@blamejs/blamejs-shop 0.4.56 → 0.4.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/package.json +1 -1
|
@@ -56,8 +56,8 @@
|
|
|
56
56
|
var codepointClass = require("./codepoint-class");
|
|
57
57
|
var lazyRequire = require("./lazy-require");
|
|
58
58
|
var gateContract = require("./gate-contract");
|
|
59
|
+
var ipUtils = require("./ip-utils");
|
|
59
60
|
var C = require("./constants");
|
|
60
|
-
var numericBounds = require("./numeric-bounds");
|
|
61
61
|
var { GuardDomainError } = require("./framework-error");
|
|
62
62
|
|
|
63
63
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
@@ -88,9 +88,6 @@ var BARE_XN_RE = /^xn--$/i;
|
|
|
88
88
|
// Wildcard label — `*` alone in any label position.
|
|
89
89
|
var WILDCARD_LABEL_RE = /^\*$/;
|
|
90
90
|
|
|
91
|
-
// IPv4 decimal-dotted form.
|
|
92
|
-
var IPV4_DOTTED_RE = /^(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?:\.(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}$/;
|
|
93
|
-
|
|
94
91
|
// Looser IPv4 detection — every dot-segment is a numeric form
|
|
95
92
|
// (decimal, octal with leading 0, or hex with 0x prefix), or the whole
|
|
96
93
|
// input is a long-decimal / long-hex (no dots). Catches the parser-
|
|
@@ -178,10 +175,7 @@ function _shannonEntropy(s) {
|
|
|
178
175
|
|
|
179
176
|
var PROFILES = Object.freeze({
|
|
180
177
|
"strict": {
|
|
181
|
-
|
|
182
|
-
controlPolicy: "reject",
|
|
183
|
-
nullBytePolicy: "reject",
|
|
184
|
-
zeroWidthPolicy: "reject",
|
|
178
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
185
179
|
ldhPolicy: "reject",
|
|
186
180
|
underscorePolicy: "reject", // strict refuses service labels too
|
|
187
181
|
punycodePolicy: "reject",
|
|
@@ -201,10 +195,7 @@ var PROFILES = Object.freeze({
|
|
|
201
195
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
202
196
|
},
|
|
203
197
|
"balanced": {
|
|
204
|
-
|
|
205
|
-
controlPolicy: "reject",
|
|
206
|
-
nullBytePolicy: "reject",
|
|
207
|
-
zeroWidthPolicy: "reject",
|
|
198
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
208
199
|
ldhPolicy: "reject",
|
|
209
200
|
underscorePolicy: "reject",
|
|
210
201
|
punycodePolicy: "audit",
|
|
@@ -225,10 +216,7 @@ var PROFILES = Object.freeze({
|
|
|
225
216
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
226
217
|
},
|
|
227
218
|
"permissive": {
|
|
228
|
-
|
|
229
|
-
controlPolicy: "reject", // control bytes refused at every profile
|
|
230
|
-
nullBytePolicy: "reject", // null refused at every profile
|
|
231
|
-
zeroWidthPolicy: "reject", // zero-width refused at every profile — invisible label-segmentation
|
|
219
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
232
220
|
ldhPolicy: "audit",
|
|
233
221
|
underscorePolicy: "allow", // service labels permitted in permissive
|
|
234
222
|
punycodePolicy: "allow",
|
|
@@ -249,62 +237,12 @@ var PROFILES = Object.freeze({
|
|
|
249
237
|
},
|
|
250
238
|
});
|
|
251
239
|
|
|
252
|
-
var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
|
|
253
|
-
mode: "enforce",
|
|
254
|
-
}));
|
|
255
|
-
|
|
256
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
257
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
258
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
259
|
-
}),
|
|
260
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
261
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
262
|
-
}),
|
|
263
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
264
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
265
|
-
}),
|
|
266
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
267
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
268
|
-
}),
|
|
269
|
-
});
|
|
270
|
-
|
|
271
|
-
function _resolveOpts(opts) {
|
|
272
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
273
|
-
profiles: PROFILES,
|
|
274
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
275
|
-
defaults: DEFAULTS,
|
|
276
|
-
errorClass: GuardDomainError,
|
|
277
|
-
errCodePrefix: "domain",
|
|
278
|
-
});
|
|
279
|
-
}
|
|
280
|
-
|
|
281
240
|
// ---- Detection ----
|
|
282
241
|
|
|
283
242
|
function _detectIssues(input, opts) {
|
|
284
|
-
var
|
|
285
|
-
if (
|
|
286
|
-
|
|
287
|
-
ruleId: "domain.bad-input",
|
|
288
|
-
snippet: "domain is not a string" }];
|
|
289
|
-
}
|
|
290
|
-
|
|
291
|
-
// Total-length cap (UTF-8 byte count, not codepoint count, per RFC 1035).
|
|
292
|
-
var byteLen = Buffer.byteLength(input, "utf8");
|
|
293
|
-
if (byteLen > opts.maxDomainOctets) {
|
|
294
|
-
issues.push({
|
|
295
|
-
kind: "domain-cap", severity: "high",
|
|
296
|
-
ruleId: "domain.domain-cap",
|
|
297
|
-
snippet: "domain " + byteLen + " octets exceeds " +
|
|
298
|
-
opts.maxDomainOctets + " (RFC 1035 §2.3.4)",
|
|
299
|
-
});
|
|
300
|
-
return issues; // size cap is structural — abort further checks
|
|
301
|
-
}
|
|
302
|
-
|
|
303
|
-
// Codepoint-class threats (BIDI / control / null / zero-width). These
|
|
304
|
-
// are universal-refuse — running them first lets the more specific
|
|
305
|
-
// structural checks operate on a sanitized-or-refused input.
|
|
306
|
-
var charThreats = codepointClass.detectCharThreats(input, opts, "domain");
|
|
307
|
-
for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
|
|
243
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "domain", emptyMode: "skip", cap: { bytes: opts.maxDomainOctets, snippet: function (byteLen, max) { return "domain " + byteLen + " octets exceeds " + max + " (RFC 1035 §2.3.4)"; } } });
|
|
244
|
+
if (pre.done) return pre.issues;
|
|
245
|
+
var issues = pre.issues;
|
|
308
246
|
|
|
309
247
|
// Trailing-dot — FQDN distinguisher. Normalize for downstream checks
|
|
310
248
|
// but record as audit if operator wants to know.
|
|
@@ -336,7 +274,7 @@ function _detectIssues(input, opts) {
|
|
|
336
274
|
}
|
|
337
275
|
|
|
338
276
|
// IPv4 detection — strict dotted-decimal AND loose (octal/hex/long).
|
|
339
|
-
if (
|
|
277
|
+
if (ipUtils.IPV4_RE.test(name) || _looksLikeIpv4Permissive(name)) {
|
|
340
278
|
if (opts.ipLiteralPolicy !== "allow") {
|
|
341
279
|
issues.push({
|
|
342
280
|
kind: "ipv4-as-domain",
|
|
@@ -601,21 +539,10 @@ function _detectIssues(input, opts) {
|
|
|
601
539
|
* var ok = b.guardDomain.validate("example.com", { profile: "strict" });
|
|
602
540
|
* ok.ok; // → true
|
|
603
541
|
*/
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
"guardDomain.validate", GuardDomainError, "domain.bad-opt");
|
|
609
|
-
if (typeof input !== "string") {
|
|
610
|
-
return {
|
|
611
|
-
ok: false,
|
|
612
|
-
issues: [{ kind: "bad-input", severity: "high",
|
|
613
|
-
ruleId: "domain.bad-input",
|
|
614
|
-
snippet: "domain is not a string" }],
|
|
615
|
-
};
|
|
616
|
-
}
|
|
617
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
618
|
-
}
|
|
542
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
543
|
+
// (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
|
|
544
|
+
// input, resolveOpts(opts)))`, with the length/byte caps declared via
|
|
545
|
+
// `intOpts`. The @primitive block above documents the resulting public ABI.
|
|
619
546
|
|
|
620
547
|
/**
|
|
621
548
|
* @primitive b.guardDomain.sanitize
|
|
@@ -641,14 +568,10 @@ function validate(input, opts) {
|
|
|
641
568
|
* var safe = b.guardDomain.sanitize("Example.Com.", { profile: "balanced" });
|
|
642
569
|
* safe; // → "example.com"
|
|
643
570
|
*/
|
|
644
|
-
|
|
645
|
-
|
|
646
|
-
|
|
647
|
-
|
|
648
|
-
}
|
|
649
|
-
// Critical refuses can't be repaired.
|
|
650
|
-
var issues = _detectIssues(input, opts);
|
|
651
|
-
gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardDomainError, codePrefix: "domain" });
|
|
571
|
+
// _sanitizeTransform — the guard-specific normalize applied by defineGuard's
|
|
572
|
+
// generated sanitize AFTER resolve → detect → throw-on-refusal. Input is an
|
|
573
|
+
// already-validated string at this point (a non-string refuses upstream).
|
|
574
|
+
function _sanitizeTransform(input) {
|
|
652
575
|
// Safe transforms: lowercase ASCII, strip trailing dot.
|
|
653
576
|
var out = input.toLowerCase();
|
|
654
577
|
if (out.charAt(out.length - 1) === ".") out = out.slice(0, -1);
|
|
@@ -660,15 +583,9 @@ function sanitize(input, opts) {
|
|
|
660
583
|
// single-sourced @abiTemplate (defineGuard) blocks in gate-contract.js,
|
|
661
584
|
// instantiated per guard by the page generator.
|
|
662
585
|
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
|
|
666
|
-
// Hostile: dotted-decimal IPv4 (CVE-2021-22931 class) — every
|
|
667
|
-
// profile refuses (allowlist-bypass via DNS rebinding).
|
|
668
|
-
hostileBytes: Buffer.from("192.168.1.1", "utf8"),
|
|
669
|
-
benignIdentifier: "example.com",
|
|
670
|
-
hostileIdentifier: "192.168.1.1",
|
|
671
|
-
});
|
|
586
|
+
// Hostile: dotted-decimal IPv4 (CVE-2021-22931 class) — every profile
|
|
587
|
+
// refuses (allowlist-bypass via DNS rebinding).
|
|
588
|
+
var INTEGRATION_FIXTURES = gateContract.identifierFixtures("example.com", "192.168.1.1");
|
|
672
589
|
|
|
673
590
|
// Assembled from the gate-contract guard factory: error class, registry
|
|
674
591
|
// exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
|
|
@@ -682,10 +599,10 @@ module.exports = gateContract.defineGuard({
|
|
|
682
599
|
kind: "identifier",
|
|
683
600
|
errorClass: GuardDomainError,
|
|
684
601
|
profiles: PROFILES,
|
|
685
|
-
|
|
686
|
-
postures: COMPLIANCE_POSTURES,
|
|
602
|
+
base: 256,
|
|
687
603
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
688
|
-
|
|
689
|
-
|
|
604
|
+
detect: _detectIssues,
|
|
605
|
+
sanitizeTransform: _sanitizeTransform,
|
|
606
|
+
intOpts: ["maxLabelOctets", "maxDomainOctets", "maxBytes", "dgaMinLabelLen"],
|
|
690
607
|
ctxFields: ["identifier", "domain"],
|
|
691
608
|
});
|
|
@@ -100,8 +100,11 @@
|
|
|
100
100
|
*/
|
|
101
101
|
|
|
102
102
|
var C = require("./constants");
|
|
103
|
+
var safeBuffer = require("./safe-buffer");
|
|
103
104
|
var { defineClass } = require("./framework-error");
|
|
104
105
|
var gateContract = require("./gate-contract");
|
|
106
|
+
var codepointClass = require("./codepoint-class");
|
|
107
|
+
var structuredFields = require("./structured-fields");
|
|
105
108
|
|
|
106
109
|
var GuardDsnError = defineClass("GuardDsnError", { alwaysPermanent: true });
|
|
107
110
|
|
|
@@ -168,7 +171,7 @@ function parse(deliveryStatusBody, opts) {
|
|
|
168
171
|
throw new GuardDsnError("guard-dsn/bad-input",
|
|
169
172
|
"parse: deliveryStatusBody must be a Buffer or string");
|
|
170
173
|
}
|
|
171
|
-
if (bytes
|
|
174
|
+
if (safeBuffer.byteLengthOf(bytes) > caps.maxBytes) {
|
|
172
175
|
throw new GuardDsnError("guard-dsn/oversize-body",
|
|
173
176
|
"parse: body " + bytes.length + " bytes exceeds maxBytes=" + caps.maxBytes);
|
|
174
177
|
}
|
|
@@ -295,8 +298,9 @@ function _parseFieldBlock(block, maxHeaderLine) {
|
|
|
295
298
|
throw new GuardDsnError("guard-dsn/malformed-field",
|
|
296
299
|
"parse: line '" + raw + "' missing ':' field-name terminator");
|
|
297
300
|
}
|
|
298
|
-
var
|
|
299
|
-
var
|
|
301
|
+
var dkv = structuredFields.parseKeyValuePiece(raw, ":");
|
|
302
|
+
var name = dkv.key;
|
|
303
|
+
var value = dkv.value.trim();
|
|
300
304
|
if (name.length === 0) {
|
|
301
305
|
throw new GuardDsnError("guard-dsn/malformed-field",
|
|
302
306
|
"parse: empty field name on line '" + raw + "'");
|
|
@@ -312,12 +316,12 @@ function _checkControlChars(line) {
|
|
|
312
316
|
// continuation), DEL. Bare CR and LF can't appear because we
|
|
313
317
|
// already split on \n; this catches forms that survive the
|
|
314
318
|
// split (e.g. backslash + literal sequence).
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
319
|
+
// Refuse NUL / C0 (except TAB) / DEL — CR & LF already removed by the
|
|
320
|
+
// upstream split, so they are forbidden here (header-injection defense).
|
|
321
|
+
var ctrlAt = codepointClass.firstControlCharOffset(line);
|
|
322
|
+
if (ctrlAt !== -1) {
|
|
323
|
+
throw new GuardDsnError("guard-dsn/control-char",
|
|
324
|
+
"parse: control char 0x" + line.charCodeAt(ctrlAt).toString(16) + " in field line refused (header-injection defense)");
|
|
321
325
|
}
|
|
322
326
|
}
|
|
323
327
|
|
|
@@ -325,10 +329,9 @@ function _stripRecipientType(value) {
|
|
|
325
329
|
// RFC 3464 §2.3.2: "rfc822;alice@example.com" — type prefix
|
|
326
330
|
// before semicolon classifies the address. Strip for the common
|
|
327
331
|
// case of rfc822, surface the raw value otherwise.
|
|
328
|
-
var
|
|
329
|
-
if (
|
|
330
|
-
|
|
331
|
-
if (type === "rfc822") return value.slice(semi + 1).trim();
|
|
332
|
+
var skv = structuredFields.parseKeyValuePiece(value, ";");
|
|
333
|
+
if (skv.value === null) return value;
|
|
334
|
+
if (skv.key === "rfc822") return skv.value.trim();
|
|
332
335
|
return value;
|
|
333
336
|
}
|
|
334
337
|
|
|
@@ -51,6 +51,7 @@
|
|
|
51
51
|
*/
|
|
52
52
|
|
|
53
53
|
var codepointClass = require("./codepoint-class");
|
|
54
|
+
var mimeParse = require("./mime-parse");
|
|
54
55
|
var lazyRequire = require("./lazy-require");
|
|
55
56
|
var gateContract = require("./gate-contract");
|
|
56
57
|
var C = require("./constants");
|
|
@@ -215,10 +216,7 @@ var PROFILES = Object.freeze({
|
|
|
215
216
|
mixedScriptPolicy: "reject",
|
|
216
217
|
displayNameSpoofPolicy: "reject",
|
|
217
218
|
bomPolicy: "reject",
|
|
218
|
-
|
|
219
|
-
controlPolicy: "reject",
|
|
220
|
-
nullBytePolicy: "reject",
|
|
221
|
-
zeroWidthPolicy: "reject",
|
|
219
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
222
220
|
allowedScripts: ["latin"],
|
|
223
221
|
maxLocalPartBytes: LIMIT_LOCAL_PART,
|
|
224
222
|
maxDomainBytes: LIMIT_DOMAIN,
|
|
@@ -277,26 +275,12 @@ var PROFILES = Object.freeze({
|
|
|
277
275
|
},
|
|
278
276
|
});
|
|
279
277
|
|
|
280
|
-
var DEFAULTS =
|
|
281
|
-
mode: "enforce",
|
|
278
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES, {
|
|
282
279
|
maxRuntimeMs: C.TIME.seconds(10),
|
|
283
|
-
}));
|
|
284
|
-
|
|
285
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
286
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
287
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
288
|
-
}),
|
|
289
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
290
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
291
|
-
}),
|
|
292
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
293
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
294
|
-
}),
|
|
295
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
296
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
297
|
-
}),
|
|
298
280
|
});
|
|
299
281
|
|
|
282
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
|
|
283
|
+
|
|
300
284
|
function _resolveOpts(opts) {
|
|
301
285
|
return gateContract.resolveProfileAndPosture(opts, {
|
|
302
286
|
profiles: PROFILES,
|
|
@@ -317,10 +301,11 @@ function _detectAddressIssues(input, opts) {
|
|
|
317
301
|
}
|
|
318
302
|
|
|
319
303
|
// Total-address length cap.
|
|
320
|
-
|
|
304
|
+
var addressBytes = Buffer.byteLength(input, "utf8");
|
|
305
|
+
if (addressBytes > opts.maxAddressBytes) {
|
|
321
306
|
issues.push({
|
|
322
307
|
kind: "address-cap", severity: "high", ruleId: "email.address-cap",
|
|
323
|
-
snippet: "address " +
|
|
308
|
+
snippet: "address " + addressBytes + " bytes exceeds maxAddressBytes " +
|
|
324
309
|
opts.maxAddressBytes,
|
|
325
310
|
});
|
|
326
311
|
}
|
|
@@ -374,19 +359,21 @@ function _detectAddressIssues(input, opts) {
|
|
|
374
359
|
var localPart = atIdx === -1 ? input : input.slice(0, atIdx);
|
|
375
360
|
var domain = atIdx === -1 ? "" : input.slice(atIdx + 1);
|
|
376
361
|
|
|
377
|
-
|
|
362
|
+
var localPartBytes = Buffer.byteLength(localPart, "utf8");
|
|
363
|
+
if (localPartBytes > opts.maxLocalPartBytes) {
|
|
378
364
|
issues.push({
|
|
379
365
|
kind: "local-part-cap", severity: "high",
|
|
380
366
|
ruleId: "email.local-part-cap",
|
|
381
|
-
snippet: "local-part " +
|
|
367
|
+
snippet: "local-part " + localPartBytes + " bytes exceeds " +
|
|
382
368
|
opts.maxLocalPartBytes + " (RFC 5321 §4.5.3.1.1)",
|
|
383
369
|
});
|
|
384
370
|
}
|
|
385
|
-
|
|
371
|
+
var domainBytes = Buffer.byteLength(domain, "utf8");
|
|
372
|
+
if (domainBytes > opts.maxDomainBytes) {
|
|
386
373
|
issues.push({
|
|
387
374
|
kind: "domain-cap", severity: "high",
|
|
388
375
|
ruleId: "email.domain-cap",
|
|
389
|
-
snippet: "domain " +
|
|
376
|
+
snippet: "domain " + domainBytes + " bytes exceeds " +
|
|
390
377
|
opts.maxDomainBytes + " (RFC 5321 §4.5.3.1.2)",
|
|
391
378
|
});
|
|
392
379
|
}
|
|
@@ -516,23 +503,16 @@ function validateAddress(input, opts) {
|
|
|
516
503
|
snippet: "address is not a string" }],
|
|
517
504
|
};
|
|
518
505
|
}
|
|
519
|
-
|
|
506
|
+
// "raw" contract — the detector type-checks its own string input.
|
|
507
|
+
return gateContract.runIssueValidator(input, opts, _detectAddressIssues, "raw");
|
|
520
508
|
}
|
|
521
509
|
|
|
522
510
|
// ---- Message validation (full RFC 822 / 5322) ----
|
|
523
511
|
|
|
524
512
|
function _detectMessageIssues(input, opts) {
|
|
525
|
-
var
|
|
526
|
-
if (
|
|
527
|
-
|
|
528
|
-
snippet: "input is not a string" }];
|
|
529
|
-
}
|
|
530
|
-
if (input.length > opts.maxBytes) {
|
|
531
|
-
return [{ kind: "too-large", severity: "high",
|
|
532
|
-
ruleId: "email.too-large",
|
|
533
|
-
snippet: "input " + input.length +
|
|
534
|
-
" bytes exceeds maxBytes " + opts.maxBytes }];
|
|
535
|
-
}
|
|
513
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "email", noun: "input", emptyMode: "skip", scanCodepoints: false, cap: { bytes: opts.maxBytes, kind: "too-large", snippet: function (byteLen, max) { return "input " + byteLen + " bytes exceeds maxBytes " + max; } } });
|
|
514
|
+
if (pre.done) return pre.issues;
|
|
515
|
+
var issues = pre.issues;
|
|
536
516
|
|
|
537
517
|
// BOM at start of message — header-injection prelude.
|
|
538
518
|
if (opts.bomPolicy !== "allow") {
|
|
@@ -591,11 +571,12 @@ function _detectMessageIssues(input, opts) {
|
|
|
591
571
|
});
|
|
592
572
|
}
|
|
593
573
|
for (var li = 0; li < lines.length; li += 1) {
|
|
594
|
-
|
|
574
|
+
var lineBytes = Buffer.byteLength(lines[li], "utf8");
|
|
575
|
+
if (lineBytes > opts.maxHeaderLineBytes) {
|
|
595
576
|
issues.push({
|
|
596
577
|
kind: "header-line-cap", severity: "high",
|
|
597
578
|
ruleId: "email.header-line-cap",
|
|
598
|
-
snippet: "header line " + (li + 1) + " is " +
|
|
579
|
+
snippet: "header line " + (li + 1) + " is " + lineBytes +
|
|
599
580
|
" bytes (RFC 5322 §2.1.1 limit " + opts.maxHeaderLineBytes + ")",
|
|
600
581
|
});
|
|
601
582
|
break;
|
|
@@ -632,6 +613,27 @@ function _detectMessageIssues(input, opts) {
|
|
|
632
613
|
}
|
|
633
614
|
}
|
|
634
615
|
|
|
616
|
+
// Header-block STRUCTURE — a line in the header section that is neither a
|
|
617
|
+
// valid `name: value` field nor a folding continuation is malformed per RFC
|
|
618
|
+
// 5322 §2.2, and is the header-injection / SMTP-smuggling signal. This is the
|
|
619
|
+
// auto-router footgun: a value an operator intends as a single address (e.g.
|
|
620
|
+
// `a@b.com\r\nBcc: evil@x.com`) has a newline so `validate` treats it as a
|
|
621
|
+
// message; the bare `a@b.com` line is the smuggled content preceding the
|
|
622
|
+
// injected `Bcc` header. The shared mimeParse.classifyHeaderBlock surfaces
|
|
623
|
+
// every such line (the silent-skip parsers used to drop them).
|
|
624
|
+
if (opts.crlfHeaderInjectionPolicy !== "allow") {
|
|
625
|
+
var block = mimeParse.classifyHeaderBlock(input);
|
|
626
|
+
for (var mi = 0; mi < block.malformed.length; mi += 1) {
|
|
627
|
+
issues.push({
|
|
628
|
+
kind: "malformed-header-line", severity: "high",
|
|
629
|
+
ruleId: "email.malformed-header-line",
|
|
630
|
+
snippet: "header-section line " + (block.malformed[mi].lineIndex + 1) +
|
|
631
|
+
" is neither a header field nor a folding continuation — " +
|
|
632
|
+
"malformed message / header-injection signal",
|
|
633
|
+
});
|
|
634
|
+
}
|
|
635
|
+
}
|
|
636
|
+
|
|
635
637
|
// Codepoint-class threats in the full message.
|
|
636
638
|
issues.push.apply(issues, codepointClass.detectCharThreats(input, opts, "email"));
|
|
637
639
|
|
|
@@ -773,7 +775,8 @@ function validateMessage(input, opts) {
|
|
|
773
775
|
snippet: "input is not a string" }],
|
|
774
776
|
};
|
|
775
777
|
}
|
|
776
|
-
|
|
778
|
+
// "raw" contract — the detector type-checks its own string input.
|
|
779
|
+
return gateContract.runIssueValidator(input, opts, _detectMessageIssues, "raw");
|
|
777
780
|
}
|
|
778
781
|
|
|
779
782
|
/**
|
|
@@ -901,17 +904,7 @@ function gate(opts) {
|
|
|
901
904
|
var text = gateContract.extractBytesAsText(ctx);
|
|
902
905
|
if (!text) return { ok: true, action: "serve" };
|
|
903
906
|
var rv = validateMessage(text, opts);
|
|
904
|
-
|
|
905
|
-
var hasCritical = rv.issues.some(function (i) {
|
|
906
|
-
return i.severity === "critical";
|
|
907
|
-
});
|
|
908
|
-
var hasHigh = rv.issues.some(function (i) {
|
|
909
|
-
return i.severity === "high";
|
|
910
|
-
});
|
|
911
|
-
if (!hasCritical && !hasHigh) {
|
|
912
|
-
return { ok: true, action: "audit-only", issues: rv.issues };
|
|
913
|
-
}
|
|
914
|
-
return { ok: false, action: "refuse", issues: rv.issues };
|
|
907
|
+
return gateContract.severityDisposition(rv.issues);
|
|
915
908
|
});
|
|
916
909
|
}
|
|
917
910
|
|
|
@@ -147,7 +147,7 @@ var COMPLIANCE_POSTURES = gateContract.ALL_STRICT_POSTURES;
|
|
|
147
147
|
*/
|
|
148
148
|
function check(ctx, opts) {
|
|
149
149
|
opts = opts || {};
|
|
150
|
-
var profile =
|
|
150
|
+
var profile = gateContract.resolveProfileName(opts, COMPLIANCE_POSTURES, DEFAULT_PROFILE);
|
|
151
151
|
if (!PROFILES[profile]) {
|
|
152
152
|
throw new GuardEnvelopeError("guard-envelope/bad-profile",
|
|
153
153
|
"check: unknown profile '" + profile + "'");
|
|
@@ -26,6 +26,7 @@
|
|
|
26
26
|
|
|
27
27
|
var { defineClass } = require("./framework-error");
|
|
28
28
|
var gateContract = require("./gate-contract");
|
|
29
|
+
var codepointClass = require("./codepoint-class");
|
|
29
30
|
|
|
30
31
|
var GuardEventBusTopicError = defineClass("GuardEventBusTopicError", { alwaysPermanent: true });
|
|
31
32
|
|
|
@@ -97,7 +98,7 @@ function validate(name, opts) {
|
|
|
97
98
|
throw new GuardEventBusTopicError("event-bus-topic/non-ascii",
|
|
98
99
|
"guardEventBusTopic.validate: name contains non-ASCII codepoint at offset " + i);
|
|
99
100
|
}
|
|
100
|
-
if (c
|
|
101
|
+
if (codepointClass.isForbiddenControlChar(c, { forbidTab: true }) || c === 0x2F || c === 0x5C) { // C0/DEL/slash/backslash
|
|
101
102
|
throw new GuardEventBusTopicError("event-bus-topic/bad-char",
|
|
102
103
|
"guardEventBusTopic.validate: forbidden char 0x" + c.toString(16) + " at offset " + i);
|
|
103
104
|
}
|
|
@@ -136,10 +136,7 @@ var HOMOGLYPH_RE = new RegExp("[" + codepointClass.charClass(HOMOGLYPH_RANGES) +
|
|
|
136
136
|
|
|
137
137
|
var PROFILES = Object.freeze({
|
|
138
138
|
"strict": {
|
|
139
|
-
|
|
140
|
-
controlPolicy: "reject",
|
|
141
|
-
nullBytePolicy: "reject",
|
|
142
|
-
zeroWidthPolicy: "reject",
|
|
139
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
143
140
|
homoglyphPolicy: "reject",
|
|
144
141
|
traversalPolicy: "reject",
|
|
145
142
|
reservedCharPolicy: "reject",
|
|
@@ -197,49 +194,12 @@ var PROFILES = Object.freeze({
|
|
|
197
194
|
},
|
|
198
195
|
});
|
|
199
196
|
|
|
200
|
-
var DEFAULTS =
|
|
201
|
-
mode: "enforce",
|
|
197
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES, {
|
|
202
198
|
maxRuntimeMs: C.TIME.seconds(5),
|
|
203
|
-
}));
|
|
204
|
-
|
|
205
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
206
|
-
"hipaa": {
|
|
207
|
-
bidiPolicy: "reject", controlPolicy: "reject", nullBytePolicy: "reject",
|
|
208
|
-
zeroWidthPolicy: "reject", homoglyphPolicy: "reject",
|
|
209
|
-
traversalPolicy: "reject", reservedCharPolicy: "reject",
|
|
210
|
-
reservedNamePolicy: "reject", adsPolicy: "reject",
|
|
211
|
-
leadingTrailingPolicy: "reject", shellExecExtPolicy: "reject",
|
|
212
|
-
pathSeparatorsPolicy: "reject",
|
|
213
|
-
requireAscii: true,
|
|
214
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
215
|
-
},
|
|
216
|
-
"pci-dss": {
|
|
217
|
-
bidiPolicy: "reject", controlPolicy: "reject", nullBytePolicy: "reject",
|
|
218
|
-
zeroWidthPolicy: "reject", homoglyphPolicy: "reject",
|
|
219
|
-
traversalPolicy: "reject", reservedCharPolicy: "reject",
|
|
220
|
-
reservedNamePolicy: "reject", adsPolicy: "reject",
|
|
221
|
-
leadingTrailingPolicy: "reject", shellExecExtPolicy: "reject",
|
|
222
|
-
pathSeparatorsPolicy: "reject",
|
|
223
|
-
requireAscii: true,
|
|
224
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
225
|
-
},
|
|
226
|
-
"gdpr": {
|
|
227
|
-
bidiPolicy: "strip", controlPolicy: "strip", nullBytePolicy: "reject",
|
|
228
|
-
zeroWidthPolicy: "strip",
|
|
229
|
-
traversalPolicy: "reject", reservedCharPolicy: "reject",
|
|
230
|
-
leadingTrailingPolicy: "strip",
|
|
231
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
232
|
-
},
|
|
233
|
-
"soc2": {
|
|
234
|
-
bidiPolicy: "reject", controlPolicy: "reject", nullBytePolicy: "reject",
|
|
235
|
-
zeroWidthPolicy: "reject", traversalPolicy: "reject",
|
|
236
|
-
reservedCharPolicy: "reject", reservedNamePolicy: "reject",
|
|
237
|
-
adsPolicy: "reject", shellExecExtPolicy: "reject",
|
|
238
|
-
pathSeparatorsPolicy: "reject",
|
|
239
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
240
|
-
},
|
|
241
199
|
});
|
|
242
200
|
|
|
201
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256, overlays: { gdpr: { bidiPolicy: "strip", controlPolicy: "strip" } } });
|
|
202
|
+
|
|
243
203
|
// ---- Helpers ----
|
|
244
204
|
|
|
245
205
|
function _resolveOpts(opts) {
|
|
@@ -332,19 +292,10 @@ function _detectIssues(input, opts) {
|
|
|
332
292
|
return issues;
|
|
333
293
|
}
|
|
334
294
|
|
|
335
|
-
// 1. Bidi / null / control / zero-width via shared codepoint class.
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
if (zwMatch) {
|
|
340
|
-
issues.push({
|
|
341
|
-
kind: "zero-width", severity: "high", ruleId: "filename.zero-width",
|
|
342
|
-
location: zwMatch.index,
|
|
343
|
-
snippet: "zero-width / invisible-formatting char U+" +
|
|
344
|
-
zwMatch[0].charCodeAt(0).toString(HEX_RADIX),
|
|
345
|
-
});
|
|
346
|
-
}
|
|
347
|
-
}
|
|
295
|
+
// 1. Bidi / null / control / zero-width via shared codepoint class. In a
|
|
296
|
+
// filename an invisible char spoofs the name (homoglyph / path confusion), so
|
|
297
|
+
// zero-width is `high` — passed as the zero-width severity.
|
|
298
|
+
issues.push.apply(issues, codepointClass.detectCharThreats(name, opts, "filename", "high"));
|
|
348
299
|
|
|
349
300
|
// 2. Path traversal — raw + percent-encoded forms. `name` is bounded
|
|
350
301
|
// by the maxBytes check at the end of this function (issues are
|
|
@@ -685,9 +636,10 @@ function validate(input, opts) {
|
|
|
685
636
|
["maxBytes", "maxComponents"],
|
|
686
637
|
"guardFilename.validate", GuardFilenameError, "filename.bad-opt");
|
|
687
638
|
|
|
688
|
-
|
|
689
|
-
|
|
690
|
-
|
|
639
|
+
// "bytes" contract — accept string/Buffer and pass it RAW: _detectIssues
|
|
640
|
+
// inspects bytes (overlong-UTF-8) before any utf8 conversion, so coercing to
|
|
641
|
+
// text first would hide the encoding attack.
|
|
642
|
+
return gateContract.runIssueValidator(input, opts, _detectIssues, "bytes");
|
|
691
643
|
}
|
|
692
644
|
|
|
693
645
|
function _sanitizeStripMode(input, opts) {
|