@blamejs/blamejs-shop 0.4.55 → 0.4.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/admin.js +385 -2
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/lib/winback-campaigns.js +202 -42
- package/package.json +1 -1
|
@@ -72,9 +72,9 @@
|
|
|
72
72
|
|
|
73
73
|
var codepointClass = require("./codepoint-class");
|
|
74
74
|
var lazyRequire = require("./lazy-require");
|
|
75
|
+
var pick = require("./pick");
|
|
75
76
|
var gateContract = require("./gate-contract");
|
|
76
77
|
var C = require("./constants");
|
|
77
|
-
var numericBounds = require("./numeric-bounds");
|
|
78
78
|
var safeJson = require("./safe-json");
|
|
79
79
|
var { GuardJsonError } = require("./framework-error");
|
|
80
80
|
|
|
@@ -87,14 +87,9 @@ var _err = GuardJsonError.factory;
|
|
|
87
87
|
|
|
88
88
|
var BIDI_RE = codepointClass.BIDI_RE;
|
|
89
89
|
var C0_CTRL_RE = codepointClass.C0_CTRL_RE;
|
|
90
|
-
var ZW_RE = codepointClass.ZERO_WIDTH_RE;
|
|
91
90
|
var NULL_BYTE = codepointClass.NULL_BYTE;
|
|
92
91
|
var BOM_CHAR = codepointClass.BOM_CHAR;
|
|
93
92
|
|
|
94
|
-
// Prototype-pollution key denylist. Operator-supplied JSON containing
|
|
95
|
-
// any of these keys at any depth is refused under strict.
|
|
96
|
-
var POLLUTION_KEYS = Object.freeze(["__proto__", "constructor", "prototype"]);
|
|
97
|
-
|
|
98
93
|
// Comment / NaN / Infinity / hex / single-quote markers — pre-parse
|
|
99
94
|
// scan on the raw source. JSON.parse rejects most of these, but JSON5
|
|
100
95
|
// / JSONC parsers accept and silently coerce; we surface the source
|
|
@@ -132,10 +127,7 @@ var PROFILES = Object.freeze({
|
|
|
132
127
|
trailingCommaPolicy: "reject",
|
|
133
128
|
json5SyntaxPolicy: "reject", // single-quoted / hex / unquoted-key
|
|
134
129
|
bomPolicy: "reject",
|
|
135
|
-
|
|
136
|
-
controlPolicy: "reject",
|
|
137
|
-
nullBytePolicy: "reject",
|
|
138
|
-
zeroWidthPolicy: "reject",
|
|
130
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
139
131
|
numericPrecisionPolicy: "reject",
|
|
140
132
|
requireTopLevelKeyAllowlist: false, // operator opts in via topLevelKeyAllowlist
|
|
141
133
|
topLevelKeyAllowlist: null,
|
|
@@ -192,26 +184,12 @@ var PROFILES = Object.freeze({
|
|
|
192
184
|
},
|
|
193
185
|
});
|
|
194
186
|
|
|
195
|
-
var DEFAULTS =
|
|
196
|
-
mode: "enforce",
|
|
187
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES, {
|
|
197
188
|
maxRuntimeMs: C.TIME.seconds(10),
|
|
198
|
-
}));
|
|
199
|
-
|
|
200
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
201
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
202
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
203
|
-
}),
|
|
204
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
205
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
206
|
-
}),
|
|
207
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
208
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
209
|
-
}),
|
|
210
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
211
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
212
|
-
}),
|
|
213
189
|
});
|
|
214
190
|
|
|
191
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
|
|
192
|
+
|
|
215
193
|
// ---- Helpers ----
|
|
216
194
|
|
|
217
195
|
function _resolveOpts(opts) {
|
|
@@ -225,7 +203,10 @@ function _resolveOpts(opts) {
|
|
|
225
203
|
}
|
|
226
204
|
|
|
227
205
|
function _isPollutionKey(key) {
|
|
228
|
-
|
|
206
|
+
// The framework's single prototype-pollution predicate (core JS vectors
|
|
207
|
+
// plus any operator-registered defense-in-depth extensions) — strict JSON
|
|
208
|
+
// refuses / strips every key it names, at any depth.
|
|
209
|
+
return pick.isPoisonedKey(key);
|
|
229
210
|
}
|
|
230
211
|
|
|
231
212
|
// _scanPollutionKeys — walks parsed JSON tree counting prototype-
|
|
@@ -382,31 +363,19 @@ function _scanRawSource(text, opts) {
|
|
|
382
363
|
});
|
|
383
364
|
}
|
|
384
365
|
}
|
|
385
|
-
// Bidi / null / control via shared codepoint class.
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
issues.push({
|
|
390
|
-
kind: "zero-width", severity: "warn", ruleId: "json.zero-width",
|
|
391
|
-
snippet: "zero-width / invisible-formatting char in JSON source",
|
|
392
|
-
});
|
|
393
|
-
}
|
|
366
|
+
// Bidi / null / control / zero-width via the shared codepoint class. JSON
|
|
367
|
+
// source treats an invisible-formatting char as a `warn` (cosmetic, not a
|
|
368
|
+
// structural threat) — passed as the zero-width severity.
|
|
369
|
+
issues.push.apply(issues, codepointClass.detectCharThreats(text, opts, "json", "warn"));
|
|
394
370
|
return issues;
|
|
395
371
|
}
|
|
396
372
|
|
|
397
373
|
// _detectIssues — full validate path: raw-source pre-scan + parse +
|
|
398
374
|
// tree walk.
|
|
399
375
|
function _detectIssues(input, opts) {
|
|
400
|
-
var
|
|
401
|
-
if (
|
|
402
|
-
|
|
403
|
-
snippet: "input is not a string" }];
|
|
404
|
-
}
|
|
405
|
-
if (input.length > opts.maxBytes) {
|
|
406
|
-
return [{ kind: "too-large", severity: "high", ruleId: "json.too-large",
|
|
407
|
-
snippet: "input " + input.length +
|
|
408
|
-
" bytes exceeds maxBytes " + opts.maxBytes }];
|
|
409
|
-
}
|
|
376
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "json", noun: "input", emptyMode: "skip", scanCodepoints: false, cap: { bytes: opts.maxBytes, kind: "too-large", snippet: function (byteLen, max) { return "input " + byteLen + " bytes exceeds maxBytes " + max; } } });
|
|
377
|
+
if (pre.done) return pre.issues;
|
|
378
|
+
var issues = pre.issues;
|
|
410
379
|
|
|
411
380
|
// Raw-source pre-scan.
|
|
412
381
|
issues = issues.concat(_scanRawSource(input, opts));
|
|
@@ -616,21 +585,13 @@ function _stripPollutionTree(value, opts, depth) {
|
|
|
616
585
|
* rv.ok; // → false
|
|
617
586
|
* rv.issues.some(function (i) { return i.kind === "prototype-pollution-key"; }); // → true
|
|
618
587
|
*/
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
|
|
625
|
-
|
|
626
|
-
return {
|
|
627
|
-
ok: false,
|
|
628
|
-
issues: [{ kind: "bad-input", severity: "high",
|
|
629
|
-
snippet: "input is not a string" }],
|
|
630
|
-
};
|
|
631
|
-
}
|
|
632
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
633
|
-
}
|
|
588
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
589
|
+
// (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
|
|
590
|
+
// input, resolveOpts(opts)))`, with the maxBytes/maxDepth/maxKeysPerObject/
|
|
591
|
+
// maxArrayLength/maxStringLength/maxTotalNodes caps declared via `intOpts`.
|
|
592
|
+
// Non-string input reduces to the same single `bad-input` issue _detectIssues
|
|
593
|
+
// already emits, so the prior explicit early-return is subsumed. The
|
|
594
|
+
// @primitive block above documents the resulting ABI.
|
|
634
595
|
|
|
635
596
|
/**
|
|
636
597
|
* @primitive b.guardJson.parse
|
|
@@ -779,45 +740,65 @@ function _policyKeyForRuleId(ruleId) {
|
|
|
779
740
|
* var verdict = await jsonGate.check({ bytes: hostile });
|
|
780
741
|
* verdict.action; // → "refuse"
|
|
781
742
|
*/
|
|
743
|
+
// Disposition of each json finding = what the operator's policy for that class
|
|
744
|
+
// selected. The RFC-deviation findings (comments / trailing commas / NaN /
|
|
745
|
+
// JSON5 syntax / BOM / prototype-pollution / duplicate keys) sanitize by
|
|
746
|
+
// re-parsing under a mitigation policy and refuse under `reject`; the bidi /
|
|
747
|
+
// null / control char threats follow their shared policies; structural caps,
|
|
748
|
+
// a parse failure, and an allowlist miss always refuse; the big-integer
|
|
749
|
+
// precision and zero-width notes are audit-only. Exhaustive over every kind
|
|
750
|
+
// _detectIssues emits (the gate-disposition coverage test enforces it).
|
|
751
|
+
function _gateDispositionFor(issue, opts) {
|
|
752
|
+
var shared = gateContract.charThreatDisposition(issue, opts);
|
|
753
|
+
if (shared) return shared;
|
|
754
|
+
switch (issue.kind) {
|
|
755
|
+
case "bom-leading":
|
|
756
|
+
case "bom-mid-stream": return gateContract.policyDisposition(opts.bomPolicy);
|
|
757
|
+
case "comment-block":
|
|
758
|
+
case "comment-line": return gateContract.policyDisposition(opts.commentPolicy);
|
|
759
|
+
case "nan-infinity": return gateContract.policyDisposition(opts.nanInfinityPolicy);
|
|
760
|
+
case "trailing-comma": return gateContract.policyDisposition(opts.trailingCommaPolicy);
|
|
761
|
+
case "single-quoted-key":
|
|
762
|
+
case "hex-literal": return gateContract.policyDisposition(opts.json5SyntaxPolicy);
|
|
763
|
+
case "prototype-pollution-key": return gateContract.policyDisposition(opts.pollutionPolicy);
|
|
764
|
+
case "duplicate-key": return gateContract.policyDisposition(opts.duplicateKeyPolicy);
|
|
765
|
+
// zero-width is classified by charThreatDisposition above (its
|
|
766
|
+
// zeroWidthPolicy). numeric-precision-loss follows its own policy like every
|
|
767
|
+
// other RFC-deviation finding — under numericPrecisionPolicy:reject it
|
|
768
|
+
// refuses, not audits.
|
|
769
|
+
case "numeric-precision-loss": return gateContract.policyDisposition(opts.numericPrecisionPolicy);
|
|
770
|
+
case "node-count-cap":
|
|
771
|
+
case "depth-cap":
|
|
772
|
+
case "string-too-long":
|
|
773
|
+
case "array-length-cap":
|
|
774
|
+
case "key-count-cap":
|
|
775
|
+
case "bad-input":
|
|
776
|
+
case "too-large":
|
|
777
|
+
case "parse-failed":
|
|
778
|
+
case "missing-allowlist":
|
|
779
|
+
case "top-level-key-not-allowlisted": return "refuse";
|
|
780
|
+
default: return null;
|
|
781
|
+
}
|
|
782
|
+
}
|
|
783
|
+
|
|
782
784
|
function gate(opts) {
|
|
783
785
|
opts = _resolveOpts(opts);
|
|
784
|
-
return gateContract.
|
|
785
|
-
opts.name || "guardJson:" + (opts.profile || "default"),
|
|
786
|
-
opts,
|
|
787
|
-
|
|
788
|
-
|
|
789
|
-
|
|
790
|
-
|
|
791
|
-
|
|
792
|
-
|
|
793
|
-
|
|
794
|
-
|
|
795
|
-
|
|
796
|
-
|
|
797
|
-
|
|
798
|
-
|
|
799
|
-
|
|
800
|
-
opts.nanInfinityPolicy !== "reject" &&
|
|
801
|
-
opts.commentPolicy !== "reject" &&
|
|
802
|
-
opts.trailingCommaPolicy !== "reject" &&
|
|
803
|
-
opts.json5SyntaxPolicy !== "reject" &&
|
|
804
|
-
opts.bomPolicy !== "reject" &&
|
|
805
|
-
opts.bidiPolicy !== "reject" &&
|
|
806
|
-
opts.controlPolicy !== "reject" &&
|
|
807
|
-
opts.nullBytePolicy !== "reject";
|
|
808
|
-
if (canSanitize) {
|
|
809
|
-
try {
|
|
810
|
-
var clean = parse(text, opts);
|
|
811
|
-
var emitted = JSON.stringify(clean);
|
|
812
|
-
return {
|
|
813
|
-
ok: true, action: "sanitize",
|
|
814
|
-
sanitized: Buffer.from(emitted, "utf8"),
|
|
815
|
-
issues: rv.issues,
|
|
816
|
-
};
|
|
817
|
-
} catch (_e) { /* fall through */ }
|
|
818
|
-
}
|
|
819
|
-
return { ok: false, action: "refuse", issues: rv.issues };
|
|
820
|
-
});
|
|
786
|
+
return gateContract.buildContentGate({
|
|
787
|
+
name: opts.name || "guardJson:" + (opts.profile || "default"),
|
|
788
|
+
opts: opts,
|
|
789
|
+
validate: module.exports.validate,
|
|
790
|
+
dispositionFor: _gateDispositionFor,
|
|
791
|
+
// A sanitize-disposition finding (a class set to a mitigation) is repaired in
|
|
792
|
+
// two passes: first the char-strip policies remove bidi / control / null /
|
|
793
|
+
// zero-width per policy (so a strip-policy char threat is excised even when
|
|
794
|
+
// it sits inside a string value), then a parse + re-serialize drops
|
|
795
|
+
// __proto__ / comments / NaN / trailing commas per the active policy. Under a
|
|
796
|
+
// reject policy the finding is already refuse-disposition, so this is not
|
|
797
|
+
// reached for that class.
|
|
798
|
+
produceSanitized: function (text, o) {
|
|
799
|
+
return JSON.stringify(parse(codepointClass.applyCharStripPolicies(text, o), o));
|
|
800
|
+
},
|
|
801
|
+
});
|
|
821
802
|
}
|
|
822
803
|
|
|
823
804
|
// buildProfile / compliancePosture / loadRulePack are assembled by
|
|
@@ -840,8 +821,8 @@ var INTEGRATION_FIXTURES = Object.freeze({
|
|
|
840
821
|
// exports (NAME / KIND / MIME_TYPES / EXTENSIONS / INTEGRATION_FIXTURES),
|
|
841
822
|
// buildProfile / compliancePosture / loadRulePack wiring, plus the
|
|
842
823
|
// per-guard inspection surface (validate / parse) and JSON extras
|
|
843
|
-
// (POLLUTION_KEYS
|
|
844
|
-
// JSON's sanitize-reparse-reserialize chain unchanged.
|
|
824
|
+
// (POLLUTION_KEYS, surfaced from the framework's canonical pick.POISONED_KEYS).
|
|
825
|
+
// The bespoke `gate` carries JSON's sanitize-reparse-reserialize chain unchanged.
|
|
845
826
|
module.exports = gateContract.defineGuard({
|
|
846
827
|
name: "json",
|
|
847
828
|
kind: "content",
|
|
@@ -852,11 +833,14 @@ module.exports = gateContract.defineGuard({
|
|
|
852
833
|
mimeTypes: ["application/json", "application/ld+json", "application/vnd.api+json"],
|
|
853
834
|
extensions: [".json", ".jsonld"],
|
|
854
835
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
855
|
-
|
|
836
|
+
detect: _detectIssues,
|
|
837
|
+
intOpts: ["maxBytes", "maxDepth", "maxKeysPerObject", "maxArrayLength",
|
|
838
|
+
"maxStringLength", "maxTotalNodes"],
|
|
856
839
|
gate: gate,
|
|
857
840
|
extra: {
|
|
841
|
+
_gateDispositionForTest: _gateDispositionFor,
|
|
858
842
|
parse: parse,
|
|
859
|
-
POLLUTION_KEYS:
|
|
843
|
+
POLLUTION_KEYS: pick.POISONED_KEYS,
|
|
860
844
|
},
|
|
861
845
|
});
|
|
862
846
|
|
|
@@ -50,11 +50,9 @@
|
|
|
50
50
|
* JSONPath content-safety guard — refuses user-supplied JSONPath query strings that exhibit dynamic-code-execution shapes BEFORE they reach a JSONPath evaluator.
|
|
51
51
|
*/
|
|
52
52
|
|
|
53
|
-
var codepointClass = require("./codepoint-class");
|
|
54
53
|
var lazyRequire = require("./lazy-require");
|
|
55
54
|
var gateContract = require("./gate-contract");
|
|
56
55
|
var C = require("./constants");
|
|
57
|
-
var numericBounds = require("./numeric-bounds");
|
|
58
56
|
var { GuardJsonpathError } = require("./framework-error");
|
|
59
57
|
|
|
60
58
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
@@ -81,10 +79,7 @@ var RECURSIVE_DESCENT_RE = /\.\.\[?\*\]?/g;
|
|
|
81
79
|
|
|
82
80
|
var PROFILES = Object.freeze({
|
|
83
81
|
"strict": {
|
|
84
|
-
|
|
85
|
-
controlPolicy: "reject",
|
|
86
|
-
nullBytePolicy: "reject",
|
|
87
|
-
zeroWidthPolicy: "reject",
|
|
82
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
88
83
|
filterExprPolicy: "reject",
|
|
89
84
|
scriptExprPolicy: "reject",
|
|
90
85
|
dynamicHintPolicy: "reject",
|
|
@@ -96,10 +91,7 @@ var PROFILES = Object.freeze({
|
|
|
96
91
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
97
92
|
},
|
|
98
93
|
"balanced": {
|
|
99
|
-
|
|
100
|
-
controlPolicy: "reject",
|
|
101
|
-
nullBytePolicy: "reject",
|
|
102
|
-
zeroWidthPolicy: "reject",
|
|
94
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
103
95
|
filterExprPolicy: "reject", // RCE class — refused at every profile
|
|
104
96
|
scriptExprPolicy: "reject", // RCE class — refused at every profile
|
|
105
97
|
dynamicHintPolicy: "reject", // RCE class — refused at every profile
|
|
@@ -111,10 +103,7 @@ var PROFILES = Object.freeze({
|
|
|
111
103
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
112
104
|
},
|
|
113
105
|
"permissive": {
|
|
114
|
-
|
|
115
|
-
controlPolicy: "reject", // controls refused at every profile
|
|
116
|
-
nullBytePolicy: "reject", // null refused at every profile
|
|
117
|
-
zeroWidthPolicy: "reject", // zero-width refused at every profile
|
|
106
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
118
107
|
filterExprPolicy: "reject", // RCE class refused at every profile
|
|
119
108
|
scriptExprPolicy: "reject", // RCE class refused at every profile
|
|
120
109
|
dynamicHintPolicy: "reject", // RCE class refused at every profile
|
|
@@ -127,35 +116,6 @@ var PROFILES = Object.freeze({
|
|
|
127
116
|
},
|
|
128
117
|
});
|
|
129
118
|
|
|
130
|
-
var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
|
|
131
|
-
mode: "enforce",
|
|
132
|
-
}));
|
|
133
|
-
|
|
134
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
135
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
136
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
137
|
-
}),
|
|
138
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
139
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
140
|
-
}),
|
|
141
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
142
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
143
|
-
}),
|
|
144
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
145
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
146
|
-
}),
|
|
147
|
-
});
|
|
148
|
-
|
|
149
|
-
function _resolveOpts(opts) {
|
|
150
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
151
|
-
profiles: PROFILES,
|
|
152
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
153
|
-
defaults: DEFAULTS,
|
|
154
|
-
errorClass: GuardJsonpathError,
|
|
155
|
-
errCodePrefix: "jsonpath",
|
|
156
|
-
});
|
|
157
|
-
}
|
|
158
|
-
|
|
159
119
|
function _hasDynamicHint(input) {
|
|
160
120
|
for (var i = 0; i < DYNAMIC_HINTS.length; i += 1) {
|
|
161
121
|
if (input.indexOf(DYNAMIC_HINTS[i]) !== -1) return DYNAMIC_HINTS[i];
|
|
@@ -164,26 +124,9 @@ function _hasDynamicHint(input) {
|
|
|
164
124
|
}
|
|
165
125
|
|
|
166
126
|
function _detectIssues(input, opts) {
|
|
167
|
-
var
|
|
168
|
-
if (
|
|
169
|
-
|
|
170
|
-
ruleId: "jsonpath.bad-input",
|
|
171
|
-
snippet: "jsonpath is not a string" }];
|
|
172
|
-
}
|
|
173
|
-
if (input.length === 0) {
|
|
174
|
-
return [{ kind: "empty", severity: "high",
|
|
175
|
-
ruleId: "jsonpath.empty",
|
|
176
|
-
snippet: "jsonpath is empty" }];
|
|
177
|
-
}
|
|
178
|
-
if (Buffer.byteLength(input, "utf8") > opts.maxPatternBytes) {
|
|
179
|
-
return [{ kind: "pattern-cap", severity: "high",
|
|
180
|
-
ruleId: "jsonpath.pattern-cap",
|
|
181
|
-
snippet: "jsonpath exceeds maxPatternBytes " +
|
|
182
|
-
opts.maxPatternBytes }];
|
|
183
|
-
}
|
|
184
|
-
|
|
185
|
-
var charThreats = codepointClass.detectCharThreats(input, opts, "jsonpath");
|
|
186
|
-
for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
|
|
127
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "jsonpath", cap: { bytes: opts.maxPatternBytes, kind: "pattern-cap", snippet: "jsonpath exceeds maxPatternBytes " + opts.maxPatternBytes } });
|
|
128
|
+
if (pre.done) return pre.issues;
|
|
129
|
+
var issues = pre.issues;
|
|
187
130
|
|
|
188
131
|
if (opts.filterExprPolicy !== "allow" && FILTER_EXPR_RE.test(input)) { // allow:regex-no-length-cap — input bounded by maxPatternBytes
|
|
189
132
|
issues.push({
|
|
@@ -280,13 +223,10 @@ function _detectIssues(input, opts) {
|
|
|
280
223
|
* hostile.ok; // → false
|
|
281
224
|
* hostile.issues.some(function (i) { return i.kind === "filter-expression"; }); // → true
|
|
282
225
|
*/
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
"guardJsonpath.validate", GuardJsonpathError, "jsonpath.bad-opt");
|
|
288
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
289
|
-
}
|
|
226
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
227
|
+
// (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
|
|
228
|
+
// input, resolveOpts(opts)))`, with the numeric opts validated via `intOpts`.
|
|
229
|
+
// The @primitive block above documents the resulting public ABI.
|
|
290
230
|
|
|
291
231
|
/**
|
|
292
232
|
* @primitive b.guardJsonpath.sanitize
|
|
@@ -327,13 +267,11 @@ function validate(input, opts) {
|
|
|
327
267
|
* e.code; // → "jsonpath.filter-expression"
|
|
328
268
|
* }
|
|
329
269
|
*/
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
var issues = _detectIssues(input, opts);
|
|
336
|
-
gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardJsonpathError, codePrefix: "jsonpath" });
|
|
270
|
+
// _sanitizeTransform — the guard-specific normalize applied by defineGuard's
|
|
271
|
+
// generated sanitize AFTER resolve → detect → throw-on-refusal. JSONPath
|
|
272
|
+
// expressions cannot be safely repaired, so the transform is pure pass-through:
|
|
273
|
+
// input that survives the refusal gate is returned unchanged.
|
|
274
|
+
function _sanitizeTransform(input) {
|
|
337
275
|
return input;
|
|
338
276
|
}
|
|
339
277
|
|
|
@@ -351,13 +289,7 @@ function sanitize(input, opts) {
|
|
|
351
289
|
// Their wiki sections render from the single-sourced @abiTemplate blocks
|
|
352
290
|
// in gate-contract.js, instantiated per guard by the page generator.
|
|
353
291
|
|
|
354
|
-
var INTEGRATION_FIXTURES =
|
|
355
|
-
kind: "identifier",
|
|
356
|
-
benignBytes: Buffer.from("$.users[*].name", "utf8"),
|
|
357
|
-
hostileBytes: Buffer.from("$..[?(@.x)]", "utf8"),
|
|
358
|
-
benignIdentifier: "$.users[*].name",
|
|
359
|
-
hostileIdentifier: "$..[?(@.x)]",
|
|
360
|
-
});
|
|
292
|
+
var INTEGRATION_FIXTURES = gateContract.identifierFixtures("$.users[*].name", "$..[?(@.x)]");
|
|
361
293
|
|
|
362
294
|
// Assembled from the gate-contract guard factory: error class, registry
|
|
363
295
|
// exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
|
|
@@ -370,10 +302,10 @@ module.exports = gateContract.defineGuard({
|
|
|
370
302
|
kind: "identifier",
|
|
371
303
|
errorClass: GuardJsonpathError,
|
|
372
304
|
profiles: PROFILES,
|
|
373
|
-
|
|
374
|
-
postures: COMPLIANCE_POSTURES,
|
|
305
|
+
base: 256,
|
|
375
306
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
376
|
-
|
|
377
|
-
|
|
307
|
+
detect: _detectIssues,
|
|
308
|
+
sanitizeTransform: _sanitizeTransform,
|
|
309
|
+
intOpts: ["maxBytes", "maxPatternBytes", "maxRecursiveDescents"],
|
|
378
310
|
ctxFields: ["identifier", "jsonpath"],
|
|
379
311
|
});
|