♻️ Enforce specified ordering

superbuggy · superbuggy · commit 19fdcf86e807 · 2024-09-10T08:45:42.000-04:00
diff --git a/cvss40.js b/cvss40.js
@@ -396,12 +396,15 @@ class Vector {
             return lookup;
         }, {});
 
+        const metricsEntries = Object.entries(metricsLookup);
+
         const requiredMetrics = Object.keys(Vector.METRICS.BASE);
 
         if (!requiredMetrics.every(metricType => metricType in metricsLookup)) {
             throw new Error(`Invalid CVSS v4.0 vector: Missing required metrics in \`${vector}\``);
         }
 
+
         if (metrics.length > Object.keys(metricsLookup).length) {
             throw new Error(`Invalid CVSS v4.0 vector: Duplicated metric types in \`${vector}\``);
         }
@@ -413,9 +416,9 @@ class Vector {
             throw new Error(`Invalid CVSS v4.0 vector: Unknown/excessive metric types in \`${vector}\``);
         }
 
-        for (let [metricType, metricValue] of Object.entries(metricsLookup)) {
+        for (let [metricType, metricValue] of metricsEntries) {
 
-            if (!metricType in Vector.ALL_METRICS) {
+            if ( !(metricType in Vector.ALL_METRICS) ) {
                 throw new Error(`Invalid CVSS v4.0 vector: Unknown metric \`${metricType}\` in \`${vector}\``);
             }
 
@@ -425,6 +428,11 @@ class Vector {
             }
         }
 
+        const utilizedMetricTypes = Object.keys(Vector.ALL_METRICS).filter(metricType => metricType in metricsLookup);
+        if (metricsEntries.some(([metricType], index) => utilizedMetricTypes[index] !== metricType)) {
+            throw new Error(`Invalid CVSS v4.0 vector: Metrics are in wrong order \`${vector}\``);
+        }
+
         return true;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -396,12 +396,15 @@ class Vector {`
`396`	`396`	`return lookup;`
`397`	`397`	`}, {});`
`398`	`398`
	`399`	`+ const metricsEntries = Object.entries(metricsLookup);`
	`400`	`+`
`399`	`401`	`const requiredMetrics = Object.keys(Vector.METRICS.BASE);`
`400`	`402`
`401`	`403`	`if (!requiredMetrics.every(metricType => metricType in metricsLookup)) {`
`402`	`404`	throw new Error(`Invalid CVSS v4.0 vector: Missing required metrics in \`${vector}\``);
`403`	`405`	`}`
`404`	`406`
	`407`	`+`
`405`	`408`	`if (metrics.length > Object.keys(metricsLookup).length) {`
`406`	`409`	throw new Error(`Invalid CVSS v4.0 vector: Duplicated metric types in \`${vector}\``);
`407`	`410`	`}`
`@@ -413,9 +416,9 @@ class Vector {`
`413`	`416`	throw new Error(`Invalid CVSS v4.0 vector: Unknown/excessive metric types in \`${vector}\``);
`414`	`417`	`}`
`415`	`418`
`416`		`- for (let [metricType, metricValue] of Object.entries(metricsLookup)) {`
	`419`	`+ for (let [metricType, metricValue] of metricsEntries) {`
`417`	`420`
`418`		`- if (!metricType in Vector.ALL_METRICS) {`
	`421`	`+ if ( !(metricType in Vector.ALL_METRICS) ) {`
`419`	`422`	throw new Error(`Invalid CVSS v4.0 vector: Unknown metric \`${metricType}\` in \`${vector}\``);
`420`	`423`	`}`
`421`	`424`
`@@ -425,6 +428,11 @@ class Vector {`
`425`	`428`	`}`
`426`	`429`	`}`
`427`	`430`
	`431`	`+ const utilizedMetricTypes = Object.keys(Vector.ALL_METRICS).filter(metricType => metricType in metricsLookup);`
	`432`	`+ if (metricsEntries.some(([metricType], index) => utilizedMetricTypes[index] !== metricType)) {`
	`433`	+ throw new Error(`Invalid CVSS v4.0 vector: Metrics are in wrong order \`${vector}\``);
	`434`	`+ }`
	`435`	`+`
`428`	`436`	`return true;`
`429`	`437`	`}`
`430`	`438`