@blamejs/exceptd-skills 0.12.11 → 0.12.13

package/lib/scoring.js

@@ -34,7 +34,62 @@ function score(cveId, catalog) {
   return entry.rwep_score;
 }
 
-function scoreCustom(factors) {
+/**
+ * E10: Validate an RWEP factor bag. Returns an array of warning strings
+ * for missing-but-defaultable fields and out-of-range values. Does NOT
+ * throw — operators wanting hard enforcement should treat a non-empty
+ * return as a failure themselves.
+ *
+ * Range expectations:
+ *   - cisa_kev, poc_available, ai_assisted_weapon, ai_discovered,
+ *     patch_available, live_patch_available, reboot_required: boolean
+ *     (or null, treated as false with a missing-field warning).
+ *   - active_exploitation: 'none' | 'unknown' | 'suspected' | 'confirmed'.
+ *   - blast_radius: integer in [0, 30] (clamped at the weight ceiling but
+ *     flagged when out-of-range — out-of-range usually means a unit error).
+ */
+function validateFactors(factors) {
+  const warnings = [];
+  if (!factors || typeof factors !== 'object') {
+    return ['factors: expected object, got ' + (factors === null ? 'null' : typeof factors)];
+  }
+  const boolFields = ['cisa_kev', 'poc_available', 'ai_assisted_weapon', 'ai_discovered',
+                      'patch_available', 'live_patch_available', 'reboot_required'];
+  for (const f of boolFields) {
+    if (factors[f] === undefined || factors[f] === null) {
+      warnings.push(`${f}: missing (treated as false; explicit value recommended)`);
+    } else if (typeof factors[f] !== 'boolean') {
+      warnings.push(`${f}: expected boolean, got ${typeof factors[f]} (${JSON.stringify(factors[f])})`);
+    }
+  }
+  const aeAllowed = ['none', 'unknown', 'suspected', 'confirmed'];
+  if (factors.active_exploitation === undefined || factors.active_exploitation === null) {
+    warnings.push("active_exploitation: missing (treated as 'none')");
+  } else if (!aeAllowed.includes(factors.active_exploitation)) {
+    warnings.push(`active_exploitation: expected one of ${aeAllowed.join(', ')}, got ${JSON.stringify(factors.active_exploitation)}`);
+  }
+  if (factors.blast_radius === undefined || factors.blast_radius === null) {
+    warnings.push('blast_radius: missing (treated as 0)');
+  } else if (typeof factors.blast_radius !== 'number' || Number.isNaN(factors.blast_radius)) {
+    warnings.push(`blast_radius: expected number, got ${typeof factors.blast_radius} (${JSON.stringify(factors.blast_radius)})`);
+  } else if (factors.blast_radius < 0 || factors.blast_radius > 30) {
+    warnings.push(`blast_radius: ${factors.blast_radius} out of expected range [0, 30] (clamped to weight ceiling, but the value usually indicates a unit-of-measure mistake)`);
+  }
+  return warnings;
+}
+
+/**
+ * scoreCustom — compute the RWEP for a factor bag. Returns a number
+ * (clamped to [0, 100]).
+ *
+ * Backward-compat note: this function has always returned a number;
+ * callers in lib/auto-discovery.js etc. rely on that. E10 surfaces
+ * warnings via the optional `opts.collectWarnings` flag — when true,
+ * scoreCustom returns `{ score, _scoring_warnings }` instead of a bare
+ * number. Operators wanting validation without the score can call
+ * `validateFactors(factors)` directly.
+ */
+function scoreCustom(factors, opts) {
   const {
     cisa_kev = false,
     poc_available = false,
@@ -45,7 +100,7 @@ function scoreCustom(factors) {
     patch_available = false,
     live_patch_available = false,
     reboot_required = false
-  } = factors;
+  } = factors || {};
 
   let score = 0;
   score += cisa_kev ? RWEP_WEIGHTS.cisa_kev : 0;
@@ -53,12 +108,20 @@ function scoreCustom(factors) {
   score += (ai_assisted_weapon || ai_discovered) ? RWEP_WEIGHTS.ai_factor : 0;
   score += active_exploitation === 'confirmed' ? RWEP_WEIGHTS.active_exploitation : 0;
   score += active_exploitation === 'suspected' ? Math.floor(RWEP_WEIGHTS.active_exploitation / 2) : 0;
-  score += Math.min(RWEP_WEIGHTS.blast_radius, blast_radius);
+  // Clamp blast_radius into the weight-ceiling band [0, RWEP_WEIGHTS.blast_radius]
+  // before adding. Out-of-range values still produce a clamped contribution but
+  // validateFactors() surfaces the anomaly so operators see the unit error.
+  const brClamped = Math.max(0, Math.min(RWEP_WEIGHTS.blast_radius, typeof blast_radius === 'number' ? blast_radius : 0));
+  score += brClamped;
   score += patch_available ? RWEP_WEIGHTS.patch_available : 0;
   score += live_patch_available ? RWEP_WEIGHTS.live_patch_available : 0;
   score += reboot_required ? RWEP_WEIGHTS.reboot_required : 0;
 
-  return Math.min(100, Math.max(0, score));
+  const clamped = Math.min(100, Math.max(0, score));
+  if (opts && opts.collectWarnings) {
+    return { score: clamped, _scoring_warnings: validateFactors(factors) };
+  }
+  return clamped;
 }
 
 function timeline(rwepScore) {
@@ -146,4 +209,4 @@ function validate(catalog) {
   return errors;
 }
 
-module.exports = { score, scoreCustom, timeline, compare, validate, RWEP_WEIGHTS };
+module.exports = { score, scoreCustom, timeline, compare, validate, validateFactors, RWEP_WEIGHTS };

package/lib/sign.js

@@ -8,6 +8,22 @@
  * which is gitignored. The public key at keys/public.pem is tracked and used
  * by lib/verify.js for signature verification.
  *
+ * Byte-stability contract (must mirror lib/verify.js):
+ *   Skill content is normalized BEFORE the bytes are signed:
+ *     1. Strip a UTF-8 BOM (U+FEFF) if present.
+ *     2. Convert CRLF line endings to LF.
+ *   The same normalization runs in lib/verify.js. A skill file checked
+ *   out with core.autocrlf=true on Windows therefore signs to the SAME
+ *   signature as the LF copy on Linux CI — closing the regression class
+ *   that broke v0.11.x signatures across the Windows/CI line-ending
+ *   boundary. ANY change to normalize() requires the matching change in
+ *   lib/verify.js; round-trip stability is a hard contract.
+ *
+ * Manifest entries are also validated before iteration: skill.path must
+ * begin with "skills/" and must not contain ".." or backslashes (see
+ * validateSkillPath() below). Without this a tampered manifest could
+ * sign or verify arbitrary files outside the skills/ tree.
+ *
  * Signing ceremony:
  *   1. node lib/sign.js generate-keypair    — generate keypair (one time, per deployment)
  *   2. node lib/sign.js sign-all            — sign all skills (after any content change)
@@ -80,10 +96,20 @@ function generateKeypair({ rotate = false } = {}) {
 /**
  * Sign all skills in manifest.json using the private key.
  * Updates manifest.json with Ed25519 signatures.
+ *
+ * Each manifest entry's `path` is validated through validateSkillPath()
+ * BEFORE the file is read — a tampered manifest with an out-of-tree
+ * path will reject the whole run.
  */
 function signAll() {
   const privateKey = loadPrivateKey();
   const manifest = loadManifest();
+  // Validate every entry's path before doing any I/O. Reject the whole
+  // manifest on the first traversal attempt — we never want to sign
+  // half a manifest then exit non-zero with a partial mutation.
+  for (const skill of manifest.skills) {
+    validateSkillPath(skill.path);
+  }
   let signed = 0;
   let errors = 0;
 
@@ -103,7 +129,16 @@ function signAll() {
   }
 
   fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2) + '\n', 'utf8');
-  console.log(`\n[sign] ${signed} skills signed. ${errors} errors.`);
+
+  // S5: verdict line FIRST, fingerprint banner after. An operator
+  // scrolling output should not be able to see "fingerprint: SHA256..."
+  // and assume success when errors > 0.
+  if (errors > 0) {
+    console.error(`\n[sign] FAILED — ${signed} signed, ${errors} errors.`);
+  } else {
+    console.log(`\n[sign] ${signed} skills signed.`);
+  }
+  printFingerprintBanner();
 
   if (errors > 0) process.exit(1);
 }
@@ -118,6 +153,7 @@ function signOne(skillName) {
   const skill = manifest.skills.find(s => s.name === skillName);
   if (!skill) { console.error(`Skill not found: ${skillName}`); process.exit(1); }
 
+  validateSkillPath(skill.path);
   const skillPath = path.join(ROOT, skill.path);
   const content = fs.readFileSync(skillPath, 'utf8');
   skill.signature = signContent(content, privateKey);
@@ -126,12 +162,69 @@ function signOne(skillName) {
 
   fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2) + '\n', 'utf8');
   console.log(`[sign] Signed: ${skillName}`);
+  printFingerprintBanner();
 }
 
 // --- helpers ---
 
+/**
+ * Normalize skill content for byte-stable signing.
+ *
+ * Strips a leading UTF-8 BOM (U+FEFF) if present, then converts CRLF
+ * line endings to LF. lib/verify.js applies the exact same transform.
+ *
+ * Without this, a Windows checkout with core.autocrlf=true reads a
+ * skill with \r\n while CI reads the same skill with \n — same bytes
+ * on disk in git, different bytes in the working tree, different
+ * signature. v0.11.x shipped 0/38 verifies for exactly this reason.
+ *
+ * @param {string} content
+ * @returns {string}
+ */
+function normalize(content) {
+  let s = content;
+  if (s.length > 0 && s.charCodeAt(0) === 0xFEFF) s = s.slice(1);
+  return s.replace(/\r\n/g, '\n');
+}
+
+/**
+ * Validate a manifest skill.path entry to prevent path traversal.
+ *
+ *   skill.path MUST be a string.
+ *   skill.path MUST start with "skills/".
+ *   skill.path MUST NOT contain "..".
+ *   skill.path MUST NOT contain backslashes (POSIX-style forward slashes
+ *     only — manifest paths are not platform-specific).
+ *
+ * A tampered manifest with "../../../etc/passwd" or
+ * "skills/foo/../../.keys/private.pem" is refused; the whole run
+ * aborts before any file I/O.
+ *
+ * @param {string} skillPath
+ * @returns {string}
+ */
+function validateSkillPath(skillPath) {
+  if (typeof skillPath !== 'string') {
+    throw new Error(`[sign] manifest skill.path must be a string, got ${typeof skillPath}`);
+  }
+  // Backslash check runs BEFORE the prefix check so a Windows-style
+  // path ("skills\foo\skill.md") returns the clearer "use forward
+  // slashes" diagnostic, not the misleading "must start with skills/".
+  if (skillPath.includes('\\')) {
+    throw new Error(`[sign] manifest skill.path must use forward slashes, not backslashes: ${JSON.stringify(skillPath)}`);
+  }
+  if (!skillPath.startsWith('skills/')) {
+    throw new Error(`[sign] manifest skill.path must start with 'skills/': ${JSON.stringify(skillPath)}`);
+  }
+  if (skillPath.includes('..')) {
+    throw new Error(`[sign] manifest skill.path must not contain '..': ${JSON.stringify(skillPath)}`);
+  }
+  return skillPath;
+}
+
 function signContent(content, privateKey) {
-  const signature = crypto.sign(null, Buffer.from(content, 'utf8'), {
+  const normalized = normalize(content);
+  const signature = crypto.sign(null, Buffer.from(normalized, 'utf8'), {
     key: privateKey,
     dsaEncoding: 'ieee-p1363'
   });
@@ -151,6 +244,22 @@ function loadManifest() {
   return JSON.parse(fs.readFileSync(MANIFEST_PATH, 'utf8'));
 }
 
+function printFingerprintBanner() {
+  if (!fs.existsSync(PUBLIC_KEY_PATH)) return;
+  try {
+    const pem = fs.readFileSync(PUBLIC_KEY_PATH, 'utf8');
+    const keyObj = crypto.createPublicKey(pem);
+    const der = keyObj.export({ type: 'spki', format: 'der' });
+    const sha256 = 'SHA256:' + crypto.createHash('sha256').update(der).digest('base64');
+    const sha3_512 = 'SHA3-512:' + crypto.createHash('sha3-512').update(der).digest('base64');
+    console.log(`[sign] Public key: keys/public.pem`);
+    console.log(`[sign] ${sha256}`);
+    console.log(`[sign] ${sha3_512}`);
+  } catch (_) {
+    // Best-effort banner — never let a fingerprint failure poison the run.
+  }
+}
+
 // --- CLI ---
 
 if (require.main === module) {
@@ -194,4 +303,4 @@ Signing ceremony (first time):
   }
 }
 
-module.exports = { generateKeypair, signAll, signOne };
+module.exports = { generateKeypair, signAll, signOne, normalize, validateSkillPath };

package/lib/validate-cve-catalog.js

@@ -31,6 +31,40 @@ const REPO_ROOT = path.resolve(__dirname, '..');
 const SCHEMA_PATH = path.join(REPO_ROOT, 'lib', 'schemas', 'cve-catalog.schema.json');
 const CATALOG_PATH = path.join(REPO_ROOT, 'data', 'cve-catalog.json');
 const LESSONS_PATH = path.join(REPO_ROOT, 'data', 'zeroday-lessons.json');
+const ATLAS_PATH = path.join(REPO_ROOT, 'data', 'atlas-ttps.json');
+const CWE_PATH = path.join(REPO_ROOT, 'data', 'cwe-catalog.json');
+
+// v0.12.12 — patterns that mark a verification_sources URL as a public exploit
+// or PoC location. When poc_available: true AND a verification source matches
+// one of these, the entry must carry an `iocs` block per AGENTS.md Hard Rule
+// #14. Surfaced as WARNING-only for v0.12.12 so drafts and pre-IoC entries
+// don't break patch-class compatibility; v0.13.0 will tighten to error.
+const PUBLIC_EXPLOIT_URL_PATTERNS = [
+  /github\.com\/.+\/(exploits?|poc|pocs)\b/i,
+  /\bexploit-?db\.com\b/i,
+  /\bpacketstormsecurity\.com\b/i,
+  /\bmetasploit\b/i,
+  /\/poc\//i,
+  /-poc\b/i,
+];
+
+// v0.12.12 — Tightened CVSS-vector prefix. Schema's existing pattern accepts
+// any "CVSS:<digits>/"; the strict pattern below admits only known CVSS
+// versions (2.0 / 3.0 / 3.1 / 4.0). Emitted as WARNING for v0.12.12; v0.13.0
+// will tighten the schema itself.
+const STRICT_CVSS_PATTERN = /^CVSS:(2\.0|3\.[01]|4\.0)\//;
+
+// v0.12.12 — Impossible-date guard. Reject obviously bogus year ranges
+// (typos like 1014 or 20262) without rejecting legitimate ISO dates.
+const MIN_VALID_YEAR = 1990;
+const MAX_VALID_YEAR = 2100;
+const DATE_FIELDS = [
+  'last_updated',
+  'source_verified',
+  'cisa_kev_date',
+  'cisa_kev_due_date',
+  'epss_date',
+];
 
 function parseArgs(argv) {
   const opts = { quiet: false };
@@ -162,17 +196,126 @@ function validate(value, schema, schemaName, pathStr) {
   return errors;
 }
 
+function looksLikePublicExploitSource(url) {
+  if (typeof url !== 'string') return false;
+  return PUBLIC_EXPLOIT_URL_PATTERNS.some((re) => re.test(url));
+}
+
+function isUsableDate(value) {
+  if (typeof value !== 'string' || !/^\d{4}-\d{2}-\d{2}$/.test(value)) {
+    return { ok: false, reason: 'not in YYYY-MM-DD shape' };
+  }
+  const d = new Date(value + 'T00:00:00Z');
+  if (Number.isNaN(d.getTime())) return { ok: false, reason: 'unparseable' };
+  const year = Number(value.slice(0, 4));
+  if (year < MIN_VALID_YEAR || year > MAX_VALID_YEAR) {
+    return {
+      ok: false,
+      reason: `year ${year} outside ${MIN_VALID_YEAR}..${MAX_VALID_YEAR}`,
+    };
+  }
+  return { ok: true };
+}
+
+function additionalChecks(key, entry, ctx) {
+  const warnings = [];
+
+  // V1 — Hard Rule #14 conditional: poc + public-exploit URL → iocs required.
+  if (entry.poc_available === true) {
+    const sources = Array.isArray(entry.verification_sources)
+      ? entry.verification_sources
+      : [];
+    const hasPublicExploitSource = sources.some(looksLikePublicExploitSource);
+    if (hasPublicExploitSource) {
+      const iocs = entry.iocs;
+      const iocsPopulated =
+        iocs && typeof iocs === 'object' && !Array.isArray(iocs) && Object.keys(iocs).length > 0;
+      if (!iocsPopulated) {
+        warnings.push(
+          `${key}: poc_available=true and verification_sources includes a public-exploit URL, but iocs is missing or empty (AGENTS.md Hard Rule #14)`,
+        );
+      }
+    }
+  }
+
+  // V2 — Cross-catalog reference resolution. Unresolved refs are warnings
+  // for v0.12.12; v0.13.0 will flip to hard failures.
+  for (const ref of entry.atlas_refs || []) {
+    if (!ctx.atlasKeys.has(ref)) {
+      warnings.push(
+        `${key}: atlas_refs entry "${ref}" not in data/atlas-ttps.json (will hard-fail in v0.13.0)`,
+      );
+    }
+  }
+  for (const ref of entry.cwe_refs || []) {
+    if (!ctx.cweKeys.has(ref)) {
+      warnings.push(
+        `${key}: cwe_refs entry "${ref}" not in data/cwe-catalog.json (will hard-fail in v0.13.0)`,
+      );
+    }
+  }
+
+  // V4 — Impossible-date guard.
+  for (const f of DATE_FIELDS) {
+    const v = entry[f];
+    if (v === undefined || v === null) continue;
+    const r = isUsableDate(v);
+    if (!r.ok) {
+      warnings.push(`${key}: ${f} value ${JSON.stringify(v)} is invalid (${r.reason})`);
+    }
+  }
+
+  // Sch1 — strict CVSS-vector prefix (warning-only for v0.12.12). The schema
+  // pattern stays loose; this admits only known CVSS versions.
+  if (typeof entry.cvss_vector === 'string' && entry.cvss_vector.length > 0) {
+    if (!STRICT_CVSS_PATTERN.test(entry.cvss_vector)) {
+      warnings.push(
+        `${key}: cvss_vector ${JSON.stringify(entry.cvss_vector)} does not match the strict prefix /^CVSS:(2.0|3.0|3.1|4.0)\\//. Schema tolerates this in v0.12.12; v0.13.0 will tighten the schema.`,
+      );
+    }
+  }
+
+  return warnings;
+}
+
 function main() {
   const opts = parseArgs(process.argv);
   const schema = readJson(SCHEMA_PATH);
   const catalog = readJson(CATALOG_PATH);
   const lessons = readJson(LESSONS_PATH);
+  const atlas = fs.existsSync(ATLAS_PATH) ? readJson(ATLAS_PATH) : {};
+  const cwe = fs.existsSync(CWE_PATH) ? readJson(CWE_PATH) : {};
+
+  const ctx = {
+    atlasKeys: new Set(Object.keys(atlas).filter((k) => !k.startsWith('_'))),
+    cweKeys: new Set(Object.keys(cwe).filter((k) => !k.startsWith('_'))),
+  };
 
   const cveKeys = Object.keys(catalog).filter((k) => !k.startsWith('_'));
   const lessonKeys = new Set(Object.keys(lessons).filter((k) => !k.startsWith('_')));
 
   let failed = 0;
   let drafts = 0;
+  let warned = 0;
+
+  // V3 — Duplicate-name detection across all non-_meta entries.
+  const nameToKeys = new Map();
+  for (const k of cveKeys) {
+    const n = catalog[k] && catalog[k].name;
+    if (typeof n === 'string' && n.length > 0) {
+      if (!nameToKeys.has(n)) nameToKeys.set(n, []);
+      nameToKeys.get(n).push(k);
+    }
+  }
+  const dupNameWarnings = [];
+  for (const [n, ks] of nameToKeys) {
+    if (ks.length > 1) {
+      dupNameWarnings.push(
+        `duplicate CVE name ${JSON.stringify(n)} across keys: ${ks.join(', ')}`,
+      );
+    }
+  }
+
   for (const key of cveKeys) {
     const entry = catalog[key];
     // v0.12.0: GHSA-imported drafts are flagged `_auto_imported: true` +
@@ -182,6 +325,7 @@ function main() {
     // `exceptd run cve-curation --advisory <id>`.
     const isDraft = entry && (entry._auto_imported === true || entry._draft === true);
     const errors = validate(entry, schema, 'cve', key);
+    const warnings = additionalChecks(key, entry, ctx);
     if (!lessonKeys.has(key) && !isDraft) {
       errors.push(
         `${key}: missing matching entry in data/zeroday-lessons.json (rule #6: zero-day learning is live)`,
@@ -192,16 +336,22 @@ function main() {
       if (!opts.quiet) {
         console.log(`DRAFT ${key} (auto-imported — needs editorial review)`);
         for (const e of errors) console.log(`        - [warn] ${e}`);
+        for (const w of warnings) console.log(`        - [warn] ${w}`);
       }
       // Drafts don't increment `failed` — they're warnings, not errors.
       continue;
     }
-    if (errors.length === 0) {
+    if (errors.length === 0 && warnings.length === 0) {
       if (!opts.quiet) console.log(`PASS  ${key}`);
+    } else if (errors.length === 0) {
+      warned++;
+      if (!opts.quiet) console.log(`WARN  ${key}`);
+      for (const w of warnings) console.log(`        - [warn] ${w}`);
     } else {
       failed++;
       console.log(`FAIL  ${key}`);
       for (const e of errors) console.log(`        - ${e}`);
+      for (const w of warnings) console.log(`        - [warn] ${w}`);
     }
   }
 
@@ -218,13 +368,31 @@ function main() {
     }
   }
 
+  // V3 — emit duplicate-name warnings as a catalog-wide tail block.
+  for (const w of dupNameWarnings) {
+    console.log(`WARN  catalog`);
+    console.log(`        - [warn] ${w}`);
+  }
+
   const total = cveKeys.length;
-  const passed = total - failed - drafts;
+  const passed = total - failed - drafts - warned;
   const summary = `\n${passed}/${total} CVE entries validated` +
     (drafts ? `, ${drafts} draft(s) (auto-imported)` : '') +
+    (warned ? `, ${warned} with warnings` : '') +
     (failed ? `, ${failed} failed` : '') + '.';
   console.log(summary);
   process.exit(failed === 0 ? 0 : 1);
 }
 
-main();
+module.exports = {
+  validate,
+  looksLikePublicExploitSource,
+  isUsableDate,
+  additionalChecks,
+  PUBLIC_EXPLOIT_URL_PATTERNS,
+  STRICT_CVSS_PATTERN,
+};
+
+if (require.main === module) {
+  main();
+}