@blamejs/blamejs-shop 0.4.55 → 0.4.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/admin.js +385 -2
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/lib/winback-campaigns.js +202 -42
- package/package.json +1 -1
|
@@ -203,6 +203,40 @@ function testGuardJsonStringLengthCap() {
|
|
|
203
203
|
rv.issues.some(function (i) { return i.kind === "string-too-long"; }));
|
|
204
204
|
}
|
|
205
205
|
|
|
206
|
+
function testGuardJsonByteCap() {
|
|
207
|
+
// maxBytes is a BYTE cap — multibyte input must be measured by UTF-8
|
|
208
|
+
// byte length, not UTF-16 code-unit count (.length). "é" is one code
|
|
209
|
+
// unit but two bytes, so a string under the char count can still
|
|
210
|
+
// exceed the byte cap.
|
|
211
|
+
var inner = "é".repeat(25);
|
|
212
|
+
var s = JSON.stringify(inner); // .length ~27, bytes ~52
|
|
213
|
+
var byteLen = Buffer.byteLength(s, "utf8");
|
|
214
|
+
// Cap sits between the code-unit count and the byte length so a
|
|
215
|
+
// char-length check would (wrongly) pass while a byte check refuses.
|
|
216
|
+
var cap = s.length + 5;
|
|
217
|
+
check("byte-cap fixture: bytes exceed cap but code units do not",
|
|
218
|
+
byteLen > cap && s.length <= cap);
|
|
219
|
+
var rv = b.guardJson.validate(s, { maxBytes: cap });
|
|
220
|
+
check("multibyte input over the byte cap is refused (too-large by bytes)",
|
|
221
|
+
rv.issues.some(function (i) {
|
|
222
|
+
return i.kind === "too-large" && i.ruleId === "json.too-large";
|
|
223
|
+
}));
|
|
224
|
+
|
|
225
|
+
// ASCII inputs (one byte per code unit) are unaffected — a byte-length
|
|
226
|
+
// cap that exactly admits the string must still pass.
|
|
227
|
+
var ascii = '"' + "x".repeat(20) + '"'; // 22 bytes, 22 code units
|
|
228
|
+
var rvAscii = b.guardJson.validate(ascii, { maxBytes: 64 });
|
|
229
|
+
check("ASCII input within the byte cap is not flagged too-large",
|
|
230
|
+
!rvAscii.issues.some(function (i) { return i.kind === "too-large"; }));
|
|
231
|
+
|
|
232
|
+
// Non-string input keeps the bad-input shape and now carries a ruleId.
|
|
233
|
+
var rvBad = b.guardJson.validate(12345, { maxBytes: 64 });
|
|
234
|
+
check("non-string input → bad-input with json.bad-input ruleId",
|
|
235
|
+
rvBad.issues.some(function (i) {
|
|
236
|
+
return i.kind === "bad-input" && i.ruleId === "json.bad-input";
|
|
237
|
+
}));
|
|
238
|
+
}
|
|
239
|
+
|
|
206
240
|
function testGuardJsonNumericPrecision() {
|
|
207
241
|
var rv = b.guardJson.validate('{"id":99999999999999999999}', { profile: "strict" });
|
|
208
242
|
check("numeric precision-loss detected (above MAX_SAFE_INTEGER)",
|
|
@@ -267,6 +301,24 @@ async function testGuardJsonGate() {
|
|
|
267
301
|
hostile.action !== "serve");
|
|
268
302
|
}
|
|
269
303
|
|
|
304
|
+
async function testGuardJsonGateSanitizeByPolicy() {
|
|
305
|
+
// The gate decides sanitize-vs-refuse from the finding's OWN policy, not a
|
|
306
|
+
// global "is any policy reject?" guess that wrongly blocked sanitize for
|
|
307
|
+
// unrelated findings. So the SAME __proto__ input REFUSES under
|
|
308
|
+
// pollutionPolicy=reject and SANITIZES under pollutionPolicy=strip (the
|
|
309
|
+
// parse drops __proto__) — independent of the other policies' reject state.
|
|
310
|
+
var pollute = Buffer.from('{"__proto__":{"x":1},"keep":2}', "utf8");
|
|
311
|
+
var reject = await b.guardJson.gate({ profile: "strict", pollutionPolicy: "reject" })
|
|
312
|
+
.check({ bytes: pollute });
|
|
313
|
+
check("pollutionPolicy=reject → refuse", reject.action === "refuse");
|
|
314
|
+
var strip = await b.guardJson.gate({ profile: "strict", pollutionPolicy: "strip" })
|
|
315
|
+
.check({ bytes: pollute });
|
|
316
|
+
check("pollutionPolicy=strip → sanitize (__proto__ dropped per policy)",
|
|
317
|
+
strip.action === "sanitize" &&
|
|
318
|
+
strip.sanitized.toString("utf8").indexOf("__proto__") === -1 &&
|
|
319
|
+
strip.sanitized.toString("utf8").indexOf("keep") !== -1);
|
|
320
|
+
}
|
|
321
|
+
|
|
270
322
|
function testGuardJsonCompliancePosture() {
|
|
271
323
|
var hipaa = b.guardJson.compliancePosture("hipaa");
|
|
272
324
|
check("compliancePosture('hipaa') sets reject policies",
|
|
@@ -304,6 +356,7 @@ async function run() {
|
|
|
304
356
|
testGuardJsonKeyCountCap();
|
|
305
357
|
testGuardJsonArrayLengthCap();
|
|
306
358
|
testGuardJsonStringLengthCap();
|
|
359
|
+
testGuardJsonByteCap();
|
|
307
360
|
testGuardJsonNumericPrecision();
|
|
308
361
|
testGuardJsonTopLevelKeyAllowlist();
|
|
309
362
|
testGuardJsonBidi();
|
|
@@ -312,6 +365,7 @@ async function run() {
|
|
|
312
365
|
testGuardJsonCompliancePosture();
|
|
313
366
|
testGuardJsonBadProfile();
|
|
314
367
|
await testGuardJsonGate();
|
|
368
|
+
await testGuardJsonGateSanitizeByPolicy();
|
|
315
369
|
}
|
|
316
370
|
|
|
317
371
|
module.exports = { run: run };
|
|
@@ -278,7 +278,17 @@ function testBSurface() {
|
|
|
278
278
|
typeof b.guardManageSieveCommand.GuardManageSieveCommandError === "function");
|
|
279
279
|
}
|
|
280
280
|
|
|
281
|
+
function testByteCapMultibyte() {
|
|
282
|
+
// maxLineBytes is a BYTE cap (regression for byte-cap-vs-char-length).
|
|
283
|
+
var line = String.fromCharCode(0x4e2d).repeat(2731); // 8193 UTF-8 bytes; strict cap 8192
|
|
284
|
+
var threw = null;
|
|
285
|
+
try { guardManageSieveCommand.validate(line, { profile: "strict" }); } catch (e) { threw = e; }
|
|
286
|
+
check("managesieve byte-cap: oversize multibyte line refused as line-too-long",
|
|
287
|
+
threw && threw.code === "guard-managesieve-command/line-too-long");
|
|
288
|
+
}
|
|
289
|
+
|
|
281
290
|
function run() {
|
|
291
|
+
testByteCapMultibyte();
|
|
282
292
|
testBSurface();
|
|
283
293
|
testSurface();
|
|
284
294
|
testHappyPath();
|
|
@@ -199,6 +199,35 @@ function testGuardMarkdownBlockquoteDepthCap() {
|
|
|
199
199
|
rv.issues.some(function (i) { return i.kind === "blockquote-depth-cap"; }));
|
|
200
200
|
}
|
|
201
201
|
|
|
202
|
+
function testGuardMarkdownByteCap() {
|
|
203
|
+
// maxBytes is a BYTE limit. A multibyte string can stay under the cap by
|
|
204
|
+
// UTF-16 code-unit count (.length) while its UTF-8 encoding blows past it,
|
|
205
|
+
// so the cap must measure Buffer.byteLength, never .length. "é" (U+00E9)
|
|
206
|
+
// is 1 code unit but 2 UTF-8 bytes: 8 of them = .length 8 (under a 10-byte
|
|
207
|
+
// cap by char count) yet 16 bytes (over it).
|
|
208
|
+
var multibyte = "é".repeat(8);
|
|
209
|
+
check("multibyte input is 8 UTF-16 units but 16 UTF-8 bytes",
|
|
210
|
+
multibyte.length === 8 && Buffer.byteLength(multibyte, "utf8") === 16);
|
|
211
|
+
|
|
212
|
+
var rvOver = b.guardMarkdown.validate(multibyte, { maxBytes: 10 });
|
|
213
|
+
var cap = rvOver.issues.filter(function (i) { return i.kind === "too-large"; });
|
|
214
|
+
check("multibyte over the BYTE cap fires too-large (not char-count-gated)",
|
|
215
|
+
cap.length === 1);
|
|
216
|
+
check("too-large snippet reports the BYTE length, not the char count",
|
|
217
|
+
cap.length === 1 && /16 bytes exceeds maxBytes 10/.test(cap[0].snippet));
|
|
218
|
+
check("too-large carries ruleId markdown.too-large",
|
|
219
|
+
cap.length === 1 && cap[0].ruleId === "markdown.too-large");
|
|
220
|
+
|
|
221
|
+
// ASCII is unaffected: byte length equals char length, so the cap behaves
|
|
222
|
+
// identically before and after the fix.
|
|
223
|
+
var rvAsciiUnder = b.guardMarkdown.validate("aaaaaaaa", { maxBytes: 10 });
|
|
224
|
+
check("ASCII under the byte cap → no too-large",
|
|
225
|
+
!rvAsciiUnder.issues.some(function (i) { return i.kind === "too-large"; }));
|
|
226
|
+
var rvAsciiOver = b.guardMarkdown.validate("aaaaaaaaaaaaaaaa", { maxBytes: 10 });
|
|
227
|
+
check("ASCII over the byte cap → too-large still fires",
|
|
228
|
+
rvAsciiOver.issues.some(function (i) { return i.kind === "too-large"; }));
|
|
229
|
+
}
|
|
230
|
+
|
|
202
231
|
function testGuardMarkdownSanitizeRefusesCritical() {
|
|
203
232
|
var threw = null;
|
|
204
233
|
try { b.guardMarkdown.sanitize(
|
|
@@ -208,6 +237,20 @@ function testGuardMarkdownSanitizeRefusesCritical() {
|
|
|
208
237
|
threw && /scheme|refused/.test(threw.code || threw.message || ""));
|
|
209
238
|
}
|
|
210
239
|
|
|
240
|
+
function testGuardMarkdownSanitizeRefusesBadInput() {
|
|
241
|
+
// A non-string/Buffer sanitize input is unprocessable — it must throw a typed
|
|
242
|
+
// markdown.bad-input, NEVER silently return the garbage. (sanitizeSeverities
|
|
243
|
+
// is ["critical"], so the high-severity bad-input issue is not a content
|
|
244
|
+
// refusal; the generated sanitize refuses a `bad-input` KIND unconditionally.)
|
|
245
|
+
[123, null, {}, [1, 2, 3], true].forEach(function (bad) {
|
|
246
|
+
var threw = null;
|
|
247
|
+
try { b.guardMarkdown.sanitize(bad, { profile: "strict" }); }
|
|
248
|
+
catch (e) { threw = e; }
|
|
249
|
+
check("sanitize(" + JSON.stringify(bad) + ") throws markdown.bad-input (no silent pass)",
|
|
250
|
+
threw && threw.code === "markdown.bad-input");
|
|
251
|
+
});
|
|
252
|
+
}
|
|
253
|
+
|
|
211
254
|
async function testGuardMarkdownGate() {
|
|
212
255
|
var g = b.guardMarkdown.gate({ profile: "strict" });
|
|
213
256
|
var clean = await g.check({
|
|
@@ -257,7 +300,9 @@ async function run() {
|
|
|
257
300
|
testGuardMarkdownLinkCap();
|
|
258
301
|
testGuardMarkdownListDepthCap();
|
|
259
302
|
testGuardMarkdownBlockquoteDepthCap();
|
|
303
|
+
testGuardMarkdownByteCap();
|
|
260
304
|
testGuardMarkdownSanitizeRefusesCritical();
|
|
305
|
+
testGuardMarkdownSanitizeRefusesBadInput();
|
|
261
306
|
testGuardMarkdownCompliancePosture();
|
|
262
307
|
await testGuardMarkdownGate();
|
|
263
308
|
}
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* guard-pdf — PDF content-safety primitive (b.guardPdf).
|
|
4
|
+
*
|
|
5
|
+
* Covers: surface; registry parity; magic-byte / declared-MIME mismatch;
|
|
6
|
+
* polyglot; JavaScript / Launch / OpenAction active-content detection;
|
|
7
|
+
* embedded files; encryption; inspectMagic; and the disarm-by-refusal
|
|
8
|
+
* sanitize — PDF active content lives in a cross-referenced object graph
|
|
9
|
+
* that cannot be excised without a vendored parser, so sanitize forces every
|
|
10
|
+
* active-content / exfil / encryption policy to reject and refuses anything
|
|
11
|
+
* it cannot disarm rather than passing a live action through.
|
|
12
|
+
*/
|
|
13
|
+
|
|
14
|
+
var helpers = require("../helpers");
|
|
15
|
+
var b = helpers.b;
|
|
16
|
+
var check = helpers.check;
|
|
17
|
+
|
|
18
|
+
var _PDF = Buffer.from([0x25, 0x50, 0x44, 0x46, 0x2D]); // %PDF-
|
|
19
|
+
function _code(fn) { try { fn(); return null; } catch (e) { return e && e.code; } }
|
|
20
|
+
|
|
21
|
+
function testGuardPdfSurface() {
|
|
22
|
+
check("guardPdf is an object", typeof b.guardPdf === "object");
|
|
23
|
+
check("guardPdf.NAME === 'pdf'", b.guardPdf.NAME === "pdf");
|
|
24
|
+
check("guardPdf.PROFILES has strict", !!b.guardPdf.PROFILES["strict"]);
|
|
25
|
+
check("guardPdf.COMPLIANCE_POSTURES hipaa", !!b.guardPdf.COMPLIANCE_POSTURES["hipaa"]);
|
|
26
|
+
check("guardPdf.validate is a function", typeof b.guardPdf.validate === "function");
|
|
27
|
+
check("guardPdf.sanitize is a function", typeof b.guardPdf.sanitize === "function");
|
|
28
|
+
check("guardPdf.gate is a function", typeof b.guardPdf.gate === "function");
|
|
29
|
+
check("frameworkError.GuardPdfError exposed", typeof b.frameworkError.GuardPdfError === "function");
|
|
30
|
+
}
|
|
31
|
+
|
|
32
|
+
function testGuardPdfRegistryParity() {
|
|
33
|
+
check("guardPdf registered in guardAll",
|
|
34
|
+
b.guardAll.allGuards().some(function (g) { return (g.name || g.NAME) === "pdf"; }));
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
function testValidateActiveContent() {
|
|
38
|
+
var rv = b.guardPdf.validate({ bytes: _PDF, hasJavaScript: true }, { profile: "strict" });
|
|
39
|
+
check("javascript: validate ok:false", rv.ok === false);
|
|
40
|
+
check("javascript: kind reported", rv.issues.some(function (i) { return i.kind === "javascript-action"; }));
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
// ---- disarm-by-refusal sanitize ----
|
|
44
|
+
|
|
45
|
+
function testSanitizeInertPassthrough() {
|
|
46
|
+
var inert = { bytes: _PDF };
|
|
47
|
+
var out = b.guardPdf.sanitize(inert, { profile: "balanced" });
|
|
48
|
+
check("inert PDF passes through unchanged", out === inert);
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
function testSanitizeRefusesJavaScript() {
|
|
52
|
+
check("javascript refused",
|
|
53
|
+
_code(function () { b.guardPdf.sanitize({ bytes: _PDF, hasJavaScript: true }, { profile: "balanced" }); }) === "pdf.javascript-action");
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
function testSanitizeRefusesLaunch() {
|
|
57
|
+
check("launch refused",
|
|
58
|
+
_code(function () { b.guardPdf.sanitize({ bytes: _PDF, hasLaunchAction: true }, { profile: "balanced" }); }) === "pdf.launch-action");
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
function testSanitizeForcesOpenActionReject() {
|
|
62
|
+
// open-action is warn-level under permissive at the gate, but sanitize forces
|
|
63
|
+
// reject (it cannot strip the action) → refuse, never a silent passthrough.
|
|
64
|
+
check("open-action refused under sanitize even at permissive",
|
|
65
|
+
_code(function () { b.guardPdf.sanitize({ bytes: _PDF, hasOpenAction: true }, { profile: "permissive" }); }) === "pdf.open-action");
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
function testSanitizeForcesEmbeddedFileReject() {
|
|
69
|
+
check("embedded-file refused under sanitize even at permissive",
|
|
70
|
+
_code(function () { b.guardPdf.sanitize({ bytes: _PDF, hasEmbeddedFiles: true }, { profile: "permissive" }); }) === "pdf.embedded-file");
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
function testSanitizeForcesEncryptedReject() {
|
|
74
|
+
check("encrypted refused under sanitize even at permissive",
|
|
75
|
+
_code(function () { b.guardPdf.sanitize({ bytes: _PDF, isEncrypted: true }, { profile: "permissive" }); }) === "pdf.encrypted");
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
function testSanitizeBadInput() {
|
|
79
|
+
check("bad input refused",
|
|
80
|
+
_code(function () { b.guardPdf.sanitize(null, { profile: "balanced" }); }) === "pdf.bad-input");
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
function run() {
|
|
84
|
+
testGuardPdfSurface();
|
|
85
|
+
testGuardPdfRegistryParity();
|
|
86
|
+
testValidateActiveContent();
|
|
87
|
+
testSanitizeInertPassthrough();
|
|
88
|
+
testSanitizeRefusesJavaScript();
|
|
89
|
+
testSanitizeRefusesLaunch();
|
|
90
|
+
testSanitizeForcesOpenActionReject();
|
|
91
|
+
testSanitizeForcesEmbeddedFileReject();
|
|
92
|
+
testSanitizeForcesEncryptedReject();
|
|
93
|
+
testSanitizeBadInput();
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
module.exports = { run: run };
|
|
97
|
+
|
|
98
|
+
if (require.main === module) {
|
|
99
|
+
try { run(); console.log("[guard-pdf] OK — " + helpers.getChecks() + " checks passed"); }
|
|
100
|
+
catch (e) { console.error("FAIL:", e.stack || e); process.exit(1); }
|
|
101
|
+
}
|
|
@@ -143,7 +143,25 @@ function testCompliancePosture() {
|
|
|
143
143
|
check("posture: unknown → null", b.guardPop3Command.compliancePosture("nope") === null);
|
|
144
144
|
}
|
|
145
145
|
|
|
146
|
+
function testByteCapMultibyte() {
|
|
147
|
+
// maxLineBytes / maxUsernameBytes / maxPasswordBytes are BYTE caps.
|
|
148
|
+
var mb = String.fromCharCode(0x4e2d); // one 3-byte UTF-8 char
|
|
149
|
+
var t1 = null;
|
|
150
|
+
try { b.guardPop3Command.validate(mb.repeat(100), { profile: "strict", tls: true }); } catch (e) { t1 = e; }
|
|
151
|
+
check("pop3 byte-cap: oversize multibyte line refused as line-too-long",
|
|
152
|
+
t1 && t1.code === "guard-pop3-command/line-too-long");
|
|
153
|
+
var t2 = null;
|
|
154
|
+
try { b.guardPop3Command.validate("USER " + mb.repeat(40), { profile: "strict", tls: true }); } catch (e) { t2 = e; }
|
|
155
|
+
check("pop3 byte-cap: oversize multibyte USER name refused",
|
|
156
|
+
t2 && t2.code === "guard-pop3-command/username-too-long");
|
|
157
|
+
var t3 = null;
|
|
158
|
+
try { b.guardPop3Command.validate("PASS " + mb.repeat(40), { profile: "strict", tls: true }); } catch (e) { t3 = e; }
|
|
159
|
+
check("pop3 byte-cap: oversize multibyte PASS argument refused",
|
|
160
|
+
t3 && t3.code === "guard-pop3-command/password-too-long");
|
|
161
|
+
}
|
|
162
|
+
|
|
146
163
|
function run() {
|
|
164
|
+
testByteCapMultibyte();
|
|
147
165
|
testSurface();
|
|
148
166
|
testHappyPath();
|
|
149
167
|
testCleartextAuthRefused();
|
|
@@ -203,6 +203,53 @@ function testGuardSvgCaps() {
|
|
|
203
203
|
rv.issues.some(function (issue) { return issue.kind === "use-depth-cap"; }));
|
|
204
204
|
}
|
|
205
205
|
|
|
206
|
+
function testGuardSvgByteCapsMeasureBytes() {
|
|
207
|
+
// Caps named in *Bytes must measure UTF-8 bytes, not UTF-16 code units.
|
|
208
|
+
// "é" is one code unit (.length 1) but two UTF-8 bytes. A 50-char run is
|
|
209
|
+
// 50 code units / 100 bytes — under a 60 char-count but over a 60-byte cap.
|
|
210
|
+
var multibyte = "é".repeat(50);
|
|
211
|
+
check("multibyte fixture: 50 code units, 100 UTF-8 bytes",
|
|
212
|
+
multibyte.length === 50 && Buffer.byteLength(multibyte, "utf8") === 100);
|
|
213
|
+
|
|
214
|
+
// Top-level maxBytes (validate path → tokenizer cap).
|
|
215
|
+
var rvSize = b.guardSvg.validate(multibyte, { profile: "strict", maxBytes: 60 });
|
|
216
|
+
check("validate: multibyte over byte cap reports too-large",
|
|
217
|
+
rvSize.issues.some(function (issue) {
|
|
218
|
+
return /exceeds maxBytes/.test(issue.snippet || "");
|
|
219
|
+
}));
|
|
220
|
+
check("validate: too-large snippet reports the BYTE count, not char count",
|
|
221
|
+
rvSize.issues.some(function (issue) {
|
|
222
|
+
return /input 100 bytes exceeds maxBytes 60/.test(issue.snippet || "");
|
|
223
|
+
}));
|
|
224
|
+
|
|
225
|
+
// Top-level maxBytes (sanitize path → throws).
|
|
226
|
+
var threwMb = null;
|
|
227
|
+
try { b.guardSvg.sanitize(multibyte, { profile: "strict", maxBytes: 60 }); }
|
|
228
|
+
catch (e) { threwMb = e; }
|
|
229
|
+
check("sanitize: multibyte over byte cap throws too-large with byte count",
|
|
230
|
+
threwMb && /input 100 bytes exceeds maxBytes 60/.test(threwMb.message));
|
|
231
|
+
|
|
232
|
+
// ASCII under the same cap stays unchanged (no false positive).
|
|
233
|
+
var rvAscii = b.guardSvg.validate("a".repeat(50), { profile: "strict", maxBytes: 60 });
|
|
234
|
+
check("validate: 50-byte ASCII under 60-byte cap is NOT flagged too-large",
|
|
235
|
+
!rvAscii.issues.some(function (issue) {
|
|
236
|
+
return /exceeds maxBytes/.test(issue.snippet || "");
|
|
237
|
+
}));
|
|
238
|
+
|
|
239
|
+
// Per-attribute maxAttrValueBytes measures bytes too.
|
|
240
|
+
var attrMb = "<svg><circle foo=\"" + "é".repeat(50) + "\"/></svg>";
|
|
241
|
+
var rvAttr = b.guardSvg.validate(attrMb,
|
|
242
|
+
{ profile: "balanced", maxAttrValueBytes: 60, maxBytes: 1000000 });
|
|
243
|
+
check("validate: multibyte attr value over byte cap reports attr-value-too-large",
|
|
244
|
+
rvAttr.issues.some(function (issue) { return issue.ruleId === "svg.attr-size"; }));
|
|
245
|
+
|
|
246
|
+
var attrAscii = "<svg><circle foo=\"" + "a".repeat(50) + "\"/></svg>";
|
|
247
|
+
var rvAttrAscii = b.guardSvg.validate(attrAscii,
|
|
248
|
+
{ profile: "balanced", maxAttrValueBytes: 60, maxBytes: 1000000 });
|
|
249
|
+
check("validate: 50-byte ASCII attr value under 60-byte cap NOT flagged",
|
|
250
|
+
!rvAttrAscii.issues.some(function (issue) { return issue.ruleId === "svg.attr-size"; }));
|
|
251
|
+
}
|
|
252
|
+
|
|
206
253
|
function testGuardSvgSanitize() {
|
|
207
254
|
var clean = b.guardSvg.sanitize("<svg><script>alert(1)</script><circle/></svg>",
|
|
208
255
|
{ profile: "strict" });
|
|
@@ -257,6 +304,33 @@ function testGuardSvgCompliancePosture() {
|
|
|
257
304
|
threw && /unknown/.test(threw.message));
|
|
258
305
|
}
|
|
259
306
|
|
|
307
|
+
function testGdprPostureMatchesBalancedTier() {
|
|
308
|
+
// gdpr is the balanced-tier posture for content guards (data-minimization
|
|
309
|
+
// strips rather than rejects, but structural threats stay rejected). svg's
|
|
310
|
+
// balanced profile allows cross-origin external refs (allowExternalRefs:
|
|
311
|
+
// true) while strict refuses them. A partial gdpr posture object that omits
|
|
312
|
+
// allowExternalRefs silently backfills the strict value, turning gdpr into
|
|
313
|
+
// an incoherent strict/balanced hybrid that rejects an external <use> the
|
|
314
|
+
// balanced tier accepts. Assert the gdpr verdict matches the balanced
|
|
315
|
+
// verdict for that exact input.
|
|
316
|
+
var external = '<svg><use xlink:href="https://cdn.example/icons.svg#x"/></svg>';
|
|
317
|
+
var gdpr = b.guardSvg.validate(external, { compliancePosture: "gdpr" });
|
|
318
|
+
var balanced = b.guardSvg.validate(external, { profile: "balanced" });
|
|
319
|
+
|
|
320
|
+
check("gdpr posture allows the same external <use> the balanced tier allows",
|
|
321
|
+
gdpr.ok === balanced.ok);
|
|
322
|
+
check("gdpr posture raises no external-ref the balanced tier does not",
|
|
323
|
+
!gdpr.issues.some(function (issue) { return issue.kind === "external-ref"; }));
|
|
324
|
+
|
|
325
|
+
// Structural identity: the gdpr posture is the balanced profile plus the
|
|
326
|
+
// data-minimization forensic budget (base 256 / 2 = 128), nothing
|
|
327
|
+
// strict-derived backfilled.
|
|
328
|
+
var expected = Object.assign({}, b.guardSvg.PROFILES.balanced,
|
|
329
|
+
{ forensicSnippetBytes: 128 });
|
|
330
|
+
check("COMPLIANCE_POSTURES.gdpr deep-equals balanced + forensicSnippetBytes:128",
|
|
331
|
+
JSON.stringify(b.guardSvg.COMPLIANCE_POSTURES.gdpr) === JSON.stringify(expected));
|
|
332
|
+
}
|
|
333
|
+
|
|
260
334
|
function testGuardSvgBadProfile() {
|
|
261
335
|
var threw = null;
|
|
262
336
|
try { b.guardSvg.validate("<svg/>", { profile: "made-up" }); }
|
|
@@ -279,8 +353,10 @@ async function run() {
|
|
|
279
353
|
testGuardSvgCssInjection();
|
|
280
354
|
testGuardSvgBidiNullControl();
|
|
281
355
|
testGuardSvgCaps();
|
|
356
|
+
testGuardSvgByteCapsMeasureBytes();
|
|
282
357
|
testGuardSvgSanitize();
|
|
283
358
|
testGuardSvgCompliancePosture();
|
|
359
|
+
testGdprPostureMatchesBalancedTier();
|
|
284
360
|
testGuardSvgBadProfile();
|
|
285
361
|
await testGuardSvgGate();
|
|
286
362
|
}
|