@blamejs/blamejs-shop 0.4.56 → 0.4.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/package.json +1 -1
|
@@ -81,7 +81,7 @@ var codepointClass = require("./codepoint-class");
|
|
|
81
81
|
var lazyRequire = require("./lazy-require");
|
|
82
82
|
var gateContract = require("./gate-contract");
|
|
83
83
|
var C = require("./constants");
|
|
84
|
-
var
|
|
84
|
+
var pick = require("./pick");
|
|
85
85
|
var { GuardGraphqlError } = require("./framework-error");
|
|
86
86
|
|
|
87
87
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
@@ -100,10 +100,7 @@ var PROTO_POISON_QUERY_RE = /[\s,({:]\$?(?:__proto__|constructor|prototype)\b/;
|
|
|
100
100
|
|
|
101
101
|
var PROFILES = Object.freeze({
|
|
102
102
|
"strict": {
|
|
103
|
-
|
|
104
|
-
controlPolicy: "reject",
|
|
105
|
-
nullBytePolicy: "reject",
|
|
106
|
-
zeroWidthPolicy: "reject",
|
|
103
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
107
104
|
introspectionPolicy: "reject",
|
|
108
105
|
persistedQueryPolicy: "audit",
|
|
109
106
|
operationNamePolicy: "audit",
|
|
@@ -120,10 +117,7 @@ var PROFILES = Object.freeze({
|
|
|
120
117
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
121
118
|
},
|
|
122
119
|
"balanced": {
|
|
123
|
-
|
|
124
|
-
controlPolicy: "reject",
|
|
125
|
-
nullBytePolicy: "reject",
|
|
126
|
-
zeroWidthPolicy: "reject",
|
|
120
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
127
121
|
introspectionPolicy: "audit",
|
|
128
122
|
persistedQueryPolicy: "audit",
|
|
129
123
|
operationNamePolicy: "audit",
|
|
@@ -140,10 +134,7 @@ var PROFILES = Object.freeze({
|
|
|
140
134
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
141
135
|
},
|
|
142
136
|
"permissive": {
|
|
143
|
-
|
|
144
|
-
controlPolicy: "reject", // controls refused at every profile
|
|
145
|
-
nullBytePolicy: "reject", // null refused at every profile
|
|
146
|
-
zeroWidthPolicy: "reject", // zero-width refused at every profile
|
|
137
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
147
138
|
introspectionPolicy: "allow",
|
|
148
139
|
persistedQueryPolicy: "allow",
|
|
149
140
|
operationNamePolicy: "allow",
|
|
@@ -161,35 +152,6 @@ var PROFILES = Object.freeze({
|
|
|
161
152
|
},
|
|
162
153
|
});
|
|
163
154
|
|
|
164
|
-
var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
|
|
165
|
-
mode: "enforce",
|
|
166
|
-
}));
|
|
167
|
-
|
|
168
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
169
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
170
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
171
|
-
}),
|
|
172
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
173
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
174
|
-
}),
|
|
175
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
176
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
177
|
-
}),
|
|
178
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
179
|
-
forensicSnippetBytes: C.BYTES.bytes(1024),
|
|
180
|
-
}),
|
|
181
|
-
});
|
|
182
|
-
|
|
183
|
-
function _resolveOpts(opts) {
|
|
184
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
185
|
-
profiles: PROFILES,
|
|
186
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
187
|
-
defaults: DEFAULTS,
|
|
188
|
-
errorClass: GuardGraphqlError,
|
|
189
|
-
errCodePrefix: "graphql",
|
|
190
|
-
});
|
|
191
|
-
}
|
|
192
|
-
|
|
193
155
|
// _measureQueryShape — walks the query string and computes
|
|
194
156
|
// brace-depth + per-selection-set alias counts using simple paren
|
|
195
157
|
// counting. Not a full GraphQL parser (operator runs the schema-
|
|
@@ -333,9 +295,7 @@ function _detectIssues(req, opts) {
|
|
|
333
295
|
var pVar = req.variables;
|
|
334
296
|
var pHas = Object.prototype.hasOwnProperty;
|
|
335
297
|
var pName = (pVar && typeof pVar === "object" && !Array.isArray(pVar) &&
|
|
336
|
-
(pHas.call(pVar,
|
|
337
|
-
pHas.call(pVar, "constructor") ? "constructor" :
|
|
338
|
-
pHas.call(pVar, "prototype") ? "prototype" : null));
|
|
298
|
+
pick.POISONED_KEYS.find(function (pk) { return pHas.call(pVar, pk); })) || null;
|
|
339
299
|
if (pName) {
|
|
340
300
|
issues.push({
|
|
341
301
|
kind: "variable-prototype-poison", severity: "critical",
|
|
@@ -500,14 +460,11 @@ function _detectIssues(req, opts) {
|
|
|
500
460
|
* var ok = b.guardGraphql.validate(benign, { profile: "strict" });
|
|
501
461
|
* ok.ok; // → true
|
|
502
462
|
*/
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
507
|
-
|
|
508
|
-
"guardGraphql.validate", GuardGraphqlError, "graphql.bad-opt");
|
|
509
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
510
|
-
}
|
|
463
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
464
|
+
// (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
|
|
465
|
+
// input, resolveOpts(opts)))`, with the byte / depth / alias / batch caps
|
|
466
|
+
// declared via `intOpts`. The @primitive block above documents the
|
|
467
|
+
// resulting public ABI.
|
|
511
468
|
|
|
512
469
|
/**
|
|
513
470
|
* @primitive b.guardGraphql.sanitize
|
|
@@ -539,10 +496,11 @@ function validate(input, opts) {
|
|
|
539
496
|
* e.code; // → "graphql.introspection"
|
|
540
497
|
* }
|
|
541
498
|
*/
|
|
542
|
-
|
|
543
|
-
|
|
544
|
-
|
|
545
|
-
|
|
499
|
+
// _sanitizeTransform — the guard-specific normalize applied by defineGuard's
|
|
500
|
+
// generated sanitize AFTER resolve → detect → throw-on-refusal. GraphQL
|
|
501
|
+
// request bundles can't be partially repaired; once detection passes with no
|
|
502
|
+
// critical/high issue, the input is returned unchanged.
|
|
503
|
+
function _sanitizeTransform(input) {
|
|
546
504
|
return input;
|
|
547
505
|
}
|
|
548
506
|
|
|
@@ -583,25 +541,19 @@ function sanitize(input, opts) {
|
|
|
583
541
|
* rv.issues[0].ruleId; // → "graphql.alias-bomb"
|
|
584
542
|
*/
|
|
585
543
|
function gate(opts) {
|
|
586
|
-
opts =
|
|
544
|
+
opts = _guard.resolveOpts(opts);
|
|
587
545
|
return gateContract.buildGuardGate(
|
|
588
546
|
opts.name || "guardGraphql:" + (opts.profile || "default"),
|
|
589
547
|
opts,
|
|
590
548
|
async function (ctx) {
|
|
591
549
|
var req = ctx && (ctx.graphqlRequest || ctx.gql);
|
|
592
550
|
if (!req) return { ok: true, action: "serve" };
|
|
593
|
-
|
|
594
|
-
|
|
595
|
-
|
|
596
|
-
|
|
597
|
-
|
|
598
|
-
|
|
599
|
-
return i.severity === "high";
|
|
600
|
-
});
|
|
601
|
-
if (!hasCritical && !hasHigh) {
|
|
602
|
-
return { ok: true, action: "audit-only", issues: rv.issues };
|
|
603
|
-
}
|
|
604
|
-
return { ok: false, action: "refuse", issues: rv.issues };
|
|
551
|
+
// validate is assembled by defineGuard (from `detect` below) and lives
|
|
552
|
+
// on the frozen module.exports; the gate is only invoked at runtime,
|
|
553
|
+
// after the export is assigned. Behaviour is identical to the prior
|
|
554
|
+
// local validate (resolve → intOpts → aggregateIssues(detect)).
|
|
555
|
+
var rv = module.exports.validate(req, opts);
|
|
556
|
+
return gateContract.severityDisposition(rv.issues);
|
|
605
557
|
});
|
|
606
558
|
}
|
|
607
559
|
|
|
@@ -636,15 +588,16 @@ var INTEGRATION_FIXTURES = Object.freeze({
|
|
|
636
588
|
// surface (validate / sanitize / bespoke gate) passed through verbatim.
|
|
637
589
|
// The custom KIND ("graphql-request") is accepted because the bespoke
|
|
638
590
|
// gate reads its own ctx fields (ctx.graphqlRequest / ctx.gql).
|
|
639
|
-
module.exports = gateContract.defineGuard({
|
|
591
|
+
var _guard = module.exports = gateContract.defineGuard({
|
|
640
592
|
name: "graphql",
|
|
641
593
|
kind: "graphql-request",
|
|
642
594
|
errorClass: GuardGraphqlError,
|
|
643
595
|
profiles: PROFILES,
|
|
644
|
-
|
|
645
|
-
postures: COMPLIANCE_POSTURES,
|
|
596
|
+
base: 512,
|
|
646
597
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
647
|
-
|
|
648
|
-
|
|
598
|
+
detect: _detectIssues,
|
|
599
|
+
sanitizeTransform: _sanitizeTransform,
|
|
600
|
+
intOpts: ["maxBytes", "maxQueryBytes", "maxVariableBytes",
|
|
601
|
+
"maxDepth", "maxAliasesPerSelection", "maxBatchSize"],
|
|
649
602
|
gate: gate,
|
|
650
603
|
});
|
|
@@ -82,6 +82,19 @@ var _TAG_RE = tagwalk.TAG_RE;
|
|
|
82
82
|
var _parseAttrs = tagwalk.parseAttrs;
|
|
83
83
|
var _lineColAt = tagwalk.lineColAt;
|
|
84
84
|
|
|
85
|
+
// Strip every HTML tag for plain-text measurement. Re-runs the tag regex
|
|
86
|
+
// until the string is stable so nested-bracket residue (e.g. `<scr<x>ipt>`)
|
|
87
|
+
// cannot survive a single pass. Output is used only for text-length / content
|
|
88
|
+
// checks, never re-emitted as HTML.
|
|
89
|
+
function _stripTags(s) {
|
|
90
|
+
var prev;
|
|
91
|
+
do {
|
|
92
|
+
prev = s;
|
|
93
|
+
s = s.replace(/<[^>]+>/g, "");
|
|
94
|
+
} while (s !== prev);
|
|
95
|
+
return s;
|
|
96
|
+
}
|
|
97
|
+
|
|
85
98
|
function _innerText(html, tagOpenEnd, tagName) {
|
|
86
99
|
var lower = tagName.toLowerCase();
|
|
87
100
|
var closeRe = new RegExp("</\\s*" + lower + "\\s*>", "i"); // allow:dynamic-regex — `lower` is a tag name from the framework's static SC registry, not operator input; `\\s*` and tag name are RegExp-safe (no special chars)
|
|
@@ -89,7 +102,7 @@ function _innerText(html, tagOpenEnd, tagName) {
|
|
|
89
102
|
var m = closeRe.exec(html);
|
|
90
103
|
if (!m) return "";
|
|
91
104
|
var raw = html.slice(tagOpenEnd, m.index);
|
|
92
|
-
return raw
|
|
105
|
+
return _stripTags(raw).replace(/&[a-z]+;|&#\d+;/gi, "").trim();
|
|
93
106
|
}
|
|
94
107
|
|
|
95
108
|
// ---- Per-element checks ----
|
|
@@ -270,7 +283,7 @@ function _checkPageTitle(html, report, opts) {
|
|
|
270
283
|
});
|
|
271
284
|
return;
|
|
272
285
|
}
|
|
273
|
-
var title = m[1]
|
|
286
|
+
var title = _stripTags(m[1]).trim();
|
|
274
287
|
if (title.length === 0) {
|
|
275
288
|
var pos2 = _lineColAt(html, m.index);
|
|
276
289
|
_addFinding(report, {
|
|
@@ -93,6 +93,8 @@
|
|
|
93
93
|
*/
|
|
94
94
|
|
|
95
95
|
var codepointClass = require("./codepoint-class");
|
|
96
|
+
var markupTokenizer = require("./markup-tokenizer");
|
|
97
|
+
var markupEscape = require("./markup-escape").markupEscape;
|
|
96
98
|
var guardHtmlWcag = require("./guard-html-wcag");
|
|
97
99
|
var lazyRequire = require("./lazy-require");
|
|
98
100
|
var gateContract = require("./gate-contract");
|
|
@@ -179,16 +181,14 @@ var URL_ATTRS = Object.freeze([
|
|
|
179
181
|
]);
|
|
180
182
|
|
|
181
183
|
// Always-allowed schemes (every profile).
|
|
182
|
-
var SAFE_SCHEMES =
|
|
184
|
+
var SAFE_SCHEMES = gateContract.SAFE_URL_SCHEMES;
|
|
183
185
|
|
|
184
186
|
// Schemes denied by default. `data` is dangerous globally except in
|
|
185
187
|
// image context (data:image/*) which is the only data: payload that
|
|
186
188
|
// can't directly script the page; the per-attribute check below honours
|
|
187
189
|
// that exception when allowImageData=true and the host tag is <img>.
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
"file", "mhtml", "jar", "intent", "view-source", "feed", "data",
|
|
191
|
-
]);
|
|
190
|
+
// Markup-attribute scheme denylist — the shared XSS / dangerous-resource set.
|
|
191
|
+
var DANGEROUS_SCHEMES = gateContract.DANGEROUS_URL_SCHEMES;
|
|
192
192
|
|
|
193
193
|
// CSS dangerous tokens — case-insensitive match against attribute
|
|
194
194
|
// value content.
|
|
@@ -291,54 +291,12 @@ var PROFILES = Object.freeze({
|
|
|
291
291
|
},
|
|
292
292
|
});
|
|
293
293
|
|
|
294
|
-
var DEFAULTS =
|
|
295
|
-
mode: "enforce",
|
|
294
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES, {
|
|
296
295
|
maxRuntimeMs: C.TIME.seconds(30),
|
|
297
|
-
}));
|
|
298
|
-
|
|
299
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
300
|
-
"hipaa": {
|
|
301
|
-
allowedTags: STRICT_ALLOWED_TAGS,
|
|
302
|
-
bidiPolicy: "reject",
|
|
303
|
-
controlPolicy: "reject",
|
|
304
|
-
nullBytePolicy: "reject",
|
|
305
|
-
cssPolicy: "reject",
|
|
306
|
-
domClobberPolicy: "reject",
|
|
307
|
-
mxssHintPolicy: "reject",
|
|
308
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
309
|
-
},
|
|
310
|
-
"pci-dss": {
|
|
311
|
-
allowedTags: STRICT_ALLOWED_TAGS,
|
|
312
|
-
bidiPolicy: "reject",
|
|
313
|
-
controlPolicy: "reject",
|
|
314
|
-
nullBytePolicy: "reject",
|
|
315
|
-
cssPolicy: "reject",
|
|
316
|
-
domClobberPolicy: "reject",
|
|
317
|
-
mxssHintPolicy: "reject",
|
|
318
|
-
urlSchemes: SAFE_SCHEMES,
|
|
319
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
320
|
-
},
|
|
321
|
-
"gdpr": {
|
|
322
|
-
allowedTags: BALANCED_ALLOWED_TAGS,
|
|
323
|
-
bidiPolicy: "strip",
|
|
324
|
-
controlPolicy: "strip",
|
|
325
|
-
cssPolicy: "strip",
|
|
326
|
-
domClobberPolicy: "strip",
|
|
327
|
-
mxssHintPolicy: "audit",
|
|
328
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
329
|
-
},
|
|
330
|
-
"soc2": {
|
|
331
|
-
allowedTags: STRICT_ALLOWED_TAGS,
|
|
332
|
-
bidiPolicy: "reject",
|
|
333
|
-
controlPolicy: "reject",
|
|
334
|
-
nullBytePolicy: "reject",
|
|
335
|
-
cssPolicy: "reject",
|
|
336
|
-
domClobberPolicy: "reject",
|
|
337
|
-
mxssHintPolicy: "reject",
|
|
338
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
339
|
-
},
|
|
340
296
|
});
|
|
341
297
|
|
|
298
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
|
|
299
|
+
|
|
342
300
|
// ---- Internal helpers ----
|
|
343
301
|
|
|
344
302
|
function _resolveOpts(opts) {
|
|
@@ -372,12 +330,7 @@ function _resolveOpts(opts) {
|
|
|
372
330
|
*/
|
|
373
331
|
function escapeText(value) {
|
|
374
332
|
var s = value == null ? "" : String(value);
|
|
375
|
-
return s
|
|
376
|
-
.replace(/&/g, "&")
|
|
377
|
-
.replace(/</g, "<")
|
|
378
|
-
.replace(/>/g, ">")
|
|
379
|
-
.replace(/"/g, """)
|
|
380
|
-
.replace(/'/g, "'");
|
|
333
|
+
return markupEscape(s, { apos: "'" });
|
|
381
334
|
}
|
|
382
335
|
|
|
383
336
|
/**
|
|
@@ -401,12 +354,9 @@ function escapeText(value) {
|
|
|
401
354
|
*/
|
|
402
355
|
function escapeAttr(value) {
|
|
403
356
|
var s = value == null ? "" : String(value);
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
.replace(/>/g, ">")
|
|
408
|
-
.replace(/"/g, """)
|
|
409
|
-
.replace(/'/g, "'")
|
|
357
|
+
// Base markup chars + apostrophe via markupEscape; the backtick + "="
|
|
358
|
+
// escapes are the IE attribute-injection hardening unique to this escaper.
|
|
359
|
+
return markupEscape(s, { apos: "'" })
|
|
410
360
|
.replace(/`/g, "`")
|
|
411
361
|
.replace(/=/g, "=");
|
|
412
362
|
}
|
|
@@ -511,9 +461,10 @@ function _isCssDangerous(value) {
|
|
|
511
461
|
|
|
512
462
|
function _tokenize(input, maxBytes) {
|
|
513
463
|
var s = String(input || "");
|
|
514
|
-
|
|
464
|
+
var nb = Buffer.byteLength(s, "utf8");
|
|
465
|
+
if (nb > maxBytes) {
|
|
515
466
|
throw _err("html.too-large",
|
|
516
|
-
"input " +
|
|
467
|
+
"input " + nb + " bytes exceeds maxBytes " + maxBytes);
|
|
517
468
|
}
|
|
518
469
|
var tokens = [];
|
|
519
470
|
var len = s.length;
|
|
@@ -567,28 +518,15 @@ function _tokenize(input, maxBytes) {
|
|
|
567
518
|
|
|
568
519
|
// Start tag — find the matching `>`, but skip over `>` inside
|
|
569
520
|
// quoted attribute values.
|
|
570
|
-
var p = lt + 1;
|
|
571
|
-
var inQuote = "";
|
|
572
|
-
while (p < len) {
|
|
573
|
-
var ch = s.charAt(p);
|
|
574
|
-
if (inQuote) {
|
|
575
|
-
if (ch === inQuote) inQuote = "";
|
|
576
|
-
} else {
|
|
577
|
-
if (ch === '"' || ch === "'") inQuote = ch;
|
|
578
|
-
else if (ch === ">") break;
|
|
579
|
-
}
|
|
580
|
-
p += 1;
|
|
581
|
-
}
|
|
521
|
+
var p = markupTokenizer.scanToTagEnd(s, lt + 1, len);
|
|
582
522
|
var endT = p < len ? p + 1 : len;
|
|
583
523
|
var raw = s.slice(lt, endT);
|
|
584
524
|
var inner = raw.slice(1, raw.charAt(raw.length - 1) === ">" ? raw.length - 1 : raw.length);
|
|
585
525
|
if (inner.endsWith("/")) inner = inner.slice(0, inner.length - 1);
|
|
586
526
|
|
|
587
|
-
var
|
|
588
|
-
var tagName =
|
|
589
|
-
var
|
|
590
|
-
|
|
591
|
-
var attrs = _parseAttrs(attrSrc);
|
|
527
|
+
var htmlParts = markupTokenizer.splitTagNameAttrs(inner, /^([A-Za-z][A-Za-z0-9:-]*)/);
|
|
528
|
+
var tagName = htmlParts.tagName;
|
|
529
|
+
var attrs = _parseAttrs(htmlParts.attrSrc);
|
|
592
530
|
tokens.push({
|
|
593
531
|
type: "tag", name: tagName, attrs: attrs,
|
|
594
532
|
raw: raw, start: lt, end: endT,
|
|
@@ -643,7 +581,7 @@ function _parseAttrs(src) {
|
|
|
643
581
|
function _detectIssues(input, opts) {
|
|
644
582
|
var s = String(input || "");
|
|
645
583
|
// 1. Whole-input bidi / null-byte / control char threats.
|
|
646
|
-
var issues = codepointClass.detectCharThreats(s, opts, "html");
|
|
584
|
+
var issues = codepointClass.detectCharThreats(s, opts, "html", "warn");
|
|
647
585
|
|
|
648
586
|
var tokens;
|
|
649
587
|
try { tokens = _tokenize(s, opts.maxBytes); }
|
|
@@ -712,7 +650,7 @@ function _detectIssues(input, opts) {
|
|
|
712
650
|
for (var ai = 0; ai < attrs.length; ai += 1) {
|
|
713
651
|
var a = attrs[ai];
|
|
714
652
|
var an = a.name.toLowerCase();
|
|
715
|
-
if (a.value && a.value
|
|
653
|
+
if (a.value && Buffer.byteLength(a.value, "utf8") > opts.maxAttrValueBytes) {
|
|
716
654
|
issues.push({
|
|
717
655
|
kind: "attr-value-too-large", severity: "high",
|
|
718
656
|
ruleId: "html.attr-size",
|
|
@@ -814,9 +752,10 @@ function _detectIssues(input, opts) {
|
|
|
814
752
|
|
|
815
753
|
function _sanitize(input, opts) {
|
|
816
754
|
var s = String(input || "");
|
|
817
|
-
|
|
755
|
+
var nb = Buffer.byteLength(s, "utf8");
|
|
756
|
+
if (nb > opts.maxBytes) {
|
|
818
757
|
throw _err("html.too-large",
|
|
819
|
-
"input " +
|
|
758
|
+
"input " + nb + " bytes exceeds maxBytes " + opts.maxBytes);
|
|
820
759
|
}
|
|
821
760
|
codepointClass.assertNoCharThreats(s, opts, _err, "html");
|
|
822
761
|
s = codepointClass.applyCharStripPolicies(s, opts);
|
|
@@ -884,7 +823,7 @@ function _sanitize(input, opts) {
|
|
|
884
823
|
if (EVENT_HANDLER_RE.test(an)) continue;
|
|
885
824
|
if (DANGEROUS_ATTRS.indexOf(an) !== -1) continue;
|
|
886
825
|
if (Object.keys(allowedAttrs).length > 0 && !allowedAttrs[an]) continue;
|
|
887
|
-
if (a.value && a.value
|
|
826
|
+
if (a.value && Buffer.byteLength(a.value, "utf8") > opts.maxAttrValueBytes) continue;
|
|
888
827
|
if (_isUrlAttr(an)) {
|
|
889
828
|
var scheme = _extractScheme(a.value);
|
|
890
829
|
if (scheme && DANGEROUS_SCHEMES.indexOf(scheme) !== -1) {
|
|
@@ -1061,39 +1000,47 @@ function sanitize(input, opts) {
|
|
|
1061
1000
|
* rv.ok; // → false
|
|
1062
1001
|
* rv.action; // → "refuse"
|
|
1063
1002
|
*/
|
|
1003
|
+
// Disposition of each html finding = what the operator's policy for that class
|
|
1004
|
+
// selected. The configurable classes (CSS injection / DOM-clobbering / mXSS
|
|
1005
|
+
// hint) and the bidi / null / control char threats follow their policies
|
|
1006
|
+
// (sanitize under `strip`, refuse under `reject`, audit under `audit`). The
|
|
1007
|
+
// always-dangerous denylist (dangerous tag / event handler / dangerous attr /
|
|
1008
|
+
// dangerous URL scheme) refuses — stripping a script-equivalent is not a
|
|
1009
|
+
// provable repair (an mXSS / parser-differential vector can survive); a
|
|
1010
|
+
// non-allowlisted but otherwise-benign tag / scheme sanitizes (the allowlist
|
|
1011
|
+
// sanitizer drops it); structural caps and a tokenizer failure refuse.
|
|
1012
|
+
// Exhaustive over every kind the detection pass emits.
|
|
1013
|
+
function _gateDispositionFor(issue, opts) {
|
|
1014
|
+
var shared = gateContract.charThreatDisposition(issue, opts);
|
|
1015
|
+
if (shared) return shared;
|
|
1016
|
+
switch (issue.kind) {
|
|
1017
|
+
case "css-injection": return gateContract.policyDisposition(opts.cssPolicy);
|
|
1018
|
+
case "dom-clobber": return gateContract.policyDisposition(opts.domClobberPolicy);
|
|
1019
|
+
case "mxss-hint": return gateContract.policyDisposition(opts.mxssHintPolicy);
|
|
1020
|
+
case "non-allowlisted-tag":
|
|
1021
|
+
case "non-allowlisted-url-scheme": return "sanitize";
|
|
1022
|
+
case "dangerous-tag":
|
|
1023
|
+
case "event-handler":
|
|
1024
|
+
case "dangerous-attr":
|
|
1025
|
+
case "dangerous-url-scheme": return "refuse";
|
|
1026
|
+
case "tokenize-failed":
|
|
1027
|
+
case "ie-conditional-comment":
|
|
1028
|
+
case "depth-cap":
|
|
1029
|
+
case "attr-count-cap":
|
|
1030
|
+
case "attr-value-too-large": return "refuse";
|
|
1031
|
+
default: return null;
|
|
1032
|
+
}
|
|
1033
|
+
}
|
|
1034
|
+
|
|
1064
1035
|
function gate(opts) {
|
|
1065
1036
|
opts = _resolveOpts(opts);
|
|
1066
|
-
return gateContract.
|
|
1067
|
-
opts.name || "guardHtml:" + (opts.profile || "default"),
|
|
1068
|
-
opts,
|
|
1069
|
-
|
|
1070
|
-
|
|
1071
|
-
|
|
1072
|
-
|
|
1073
|
-
if (rv.issues.length === 0) return { ok: true, action: "serve" };
|
|
1074
|
-
var hasCritical = rv.issues.some(function (i) {
|
|
1075
|
-
return i.severity === "critical" || i.severity === "high";
|
|
1076
|
-
});
|
|
1077
|
-
if (!hasCritical) return { ok: true, action: "audit-only", issues: rv.issues };
|
|
1078
|
-
|
|
1079
|
-
// Sanitize attempt — only when no policy says reject.
|
|
1080
|
-
if (opts.bidiPolicy !== "reject" &&
|
|
1081
|
-
opts.controlPolicy !== "reject" &&
|
|
1082
|
-
opts.nullBytePolicy !== "reject" &&
|
|
1083
|
-
opts.cssPolicy !== "reject" &&
|
|
1084
|
-
opts.domClobberPolicy !== "reject" &&
|
|
1085
|
-
opts.mxssHintPolicy !== "reject") {
|
|
1086
|
-
try {
|
|
1087
|
-
var clean = sanitize(text, opts);
|
|
1088
|
-
return {
|
|
1089
|
-
ok: true, action: "sanitize",
|
|
1090
|
-
sanitized: Buffer.from(clean, "utf8"),
|
|
1091
|
-
issues: rv.issues,
|
|
1092
|
-
};
|
|
1093
|
-
} catch (_e) { /* fall through */ }
|
|
1094
|
-
}
|
|
1095
|
-
return { ok: false, action: "refuse", issues: rv.issues };
|
|
1096
|
-
});
|
|
1037
|
+
return gateContract.buildContentGate({
|
|
1038
|
+
name: opts.name || "guardHtml:" + (opts.profile || "default"),
|
|
1039
|
+
opts: opts,
|
|
1040
|
+
validate: validate,
|
|
1041
|
+
dispositionFor: _gateDispositionFor,
|
|
1042
|
+
produceSanitized: function (text, o) { return sanitize(text, o); },
|
|
1043
|
+
});
|
|
1097
1044
|
}
|
|
1098
1045
|
|
|
1099
1046
|
// buildProfile / compliancePosture / loadRulePack are assembled by
|
|
@@ -1135,6 +1082,7 @@ module.exports = gateContract.defineGuard({
|
|
|
1135
1082
|
sanitize: sanitize,
|
|
1136
1083
|
gate: gate,
|
|
1137
1084
|
extra: {
|
|
1085
|
+
_gateDispositionForTest: _gateDispositionFor,
|
|
1138
1086
|
escapeText: escapeText,
|
|
1139
1087
|
escapeAttr: escapeAttr,
|
|
1140
1088
|
DANGEROUS_TAGS: DANGEROUS_TAGS,
|
|
@@ -31,6 +31,7 @@
|
|
|
31
31
|
|
|
32
32
|
var { defineClass } = require("./framework-error");
|
|
33
33
|
var gateContract = require("./gate-contract");
|
|
34
|
+
var codepointClass = require("./codepoint-class");
|
|
34
35
|
|
|
35
36
|
var GuardIdempotencyKeyError = defineClass("GuardIdempotencyKeyError", { alwaysPermanent: true });
|
|
36
37
|
|
|
@@ -90,7 +91,7 @@ function validate(value, opts) {
|
|
|
90
91
|
// C0 / DEL / slash refusal.
|
|
91
92
|
for (var i = 0; i < value.length; i += 1) {
|
|
92
93
|
var c = value.charCodeAt(i);
|
|
93
|
-
if (c
|
|
94
|
+
if (codepointClass.isForbiddenControlChar(c, { forbidTab: true })) { // C0 + DEL refusal
|
|
94
95
|
throw new GuardIdempotencyKeyError("idempotency-key/control-char",
|
|
95
96
|
"guardIdempotencyKey.validate: control char 0x" + c.toString(16) + " at offset " + i);
|
|
96
97
|
}
|