| """ |
| Compliance framework mappings for security audit grading. |
| |
| Maps OWASP Top 10 categories and specific vulnerability types to compliance |
| controls across PCI-DSS 4.0, SOC 2, HIPAA Security Rule, and ISO 27001:2022. |
| |
| Sources: |
| - PCI-DSS v4.0 Requirements |
| - SOC 2 Trust Services Criteria |
| - HIPAA Security Rule (45 CFR 164.308-316) |
| - ISO 27001:2022 Annex A Controls |
| """ |
|
|
| from typing import Any, Dict, List |
|
|
|
|
| |
| |
| |
| COMPLIANCE_MAPPINGS: Dict[str, Dict[str, List[str]]] = { |
| "PCI-DSS": { |
| "A01:2021": ["PCI-DSS 6.5.8 — Improper Access Control"], |
| "A02:2021": [ |
| "PCI-DSS 4.1 — Strong Cryptography", |
| "PCI-DSS 6.5.3 — Insecure Cryptographic Storage", |
| ], |
| "A03:2021": ["PCI-DSS 6.5.1 — Injection Flaws"], |
| "A04:2021": ["PCI-DSS 6.5.5 — Improper Error Handling"], |
| "A05:2021": [ |
| "PCI-DSS 2.2 — Configuration Standards", |
| "PCI-DSS 6.5.10 — Broken Auth/Session", |
| ], |
| "A06:2021": ["PCI-DSS 6.2 — Security Patches"], |
| "A07:2021": [ |
| "PCI-DSS 8.2 — User Authentication", |
| "PCI-DSS 2.1 — Default Passwords", |
| ], |
| "A08:2021": ["PCI-DSS 6.3.1 — Known Vulnerabilities"], |
| "A09:2021": ["PCI-DSS 10.2 — Audit Trails"], |
| "A10:2021": ["PCI-DSS 6.5.9 — SSRF"], |
| }, |
| "SOC2": { |
| "A01:2021": ["CC6.1 — Logical Access Security", "CC6.3 — Role-Based Access"], |
| "A02:2021": [ |
| "CC6.7 — Restrict Data Transmission", |
| "C1.1 — Confidentiality Commitments", |
| ], |
| "A03:2021": [ |
| "CC6.1 — Logical Access Security", |
| "CC6.6 — System Boundaries", |
| ], |
| "A04:2021": [ |
| "CC8.1 — Change Management", |
| "PI1.1 — Processing Integrity", |
| ], |
| "A05:2021": [ |
| "CC6.6 — System Boundaries", |
| "CC7.1 — Detect Changes", |
| ], |
| "A06:2021": [ |
| "CC7.1 — Detect Changes", |
| "CC8.1 — Change Management", |
| ], |
| "A07:2021": [ |
| "CC6.1 — Logical Access Security", |
| "CC6.2 — Prior to Access", |
| ], |
| "A08:2021": [ |
| "CC7.1 — Detect Changes", |
| "CC8.1 — Change Management", |
| ], |
| "A09:2021": [ |
| "CC4.1 — Monitoring Activities", |
| "CC7.2 — System Monitoring", |
| ], |
| "A10:2021": [ |
| "CC6.6 — System Boundaries", |
| "CC6.1 — Logical Access Security", |
| ], |
| }, |
| "HIPAA": { |
| "A01:2021": [ |
| "§164.312(a)(1) — Access Control", |
| "§164.308(a)(4) — Information Access Management", |
| ], |
| "A02:2021": [ |
| "§164.312(a)(2)(iv) — Encryption and Decryption", |
| "§164.312(e)(1) — Transmission Security", |
| ], |
| "A03:2021": [ |
| "§164.312(a)(1) — Access Control", |
| "§164.308(a)(1) — Security Management Process", |
| ], |
| "A04:2021": [ |
| "§164.312(c)(1) — Integrity", |
| "§164.308(a)(1) — Security Management Process", |
| ], |
| "A05:2021": [ |
| "§164.312(a)(1) — Access Control", |
| "§164.308(a)(8) — Evaluation", |
| ], |
| "A06:2021": [ |
| "§164.308(a)(1) — Security Management Process", |
| "§164.308(a)(8) — Evaluation", |
| ], |
| "A07:2021": [ |
| "§164.312(d) — Person or Entity Authentication", |
| "§164.312(a)(2)(i) — Unique User Identification", |
| ], |
| "A08:2021": [ |
| "§164.308(a)(1) — Security Management Process", |
| ], |
| "A09:2021": [ |
| "§164.312(b) — Audit Controls", |
| "§164.308(a)(6) — Security Incident Procedures", |
| ], |
| "A10:2021": [ |
| "§164.312(a)(1) — Access Control", |
| "§164.312(e)(1) — Transmission Security", |
| ], |
| }, |
| "Generic": { |
| "A01:2021": ["Access Control"], |
| "A02:2021": ["Data Protection", "Encryption"], |
| "A03:2021": ["Input Validation", "Secure Coding"], |
| "A04:2021": ["Secure Design"], |
| "A05:2021": ["Configuration Management"], |
| "A06:2021": ["Patch Management"], |
| "A07:2021": ["Authentication", "Credential Management"], |
| "A08:2021": ["Software Composition Analysis"], |
| "A09:2021": ["Logging and Monitoring"], |
| "A10:2021": ["Network Security"], |
| }, |
| } |
|
|
|
|
| |
| |
| |
| VULN_TYPE_CONTROLS: Dict[str, Dict[str, List[str]]] = { |
| "sqli": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Injection Flaws", "PCI-DSS 6.5.1 — Injection Flaws"], |
| "SOC2": ["CC6.1 — Logical Access Security", "CC5.2 — Control Activities"], |
| "HIPAA": ["§164.312(a)(1) — Access Control", "§164.308(a)(1) — Security Management Process"], |
| "Generic": ["Input Validation", "Secure Coding"], |
| }, |
| "xss": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Data Attacks", "PCI-DSS 6.5.1 — Injection Flaws"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Input Validation", "Secure Coding"], |
| }, |
| "csrf": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Data Attacks"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Input Validation", "Secure Coding"], |
| }, |
| "broken_auth": { |
| "PCI-DSS": [ |
| "PCI-DSS 8.2 — User Authentication", |
| "PCI-DSS 8.3 — Strong Authentication", |
| "PCI-DSS 8.6 — System/Application Accounts", |
| ], |
| "SOC2": ["CC6.1 — Logical Access Security", "CC6.2 — Prior to Access"], |
| "HIPAA": ["§164.312(d) — Person or Entity Authentication"], |
| "Generic": ["Authentication", "Credential Management"], |
| }, |
| "broken_access_control": { |
| "PCI-DSS": ["PCI-DSS 6.5.8 — Improper Access Control", "PCI-DSS 6.2.4 — Access Control"], |
| "SOC2": ["CC6.1 — Logical Access Security", "CC6.3 — Role-Based Access"], |
| "HIPAA": ["§164.312(a)(1) — Access Control", "§164.308(a)(4) — Information Access Management"], |
| "Generic": ["Access Control"], |
| }, |
| "idor": { |
| "PCI-DSS": ["PCI-DSS 6.5.8 — Improper Access Control", "PCI-DSS 6.2.4 — Access Control"], |
| "SOC2": ["CC6.1 — Logical Access Security", "CC6.3 — Role-Based Access"], |
| "HIPAA": ["§164.312(a)(1) — Access Control", "§164.308(a)(4) — Information Access Management"], |
| "Generic": ["Access Control"], |
| }, |
| "security_misconfig": { |
| "PCI-DSS": ["PCI-DSS 2.2 — Configuration Standards", "PCI-DSS 6.2.4 — Misconfiguration"], |
| "SOC2": ["CC6.1 — Logical Access Security", "CC8.1 — Change Management"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Configuration Management"], |
| }, |
| "sensitive_data_exposure": { |
| "PCI-DSS": [ |
| "PCI-DSS 3.4 — Render PAN Unreadable", |
| "PCI-DSS 3.5 — Protect Encryption Keys", |
| "PCI-DSS 4.2 — Protect Data in Transit", |
| ], |
| "SOC2": ["CC6.1 — Logical Access Security", "CC6.7 — Restrict Data Transmission"], |
| "HIPAA": [ |
| "§164.312(e)(1) — Transmission Security", |
| "§164.312(a)(2)(iv) — Encryption and Decryption", |
| ], |
| "Generic": ["Data Protection", "Encryption"], |
| }, |
| "xxe": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Injection Flaws"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Input Validation", "Secure Coding"], |
| }, |
| "ssrf": { |
| "PCI-DSS": ["PCI-DSS 6.5.9 — SSRF", "PCI-DSS 6.2.4 — Injection Flaws"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Network Security", "Input Validation"], |
| }, |
| "command_injection": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Injection Flaws", "PCI-DSS 6.5.1 — Injection Flaws"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Input Validation", "Secure Coding"], |
| }, |
| "weak_crypto": { |
| "PCI-DSS": [ |
| "PCI-DSS 4.2 — Protect Data in Transit", |
| "PCI-DSS 6.2.4 — Cryptographic Failures", |
| ], |
| "SOC2": ["CC6.1 — Logical Access Security", "CC6.7 — Restrict Data Transmission"], |
| "HIPAA": ["§164.312(e)(1) — Transmission Security"], |
| "Generic": ["Data Protection", "Encryption"], |
| }, |
| "session_management": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Session Management", "PCI-DSS 6.5.10 — Broken Auth/Session"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(2)(iii) — Automatic Logoff"], |
| "Generic": ["Authentication", "Secure Coding"], |
| }, |
| "missing_headers": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Security Headers"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Configuration Management"], |
| }, |
| "file_upload": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Business Logic"], |
| "SOC2": ["CC6.8 — Prevent/Detect Unauthorized Software"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Input Validation", "Secure Coding"], |
| }, |
| "privilege_escalation": { |
| "PCI-DSS": ["PCI-DSS 6.5.8 — Improper Access Control", "PCI-DSS 6.2.4 — Access Control"], |
| "SOC2": ["CC6.1 — Logical Access Security", "CC6.3 — Role-Based Access"], |
| "HIPAA": ["§164.308(a)(4) — Information Access Management"], |
| "Generic": ["Access Control"], |
| }, |
| "default_credentials": { |
| "PCI-DSS": ["PCI-DSS 2.1 — Default Passwords", "PCI-DSS 8.6 — System/Application Accounts"], |
| "SOC2": ["CC6.1 — Logical Access Security", "CC6.2 — Prior to Access"], |
| "HIPAA": ["§164.312(d) — Person or Entity Authentication"], |
| "Generic": ["Authentication", "Credential Management"], |
| }, |
| "weak_credentials": { |
| "PCI-DSS": ["PCI-DSS 8.2 — User Authentication", "PCI-DSS 2.1 — Default Passwords"], |
| "SOC2": ["CC6.1 — Logical Access Security", "CC6.2 — Prior to Access"], |
| "HIPAA": ["§164.312(d) — Person or Entity Authentication"], |
| "Generic": ["Authentication", "Credential Management"], |
| }, |
| "ssti": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Injection Flaws"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Input Validation", "Secure Coding"], |
| }, |
| "insecure_deserialization": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Deserialization"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Input Validation", "Secure Coding"], |
| }, |
| "directory_traversal": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Injection Flaws"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Input Validation", "Access Control"], |
| }, |
| "info_disclosure": { |
| "PCI-DSS": ["PCI-DSS 6.5 — Information Exposure"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Configuration Management"], |
| }, |
| "insufficient_logging": { |
| "PCI-DSS": ["PCI-DSS 10.1 — Logging", "PCI-DSS 10.2 — Audit Trails"], |
| "SOC2": ["CC7.1 — Detect Changes", "CC7.2 — System Monitoring"], |
| "HIPAA": ["§164.312(b) — Audit Controls"], |
| "Generic": ["Logging and Monitoring"], |
| }, |
| "weak_tls": { |
| "PCI-DSS": ["PCI-DSS 4.2.1 — Strong Cryptography in Transit"], |
| "SOC2": ["CC6.7 — Restrict Data Transmission"], |
| "HIPAA": ["§164.312(e)(1) — Transmission Security"], |
| "Generic": ["Data Protection", "Encryption"], |
| }, |
| "cors_misconfig": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Cross-Origin Security"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Configuration Management"], |
| }, |
| "open_redirect": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Redirect Flaws"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Input Validation"], |
| }, |
| "clickjacking": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — UI Redressing"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Configuration Management"], |
| }, |
| "unpatched_software": { |
| "PCI-DSS": ["PCI-DSS 6.3.3 — Security Patches"], |
| "SOC2": ["CC7.1 — Detect Changes"], |
| "HIPAA": ["§164.308(a)(1) — Security Management Process"], |
| "Generic": ["Patch Management"], |
| }, |
| "vulnerable_component": { |
| "PCI-DSS": ["PCI-DSS 6.3.1 — Known Vulnerabilities"], |
| "SOC2": ["CC7.1 — Detect Changes", "CC8.1 — Change Management"], |
| "HIPAA": ["§164.308(a)(1) — Security Management Process"], |
| "Generic": ["Software Composition Analysis"], |
| }, |
| "missing_encryption": { |
| "PCI-DSS": [ |
| "PCI-DSS 4.1 — Strong Cryptography", |
| "PCI-DSS 6.5.3 — Insecure Cryptographic Storage", |
| ], |
| "SOC2": ["CC6.7 — Restrict Data Transmission", "C1.1 — Confidentiality Commitments"], |
| "HIPAA": [ |
| "§164.312(a)(2)(iv) — Encryption and Decryption", |
| "§164.312(e)(1) — Transmission Security", |
| ], |
| "Generic": ["Data Protection", "Encryption"], |
| }, |
| "missing_rate_limiting": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Business Logic"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Secure Design"], |
| }, |
| "business_logic": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Business Logic"], |
| "SOC2": ["CC8.1 — Change Management", "PI1.1 — Processing Integrity"], |
| "HIPAA": ["§164.312(c)(1) — Integrity"], |
| "Generic": ["Secure Design"], |
| }, |
| "network_segmentation": { |
| "PCI-DSS": ["PCI-DSS 11.4.5 — Network Segmentation Testing"], |
| "SOC2": ["CC6.6 — System Boundaries"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Network Security"], |
| }, |
| "email_security_misconfig": { |
| "PCI-DSS": ["PCI-DSS 2.2 — Configuration Standards"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Configuration Management"], |
| }, |
| "bola": { |
| "PCI-DSS": ["PCI-DSS 6.5.8 — Improper Access Control"], |
| "SOC2": ["CC6.1 — Logical Access Security", "CC6.3 — Role-Based Access"], |
| "HIPAA": ["§164.312(a)(1) — Access Control", "§164.308(a)(4) — Information Access Management"], |
| "Generic": ["Access Control"], |
| }, |
| "stored_xss": { |
| "PCI-DSS": ["PCI-DSS 6.2.4 — Data Attacks", "PCI-DSS 6.5.1 — Injection Flaws"], |
| "SOC2": ["CC6.1 — Logical Access Security"], |
| "HIPAA": ["§164.312(a)(1) — Access Control"], |
| "Generic": ["Input Validation", "Secure Coding"], |
| }, |
| "crypto_failures": { |
| "PCI-DSS": [ |
| "PCI-DSS 4.1 — Strong Cryptography", |
| "PCI-DSS 6.5.3 — Insecure Cryptographic Storage", |
| ], |
| "SOC2": ["CC6.7 — Restrict Data Transmission", "C1.1 — Confidentiality Commitments"], |
| "HIPAA": [ |
| "§164.312(a)(2)(iv) — Encryption and Decryption", |
| "§164.312(e)(1) — Transmission Security", |
| ], |
| "Generic": ["Data Protection", "Encryption"], |
| }, |
| } |
|
|
|
|
| |
| |
| |
| _FRAMEWORK_KEYWORDS: Dict[str, str] = { |
| "PCI-DSS": "PCI-DSS", |
| "pci": "PCI-DSS", |
| "SOC2": "SOC2", |
| "SOC 2": "SOC2", |
| "soc2": "SOC2", |
| "HIPAA": "HIPAA", |
| "hipaa": "HIPAA", |
| } |
|
|
|
|
| |
| |
| |
|
|
|
|
| def get_framework_mappings(framework: str) -> Dict[str, List[str]]: |
| """Return OWASP category -> controls mapping for *framework*. |
| |
| Falls back to ``"Generic"`` if the framework is not recognized. |
| """ |
| return COMPLIANCE_MAPPINGS.get(framework, COMPLIANCE_MAPPINGS["Generic"]) |
|
|
|
|
| def get_controls_for_vuln(vuln_type_id: str, framework: str) -> List[str]: |
| """Return compliance controls that apply to *vuln_type_id* under *framework*. |
| |
| Returns an empty list when there is no mapping for the given combination. |
| The *vuln_type_id* is matched case-insensitively and with spaces/hyphens |
| normalised to underscores so callers can pass e.g. ``"SQL Injection"`` |
| or ``"sqli"`` interchangeably. |
| """ |
| key = _normalize_vuln_id(vuln_type_id) |
| entry = VULN_TYPE_CONTROLS.get(key, {}) |
| return entry.get(framework, entry.get("Generic", [])) |
|
|
|
|
| def detect_framework(scenario: Dict[str, Any]) -> str: |
| """Detect compliance framework from scenario metadata. |
| |
| Inspects the ``compliance_context`` field of *scenario* and returns the |
| first matching framework name (``"PCI-DSS"``, ``"SOC2"``, ``"HIPAA"``). |
| Returns ``"Generic"`` when no keyword matches. |
| """ |
| ctx = scenario.get("compliance_context", "") |
| for keyword, framework in _FRAMEWORK_KEYWORDS.items(): |
| if keyword.lower() in ctx.lower(): |
| return framework |
| return "Generic" |
|
|
|
|
| def get_all_frameworks() -> List[str]: |
| """Return all supported compliance framework names.""" |
| return ["PCI-DSS", "SOC2", "HIPAA", "Generic"] |
|
|
|
|
| |
| |
| |
|
|
| |
| |
| _VULN_ID_ALIASES: Dict[str, str] = { |
| "sql_injection": "sqli", |
| "sql injection": "sqli", |
| "cross_site_scripting": "xss", |
| "reflected_xss": "xss", |
| "stored xss": "stored_xss", |
| "cross_site_request_forgery": "csrf", |
| "broken_authentication": "broken_auth", |
| "broken authentication": "broken_auth", |
| "broken_access_control": "broken_access_control", |
| "broken access control": "broken_access_control", |
| "broken access control (idor)": "idor", |
| "broken access control (bola)": "bola", |
| "security_misconfiguration": "security_misconfig", |
| "security misconfiguration": "security_misconfig", |
| "sensitive_data_exposure": "sensitive_data_exposure", |
| "sensitive data exposure": "sensitive_data_exposure", |
| "xml_external_entities": "xxe", |
| "server_side_request_forgery": "ssrf", |
| "server-side request forgery (ssrf)": "ssrf", |
| "server_side_template_injection": "ssti", |
| "server-side template injection (ssti)": "ssti", |
| "command_injection": "command_injection", |
| "weak_cryptography": "weak_crypto", |
| "cryptographic failures": "crypto_failures", |
| "cryptographic_failures": "crypto_failures", |
| "session_management_flaws": "session_management", |
| "missing_security_headers": "missing_headers", |
| "file_upload_vulnerabilities": "file_upload", |
| "unrestricted file upload": "file_upload", |
| "unrestricted_file_upload": "file_upload", |
| "privilege_escalation": "privilege_escalation", |
| "default_credentials": "default_credentials", |
| "weak_credentials": "weak_credentials", |
| "weak credentials": "weak_credentials", |
| "insecure_deserialization": "insecure_deserialization", |
| "directory_traversal": "directory_traversal", |
| "information_disclosure": "info_disclosure", |
| "insufficient_logging": "insufficient_logging", |
| "weak_tls": "weak_tls", |
| "weak_tls_ssl": "weak_tls", |
| "cors_misconfiguration": "cors_misconfig", |
| "open_redirect": "open_redirect", |
| "clickjacking": "clickjacking", |
| "unpatched_software": "unpatched_software", |
| "vulnerable_component": "vulnerable_component", |
| "vulnerable component": "vulnerable_component", |
| "missing_encryption": "missing_encryption", |
| "missing encryption": "missing_encryption", |
| "missing_rate_limiting": "missing_rate_limiting", |
| "missing rate limiting": "missing_rate_limiting", |
| "business_logic_flaw": "business_logic", |
| "business logic flaw": "business_logic", |
| "network_segmentation_failure": "network_segmentation", |
| "email_security_misconfiguration": "email_security_misconfig", |
| "email security misconfiguration": "email_security_misconfig", |
| } |
|
|
|
|
| def _normalize_vuln_id(raw: str) -> str: |
| """Normalize a vulnerability type string to a canonical key. |
| |
| Lowercases, replaces hyphens and spaces with underscores, then looks up |
| the alias table. Returns the canonical key if found, otherwise the |
| normalised string itself (allowing direct matches against |
| ``VULN_TYPE_CONTROLS``). |
| """ |
| lowered = raw.strip().lower() |
| |
| if lowered in VULN_TYPE_CONTROLS: |
| return lowered |
|
|
| |
| if lowered in _VULN_ID_ALIASES: |
| return _VULN_ID_ALIASES[lowered] |
|
|
| |
| normalised = lowered.replace("-", "_").replace(" ", "_") |
| if normalised in VULN_TYPE_CONTROLS: |
| return normalised |
| return _VULN_ID_ALIASES.get(normalised, normalised) |
|
|