@blamejs/blamejs-shop 0.4.55 → 0.4.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/admin.js +385 -2
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/lib/winback-campaigns.js +202 -42
- package/package.json +1 -1
|
@@ -37,11 +37,9 @@
|
|
|
37
37
|
* ISO 8601 / RFC 3339 datetime identifier-safety guard.
|
|
38
38
|
*/
|
|
39
39
|
|
|
40
|
-
var codepointClass = require("./codepoint-class");
|
|
41
40
|
var lazyRequire = require("./lazy-require");
|
|
42
41
|
var gateContract = require("./gate-contract");
|
|
43
42
|
var C = require("./constants");
|
|
44
|
-
var numericBounds = require("./numeric-bounds");
|
|
45
43
|
var { GuardTimeError } = require("./framework-error");
|
|
46
44
|
|
|
47
45
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
@@ -65,10 +63,7 @@ var MAX_FRACTIONAL_DIGITS = 9;
|
|
|
65
63
|
|
|
66
64
|
var PROFILES = Object.freeze({
|
|
67
65
|
"strict": {
|
|
68
|
-
|
|
69
|
-
controlPolicy: "reject",
|
|
70
|
-
nullBytePolicy: "reject",
|
|
71
|
-
zeroWidthPolicy: "reject",
|
|
66
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
72
67
|
naiveDatetimePolicy: "reject",
|
|
73
68
|
nonUtcOffsetPolicy: "reject",
|
|
74
69
|
leapSecondPolicy: "reject",
|
|
@@ -82,10 +77,7 @@ var PROFILES = Object.freeze({
|
|
|
82
77
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
83
78
|
},
|
|
84
79
|
"balanced": {
|
|
85
|
-
|
|
86
|
-
controlPolicy: "reject",
|
|
87
|
-
nullBytePolicy: "reject",
|
|
88
|
-
zeroWidthPolicy: "reject",
|
|
80
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
89
81
|
naiveDatetimePolicy: "reject",
|
|
90
82
|
nonUtcOffsetPolicy: "audit",
|
|
91
83
|
leapSecondPolicy: "audit",
|
|
@@ -99,10 +91,7 @@ var PROFILES = Object.freeze({
|
|
|
99
91
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
100
92
|
},
|
|
101
93
|
"permissive": {
|
|
102
|
-
|
|
103
|
-
controlPolicy: "reject", // controls refused at every profile
|
|
104
|
-
nullBytePolicy: "reject", // null refused at every profile
|
|
105
|
-
zeroWidthPolicy: "reject", // zero-width refused at every profile
|
|
94
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
106
95
|
naiveDatetimePolicy: "audit",
|
|
107
96
|
nonUtcOffsetPolicy: "allow",
|
|
108
97
|
leapSecondPolicy: "allow",
|
|
@@ -117,57 +106,16 @@ var PROFILES = Object.freeze({
|
|
|
117
106
|
},
|
|
118
107
|
});
|
|
119
108
|
|
|
120
|
-
var DEFAULTS =
|
|
121
|
-
mode: "enforce",
|
|
122
|
-
}));
|
|
109
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES);
|
|
123
110
|
|
|
124
|
-
var COMPLIANCE_POSTURES =
|
|
125
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
126
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
127
|
-
}),
|
|
128
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
129
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
130
|
-
}),
|
|
131
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
132
|
-
forensicSnippetBytes: C.BYTES.bytes(64),
|
|
133
|
-
}),
|
|
134
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
135
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
136
|
-
}),
|
|
137
|
-
});
|
|
138
|
-
|
|
139
|
-
function _resolveOpts(opts) {
|
|
140
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
141
|
-
profiles: PROFILES,
|
|
142
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
143
|
-
defaults: DEFAULTS,
|
|
144
|
-
errorClass: GuardTimeError,
|
|
145
|
-
errCodePrefix: "time",
|
|
146
|
-
});
|
|
147
|
-
}
|
|
111
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 128 });
|
|
148
112
|
|
|
149
113
|
// ---- Detection ----
|
|
150
114
|
|
|
151
115
|
function _detectIssues(input, opts) {
|
|
152
|
-
var
|
|
153
|
-
if (
|
|
154
|
-
|
|
155
|
-
ruleId: "time.bad-input",
|
|
156
|
-
snippet: "time is not a string" }];
|
|
157
|
-
}
|
|
158
|
-
if (input.length === 0) {
|
|
159
|
-
return [{ kind: "empty", severity: "high",
|
|
160
|
-
ruleId: "time.empty",
|
|
161
|
-
snippet: "time is empty" }];
|
|
162
|
-
}
|
|
163
|
-
if (Buffer.byteLength(input, "utf8") > opts.maxBytes) {
|
|
164
|
-
return [{ kind: "time-cap", severity: "high",
|
|
165
|
-
ruleId: "time.time-cap",
|
|
166
|
-
snippet: "time input exceeds maxBytes " + opts.maxBytes }];
|
|
167
|
-
}
|
|
168
|
-
|
|
169
|
-
var charThreats = codepointClass.detectCharThreats(input, opts, "time");
|
|
170
|
-
for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
|
|
116
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "time", cap: { bytes: opts.maxBytes } });
|
|
117
|
+
if (pre.done) return pre.issues;
|
|
118
|
+
var issues = pre.issues;
|
|
171
119
|
|
|
172
120
|
// Date-only / time-only quick checks BEFORE the full RFC 3339 regex
|
|
173
121
|
// so the operator gets a more actionable diagnosis.
|
|
@@ -371,21 +319,13 @@ function _detectIssues(input, opts) {
|
|
|
371
319
|
* bad.ok; // → false
|
|
372
320
|
* bad.issues[0].ruleId; // → "time.year-out-of-range"
|
|
373
321
|
*/
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
ok: false,
|
|
382
|
-
issues: [{ kind: "bad-input", severity: "high",
|
|
383
|
-
ruleId: "time.bad-input",
|
|
384
|
-
snippet: "time is not a string" }],
|
|
385
|
-
};
|
|
386
|
-
}
|
|
387
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
388
|
-
}
|
|
322
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
323
|
+
// (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
|
|
324
|
+
// input, resolveOpts(opts)))`, with maxBytes / minYear / maxYear /
|
|
325
|
+
// maxFractionalDigits declared via `intOpts`. _detectIssues returns the
|
|
326
|
+
// `time.bad-input` issue for a non-string, so validate reports
|
|
327
|
+
// `{ ok: false }` there without a bespoke early-return. The @primitive
|
|
328
|
+
// block above documents the resulting public ABI.
|
|
389
329
|
|
|
390
330
|
/**
|
|
391
331
|
* @primitive b.guardTime.sanitize
|
|
@@ -417,15 +357,12 @@ function validate(input, opts) {
|
|
|
417
357
|
* e.code; // → "time.leap-second"
|
|
418
358
|
* }
|
|
419
359
|
*/
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardTimeError, codePrefix: "time" });
|
|
427
|
-
// Normalize: lowercase the trailing `T` separator, uppercase the
|
|
428
|
-
// `Z` UTC marker.
|
|
360
|
+
// _sanitizeTransform — the guard-specific normalize applied by defineGuard's
|
|
361
|
+
// generated sanitize AFTER resolve → detect → throw-on-refusal. Input is an
|
|
362
|
+
// already-validated string at this point (a non-string refuses upstream).
|
|
363
|
+
function _sanitizeTransform(input) {
|
|
364
|
+
// Normalize: replace the legacy space separator with `T`, uppercase the
|
|
365
|
+
// trailing `z` UTC marker.
|
|
429
366
|
return input.replace(/(\d) /, "$1T").replace(/z$/, "Z");
|
|
430
367
|
}
|
|
431
368
|
|
|
@@ -434,15 +371,9 @@ function sanitize(input, opts) {
|
|
|
434
371
|
// single-sourced @abiTemplate (defineGuard) blocks in gate-contract.js,
|
|
435
372
|
// instantiated per guard by the page generator.
|
|
436
373
|
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
hostileBytes: Buffer.from("2026-05-05 12:34:56", "utf8"),
|
|
441
|
-
benignIdentifier: "2026-05-05T12:34:56Z",
|
|
442
|
-
// Hostile: naive datetime (space separator + no offset) — refused
|
|
443
|
-
// at strict (cross-region ambiguity class).
|
|
444
|
-
hostileIdentifier: "2026-05-05 12:34:56",
|
|
445
|
-
});
|
|
374
|
+
// Hostile: naive datetime (space separator + no offset) — refused at
|
|
375
|
+
// strict (cross-region ambiguity class).
|
|
376
|
+
var INTEGRATION_FIXTURES = gateContract.identifierFixtures("2026-05-05T12:34:56Z", "2026-05-05 12:34:56");
|
|
446
377
|
|
|
447
378
|
// Assembled from the gate-contract guard factory: error class, registry
|
|
448
379
|
// exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
|
|
@@ -458,7 +389,8 @@ module.exports = gateContract.defineGuard({
|
|
|
458
389
|
defaults: DEFAULTS,
|
|
459
390
|
postures: COMPLIANCE_POSTURES,
|
|
460
391
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
461
|
-
|
|
462
|
-
|
|
392
|
+
detect: _detectIssues,
|
|
393
|
+
sanitizeTransform: _sanitizeTransform,
|
|
394
|
+
intOpts: ["maxBytes", "minYear", "maxYear", "maxFractionalDigits"],
|
|
463
395
|
ctxFields: ["identifier", "timestamp", "time"],
|
|
464
396
|
});
|
|
@@ -33,11 +33,9 @@
|
|
|
33
33
|
* UUID identifier-safety guard.
|
|
34
34
|
*/
|
|
35
35
|
|
|
36
|
-
var codepointClass = require("./codepoint-class");
|
|
37
36
|
var lazyRequire = require("./lazy-require");
|
|
38
37
|
var gateContract = require("./gate-contract");
|
|
39
38
|
var C = require("./constants");
|
|
40
|
-
var numericBounds = require("./numeric-bounds");
|
|
41
39
|
var { GuardUuidError } = require("./framework-error");
|
|
42
40
|
|
|
43
41
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
@@ -66,10 +64,7 @@ var MAX_HEX = "ffffffffffffffffffffffffffffffff";
|
|
|
66
64
|
|
|
67
65
|
var PROFILES = Object.freeze({
|
|
68
66
|
"strict": {
|
|
69
|
-
|
|
70
|
-
controlPolicy: "reject",
|
|
71
|
-
nullBytePolicy: "reject",
|
|
72
|
-
zeroWidthPolicy: "reject",
|
|
67
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
73
68
|
formatPolicy: "hyphenated-only", // hyphenated | hyphenless | braced | urn | hyphenated-only | any
|
|
74
69
|
versionPolicy: "reject-unassigned", // reject-unassigned | audit | allow
|
|
75
70
|
variantPolicy: "reject-non-rfc", // reject-non-rfc | audit | allow
|
|
@@ -82,10 +77,7 @@ var PROFILES = Object.freeze({
|
|
|
82
77
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
83
78
|
},
|
|
84
79
|
"balanced": {
|
|
85
|
-
|
|
86
|
-
controlPolicy: "reject",
|
|
87
|
-
nullBytePolicy: "reject",
|
|
88
|
-
zeroWidthPolicy: "reject",
|
|
80
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
89
81
|
formatPolicy: "any",
|
|
90
82
|
versionPolicy: "reject-unassigned",
|
|
91
83
|
variantPolicy: "audit",
|
|
@@ -98,10 +90,7 @@ var PROFILES = Object.freeze({
|
|
|
98
90
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
99
91
|
},
|
|
100
92
|
"permissive": {
|
|
101
|
-
|
|
102
|
-
controlPolicy: "reject", // controls refused at every profile
|
|
103
|
-
nullBytePolicy: "reject", // null refused at every profile
|
|
104
|
-
zeroWidthPolicy: "reject", // zero-width refused at every profile
|
|
93
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
105
94
|
formatPolicy: "any",
|
|
106
95
|
versionPolicy: "audit",
|
|
107
96
|
variantPolicy: "allow",
|
|
@@ -115,34 +104,9 @@ var PROFILES = Object.freeze({
|
|
|
115
104
|
},
|
|
116
105
|
});
|
|
117
106
|
|
|
118
|
-
var DEFAULTS =
|
|
119
|
-
mode: "enforce",
|
|
120
|
-
}));
|
|
107
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES);
|
|
121
108
|
|
|
122
|
-
var COMPLIANCE_POSTURES =
|
|
123
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
124
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
125
|
-
}),
|
|
126
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
127
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
128
|
-
}),
|
|
129
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
130
|
-
forensicSnippetBytes: C.BYTES.bytes(64),
|
|
131
|
-
}),
|
|
132
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
133
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
134
|
-
}),
|
|
135
|
-
});
|
|
136
|
-
|
|
137
|
-
function _resolveOpts(opts) {
|
|
138
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
139
|
-
profiles: PROFILES,
|
|
140
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
141
|
-
defaults: DEFAULTS,
|
|
142
|
-
errorClass: GuardUuidError,
|
|
143
|
-
errCodePrefix: "uuid",
|
|
144
|
-
});
|
|
145
|
-
}
|
|
109
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 128 });
|
|
146
110
|
|
|
147
111
|
function _classifyForm(input) {
|
|
148
112
|
if (UUID_URN_RE.test(input)) return "urn"; // allow:regex-no-length-cap — input bounded by maxBytes
|
|
@@ -161,26 +125,9 @@ function _toCanonicalHex(input, form) {
|
|
|
161
125
|
}
|
|
162
126
|
|
|
163
127
|
function _detectIssues(input, opts) {
|
|
164
|
-
var
|
|
165
|
-
if (
|
|
166
|
-
|
|
167
|
-
ruleId: "uuid.bad-input",
|
|
168
|
-
snippet: "uuid is not a string" }];
|
|
169
|
-
}
|
|
170
|
-
if (input.length === 0) {
|
|
171
|
-
return [{ kind: "empty", severity: "high",
|
|
172
|
-
ruleId: "uuid.empty",
|
|
173
|
-
snippet: "uuid is empty" }];
|
|
174
|
-
}
|
|
175
|
-
if (Buffer.byteLength(input, "utf8") > opts.maxBytes) {
|
|
176
|
-
return [{ kind: "uuid-cap", severity: "high",
|
|
177
|
-
ruleId: "uuid.uuid-cap",
|
|
178
|
-
snippet: "uuid input exceeds maxBytes " + opts.maxBytes }];
|
|
179
|
-
}
|
|
180
|
-
|
|
181
|
-
// Codepoint-class threats (universal refuse — runs first).
|
|
182
|
-
var charThreats = codepointClass.detectCharThreats(input, opts, "uuid");
|
|
183
|
-
for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
|
|
128
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "uuid", cap: { bytes: opts.maxBytes } });
|
|
129
|
+
if (pre.done) return pre.issues;
|
|
130
|
+
var issues = pre.issues;
|
|
184
131
|
|
|
185
132
|
// Format classification.
|
|
186
133
|
var form = _classifyForm(input);
|
|
@@ -330,21 +277,10 @@ function _detectIssues(input, opts) {
|
|
|
330
277
|
* bad.ok; // → false
|
|
331
278
|
* bad.issues[0].ruleId; // → "uuid.nil"
|
|
332
279
|
*/
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
"guardUuid.validate", GuardUuidError, "uuid.bad-opt");
|
|
338
|
-
if (typeof input !== "string") {
|
|
339
|
-
return {
|
|
340
|
-
ok: false,
|
|
341
|
-
issues: [{ kind: "bad-input", severity: "high",
|
|
342
|
-
ruleId: "uuid.bad-input",
|
|
343
|
-
snippet: "uuid is not a string" }],
|
|
344
|
-
};
|
|
345
|
-
}
|
|
346
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
347
|
-
}
|
|
280
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
281
|
+
// (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
|
|
282
|
+
// input, resolveOpts(opts)))`, with the maxBytes cap declared via `intOpts`.
|
|
283
|
+
// The @primitive block above documents the resulting public ABI.
|
|
348
284
|
|
|
349
285
|
/**
|
|
350
286
|
* @primitive b.guardUuid.sanitize
|
|
@@ -376,13 +312,10 @@ function validate(input, opts) {
|
|
|
376
312
|
* e.code; // → "uuid.max"
|
|
377
313
|
* }
|
|
378
314
|
*/
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
}
|
|
384
|
-
var issues = _detectIssues(input, opts);
|
|
385
|
-
gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardUuidError, codePrefix: "uuid" });
|
|
315
|
+
// _sanitizeTransform — the guard-specific normalize applied by defineGuard's
|
|
316
|
+
// generated sanitize AFTER resolve → detect → throw-on-refusal. Input is an
|
|
317
|
+
// already-validated string at this point (a non-string refuses upstream).
|
|
318
|
+
function _sanitizeTransform(input) {
|
|
386
319
|
// Safe transforms: lowercase + strip braces / urn prefix → canonical
|
|
387
320
|
// hyphenated form.
|
|
388
321
|
var form = _classifyForm(input);
|
|
@@ -398,14 +331,8 @@ function sanitize(input, opts) {
|
|
|
398
331
|
// single-sourced @abiTemplate (defineGuard) blocks in gate-contract.js,
|
|
399
332
|
// instantiated per guard by the page generator.
|
|
400
333
|
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
benignBytes: Buffer.from("550e8400-e29b-41d4-a716-446655440000", "utf8"),
|
|
404
|
-
hostileBytes: Buffer.from("00000000-0000-0000-0000-000000000000", "utf8"),
|
|
405
|
-
benignIdentifier: "550e8400-e29b-41d4-a716-446655440000",
|
|
406
|
-
// Hostile: nil UUID — refused at strict (sentinel-leak class).
|
|
407
|
-
hostileIdentifier: "00000000-0000-0000-0000-000000000000",
|
|
408
|
-
});
|
|
334
|
+
// Hostile: nil UUID — refused at strict (sentinel-leak class).
|
|
335
|
+
var INTEGRATION_FIXTURES = gateContract.identifierFixtures("550e8400-e29b-41d4-a716-446655440000", "00000000-0000-0000-0000-000000000000");
|
|
409
336
|
|
|
410
337
|
// Assembled from the gate-contract guard factory: error class, registry
|
|
411
338
|
// exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
|
|
@@ -421,7 +348,8 @@ module.exports = gateContract.defineGuard({
|
|
|
421
348
|
defaults: DEFAULTS,
|
|
422
349
|
postures: COMPLIANCE_POSTURES,
|
|
423
350
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
424
|
-
|
|
425
|
-
|
|
351
|
+
detect: _detectIssues,
|
|
352
|
+
sanitizeTransform: _sanitizeTransform,
|
|
353
|
+
intOpts: ["maxBytes"],
|
|
426
354
|
ctxFields: ["identifier", "uuid"],
|
|
427
355
|
});
|
|
@@ -71,7 +71,6 @@ var codepointClass = require("./codepoint-class");
|
|
|
71
71
|
var lazyRequire = require("./lazy-require");
|
|
72
72
|
var gateContract = require("./gate-contract");
|
|
73
73
|
var C = require("./constants");
|
|
74
|
-
var numericBounds = require("./numeric-bounds");
|
|
75
74
|
var { GuardXmlError } = require("./framework-error");
|
|
76
75
|
|
|
77
76
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
@@ -113,10 +112,7 @@ var PROFILES = Object.freeze({
|
|
|
113
112
|
processingInstrPolicy: "reject",
|
|
114
113
|
cdataPolicy: "reject",
|
|
115
114
|
xmlDsigPolicy: "audit",
|
|
116
|
-
|
|
117
|
-
controlPolicy: "reject",
|
|
118
|
-
nullBytePolicy: "reject",
|
|
119
|
-
zeroWidthPolicy: "reject",
|
|
115
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
120
116
|
maxBytes: C.BYTES.mib(2),
|
|
121
117
|
maxDepth: 64, // recursion depth, not byte size
|
|
122
118
|
maxElements: 8192, // element count cap, not byte size
|
|
@@ -166,47 +162,17 @@ var PROFILES = Object.freeze({
|
|
|
166
162
|
},
|
|
167
163
|
});
|
|
168
164
|
|
|
169
|
-
var DEFAULTS =
|
|
170
|
-
mode: "enforce",
|
|
165
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES, {
|
|
171
166
|
maxRuntimeMs: C.TIME.seconds(10),
|
|
172
|
-
}));
|
|
173
|
-
|
|
174
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
175
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
176
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
177
|
-
}),
|
|
178
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
179
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
180
|
-
}),
|
|
181
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
182
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
183
|
-
}),
|
|
184
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
185
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
186
|
-
}),
|
|
187
167
|
});
|
|
188
168
|
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
profiles: PROFILES,
|
|
192
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
193
|
-
defaults: DEFAULTS,
|
|
194
|
-
errorClass: GuardXmlError,
|
|
195
|
-
errCodePrefix: "xml",
|
|
196
|
-
});
|
|
197
|
-
}
|
|
169
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
|
|
170
|
+
|
|
198
171
|
|
|
199
172
|
function _detectIssues(input, opts) {
|
|
200
|
-
var
|
|
201
|
-
if (
|
|
202
|
-
|
|
203
|
-
snippet: "input is not a string" }];
|
|
204
|
-
}
|
|
205
|
-
if (input.length > opts.maxBytes) {
|
|
206
|
-
return [{ kind: "too-large", severity: "high", ruleId: "xml.too-large",
|
|
207
|
-
snippet: "input " + input.length +
|
|
208
|
-
" bytes exceeds maxBytes " + opts.maxBytes }];
|
|
209
|
-
}
|
|
173
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "xml", noun: "input", emptyMode: "skip", scanCodepoints: false, cap: { bytes: opts.maxBytes, kind: "too-large", snippet: function (byteLen, max) { return "input " + byteLen + " bytes exceeds maxBytes " + max; } } });
|
|
174
|
+
if (pre.done) return pre.issues;
|
|
175
|
+
var issues = pre.issues;
|
|
210
176
|
|
|
211
177
|
// 1. DOCTYPE.
|
|
212
178
|
if (opts.doctypePolicy !== "allow" && DOCTYPE_RE.test(input)) { // allow:regex-no-length-cap — input bounded by maxBytes above
|
|
@@ -301,8 +267,8 @@ function _detectIssues(input, opts) {
|
|
|
301
267
|
// CVE-2026-33036 .NET XmlReader class). Counted regardless of
|
|
302
268
|
// entityPolicy so signed-XML paths that need entities-allowed don't
|
|
303
269
|
// get the NCR cap disabled with them. The `maxNumericCharRefs` opt
|
|
304
|
-
// is validated
|
|
305
|
-
// at the public
|
|
270
|
+
// is validated as a positive-finite int via defineGuard's `intOpts`
|
|
271
|
+
// at the public validate boundary.
|
|
306
272
|
var ncrCap = opts.maxNumericCharRefs;
|
|
307
273
|
if (ncrCap !== undefined && ncrCap !== null) {
|
|
308
274
|
var ncrMatches = input.match(NUMERIC_CHAR_REF_RE); // allow:regex-no-length-cap — input bounded by maxBytes above
|
|
@@ -320,7 +286,7 @@ function _detectIssues(input, opts) {
|
|
|
320
286
|
}
|
|
321
287
|
|
|
322
288
|
// 9. Codepoint-class threats.
|
|
323
|
-
issues.push.apply(issues, codepointClass.detectCharThreats(input, opts, "xml"));
|
|
289
|
+
issues.push.apply(issues, codepointClass.detectCharThreats(input, opts, "xml", "warn"));
|
|
324
290
|
|
|
325
291
|
// 10. Element + depth + attribute caps via tag count.
|
|
326
292
|
var openTags = (input.match(/<[A-Za-z][\w:-]*/g) || []).length;
|
|
@@ -415,21 +381,11 @@ function _detectIssues(input, opts) {
|
|
|
415
381
|
* rv.ok; // → false
|
|
416
382
|
* rv.issues.some(function (i) { return i.kind === "doctype"; }); // → true
|
|
417
383
|
*/
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
"guardXml.validate", GuardXmlError, "xml.bad-opt");
|
|
424
|
-
if (typeof input !== "string") {
|
|
425
|
-
return {
|
|
426
|
-
ok: false,
|
|
427
|
-
issues: [{ kind: "bad-input", severity: "high",
|
|
428
|
-
snippet: "input is not a string" }],
|
|
429
|
-
};
|
|
430
|
-
}
|
|
431
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
432
|
-
}
|
|
384
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
385
|
+
// (_detectIssues), with the positive-finite-int caps declared via `intOpts`.
|
|
386
|
+
// A non-string input falls through _detectIssues' xml.bad-input issue, which
|
|
387
|
+
// aggregateIssues reports as ok:false. The @primitive block above documents
|
|
388
|
+
// the resulting ABI.
|
|
433
389
|
|
|
434
390
|
/**
|
|
435
391
|
* @primitive b.guardXml.sanitize
|
|
@@ -469,18 +425,12 @@ function validate(input, opts) {
|
|
|
469
425
|
* });
|
|
470
426
|
* clean.indexOf(ZWSP) === -1; // → true
|
|
471
427
|
*/
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
// shapes (DOCTYPE / ENTITY / external / parameter-entity) have no
|
|
479
|
-
// safe sanitization; throw.
|
|
480
|
-
var issues = _detectIssues(input, opts);
|
|
481
|
-
gateContract.throwOnRefusalSeverity(issues,
|
|
482
|
-
{ errorClass: GuardXmlError, codePrefix: "xml", severities: ["critical"] });
|
|
483
|
-
// Strip character-class threats per policy via the shared helper.
|
|
428
|
+
// _sanitizeTransform — the normalize tail applied by defineGuard's generated
|
|
429
|
+
// sanitize AFTER resolve -> detect -> throwOnRefusalSeverity. spec.sanitizeSeverities
|
|
430
|
+
// is ["critical"], so the critical structural shapes (DOCTYPE / ENTITY /
|
|
431
|
+
// external / parameter-entity) throw upstream; the strip-able character-class
|
|
432
|
+
// threats (BOM, bidi, C0, null, zero-width) are repaired here per policy.
|
|
433
|
+
function _sanitizeTransform(input, opts) {
|
|
484
434
|
return codepointClass.applyCharStripPolicies(input, opts);
|
|
485
435
|
}
|
|
486
436
|
|
|
@@ -521,35 +471,49 @@ function sanitize(input, opts) {
|
|
|
521
471
|
* var verdict = await xmlGate.check({ bytes: hostile });
|
|
522
472
|
* verdict.action; // → "refuse"
|
|
523
473
|
*/
|
|
474
|
+
// Disposition of each xml finding = what the operator's policy for that class
|
|
475
|
+
// selected. The XXE / injection classes (DOCTYPE / entity / external-entity /
|
|
476
|
+
// XInclude / schema-location / processing-instruction / CDATA / XML-signature)
|
|
477
|
+
// and the bidi / null / control char threats follow their policies (refuse
|
|
478
|
+
// under `reject`, audit under `audit`, sanitize under `strip`). A parameter
|
|
479
|
+
// entity rides the entity policy. The numeric-char-ref / element / depth caps
|
|
480
|
+
// and a bad input always refuse. Exhaustive over every kind _detectIssues emits.
|
|
481
|
+
function _gateDispositionFor(issue, opts) {
|
|
482
|
+
var shared = gateContract.charThreatDisposition(issue, opts);
|
|
483
|
+
if (shared) return shared;
|
|
484
|
+
switch (issue.kind) {
|
|
485
|
+
case "doctype": return gateContract.policyDisposition(opts.doctypePolicy);
|
|
486
|
+
case "entity-declaration":
|
|
487
|
+
case "parameter-entity": return gateContract.policyDisposition(opts.entityPolicy);
|
|
488
|
+
case "external-entity": return gateContract.policyDisposition(opts.externalEntityPolicy);
|
|
489
|
+
case "xinclude": return gateContract.policyDisposition(opts.xincludePolicy);
|
|
490
|
+
case "schema-location": return gateContract.policyDisposition(opts.schemaLocationPolicy);
|
|
491
|
+
case "processing-instruction": return gateContract.policyDisposition(opts.processingInstrPolicy);
|
|
492
|
+
case "cdata": return gateContract.policyDisposition(opts.cdataPolicy);
|
|
493
|
+
case "xml-signature": return gateContract.policyDisposition(opts.xmlDsigPolicy);
|
|
494
|
+
case "numeric-char-ref-cap":
|
|
495
|
+
case "element-cap":
|
|
496
|
+
case "depth-cap":
|
|
497
|
+
case "bad-input":
|
|
498
|
+
case "too-large": return "refuse";
|
|
499
|
+
default: return null;
|
|
500
|
+
}
|
|
501
|
+
}
|
|
502
|
+
|
|
524
503
|
function gate(opts) {
|
|
525
|
-
opts =
|
|
526
|
-
return gateContract.
|
|
527
|
-
opts.name || "guardXml:" + (opts.profile || "default"),
|
|
528
|
-
opts,
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
|
|
535
|
-
|
|
536
|
-
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
// Sanitize-eligibility: every reject-policy off.
|
|
540
|
-
var canSanitize = opts.doctypePolicy !== "reject" &&
|
|
541
|
-
opts.entityPolicy !== "reject" &&
|
|
542
|
-
opts.externalEntityPolicy !== "reject";
|
|
543
|
-
if (canSanitize) {
|
|
544
|
-
try {
|
|
545
|
-
var clean = sanitize(text, opts);
|
|
546
|
-
return { ok: true, action: "sanitize",
|
|
547
|
-
sanitized: Buffer.from(clean, "utf8"),
|
|
548
|
-
issues: rv.issues };
|
|
549
|
-
} catch (_e) { /* fall through */ }
|
|
550
|
-
}
|
|
551
|
-
return { ok: false, action: "refuse", issues: rv.issues };
|
|
552
|
-
});
|
|
504
|
+
opts = _guard.resolveOpts(opts);
|
|
505
|
+
return gateContract.buildContentGate({
|
|
506
|
+
name: opts.name || "guardXml:" + (opts.profile || "default"),
|
|
507
|
+
opts: opts,
|
|
508
|
+
validate: module.exports.validate,
|
|
509
|
+
dispositionFor: _gateDispositionFor,
|
|
510
|
+
// The strip transform, NOT the public `sanitize` — that one throws on a
|
|
511
|
+
// critical finding (e.g. a bidi override) regardless of the strip policy,
|
|
512
|
+
// which would turn a policy-selected sanitize into a refuse. Only the
|
|
513
|
+
// char-threat classes (strip policy) reach sanitize; the XXE / injection
|
|
514
|
+
// classes are refuse / audit by policy.
|
|
515
|
+
produceSanitized: function (text, o) { return _sanitizeTransform(text, o); },
|
|
516
|
+
});
|
|
553
517
|
}
|
|
554
518
|
|
|
555
519
|
// buildProfile / compliancePosture / loadRulePack are assembled by
|
|
@@ -571,11 +535,13 @@ var INTEGRATION_FIXTURES = Object.freeze({
|
|
|
571
535
|
|
|
572
536
|
// Assembled from the gate-contract guard factory: error class, registry
|
|
573
537
|
// exports (NAME / KIND / MIME_TYPES / EXTENSIONS / INTEGRATION_FIXTURES),
|
|
574
|
-
// buildProfile / compliancePosture / loadRulePack wiring, plus
|
|
575
|
-
//
|
|
576
|
-
//
|
|
577
|
-
//
|
|
578
|
-
|
|
538
|
+
// buildProfile / compliancePosture / loadRulePack wiring, plus validate /
|
|
539
|
+
// sanitize generated from `detect` (_detectIssues) + `sanitizeTransform`
|
|
540
|
+
// (_sanitizeTransform) — sanitizeSeverities ["critical"] keeps DOCTYPE /
|
|
541
|
+
// ENTITY / external / parameter-entity throwing while strip-able char-class
|
|
542
|
+
// threats are repaired. The bespoke `gate` carries XML's per-policy
|
|
543
|
+
// canSanitize matrix unchanged.
|
|
544
|
+
var _guard = module.exports = gateContract.defineGuard({
|
|
579
545
|
name: "xml",
|
|
580
546
|
kind: "content",
|
|
581
547
|
errorClass: GuardXmlError,
|
|
@@ -585,7 +551,11 @@ module.exports = gateContract.defineGuard({
|
|
|
585
551
|
mimeTypes: ["application/xml", "text/xml"],
|
|
586
552
|
extensions: [".xml"],
|
|
587
553
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
588
|
-
|
|
589
|
-
|
|
554
|
+
detect: _detectIssues,
|
|
555
|
+
sanitizeTransform: _sanitizeTransform,
|
|
556
|
+
sanitizeSeverities: ["critical"],
|
|
557
|
+
intOpts: ["maxBytes", "maxDepth", "maxElements", "maxAttrsPerElement",
|
|
558
|
+
"maxAttrValueBytes", "maxNumericCharRefs"],
|
|
590
559
|
gate: gate,
|
|
560
|
+
extra: { _gateDispositionForTest: _gateDispositionFor },
|
|
591
561
|
});
|