npm - @blamejs/blamejs-shop - Versions diffs - 0.4.30 → 0.4.32 - Mend

@blamejs/blamejs-shop 0.4.30 → 0.4.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (338) hide show

package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js CHANGED Viewed

@@ -255,6 +255,221 @@ function testV0882NewPostures() {
         euP.indexOf("dsa") !== -1 && euP.indexOf("dga") !== -1 && euP.indexOf("eu-cer") !== -1);
 }
+// ---- Seal-envelope floor (POSTURE_DEFAULTS data + registerTable gate) ----
+function testSealEnvelopeFloorData() {
+  check("postureDefault(hipaa, sealEnvelopeFloor) === 'aad'",
+        b.compliance.postureDefault("hipaa", "sealEnvelopeFloor") === "aad");
+  check("postureDefault(pci-dss, sealEnvelopeFloor) === 'aad'",
+        b.compliance.postureDefault("pci-dss", "sealEnvelopeFloor") === "aad");
+  // Absent on non-regulated / unfloored postures → null (back-compat).
+  check("postureDefault(gdpr, sealEnvelopeFloor) === null",
+        b.compliance.postureDefault("gdpr", "sealEnvelopeFloor") === null);
+  check("postureDefault(soc2, sealEnvelopeFloor) === null",
+        b.compliance.postureDefault("soc2", "sealEnvelopeFloor") === null);
+  check("postureDefault(dora, sealEnvelopeFloor) === null",
+        b.compliance.postureDefault("dora", "sealEnvelopeFloor") === null);
+}
+function testRegisterTableFloorBackCompatUnpinned() {
+  // No posture pinned: a plain sealed table registers exactly as before.
+  _resetState();
+  b.cryptoField.clearForTest();
+  var threw = null;
+  try {
+    b.cryptoField.registerTable("ct_floor_unpinned", { sealedFields: ["x"] });
+  } catch (e) { threw = e; }
+  check("plain sealed table registers under no posture (back-compat)",
+        threw === null);
+  b.cryptoField.clearForTest();
+}
+function testRegisterTableFloorThrowsUnderHipaa() {
+  _resetState();
+  b.cryptoField.clearForTest();
+  b.compliance.set("hipaa");
+  var threw = null;
+  try {
+    b.cryptoField.registerTable("ct_floor_hipaa_plain", { sealedFields: ["ssn"] });
+  } catch (e) { threw = e; }
+  check("plain sealed table under hipaa throws seal-envelope-below-floor",
+        threw && threw.code === "crypto-field/seal-envelope-below-floor");
+  b.cryptoField.clearForTest();
+  _resetState();
+}
+function testRegisterTableFloorAadSatisfiesHipaa() {
+  _resetState();
+  b.cryptoField.clearForTest();
+  b.compliance.set("hipaa");
+  var threw = null;
+  try {
+    b.cryptoField.registerTable("ct_floor_hipaa_aad",
+      { sealedFields: ["ssn"], aad: true, rowIdField: "id" });
+  } catch (e) { threw = e; }
+  check("aad-bound sealed table satisfies hipaa floor (no throw)",
+        threw === null);
+  b.cryptoField.clearForTest();
+  _resetState();
+}
+function testRegisterTableFloorNoSealedFieldsPasses() {
+  _resetState();
+  b.cryptoField.clearForTest();
+  b.compliance.set("pci-dss");
+  var threw = null;
+  try {
+    // No sealed columns → no envelope to gate.
+    b.cryptoField.registerTable("ct_floor_pci_nosealed", { sealedFields: [] });
+  } catch (e) { threw = e; }
+  check("table with no sealed fields passes under pci-dss floor",
+        threw === null);
+  b.cryptoField.clearForTest();
+  _resetState();
+}
+function testRegisterTableFloorPerRowKeySatisfies() {
+  _resetState();
+  b.cryptoField.clearForTest();
+  b.compliance.set("hipaa");
+  // declarePerRowKey before registerTable: the table's declared envelope
+  // is per-row-key, which is ABOVE the aad floor.
+  b.cryptoField.declarePerRowKey("ct_floor_hipaa_prk", { keySize: 32 });
+  var threw = null;
+  try {
+    b.cryptoField.registerTable("ct_floor_hipaa_prk", { sealedFields: ["ssn"] });
+  } catch (e) { threw = e; }
+  check("per-row-key table satisfies hipaa floor (no throw)",
+        threw === null);
+  b.cryptoField.clearForTest();
+  _resetState();
+}
+function testRegisterTableFloorUnflooredPosturePasses() {
+  // gdpr is regulated but declares no sealEnvelopeFloor → plain passes.
+  _resetState();
+  b.cryptoField.clearForTest();
+  b.compliance.set("gdpr");
+  var threw = null;
+  try {
+    b.cryptoField.registerTable("ct_floor_gdpr_plain", { sealedFields: ["email"] });
+  } catch (e) { threw = e; }
+  check("plain sealed table under gdpr (no floor) passes (back-compat)",
+        threw === null);
+  b.cryptoField.clearForTest();
+  _resetState();
+}
+// ---- Region-tag normalization + compatibility helpers (additive) ----
+function testNormalizeRegionTag() {
+  check("normalizeRegionTag('EU') === normalizeRegionTag('eu')",
+        b.compliance.normalizeRegionTag("EU") === b.compliance.normalizeRegionTag("eu"));
+  check("normalizeRegionTag(' eu ') trims + lowercases",
+        b.compliance.normalizeRegionTag(" eu ") === "eu");
+  check("normalizeRegionTag('global') folds to 'unrestricted'",
+        b.compliance.normalizeRegionTag("global") === "unrestricted");
+  check("normalizeRegionTag('unrestricted') === 'unrestricted'",
+        b.compliance.normalizeRegionTag("unrestricted") === "unrestricted");
+  check("normalizeRegionTag(null) === null",
+        b.compliance.normalizeRegionTag(null) === null);
+  check("normalizeRegionTag('') === null",
+        b.compliance.normalizeRegionTag("") === null);
+}
+function testIsRegionCompatible() {
+  check("isRegionCompatible('EU','eu') === true (case-insensitive)",
+        b.compliance.isRegionCompatible("EU", "eu") === true);
+  check("isRegionCompatible('eu','global') === true (wildcard)",
+        b.compliance.isRegionCompatible("eu", "global") === true);
+  check("isRegionCompatible('unrestricted','us') === true (wildcard)",
+        b.compliance.isRegionCompatible("unrestricted", "us") === true);
+  check("isRegionCompatible('eu','us') === false (distinct regions)",
+        b.compliance.isRegionCompatible("eu", "us") === false);
+  check("isRegionCompatible('EU',null) === true (no constraint)",
+        b.compliance.isRegionCompatible("EU", null) === true);
+}
+// ---- Bug C1: gate-contract unmapped-posture warning ----
+function _gcCfg() {
+  return {
+    profiles:           { strict: { a: 1 } },
+    compliancePostures: { hipaa: { piiPolicy: "redact" }, "pci-dss": { piiPolicy: "refuse" } },
+    defaults:           { piiPolicy: "serve" },
+    errCodePrefix:      "ct_c1",
+  };
+}
+function testGateContractUnmappedPostureWarns() {
+  _resetState();
+  b.gateContract._resetForTest();
+  // fedramp-rev5-moderate is a real posture with no overlay in _gcCfg.
+  b.compliance.set("fedramp-rev5-moderate");
+  var captured = [];
+  var origAudit = b.audit.safeEmit;
+  b.audit.safeEmit = function (e) { captured.push(e); };
+  var resolved;
+  try {
+    resolved = b.gateContract.resolveProfileAndPosture({}, _gcCfg());
+    // Second call same posture+guard must NOT re-warn (dedupe).
+    b.gateContract.resolveProfileAndPosture({}, _gcCfg());
+  } finally {
+    b.audit.safeEmit = origAudit;
+  }
+  var warns = captured.filter(function (e) {
+    return e.action === "gateContract.posture.unmapped";
+  });
+  check("unmapped global posture emits exactly one warning (deduped)",
+        warns.length === 1 && warns[0].metadata.posture === "fedramp-rev5-moderate");
+  check("unmapped posture keeps the safe (unposture-d) default",
+        resolved.piiPolicy === "serve");
+  b.gateContract._resetForTest();
+  _resetState();
+}
+function testGateContractMappedPostureNoWarn() {
+  _resetState();
+  b.gateContract._resetForTest();
+  b.compliance.set("hipaa");
+  var captured = [];
+  var origAudit = b.audit.safeEmit;
+  b.audit.safeEmit = function (e) { captured.push(e); };
+  var resolved;
+  try {
+    resolved = b.gateContract.resolveProfileAndPosture({}, _gcCfg());
+  } finally {
+    b.audit.safeEmit = origAudit;
+  }
+  var warns = captured.filter(function (e) {
+    return e.action === "gateContract.posture.unmapped";
+  });
+  check("mapped global posture does not warn", warns.length === 0);
+  check("mapped global posture applies overlay", resolved.piiPolicy === "redact");
+  b.gateContract._resetForTest();
+  _resetState();
+}
+function testGateContractUnpinnedNoWarn() {
+  _resetState();
+  b.gateContract._resetForTest();
+  var captured = [];
+  var origAudit = b.audit.safeEmit;
+  b.audit.safeEmit = function (e) { captured.push(e); };
+  var resolved;
+  try {
+    resolved = b.gateContract.resolveProfileAndPosture({}, _gcCfg());
+  } finally {
+    b.audit.safeEmit = origAudit;
+  }
+  var warns = captured.filter(function (e) {
+    return e.action === "gateContract.posture.unmapped";
+  });
+  check("unpinned deployment does not warn", warns.length === 0);
+  check("unpinned deployment keeps default", resolved.piiPolicy === "serve");
+  b.gateContract._resetForTest();
+}
 async function run() {
   testSurface();
   testSetThenCurrent();
@@ -266,7 +481,21 @@ async function run() {
   testV0870NewPostures();
   testV0881NewPostures();
   testV0882NewPostures();
+  testSealEnvelopeFloorData();
+  testRegisterTableFloorBackCompatUnpinned();
+  testRegisterTableFloorThrowsUnderHipaa();
+  testRegisterTableFloorAadSatisfiesHipaa();
+  testRegisterTableFloorNoSealedFieldsPasses();
+  testRegisterTableFloorPerRowKeySatisfies();
+  testRegisterTableFloorUnflooredPosturePasses();
+  testNormalizeRegionTag();
+  testIsRegionCompatible();
+  testGateContractUnmappedPostureWarns();
+  testGateContractMappedPostureNoWarn();
+  testGateContractUnpinnedNoWarn();
   // Reset at end so other tests don't see leaked posture.
+  b.cryptoField.clearForTest();
+  b.gateContract._resetForTest();
   _resetState();
 }

package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-derived-hash.test.js CHANGED Viewed

@@ -4,10 +4,12 @@
  *
  * Equality-lookup ("derived") hashes for sealed columns can be computed
  * two ways:
- *   - salted-sha3   (default) — SHA3-512 over a per-deployment salt.
- *   - hmac-shake256 (opt-in)  — keyed MAC off vault.getDerivedHashMacKey,
- *                               so the hash is unforgeable without the
- *                               per-deployment MAC key.
+ *   - hmac-shake256 (default, v0.15.0) — keyed MAC off
+ *                               vault.getDerivedHashMacKey, so an attacker
+ *                               who recovers the per-deployment salt alone
+ *                               cannot correlate low-entropy plaintexts.
+ *   - salted-sha3   (opt-out) — SHA3-512 over a per-deployment salt;
+ *                               byte-compatible with the legacy index.
  *
  * The mode is chosen per-table (derivedHashMode) or per-column
  * (spec.mode). The decision lives in _computeDerivedHash; call sites
@@ -25,17 +27,31 @@ async function run() {
   var dir = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-cf-dh-"));
   await b.vault.init({ mode: "plaintext", dataDir: dir });
-  // ---- salted-sha3 is the default: SHA3-512 → 128 hex chars ----
+  // ---- DEFAULT (v0.15.0) is the keyed MAC: hmac-shake256 → 64 hex chars.
+  // A table that declares no derivedHashMode gets the keyed digest so an
+  // attacker who recovers the salt alone can't correlate plaintexts. ----
+  b.cryptoField.registerTable("cf_dh_default", {
+    sealedFields: ["email"],
+    derivedHashes: { emailHash: { from: "email" } },
+  });
+  var defaultH = b.cryptoField.lookupHash("cf_dh_default", "email", "a@b.com").value;
+  check("derivedHashMode default is keyed hmac-shake256 (64 hex)", defaultH.length === 64);
+  check("default keyed hash is deterministic",
+    defaultH === b.cryptoField.lookupHash("cf_dh_default", "email", "a@b.com").value);
+  // ---- documented opt-out: derivedHashMode:'salted-sha3' restores the
+  // deterministic-per-deployment SHA3-512 digest → 128 hex chars. ----
   b.cryptoField.registerTable("cf_dh_t1", {
     sealedFields: ["email"],
     derivedHashes: { emailHash: { from: "email" } },
+    derivedHashMode: "salted-sha3",
   });
   var saltedH = b.cryptoField.lookupHash("cf_dh_t1", "email", "a@b.com").value;
-  check("salted-sha3 default is 128 hex (SHA3-512)", saltedH.length === 128);
+  check("salted-sha3 opt-out is 128 hex (SHA3-512)", saltedH.length === 128);
   check("salted-sha3 is deterministic",
     saltedH === b.cryptoField.lookupHash("cf_dh_t1", "email", "a@b.com").value);
-  // ---- hmac-shake256 table mode: SHAKE256/32 → 64 hex chars ----
+  // ---- hmac-shake256 table mode (explicit): SHAKE256/32 → 64 hex chars ----
   b.cryptoField.registerTable("cf_dh_t2", {
     sealedFields: ["email"],
     derivedHashes: { emailHash: { from: "email" } },
@@ -46,6 +62,7 @@ async function run() {
   check("hmac-shake256 is deterministic",
     keyedH === b.cryptoField.lookupHash("cf_dh_t2", "email", "a@b.com").value);
   check("keyed hash differs from salted hash", keyedH !== saltedH);
+  check("explicit keyed mode matches the new default", keyedH === defaultH);
   // ---- per-column mode override on a salted-default table ----
   b.cryptoField.registerTable("cf_dh_t3", {

package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-dual-read-migrate.test.js ADDED Viewed

@@ -0,0 +1,165 @@
+"use strict";
+/**
+ * b.cryptoField derived-hash dual-read + upgrade-on-read auto-migrate.
+ *
+ * The derived-hash default flipped from salted-sha3 (128 hex) to the keyed
+ * MAC hmac-shake256 (64 hex) in v0.15.0. The mode is resolved at
+ * registerTable from the current default and is NOT persisted, so on upgrade
+ * a row written under the OLD default still carries the salted-sha3 digest in
+ * its lookup column while new lookups compute the keyed-MAC digest — a silent
+ * index miss (find-by-email / destroyAllForUser would skip the legacy row).
+ *
+ * This proves the non-breaking landing:
+ *   1. lookupHashCandidates returns BOTH the keyed-MAC and the legacy
+ *      salted-sha3 digest, so a match-EITHER query finds the legacy row.
+ *   2. unsealRow upgrade-on-read re-hashes a row whose derived-hash column
+ *      holds the legacy salted digest to the keyed-MAC form (in the returned
+ *      row AND, with a writable db handle, durably on disk), so the candidate
+ *      set collapses back to a single value over time.
+ */
+var helpers = require("../helpers");
+var b     = helpers.b;
+var check = helpers.check;
+var fs   = require("fs");
+var os   = require("os");
+var path = require("path");
+var { setupTestDb, teardownTestDb } = require("../helpers/db");
+async function run() {
+  var dir = fs.mkdtempSync(path.join(os.tmpdir(), "blamejs-cf-dual-"));
+  try {
+    // The default users fixture: sealedFields ["email","name"],
+    // derivedHashes { emailHash: { from: "email", normalize: lowercase } },
+    // keyed-MAC default mode.
+    await setupTestDb(dir);
+    var email = "Alice@Example.com";   // mixed-case → normalize lowercases it
+    // ---- 1. dual-read: lookupHashCandidates names both digests ----
+    var keyed = b.cryptoField.lookupHash("users", "email", email);
+    check("active lookup hash is the keyed MAC (64 hex)",
+      keyed && keyed.value.length === 64);
+    check("lookupHash surfaces the legacy salted digest as legacyValue (128 hex)",
+      typeof keyed.legacyValue === "string" && keyed.legacyValue.length === 128);
+    // The legacy digest the lib computes is the byte-form a pre-v0.15.0 row
+    // carries; treat it as ground truth for the forged legacy row below.
+    var legacyHash = keyed.legacyValue;
+    check("legacy digest is the salted-sha3 SHA3-512 width (128 hex), distinct from the keyed MAC",
+      legacyHash.length === 128 && legacyHash !== keyed.value);
+    var cands = b.cryptoField.lookupHashCandidates("users", "email", email);
+    check("lookupHashCandidates returns the derived field name",
+      cands && cands.field === "emailHash");
+    check("candidates list carries BOTH the keyed and legacy digests (match-either)",
+      cands.values.length === 2 &&
+      cands.values.indexOf(keyed.value) !== -1 &&
+      cands.values.indexOf(legacyHash) !== -1);
+    // ---- 2. forge a LEGACY-indexed row on disk ----
+    // Seal the email under the live envelope but OVERWRITE the derived-hash
+    // column with the legacy salted digest, mimicking a row written before
+    // the default flipped. Insert via the raw handle so the framework's
+    // write boundary doesn't recompute emailHash to the keyed form.
+    var sealed = b.cryptoField.sealRow("users", { _id: "u-legacy", email: email, name: "Alice" });
+    sealed.emailHash = legacyHash;   // pin the LEGACY digest, not the keyed one
+    b.db.prepare(
+      'INSERT INTO "users" ("_id","email","emailHash","name") VALUES (?,?,?,?)'
+    ).run(sealed._id, sealed.email, sealed.emailHash, sealed.name);
+    var onDiskBefore = b.db.prepare('SELECT "emailHash" AS h FROM "users" WHERE _id = ?').get("u-legacy");
+    check("forged row stores the legacy salted-sha3 emailHash on disk",
+      onDiskBefore.h === legacyHash && onDiskBefore.h.length === 128);
+    // A match-either query (the candidate list) FINDS the legacy row even
+    // though the keyed-only lookup would have missed it.
+    var foundLegacy = b.db.prepare(
+      'SELECT _id FROM "users" WHERE "emailHash" = ?'
+    ).get(legacyHash);
+    check("legacy-indexed row is found via the legacy candidate hash",
+      foundLegacy && foundLegacy._id === "u-legacy");
+    var missedByKeyed = b.db.prepare(
+      'SELECT _id FROM "users" WHERE "emailHash" = ?'
+    ).get(keyed.value);
+    check("keyed-only lookup MISSES the legacy row (why dual-read is needed)",
+      missedByKeyed === undefined || missedByKeyed === null);
+    // ---- 3. upgrade-on-read: unsealRow re-hashes to the keyed MAC ----
+    var rawRow = b.db.prepare('SELECT * FROM "users" WHERE _id = ?').get("u-legacy");
+    // Pass the writable local db handle so the durable rewrite fires.
+    var unsealed = b.cryptoField.unsealRow("users", rawRow, "actor-1", b.db);
+    check("unsealRow decrypted the sealed email back to plaintext",
+      unsealed.email === email);
+    check("upgrade-on-read: returned row's emailHash is now the keyed MAC",
+      unsealed.emailHash === keyed.value && unsealed.emailHash.length === 64);
+    var onDiskAfter = b.db.prepare('SELECT "emailHash" AS h FROM "users" WHERE _id = ?').get("u-legacy");
+    check("upgrade-on-read: the row's emailHash was durably re-written to the keyed MAC",
+      onDiskAfter.h === keyed.value && onDiskAfter.h.length === 64);
+    // After the upgrade, the keyed-only lookup now finds the row directly.
+    var foundKeyed = b.db.prepare(
+      'SELECT _id FROM "users" WHERE "emailHash" = ?'
+    ).get(keyed.value);
+    check("post-migrate: keyed-only lookup now finds the upgraded row",
+      foundKeyed && foundKeyed._id === "u-legacy");
+    // ---- 4. idempotence: a row already keyed is left untouched ----
+    var rawRow2 = b.db.prepare('SELECT * FROM "users" WHERE _id = ?').get("u-legacy");
+    var unsealed2 = b.cryptoField.unsealRow("users", rawRow2, "actor-1", b.db);
+    check("re-reading an already-keyed row leaves its emailHash unchanged",
+      unsealed2.emailHash === keyed.value);
+    // ---- 5. no-handle read resolves the framework db for the rewrite ----
+    // Re-forge a legacy row, unseal WITHOUT an explicit dbHandle: unsealRow
+    // resolves the framework's local db itself (the same fallback the K_row
+    // read path uses), so the returned row carries the keyed hash AND the
+    // durable rewrite still lands — keyed reads must work on every path.
+    var sealed3 = b.cryptoField.sealRow("users", { _id: "u-legacy-2", email: email, name: "Bob" });
+    sealed3.emailHash = legacyHash;
+    b.db.prepare(
+      'INSERT INTO "users" ("_id","email","emailHash","name") VALUES (?,?,?,?)'
+    ).run(sealed3._id, sealed3.email, sealed3.emailHash, sealed3.name);
+    var raw3 = b.db.prepare('SELECT * FROM "users" WHERE _id = ?').get("u-legacy-2");
+    var unsealedNoHandle = b.cryptoField.unsealRow("users", raw3);   // no explicit dbHandle
+    check("no-handle unseal surfaces the keyed hash on the returned row",
+      unsealedNoHandle.emailHash === keyed.value);
+    var disk3 = b.db.prepare('SELECT "emailHash" AS h FROM "users" WHERE _id = ?').get("u-legacy-2");
+    check("no-handle unseal still durably upgrades via the resolved framework db",
+      disk3.h === keyed.value);
+    // ---- 6. THE REAL CONSUMER PATH: b.db.from().where on a sealed field ----
+    // Operators — and the framework's own api-key / session / audit / mail
+    // stores — find a row by a sealed field through the equality rewrite,
+    // which MUST dual-read across the keyed-MAC flip or it silently drops
+    // un-migrated rows (the keyed-only lookup misses the legacy digest).
+    // Forge a FRESH legacy row (not yet upgraded) and find it via the real
+    // query path — this is the path the primitive-only test above never
+    // exercised.
+    var sealed6 = b.cryptoField.sealRow("users", { _id: "u-legacy-q", email: email, name: "Dave" });
+    sealed6.emailHash = legacyHash;
+    b.db.prepare(
+      'INSERT INTO "users" ("_id","email","emailHash","name") VALUES (?,?,?,?)'
+    ).run(sealed6._id, sealed6.email, sealed6.emailHash, sealed6.name);
+    var viaQuery = await b.db.from("users").where("email", email).all();
+    check("real consumer path (b.db.from().where on a sealed field) finds the un-migrated legacy row",
+      Array.isArray(viaQuery) && viaQuery.some(function (r) { return r._id === "u-legacy-q"; }));
+    // b.db.hashCandidatesFor — the db-level dual-read helper the framework's
+    // bespoke stores (consent/subject) compose for whereIn lookups.
+    var dbCands = b.db.hashCandidatesFor("users", "email", email);
+    check("b.db.hashCandidatesFor returns both the keyed and legacy digests",
+      dbCands && dbCands.field === "emailHash" && dbCands.values.length === 2);
+    console.log("OK — crypto-field dual-read + auto-migrate tests");
+  } finally {
+    await teardownTestDb(dir);
+  }
+}
+module.exports = { run: run };
+if (require.main === module) {
+  run().then(function () { process.exit(0); })
+       .catch(function (err) { process.exitCode = 1; throw err; });
+}