npm - @blamejs/blamejs-shop - Versions diffs - 0.4.31 → 0.4.32 - Mend

@blamejs/blamejs-shop 0.4.31 → 0.4.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (336) hide show

package/lib/vendor/blamejs/lib/guard-stream-args.js CHANGED Viewed

@@ -20,6 +20,7 @@
  */
 var { defineClass } = require("./framework-error");
+var gateContract = require("./gate-contract");
 var GuardStreamArgsError = defineClass("GuardStreamArgsError", { alwaysPermanent: true });
@@ -31,11 +32,14 @@ var PROFILES = Object.freeze({
   permissive: { maxBatchSize: 16384, minBatchSize: 1, maxOpenStreams: 64  },
 });
-var COMPLIANCE_POSTURES = Object.freeze({
-  hipaa:     "strict",
-  "pci-dss": "strict",
-  gdpr:      "strict",
-  soc2:      "strict",
+var COMPLIANCE_POSTURES = gateContract.ALL_STRICT_POSTURES;
+var _resolveProfile = gateContract.makeProfileResolver({
+  profiles:   PROFILES,
+  postures:   COMPLIANCE_POSTURES,
+  defaults:   DEFAULT_PROFILE,
+  errorClass: GuardStreamArgsError,
+  codePrefix: "stream-args",
 });
 /**
@@ -90,23 +94,6 @@ function validate(args, opts) {
   return args;
 }
-/**
- * @primitive b.guardStreamArgs.compliancePosture
- * @signature b.guardStreamArgs.compliancePosture(posture)
- * @since     0.9.24
- * @status    stable
- *
- * Return the effective profile for a given compliance posture name.
- * Returns `null` for unknown posture names so operator typos surface
- * here instead of silently falling through to the default profile.
- *
- * @example
- *   b.guardStreamArgs.compliancePosture("hipaa");   // → "strict"
- */
-function compliancePosture(posture) {
-  return COMPLIANCE_POSTURES[posture] || null;
-}
 function _checkCursorOpts(cursorOpts, depth) {
   depth = depth || 0;
   if (depth > 8) {                                                                                    // recursion depth cap
@@ -143,24 +130,18 @@ function _checkCursorOpts(cursorOpts, depth) {
   }
 }
-function _resolveProfile(opts) {
-  if (opts.posture && COMPLIANCE_POSTURES[opts.posture]) {
-    return COMPLIANCE_POSTURES[opts.posture];
-  }
-  var p = opts.profile || DEFAULT_PROFILE;
-  if (!PROFILES[p]) {
-    throw new GuardStreamArgsError("stream-args/bad-profile",
-      "guardStreamArgs: unknown profile '" + p + "'");
-  }
-  return p;
-}
-module.exports = {
-  validate:              validate,
-  compliancePosture:     compliancePosture,
-  PROFILES:              PROFILES,
-  COMPLIANCE_POSTURES:   COMPLIANCE_POSTURES,
-  GuardStreamArgsError:  GuardStreamArgsError,
-  NAME:                  "streamArgs",
-  KIND:                  "stream-args",
-};
+// compliancePosture is assembled by gateContract.defineParser below; its
+// wiki section renders from the single-sourced @abiTemplate (defineParser)
+// block in gate-contract.js, instantiated for this guard by the page
+// generator.
+module.exports = gateContract.defineParser({
+  name:       "stream-args",
+  entry:      validate,
+  errorClass: GuardStreamArgsError,
+  profiles:   PROFILES,
+  postures:   COMPLIANCE_POSTURES,
+  extra: {
+    NAME: "streamArgs",
+    KIND: "stream-args",
+  },
+});

package/lib/vendor/blamejs/lib/guard-svg.js CHANGED Viewed

@@ -1093,71 +1093,53 @@ function gate(opts) {
     });
 }
-var buildProfile = gateContract.makeProfileBuilder(PROFILES);
-/**
- * @primitive b.guardSvg.compliancePosture
- * @signature b.guardSvg.compliancePosture(name)
- * @since     0.7.7
- * @status    stable
- * @compliance hipaa, pci-dss, gdpr, soc2
- * @related   b.guardSvg.gate, b.compliance.set
- *
- * Look up a regulatory-posture override. Returns a shallow clone
- * of the named posture's option overlay; throws
- * `GuardSvgError` (`svg.bad-posture`) on unknown names. Operators
- * pass it through `gate({ compliancePosture: "hipaa" })` rather
- * than calling this directly — exposed for introspection and
- * audit-evidence collection.
- *
- * @example
- *   var hipaa = b.guardSvg.compliancePosture("hipaa");
- *   hipaa.bidiPolicy;                // → "reject"
- *   hipaa.allowExternalRefs;         // → false
- *   hipaa.allowAnimation;            // → false
- */
-function compliancePosture(name) {
-  return gateContract.lookupCompliancePosture(name, COMPLIANCE_POSTURES, _err, "svg");
-}
-var _svgRulePacks = gateContract.makeRulePackLoader(GuardSvgError, "svg");
-var loadRulePack = _svgRulePacks.load;
+// buildProfile / compliancePosture / loadRulePack are assembled by
+// gateContract.defineGuard below (makeProfileBuilder(PROFILES) /
+// lookupCompliancePosture(_, COMPLIANCE_POSTURES) / makeRulePackLoader).
+// Their wiki sections render from the single-sourced @abiTemplate blocks
+// in gate-contract.js, instantiated per guard by the page generator.
 void safeUrl;
-module.exports = {
-  // ---- guard-* family registry exports ----
-  NAME:                "svg",
-  KIND:                "content",
-  MIME_TYPES:          Object.freeze(["image/svg+xml"]),
-  EXTENSIONS:          Object.freeze([".svg", ".svgz"]),
-  INTEGRATION_FIXTURES: Object.freeze({
-    kind:         "content",
-    contentType:  "image/svg+xml",
-    extension:    ".svg",
-    benignBytes:  Buffer.from('<svg><circle r="10"/></svg>', "utf8"),
-    // Hostile: <script> inside SVG; refused regardless of profile.
-    hostileBytes: Buffer.from('<svg><script>alert(1)</script></svg>', "utf8"),
-  }),
-  // ---- primitive surface ----
-  validate:            validate,
-  sanitize:            sanitize,
-  gate:                gate,
-  buildProfile:        buildProfile,
-  compliancePosture:   compliancePosture,
-  loadRulePack:        loadRulePack,
-  PROFILES:            PROFILES,
-  DEFAULTS:            DEFAULTS,
-  COMPLIANCE_POSTURES: COMPLIANCE_POSTURES,
-  DANGEROUS_TAGS:      DANGEROUS_TAGS,
-  ANIMATION_TAGS:      ANIMATION_TAGS,
-  ANIMATION_SAFE_TARGETS: ANIMATION_SAFE_TARGETS,
-  STRICT_ALLOWED_TAGS: STRICT_ALLOWED_TAGS,
-  BALANCED_ALLOWED_TAGS: BALANCED_ALLOWED_TAGS,
-  PERMISSIVE_ALLOWED_TAGS: PERMISSIVE_ALLOWED_TAGS,
-  DANGEROUS_ATTRS:     DANGEROUS_ATTRS,
-  URL_ATTRS:           URL_ATTRS,
-  SAFE_SCHEMES:        SAFE_SCHEMES,
-  DANGEROUS_SCHEMES:   DANGEROUS_SCHEMES,
-  GuardSvgError:       GuardSvgError,
-};
+// ---- adaptive integration-test fixtures (consumed by layer-5 host harness) ----
+var INTEGRATION_FIXTURES = Object.freeze({
+  kind:         "content",
+  contentType:  "image/svg+xml",
+  extension:    ".svg",
+  benignBytes:  Buffer.from('<svg><circle r="10"/></svg>', "utf8"),
+  // Hostile: <script> inside SVG; refused regardless of profile.
+  hostileBytes: Buffer.from('<svg><script>alert(1)</script></svg>', "utf8"),
+});
+// Assembled from the gate-contract guard factory: error class, registry
+// exports (NAME / KIND / MIME_TYPES / EXTENSIONS / INTEGRATION_FIXTURES),
+// buildProfile / compliancePosture / loadRulePack wiring, plus the
+// per-guard inspection surface (validate / sanitize / gate) and the SVG
+// tag / scheme tables passed through verbatim. The bespoke `gate` carries
+// SVG's sanitize-reserialize chain and SVGZ refuse unchanged.
+module.exports = gateContract.defineGuard({
+  name:        "svg",
+  kind:        "content",
+  errorClass:  GuardSvgError,
+  profiles:    PROFILES,
+  defaults:    DEFAULTS,
+  postures:    COMPLIANCE_POSTURES,
+  mimeTypes:   ["image/svg+xml"],
+  extensions:  [".svg", ".svgz"],
+  integrationFixtures: INTEGRATION_FIXTURES,
+  validate:    validate,
+  sanitize:    sanitize,
+  gate:        gate,
+  extra: {
+    DANGEROUS_TAGS:          DANGEROUS_TAGS,
+    ANIMATION_TAGS:          ANIMATION_TAGS,
+    ANIMATION_SAFE_TARGETS:  ANIMATION_SAFE_TARGETS,
+    STRICT_ALLOWED_TAGS:     STRICT_ALLOWED_TAGS,
+    BALANCED_ALLOWED_TAGS:   BALANCED_ALLOWED_TAGS,
+    PERMISSIVE_ALLOWED_TAGS: PERMISSIVE_ALLOWED_TAGS,
+    DANGEROUS_ATTRS:         DANGEROUS_ATTRS,
+    URL_ATTRS:               URL_ATTRS,
+    SAFE_SCHEMES:            SAFE_SCHEMES,
+    DANGEROUS_SCHEMES:       DANGEROUS_SCHEMES,
+  },
+});

package/lib/vendor/blamejs/lib/guard-template.js CHANGED Viewed

@@ -311,180 +311,43 @@ function sanitize(input, opts) {
     throw _err("template.bad-input", "sanitize requires string input");
   }
   var issues = _detectIssues(input, opts);
-  for (var i = 0; i < issues.length; i += 1) {
-    if (issues[i].severity === "critical" || issues[i].severity === "high") {
-      throw _err(issues[i].ruleId || "template.refused",
-        "guardTemplate.sanitize: " + issues[i].snippet);
-    }
-  }
+  gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardTemplateError, codePrefix: "template" });
   return input;
 }
-/**
- * @primitive  b.guardTemplate.gate
- * @signature  b.guardTemplate.gate(opts)
- * @since      0.7.13
- * @status     stable
- * @compliance hipaa, pci-dss, gdpr, soc2
- * @related    b.guardTemplate.validate, b.guardTemplate.sanitize
- *
- * Build a `b.gateContract` gate that screens `ctx.identifier` (or
- * `ctx.text`) before any template engine renders the input.
- * Action chain: `serve` (no issues) → `audit-only` (warn-only) →
- * `refuse` (any `critical` or `high`). No `sanitize` action —
- * template input cannot be repaired. Compose into form handlers /
- * comment renderers / model fields fed to Mustache / Handlebars /
- * Liquid so operator-untrusted strings never reach the rendering
- * engine carrying engine syntax.
- *
- * @opts
- *   profile:                 "strict"|"balanced"|"permissive",
- *   compliancePosture: "hipaa"|"pci-dss"|"gdpr"|"soc2",
- *   name:                    string,    // override gate name in audit emissions
- *   jinjaPolicy:             "reject"|"audit"|"allow",
- *   erbPolicy:               "reject"|"audit"|"allow",
- *   pugPolicy:               "reject"|"audit"|"allow",
- *   dollarBracePolicy:       "reject"|"audit"|"allow",
- *   velocityDirectivePolicy: "reject"|"audit"|"allow",
- *   maxBytes:                number,
- *
- * @example
- *   var gate = b.guardTemplate.gate({ profile: "strict" });
- *
- *   gate({ identifier: "Hello {{7*7}}" }).then(function (rv) {
- *     rv.ok;                                           // → false
- *     rv.action;                                       // → "refuse"
- *   });
- *
- *   gate({ identifier: "Hello world" }).then(function (rv) {
- *     rv.action;                                       // → "serve"
- *   });
- */
-function gate(opts) {
-  opts = _resolveOpts(opts);
-  return gateContract.buildGuardGate(
-    opts.name || "guardTemplate:" + (opts.profile || "default"),
-    opts,
-    async function (ctx) {
-      var text = ctx && (ctx.identifier || ctx.text);
-      if (text === undefined || text === null) {
-        return { ok: true, action: "serve" };
-      }
-      var rv = validate(text, opts);
-      if (rv.issues.length === 0) return { ok: true, action: "serve" };
-      var hasCritical = rv.issues.some(function (i) {
-        return i.severity === "critical";
-      });
-      var hasHigh = rv.issues.some(function (i) {
-        return i.severity === "high";
-      });
-      if (!hasCritical && !hasHigh) {
-        return { ok: true, action: "audit-only", issues: rv.issues };
-      }
-      return { ok: false, action: "refuse", issues: rv.issues };
-    });
-}
+// gate / buildProfile / compliancePosture / loadRulePack are assembled by
+// gateContract.defineGuard below. The gate is the standard
+// serve -> audit-only -> refuse chain (template input cannot be repaired, so
+// there is no sanitize action), dispatched to ctx.identifier || ctx.text via
+// the spec's ctxFields. Its wiki section renders from the single-sourced
+// @abiTemplate (defineGuard) blocks in gate-contract.js, instantiated per
+// guard by the page generator.
-/**
- * @primitive  b.guardTemplate.buildProfile
- * @signature  b.guardTemplate.buildProfile(opts)
- * @since      0.7.13
- * @status     stable
- * @related    b.guardTemplate.gate, b.guardTemplate.compliancePosture
- *
- * Compose a derived guardTemplate profile from one or more named
- * bases plus inline overrides. `opts.extends` is a profile name
- * (`"strict"` / `"balanced"` / `"permissive"`) or an array of
- * names; later entries shadow earlier ones. Inline `opts` keys win
- * last. Used to keep operator-defined profiles traceable to a
- * baseline rather than re-typing every key.
- *
- * @opts
- *   extends: string|string[],   // base profile name(s) to compose
- *   ...:     any guardTemplate key, // inline override of resolved keys
- *
- * @example
- *   var custom = b.guardTemplate.buildProfile({
- *     extends: "balanced",
- *     dollarBracePolicy: "reject",
- *   });
- *   custom.dollarBracePolicy;                          // → "reject"
- *   custom.jinjaPolicy;                                // → "reject"
- */
-var buildProfile = gateContract.makeProfileBuilder(PROFILES);
-/**
- * @primitive  b.guardTemplate.compliancePosture
- * @signature  b.guardTemplate.compliancePosture(name)
- * @since      0.7.13
- * @status     stable
- * @compliance hipaa, pci-dss, gdpr, soc2
- * @related    b.guardTemplate.gate, b.guardTemplate.buildProfile
- *
- * Look up a compliance-posture overlay by name (`"hipaa"` /
- * `"pci-dss"` / `"gdpr"` / `"soc2"`). Returns a shallow clone of
- * the posture object — the caller may mutate freely. Throws
- * `GuardTemplateError("template.bad-posture")` on unknown name.
- *
- * @example
- *   var posture = b.guardTemplate.compliancePosture("hipaa");
- *   posture.jinjaPolicy;                               // → "reject"
- *   posture.forensicSnippetBytes;                      // → 512
- */
-function compliancePosture(name) {
-  return gateContract.lookupCompliancePosture(name, COMPLIANCE_POSTURES,
-    _err, "template");
-}
-var _tplRulePacks = gateContract.makeRulePackLoader(GuardTemplateError, "template");
-/**
- * @primitive  b.guardTemplate.loadRulePack
- * @signature  b.guardTemplate.loadRulePack(pack)
- * @since      0.7.13
- * @status     stable
- * @related    b.guardTemplate.gate
- *
- * Register an operator-supplied rule pack with the guardTemplate
- * registry. The pack is identified by `pack.id` (non-empty string)
- * and stored for later inspection / dispatch by gates that opt in
- * via `opts.rulePackId`. Returns the pack object unchanged on
- * success; throws `GuardTemplateError("template.bad-opt")` when
- * `pack` is missing or `pack.id` is not a non-empty string.
- *
- * @example
- *   var pack = b.guardTemplate.loadRulePack({
- *     id: "no-prototype-keys",
- *     rules: [
- *       { id: "proto-key", severity: "critical",
- *         detect: function (text) { return /__proto__|constructor/.test(text); },
- *         reason: "input references prototype-pollution sink" },
- *     ],
- *   });
- *   pack.id;                                           // → "no-prototype-keys"
- */
-var loadRulePack = _tplRulePacks.load;
+var INTEGRATION_FIXTURES = Object.freeze({
+  kind:              "identifier",
+  benignBytes:       Buffer.from("Hello world", "utf8"),
+  hostileBytes:      Buffer.from("Hello {{7*7}}", "utf8"),
+  benignIdentifier:  "Hello world",
+  // Hostile: Jinja-shape SSTI probe.
+  hostileIdentifier: "Hello {{7*7}}",
+});
-module.exports = {
-  // ---- guard-* family registry exports ----
-  NAME:                "template",
-  KIND:                "identifier",
-  INTEGRATION_FIXTURES: Object.freeze({
-    kind:              "identifier",
-    benignBytes:       Buffer.from("Hello world", "utf8"),
-    hostileBytes:      Buffer.from("Hello {{7*7}}", "utf8"),
-    benignIdentifier:  "Hello world",
-    // Hostile: Jinja-shape SSTI probe.
-    hostileIdentifier: "Hello {{7*7}}",
-  }),
-  // ---- primitive surface ----
-  validate:             validate,
-  sanitize:             sanitize,
-  gate:                 gate,
-  buildProfile:         buildProfile,
-  compliancePosture:    compliancePosture,
-  loadRulePack:         loadRulePack,
-  PROFILES:             PROFILES,
-  DEFAULTS:             DEFAULTS,
-  COMPLIANCE_POSTURES:  COMPLIANCE_POSTURES,
-  GuardTemplateError:   GuardTemplateError,
-};
+// Assembled from the gate-contract guard factory: error class, registry
+// exports (NAME / KIND / INTEGRATION_FIXTURES), the default gate, buildProfile
+// / compliancePosture / loadRulePack wiring, plus the per-guard inspection
+// surface (validate / sanitize) passed through verbatim. The gate is the
+// factory default serve -> audit-only -> refuse chain; ctxFields names the
+// ctx fields it reads (ctx.identifier, then ctx.text) so untrusted strings on
+// either field reach the SSTI validator before any engine renders them.
+module.exports = gateContract.defineGuard({
+  name:        "template",
+  kind:        "identifier",
+  errorClass:  GuardTemplateError,
+  profiles:    PROFILES,
+  defaults:    DEFAULTS,
+  postures:    COMPLIANCE_POSTURES,
+  integrationFixtures: INTEGRATION_FIXTURES,
+  validate:    validate,
+  sanitize:    sanitize,
+  ctxFields:   ["identifier", "text"],
+});

package/lib/vendor/blamejs/lib/guard-tenant-id.js CHANGED Viewed

@@ -23,6 +23,7 @@
  */
 var { defineClass } = require("./framework-error");
+var gateContract = require("./gate-contract");
 var GuardTenantIdError = defineClass("GuardTenantIdError", { alwaysPermanent: true });
@@ -34,15 +35,18 @@ var PROFILES = Object.freeze({
   permissive: { maxBytes: 512 },
 });
-var COMPLIANCE_POSTURES = Object.freeze({
-  hipaa:     "strict",
-  "pci-dss": "strict",
-  gdpr:      "strict",
-  soc2:      "strict",
-});
+var COMPLIANCE_POSTURES = gateContract.ALL_STRICT_POSTURES;
 var RESERVED = Object.freeze({ "ROOT": true, "FRAMEWORK": true, "*": true });
+var _resolveProfile = gateContract.makeProfileResolver({
+  profiles:   PROFILES,
+  postures:   COMPLIANCE_POSTURES,
+  defaults:   DEFAULT_PROFILE,
+  errorClass: GuardTenantIdError,
+  codePrefix: "tenant-id",
+});
 /**
  * @primitive b.guardTenantId.validate
  * @signature b.guardTenantId.validate(tenantId, opts?)
@@ -97,42 +101,19 @@ function validate(tenantId, opts) {
   return tenantId;
 }
-/**
- * @primitive b.guardTenantId.compliancePosture
- * @signature b.guardTenantId.compliancePosture(posture)
- * @since     0.9.26
- * @status    stable
- *
- * Return the effective profile for a given compliance posture name.
- * Returns `null` for unknown posture names so operator typos surface
- * here instead of silently falling through to the default profile.
- *
- * @example
- *   b.guardTenantId.compliancePosture("hipaa");   // → "strict"
- */
-function compliancePosture(posture) {
-  return COMPLIANCE_POSTURES[posture] || null;
-}
-function _resolveProfile(opts) {
-  if (opts.posture && COMPLIANCE_POSTURES[opts.posture]) {
-    return COMPLIANCE_POSTURES[opts.posture];
-  }
-  var p = opts.profile || DEFAULT_PROFILE;
-  if (!PROFILES[p]) {
-    throw new GuardTenantIdError("tenant-id/bad-profile",
-      "guardTenantId: unknown profile '" + p + "'");
-  }
-  return p;
-}
-module.exports = {
-  validate:               validate,
-  compliancePosture:      compliancePosture,
-  PROFILES:               PROFILES,
-  COMPLIANCE_POSTURES:    COMPLIANCE_POSTURES,
-  RESERVED:               RESERVED,
-  GuardTenantIdError:     GuardTenantIdError,
-  NAME:                   "tenantId",
-  KIND:                   "tenant-id",
-};
+// compliancePosture is assembled by gateContract.defineParser below; its
+// wiki section renders from the single-sourced @abiTemplate (defineParser)
+// block in gate-contract.js, instantiated for this guard by the page
+// generator.
+module.exports = gateContract.defineParser({
+  name:       "tenant-id",
+  entry:      validate,
+  errorClass: GuardTenantIdError,
+  profiles:   PROFILES,
+  postures:   COMPLIANCE_POSTURES,
+  extra: {
+    RESERVED: RESERVED,
+    NAME:     "tenantId",
+    KIND:     "tenant-id",
+  },
+});