "type": "array",
+          "items": { "type": "string", "minLength": 1 }
+        },
+        "d3fend_refs": {
+          "type": "array",
+          "items": { "type": "string", "minLength": 1 }
+        },
+        "dlp_refs": {
+          "type": "array",
+          "items": { "type": "string", "minLength": 1 }
+        },
         "last_threat_review": {
           "type": "string",
           "pattern": "^[0-9]{4}-[0-9]{2}-[0-9]{2}$"

package/lib/scoring.js

@@ -34,7 +34,62 @@ function score(cveId, catalog) {
   return entry.rwep_score;
 }
 
-function scoreCustom(factors) {
+/**
+ * E10: Validate an RWEP factor bag. Returns an array of warning strings
+ * for missing-but-defaultable fields and out-of-range values. Does NOT
+ * throw — operators wanting hard enforcement should treat a non-empty
+ * return as a failure themselves.
+ *
+ * Range expectations:
+ *   - cisa_kev, poc_available, ai_assisted_weapon, ai_discovered,
+ *     patch_available, live_patch_available, reboot_required: boolean
+ *     (or null, treated as false with a missing-field warning).
+ *   - active_exploitation: 'none' | 'unknown' | 'suspected' | 'confirmed'.
+ *   - blast_radius: integer in [0, 30] (clamped at the weight ceiling but
+ *     flagged when out-of-range — out-of-range usually means a unit error).
+ */
+function validateFactors(factors) {
+  const warnings = [];
+  if (!factors || typeof factors !== 'object') {
+    return ['factors: expected object, got ' + (factors === null ? 'null' : typeof factors)];
+  }
+  const boolFields = ['cisa_kev', 'poc_available', 'ai_assisted_weapon', 'ai_discovered',
+                      'patch_available', 'live_patch_available', 'reboot_required'];
+  for (const f of boolFields) {
+    if (factors[f] === undefined || factors[f] === null) {
+      warnings.push(`${f}: missing (treated as false; explicit value recommended)`);
+    } else if (typeof factors[f] !== 'boolean') {
+      warnings.push(`${f}: expected boolean, got ${typeof factors[f]} (${JSON.stringify(factors[f])})`);
+    }
+  }
+  const aeAllowed = ['none', 'unknown', 'suspected', 'confirmed'];
+  if (factors.active_exploitation === undefined || factors.active_exploitation === null) {
+    warnings.push("active_exploitation: missing (treated as 'none')");
+  } else if (!aeAllowed.includes(factors.active_exploitation)) {
+    warnings.push(`active_exploitation: expected one of ${aeAllowed.join(', ')}, got ${JSON.stringify(factors.active_exploitation)}`);
+  }
+  if (factors.blast_radius === undefined || factors.blast_radius === null) {
+    warnings.push('blast_radius: missing (treated as 0)');
+  } else if (typeof factors.blast_radius !== 'number' || Number.isNaN(factors.blast_radius)) {
+    warnings.push(`blast_radius: expected number, got ${typeof factors.blast_radius} (${JSON.stringify(factors.blast_radius)})`);
+  } else if (factors.blast_radius < 0 || factors.blast_radius > 30) {
+    warnings.push(`blast_radius: ${factors.blast_radius} out of expected range [0, 30] (clamped to weight ceiling, but the value usually indicates a unit-of-measure mistake)`);
+  }
+  return warnings;
+}
+
+/**
+ * scoreCustom — compute the RWEP for a factor bag. Returns a number
+ * (clamped to [0, 100]).
+ *
+ * Backward-compat note: this function has always returned a number;
+ * callers in lib/auto-discovery.js etc. rely on that. E10 surfaces
+ * warnings via the optional `opts.collectWarnings` flag — when true,
+ * scoreCustom returns `{ score, _scoring_warnings }` instead of a bare
+ * number. Operators wanting validation without the score can call
+ * `validateFactors(factors)` directly.
+ */
+function scoreCustom(factors, opts) {
   const {
     cisa_kev = false,
     poc_available = false,
@@ -45,7 +100,7 @@ function scoreCustom(factors) {
     patch_available = false,
     live_patch_available = false,
     reboot_required = false
-  } = factors;
+  } = factors || {};
 
   let score = 0;
   score += cisa_kev ? RWEP_WEIGHTS.cisa_kev : 0;
@@ -53,12 +108,20 @@ function scoreCustom(factors) {
   score += (ai_assisted_weapon || ai_discovered) ? RWEP_WEIGHTS.ai_factor : 0;
   score += active_exploitation === 'confirmed' ? RWEP_WEIGHTS.active_exploitation : 0;
   score += active_exploitation === 'suspected' ? Math.floor(RWEP_WEIGHTS.active_exploitation / 2) : 0;
-  score += Math.min(RWEP_WEIGHTS.blast_radius, blast_radius);
+  // Clamp blast_radius into the weight-ceiling band [0, RWEP_WEIGHTS.blast_radius]
+  // before adding. Out-of-range values still produce a clamped contribution but
+  // validateFactors() surfaces the anomaly so operators see the unit error.
+  const brClamped = Math.max(0, Math.min(RWEP_WEIGHTS.blast_radius, typeof blast_radius === 'number' ? blast_radius : 0));
+  score += brClamped;
   score += patch_available ? RWEP_WEIGHTS.patch_available : 0;
   score += live_patch_available ? RWEP_WEIGHTS.live_patch_available : 0;
   score += reboot_required ? RWEP_WEIGHTS.reboot_required : 0;
 
-  return Math.min(100, Math.max(0, score));
+  const clamped = Math.min(100, Math.max(0, score));
+  if (opts && opts.collectWarnings) {
+    return { score: clamped, _scoring_warnings: validateFactors(factors) };
+  }
+  return clamped;
 }
 
 function timeline(rwepScore) {
@@ -146,4 +209,4 @@ function validate(catalog) {
   return errors;
 }
 
-module.exports = { score, scoreCustom, timeline, compare, validate, RWEP_WEIGHTS };
+module.exports = { score, scoreCustom, timeline, compare, validate, validateFactors, RWEP_WEIGHTS };

package/lib/sign.js

@@ -8,6 +8,22 @@
  * which is gitignored. The public key at keys/public.pem is tracked and used
  * by lib/verify.js for signature verification.
  *
+ * Byte-stability contract (must mirror lib/verify.js):
+ *   Skill content is normalized BEFORE the bytes are signed:
+ *     1. Strip a UTF-8 BOM (U+FEFF) if present.
+ *     2. Convert CRLF line endings to LF.
+ *   The same normalization runs in lib/verify.js. A skill file checked
+ *   out with core.autocrlf=true on Windows therefore signs to the SAME
+ *   signature as the LF copy on Linux CI — closing the regression class
+ *   that broke v0.11.x signatures across the Windows/CI line-ending
+ *   boundary. ANY change to normalize() requires the matching change in
+ *   lib/verify.js; round-trip stability is a hard contract.
+ *
+ * Manifest entries are also validated before iteration: skill.path must
+ * begin with "skills/" and must not contain ".." or backslashes (see
+ * validateSkillPath() below). Without this a tampered manifest could
+ * sign or verify arbitrary files outside the skills/ tree.
+ *
  * Signing ceremony:
  *   1. node lib/sign.js generate-keypair    — generate keypair (one time, per deployment)
  *   2. node lib/sign.js sign-all            — sign all skills (after any content change)
@@ -80,10 +96,20 @@ function generateKeypair({ rotate = false } = {}) {
 /**
  * Sign all skills in manifest.json using the private key.
  * Updates manifest.json with Ed25519 signatures.
+ *
+ * Each manifest entry's `path` is validated through validateSkillPath()
+ * BEFORE the file is read — a tampered manifest with an out-of-tree
+ * path will reject the whole run.
  */
 function signAll() {
   const privateKey = loadPrivateKey();
   const manifest = loadManifest();
+  // Validate every entry's path before doing any I/O. Reject the whole
+  // manifest on the first traversal attempt — we never want to sign
+  // half a manifest then exit non-zero with a partial mutation.
+  for (const skill of manifest.skills) {
+    validateSkillPath(skill.path);
+  }
   let signed = 0;
   let errors = 0;
 
@@ -103,7 +129,16 @@ function signAll() {
   }
 
   fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2) + '\n', 'utf8');
-  console.log(`\n[sign] ${signed} skills signed. ${errors} errors.`);
+
+  // S5: verdict line FIRST, fingerprint banner after. An operator
+  // scrolling output should not be able to see "fingerprint: SHA256..."
+  // and assume success when errors > 0.
+  if (errors > 0) {
+    console.error(`\n[sign] FAILED — ${signed} signed, ${errors} errors.`);
+  } else {
+    console.log(`\n[sign] ${signed} skills signed.`);
+  }
+  printFingerprintBanner();
 
   if (errors > 0) process.exit(1);
 }
@@ -118,6 +153,7 @@ function signOne(skillName) {
   const skill = manifest.skills.find(s => s.name === skillName);
   if (!skill) { console.error(`Skill not found: ${skillName}`); process.exit(1); }
 
+  validateSkillPath(skill.path);
   const skillPath = path.join(ROOT, skill.path);
   const content = fs.readFileSync(skillPath, 'utf8');
   skill.signature = signContent(content, privateKey);
@@ -126,12 +162,69 @@ function signOne(skillName) {
 
   fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2) + '\n', 'utf8');
   console.log(`[sign] Signed: ${skillName}`);
+  printFingerprintBanner();
 }
 
 // --- helpers ---
 
+/**
+ * Normalize skill content for byte-stable signing.
+ *
+ * Strips a leading UTF-8 BOM (U+FEFF) if present, then converts CRLF
+ * line endings to LF. lib/verify.js applies the exact same transform.
+ *
+ * Without this, a Windows checkout with core.autocrlf=true reads a
+ * skill with \r\n while CI reads the same skill with \n — same bytes
+ * on disk in git, different bytes in the working tree, different
+ * signature. v0.11.x shipped 0/38 verifies for exactly this reason.
+ *
+ * @param {string} content
+ * @returns {string}
+ */
+function normalize(content) {
+  let s = content;
+  if (s.length > 0 && s.charCodeAt(0) === 0xFEFF) s = s.slice(1);
+  return s.replace(/\r\n/g, '\n');
+}
+
+/**
+ * Validate a manifest skill.path entry to prevent path traversal.
+ *
+ *   skill.path MUST be a string.
+ *   skill.path MUST start with "skills/".
+ *   skill.path MUST NOT contain "..".
+ *   skill.path MUST NOT contain backslashes (POSIX-style forward slashes
+ *     only — manifest paths are not platform-specific).
+ *
+ * A tampered manifest with "../../../etc/passwd" or
+ * "skills/foo/../../.keys/private.pem" is refused; the whole run
+ * aborts before any file I/O.
+ *
+ * @param {string} skillPath
+ * @returns {string}
+ */
+function validateSkillPath(skillPath) {
+  if (typeof skillPath !== 'string') {
+    throw new Error(`[sign] manifest skill.path must be a string, got ${typeof skillPath}`);
+  }
+  // Backslash check runs BEFORE the prefix check so a Windows-style
+  // path ("skills\foo\skill.md") returns the clearer "use forward
+  // slashes" diagnostic, not the misleading "must start with skills/".
+  if (skillPath.includes('\\')) {
+    throw new Error(`[sign] manifest skill.path must use forward slashes, not backslashes: ${JSON.stringify(skillPath)}`);
+  }
+  if (!skillPath.startsWith('skills/')) {
+    throw new Error(`[sign] manifest skill.path must start with 'skills/': ${JSON.stringify(skillPath)}`);
+  }
+  if (skillPath.includes('..')) {
+    throw new Error(`[sign] manifest skill.path must not contain '..': ${JSON.stringify(skillPath)}`);
+  }
+  return skillPath;
+}
+
 function signContent(content, privateKey) {
-  const signature = crypto.sign(null, Buffer.from(content, 'utf8'), {
+  const normalized = normalize(content);
+  const signature = crypto.sign(null, Buffer.from(normalized, 'utf8'), {
     key: privateKey,
     dsaEncoding: 'ieee-p1363'
   });
@@ -151,6 +244,22 @@ function loadManifest() {
   return JSON.parse(fs.readFileSync(MANIFEST_PATH, 'utf8'));
 }
 
+function printFingerprintBanner() {
+  if (!fs.existsSync(PUBLIC_KEY_PATH)) return;
+  try {
+    const pem = fs.readFileSync(PUBLIC_KEY_PATH, 'utf8');
+    const keyObj = crypto.createPublicKey(pem);
+    const der = keyObj.export({ type: 'spki', format: 'der' });
+    const sha256 = 'SHA256:' + crypto.createHash('sha256').update(der).digest('base64');
+    const sha3_512 = 'SHA3-512:' + crypto.createHash('sha3-512').update(der).digest('base64');
+    console.log(`[sign] Public key: keys/public.pem`);
+    console.log(`[sign] ${sha256}`);
+    console.log(`[sign] ${sha3_512}`);
+  } catch (_) {
+    // Best-effort banner — never let a fingerprint failure poison the run.
+  }
+}
+
 // --- CLI ---
 
 if (require.main === module) {
@@ -194,4 +303,4 @@ Signing ceremony (first time):
   }
 }
 
-module.exports = { generateKeypair, signAll, signOne };
+module.exports = { generateKeypair, signAll, signOne, normalize, validateSkillPath };

package/lib/source-ghsa.js

@@ -119,7 +119,13 @@ async function fetchAdvisoryById(id, opts = {}) {
   if (/^CVE-\d{4}-\d+$/i.test(id)) {
     return fetchAdvisories({ ...opts, path: `/advisories?cve_id=${encodeURIComponent(id.toUpperCase())}` });
   }
-  return { ok: false, error: `unrecognized id format (expected CVE-YYYY-NNNN or GHSA-*): ${id}`, source: "offline" };
+  // v0.12.11: widen the error to enumerate OSV-native prefixes — operators
+  // running `exceptd refresh --advisory FOO-BAR` previously got an error
+  // mentioning only CVE / GHSA, even though MAL-*, SNYK-*, RUSTSEC-*,
+  // USN-*, PYSEC-*, GO-*, MGASA-*, UVI- are also valid id shapes routed
+  // through source-osv. The hint here mirrors lib/refresh-external.js
+  // seedSingleAdvisory's documented acceptance set.
+  return { ok: false, error: `unrecognized id format: ${id}. Expected one of: CVE-YYYY-NNNN, GHSA-* (routed through source-ghsa); MAL-* / SNYK-* / RUSTSEC-* / USN-* / PYSEC-* / GO-* / MGASA-* / UVI- (routed through source-osv).`, source: "offline" };
 }
 
 /**