@blamejs/blamejs-shop 0.4.56 → 0.4.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/package.json +1 -1
|
@@ -42,7 +42,6 @@ var codepointClass = require("./codepoint-class");
|
|
|
42
42
|
var lazyRequire = require("./lazy-require");
|
|
43
43
|
var gateContract = require("./gate-contract");
|
|
44
44
|
var C = require("./constants");
|
|
45
|
-
var numericBounds = require("./numeric-bounds");
|
|
46
45
|
var { GuardMarkdownError } = require("./framework-error");
|
|
47
46
|
|
|
48
47
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
@@ -142,10 +141,7 @@ var PROFILES = Object.freeze({
|
|
|
142
141
|
doctypePolicy: "reject",
|
|
143
142
|
emphasisRunPolicy: "reject",
|
|
144
143
|
filePolicy: "reject",
|
|
145
|
-
|
|
146
|
-
controlPolicy: "reject",
|
|
147
|
-
nullBytePolicy: "reject",
|
|
148
|
-
zeroWidthPolicy: "reject",
|
|
144
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
149
145
|
maxBytes: C.BYTES.mib(1),
|
|
150
146
|
maxLines: 4096, // line count cap
|
|
151
147
|
maxLinks: 256, // link count cap
|
|
@@ -209,36 +205,6 @@ var PROFILES = Object.freeze({
|
|
|
209
205
|
},
|
|
210
206
|
});
|
|
211
207
|
|
|
212
|
-
var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
|
|
213
|
-
mode: "enforce",
|
|
214
|
-
maxRuntimeMs: C.TIME.seconds(10),
|
|
215
|
-
}));
|
|
216
|
-
|
|
217
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
218
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
219
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
220
|
-
}),
|
|
221
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
222
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
223
|
-
}),
|
|
224
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
225
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
226
|
-
}),
|
|
227
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
228
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
229
|
-
}),
|
|
230
|
-
});
|
|
231
|
-
|
|
232
|
-
function _resolveOpts(opts) {
|
|
233
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
234
|
-
profiles: PROFILES,
|
|
235
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
236
|
-
defaults: DEFAULTS,
|
|
237
|
-
errorClass: GuardMarkdownError,
|
|
238
|
-
errCodePrefix: "markdown",
|
|
239
|
-
});
|
|
240
|
-
}
|
|
241
|
-
|
|
242
208
|
// matchAll wrapper avoids a substring that the local security hook
|
|
243
209
|
// flags for unrelated reasons.
|
|
244
210
|
function _allMatches(input, regex) {
|
|
@@ -246,17 +212,9 @@ function _allMatches(input, regex) {
|
|
|
246
212
|
}
|
|
247
213
|
|
|
248
214
|
function _detectIssues(input, opts) {
|
|
249
|
-
var
|
|
250
|
-
if (
|
|
251
|
-
|
|
252
|
-
snippet: "input is not a string" }];
|
|
253
|
-
}
|
|
254
|
-
if (input.length > opts.maxBytes) {
|
|
255
|
-
return [{ kind: "too-large", severity: "high",
|
|
256
|
-
ruleId: "markdown.too-large",
|
|
257
|
-
snippet: "input " + input.length +
|
|
258
|
-
" bytes exceeds maxBytes " + opts.maxBytes }];
|
|
259
|
-
}
|
|
215
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "markdown", noun: "input", emptyMode: "skip", scanCodepoints: false, cap: { bytes: opts.maxBytes, kind: "too-large", snippet: function (byteLen, max) { return "input " + byteLen + " bytes exceeds maxBytes " + max; } } });
|
|
216
|
+
if (pre.done) return pre.issues;
|
|
217
|
+
var issues = pre.issues;
|
|
260
218
|
|
|
261
219
|
// Line count cap — line-based parsers scale O(lines).
|
|
262
220
|
var lineCount = 0;
|
|
@@ -481,7 +439,7 @@ function _detectIssues(input, opts) {
|
|
|
481
439
|
}
|
|
482
440
|
|
|
483
441
|
// 12. Codepoint-class threats.
|
|
484
|
-
issues.push.apply(issues, codepointClass.detectCharThreats(input, opts, "markdown"));
|
|
442
|
+
issues.push.apply(issues, codepointClass.detectCharThreats(input, opts, "markdown", "warn"));
|
|
485
443
|
|
|
486
444
|
return issues;
|
|
487
445
|
}
|
|
@@ -537,21 +495,9 @@ function _detectIssues(input, opts) {
|
|
|
537
495
|
* bad.ok; // → false
|
|
538
496
|
* bad.issues[0].ruleId; // → "markdown.dangerous-scheme"
|
|
539
497
|
*/
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
|
|
543
|
-
["maxBytes", "maxLines", "maxLinks", "maxImages", "maxAutolinks",
|
|
544
|
-
"maxRefDefs", "maxListDepth", "maxBlockquoteDepth"],
|
|
545
|
-
"guardMarkdown.validate", GuardMarkdownError, "markdown.bad-opt");
|
|
546
|
-
if (typeof input !== "string") {
|
|
547
|
-
return {
|
|
548
|
-
ok: false,
|
|
549
|
-
issues: [{ kind: "bad-input", severity: "high",
|
|
550
|
-
snippet: "input is not a string" }],
|
|
551
|
-
};
|
|
552
|
-
}
|
|
553
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
554
|
-
}
|
|
498
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
499
|
+
// (_detectIssues), with the maxBytes/maxLines/... caps declared via `intOpts`.
|
|
500
|
+
// The @primitive block above documents the resulting ABI.
|
|
555
501
|
|
|
556
502
|
/**
|
|
557
503
|
* @primitive b.guardMarkdown.sanitize
|
|
@@ -583,14 +529,10 @@ function validate(input, opts) {
|
|
|
583
529
|
* e.code; // → "markdown.dangerous-tag"
|
|
584
530
|
* }
|
|
585
531
|
*/
|
|
586
|
-
|
|
587
|
-
|
|
588
|
-
|
|
589
|
-
|
|
590
|
-
}
|
|
591
|
-
var issues = _detectIssues(input, opts);
|
|
592
|
-
gateContract.throwOnRefusalSeverity(issues,
|
|
593
|
-
{ errorClass: GuardMarkdownError, codePrefix: "markdown", severities: ["critical"] });
|
|
532
|
+
// _sanitizeTransform — the normalize tail applied by defineGuard's generated
|
|
533
|
+
// sanitize AFTER resolve -> detect -> throwOnRefusalSeverity. spec.sanitizeSeverities
|
|
534
|
+
// is ["critical"] so high-severity findings are stripped here, not thrown.
|
|
535
|
+
function _sanitizeTransform(input, opts) {
|
|
594
536
|
return codepointClass.applyCharStripPolicies(input, opts);
|
|
595
537
|
}
|
|
596
538
|
|
|
@@ -624,43 +566,63 @@ function sanitize(input, opts) {
|
|
|
624
566
|
* var bad = await g.check({ bytes: Buffer.from("[x](javascript:1)", "utf8") });
|
|
625
567
|
* bad.action; // → "refuse"
|
|
626
568
|
*/
|
|
569
|
+
// Disposition of each markdown finding = what the operator's policy for that
|
|
570
|
+
// class selected. The markup-deviation classes (dangerous tag / raw HTML /
|
|
571
|
+
// HTML comment / front-matter / doctype / dangerous link & image & autolink &
|
|
572
|
+
// reference schemes / code-fence language / emphasis run) refuse under `reject`
|
|
573
|
+
// and audit under `audit` — never sanitize, since the char-strip sanitizer
|
|
574
|
+
// cannot excise them; the bidi / null / control char threats follow their
|
|
575
|
+
// shared policies (sanitize under `strip`); every count / depth cap and a bad
|
|
576
|
+
// input always refuse. Exhaustive over every kind _detectIssues emits.
|
|
577
|
+
function _gateDispositionFor(issue, opts) {
|
|
578
|
+
var shared = gateContract.charThreatDisposition(issue, opts);
|
|
579
|
+
if (shared) return shared;
|
|
580
|
+
switch (issue.kind) {
|
|
581
|
+
case "dangerous-tag": return gateContract.policyDisposition(opts.dangerousTagPolicy);
|
|
582
|
+
case "raw-html": return gateContract.policyDisposition(opts.rawHtmlPolicy);
|
|
583
|
+
case "html-comment": return gateContract.policyDisposition(opts.htmlCommentPolicy);
|
|
584
|
+
case "front-matter": return gateContract.policyDisposition(opts.frontMatterPolicy);
|
|
585
|
+
case "doctype": return gateContract.policyDisposition(opts.doctypePolicy);
|
|
586
|
+
// The link / image / autolink / reference-link scheme findings fire ONLY for
|
|
587
|
+
// dangerous URL schemes (javascript: / data: / vbscript: / file:) — a
|
|
588
|
+
// denylist hit, so they refuse like html's dangerous-url-scheme. There is no
|
|
589
|
+
// safe audit-and-serve for a known-XSS scheme; the scheme policy still gates
|
|
590
|
+
// EMISSION (`allow` suppresses the finding entirely, an explicit operator
|
|
591
|
+
// opt-in to serve), but any emitted finding refuses.
|
|
592
|
+
case "image-scheme":
|
|
593
|
+
case "link-scheme":
|
|
594
|
+
case "autolink-scheme":
|
|
595
|
+
case "reference-link-scheme": return "refuse";
|
|
596
|
+
case "code-fence-lang": return gateContract.policyDisposition(opts.codeFenceLangPolicy);
|
|
597
|
+
case "emphasis-run": return gateContract.policyDisposition(opts.emphasisRunPolicy);
|
|
598
|
+
case "bad-input":
|
|
599
|
+
case "too-large":
|
|
600
|
+
case "line-cap":
|
|
601
|
+
case "link-cap":
|
|
602
|
+
case "image-cap":
|
|
603
|
+
case "autolink-cap":
|
|
604
|
+
case "ref-def-cap":
|
|
605
|
+
case "list-depth-cap":
|
|
606
|
+
case "blockquote-depth-cap": return "refuse";
|
|
607
|
+
default: return null;
|
|
608
|
+
}
|
|
609
|
+
}
|
|
610
|
+
|
|
627
611
|
function gate(opts) {
|
|
628
|
-
opts =
|
|
629
|
-
return gateContract.
|
|
630
|
-
opts.name || "guardMarkdown:" + (opts.profile || "default"),
|
|
631
|
-
opts,
|
|
632
|
-
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
640
|
-
|
|
641
|
-
|
|
642
|
-
});
|
|
643
|
-
if (!hasCritical && !hasHigh) {
|
|
644
|
-
return { ok: true, action: "audit-only", issues: rv.issues };
|
|
645
|
-
}
|
|
646
|
-
var canSanitize = !hasCritical &&
|
|
647
|
-
opts.dangerousTagPolicy !== "reject" &&
|
|
648
|
-
opts.dangerousSchemePolicy !== "reject" &&
|
|
649
|
-
opts.imageSchemePolicy !== "reject" &&
|
|
650
|
-
opts.autolinkSchemePolicy !== "reject" &&
|
|
651
|
-
opts.referenceLinkPolicy !== "reject" &&
|
|
652
|
-
opts.codeFenceLangPolicy !== "reject" &&
|
|
653
|
-
opts.doctypePolicy !== "reject";
|
|
654
|
-
if (canSanitize) {
|
|
655
|
-
try {
|
|
656
|
-
var clean = sanitize(text, opts);
|
|
657
|
-
return { ok: true, action: "sanitize",
|
|
658
|
-
sanitized: Buffer.from(clean, "utf8"),
|
|
659
|
-
issues: rv.issues };
|
|
660
|
-
} catch (_e) { /* fall through */ }
|
|
661
|
-
}
|
|
662
|
-
return { ok: false, action: "refuse", issues: rv.issues };
|
|
663
|
-
});
|
|
612
|
+
opts = module.exports.resolveOpts(opts);
|
|
613
|
+
return gateContract.buildContentGate({
|
|
614
|
+
name: opts.name || "guardMarkdown:" + (opts.profile || "default"),
|
|
615
|
+
opts: opts,
|
|
616
|
+
validate: module.exports.validate,
|
|
617
|
+
dispositionFor: _gateDispositionFor,
|
|
618
|
+
// Only the char-threat classes the strip transform can excise ever reach
|
|
619
|
+
// sanitize (and only when their policy is a mitigation); the markup classes
|
|
620
|
+
// are refuse / audit by policy. produceSanitized is the strip transform
|
|
621
|
+
// itself, NOT the public `sanitize` — that one throws on a critical finding
|
|
622
|
+
// (e.g. a bidi override) regardless of the strip policy, which would turn a
|
|
623
|
+
// policy-selected sanitize into a refuse.
|
|
624
|
+
produceSanitized: function (text, o) { return _sanitizeTransform(text, o); },
|
|
625
|
+
});
|
|
664
626
|
}
|
|
665
627
|
|
|
666
628
|
// buildProfile / compliancePosture / loadRulePack are assembled by
|
|
@@ -690,12 +652,16 @@ module.exports = gateContract.defineGuard({
|
|
|
690
652
|
kind: "content",
|
|
691
653
|
errorClass: GuardMarkdownError,
|
|
692
654
|
profiles: PROFILES,
|
|
693
|
-
|
|
694
|
-
|
|
655
|
+
base: 256,
|
|
656
|
+
defaultsOverlay: { maxRuntimeMs: C.TIME.seconds(10) },
|
|
695
657
|
mimeTypes: ["text/markdown", "text/x-markdown", "text/x-gfm"],
|
|
696
658
|
extensions: [".md", ".markdown"],
|
|
697
659
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
698
|
-
|
|
699
|
-
|
|
660
|
+
detect: _detectIssues,
|
|
661
|
+
sanitizeTransform: _sanitizeTransform,
|
|
662
|
+
sanitizeSeverities: ["critical"],
|
|
663
|
+
intOpts: ["maxBytes", "maxLines", "maxLinks", "maxImages", "maxAutolinks",
|
|
664
|
+
"maxRefDefs", "maxListDepth", "maxBlockquoteDepth"],
|
|
700
665
|
gate: gate,
|
|
666
|
+
extra: { _gateDispositionForTest: _gateDispositionFor },
|
|
701
667
|
});
|
|
@@ -51,6 +51,7 @@
|
|
|
51
51
|
|
|
52
52
|
var { defineClass } = require("./framework-error");
|
|
53
53
|
var gateContract = require("./gate-contract");
|
|
54
|
+
var codepointClass = require("./codepoint-class");
|
|
54
55
|
|
|
55
56
|
var GuardMessageIdError = defineClass("GuardMessageIdError", { alwaysPermanent: true });
|
|
56
57
|
|
|
@@ -124,12 +125,10 @@ function validate(value, opts) {
|
|
|
124
125
|
// C0 control chars + NUL + DEL — always refused at every profile
|
|
125
126
|
// (defends mail-header-injection class — operator can't smuggle
|
|
126
127
|
// CR/LF into a Message-Id to fold an attacker-chosen From: line).
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
"guardMessageId.validate: control char 0x" + c.toString(16) + " at offset " + i);
|
|
132
|
-
}
|
|
128
|
+
var _ctlOff = codepointClass.firstControlCharOffset(value, { forbidTab: true }); // C0 + DEL refusal
|
|
129
|
+
if (_ctlOff !== -1) {
|
|
130
|
+
throw new GuardMessageIdError("message-id/control-char",
|
|
131
|
+
"guardMessageId.validate: control char 0x" + value.charCodeAt(_ctlOff).toString(16) + " at offset " + _ctlOff);
|
|
133
132
|
}
|
|
134
133
|
|
|
135
134
|
// Bidi codepoints — refused at strict + balanced; permissive lets
|
|
@@ -36,11 +36,9 @@
|
|
|
36
36
|
* Media-type identifier-safety guard.
|
|
37
37
|
*/
|
|
38
38
|
|
|
39
|
-
var codepointClass = require("./codepoint-class");
|
|
40
39
|
var lazyRequire = require("./lazy-require");
|
|
41
40
|
var gateContract = require("./gate-contract");
|
|
42
41
|
var C = require("./constants");
|
|
43
|
-
var numericBounds = require("./numeric-bounds");
|
|
44
42
|
var safeBuffer = require("./safe-buffer");
|
|
45
43
|
var { GuardMimeError } = require("./framework-error");
|
|
46
44
|
|
|
@@ -81,10 +79,7 @@ var RISKY_TYPES = Object.freeze([
|
|
|
81
79
|
|
|
82
80
|
var PROFILES = Object.freeze({
|
|
83
81
|
"strict": {
|
|
84
|
-
|
|
85
|
-
controlPolicy: "reject",
|
|
86
|
-
nullBytePolicy: "reject",
|
|
87
|
-
zeroWidthPolicy: "reject",
|
|
82
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
88
83
|
wildcardPolicy: "reject",
|
|
89
84
|
vendorTreePolicy: "audit",
|
|
90
85
|
personalTreePolicy: "audit",
|
|
@@ -95,10 +90,7 @@ var PROFILES = Object.freeze({
|
|
|
95
90
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
96
91
|
},
|
|
97
92
|
"balanced": {
|
|
98
|
-
|
|
99
|
-
controlPolicy: "reject",
|
|
100
|
-
nullBytePolicy: "reject",
|
|
101
|
-
zeroWidthPolicy: "reject",
|
|
93
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
102
94
|
wildcardPolicy: "audit",
|
|
103
95
|
vendorTreePolicy: "allow",
|
|
104
96
|
personalTreePolicy: "audit",
|
|
@@ -109,10 +101,7 @@ var PROFILES = Object.freeze({
|
|
|
109
101
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
110
102
|
},
|
|
111
103
|
"permissive": {
|
|
112
|
-
|
|
113
|
-
controlPolicy: "reject", // controls refused at every profile
|
|
114
|
-
nullBytePolicy: "reject", // null refused at every profile
|
|
115
|
-
zeroWidthPolicy: "reject", // zero-width refused at every profile
|
|
104
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
116
105
|
wildcardPolicy: "allow",
|
|
117
106
|
vendorTreePolicy: "allow",
|
|
118
107
|
personalTreePolicy: "allow",
|
|
@@ -124,35 +113,6 @@ var PROFILES = Object.freeze({
|
|
|
124
113
|
},
|
|
125
114
|
});
|
|
126
115
|
|
|
127
|
-
var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
|
|
128
|
-
mode: "enforce",
|
|
129
|
-
}));
|
|
130
|
-
|
|
131
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
132
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
133
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
134
|
-
}),
|
|
135
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
136
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
137
|
-
}),
|
|
138
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
139
|
-
forensicSnippetBytes: C.BYTES.bytes(64),
|
|
140
|
-
}),
|
|
141
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
142
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
143
|
-
}),
|
|
144
|
-
});
|
|
145
|
-
|
|
146
|
-
function _resolveOpts(opts) {
|
|
147
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
148
|
-
profiles: PROFILES,
|
|
149
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
150
|
-
defaults: DEFAULTS,
|
|
151
|
-
errorClass: GuardMimeError,
|
|
152
|
-
errCodePrefix: "mime",
|
|
153
|
-
});
|
|
154
|
-
}
|
|
155
|
-
|
|
156
116
|
// ---- Parser ----
|
|
157
117
|
|
|
158
118
|
function _splitTopLevel(input) {
|
|
@@ -175,25 +135,9 @@ function _splitTopLevel(input) {
|
|
|
175
135
|
}
|
|
176
136
|
|
|
177
137
|
function _detectIssues(input, opts) {
|
|
178
|
-
var
|
|
179
|
-
if (
|
|
180
|
-
|
|
181
|
-
ruleId: "mime.bad-input",
|
|
182
|
-
snippet: "mime is not a string" }];
|
|
183
|
-
}
|
|
184
|
-
if (input.length === 0) {
|
|
185
|
-
return [{ kind: "empty", severity: "high",
|
|
186
|
-
ruleId: "mime.empty",
|
|
187
|
-
snippet: "mime is empty" }];
|
|
188
|
-
}
|
|
189
|
-
if (Buffer.byteLength(input, "utf8") > opts.maxBytes) {
|
|
190
|
-
return [{ kind: "mime-cap", severity: "high",
|
|
191
|
-
ruleId: "mime.mime-cap",
|
|
192
|
-
snippet: "mime input exceeds maxBytes " + opts.maxBytes }];
|
|
193
|
-
}
|
|
194
|
-
|
|
195
|
-
var charThreats = codepointClass.detectCharThreats(input, opts, "mime");
|
|
196
|
-
for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
|
|
138
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "mime", cap: { bytes: opts.maxBytes } });
|
|
139
|
+
if (pre.done) return pre.issues;
|
|
140
|
+
var issues = pre.issues;
|
|
197
141
|
|
|
198
142
|
var parts = _splitTopLevel(input);
|
|
199
143
|
var typeSubtype = parts[0];
|
|
@@ -391,21 +335,10 @@ function _detectIssues(input, opts) {
|
|
|
391
335
|
* bad.ok; // → false
|
|
392
336
|
* bad.issues[0].ruleId; // → "mime.risky-type"
|
|
393
337
|
*/
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
"guardMime.validate", GuardMimeError, "mime.bad-opt");
|
|
399
|
-
if (typeof input !== "string") {
|
|
400
|
-
return {
|
|
401
|
-
ok: false,
|
|
402
|
-
issues: [{ kind: "bad-input", severity: "high",
|
|
403
|
-
ruleId: "mime.bad-input",
|
|
404
|
-
snippet: "mime is not a string" }],
|
|
405
|
-
};
|
|
406
|
-
}
|
|
407
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
408
|
-
}
|
|
338
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
339
|
+
// (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
|
|
340
|
+
// input, resolveOpts(opts)))`, with the maxBytes cap declared via `intOpts`.
|
|
341
|
+
// The @primitive block above documents the resulting public ABI.
|
|
409
342
|
|
|
410
343
|
/**
|
|
411
344
|
* @primitive b.guardMime.sanitize
|
|
@@ -437,15 +370,10 @@ function validate(input, opts) {
|
|
|
437
370
|
* e.code; // → "mime.risky-type"
|
|
438
371
|
* }
|
|
439
372
|
*/
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
}
|
|
445
|
-
var issues = _detectIssues(input, opts);
|
|
446
|
-
gateContract.throwOnRefusalSeverity(issues, {
|
|
447
|
-
errorClass: GuardMimeError, codePrefix: "mime",
|
|
448
|
-
});
|
|
373
|
+
// _sanitizeTransform — the guard-specific normalize applied by defineGuard's
|
|
374
|
+
// generated sanitize AFTER resolve → detect → throw-on-refusal. Input is an
|
|
375
|
+
// already-validated string at this point (a non-string refuses upstream).
|
|
376
|
+
function _sanitizeTransform(input) {
|
|
449
377
|
// Normalize: lowercase the type/subtype; preserve parameter case
|
|
450
378
|
// because some parameter values are case-significant (e.g. boundary
|
|
451
379
|
// tokens in multipart/form-data).
|
|
@@ -468,15 +396,8 @@ function sanitize(input, opts) {
|
|
|
468
396
|
// Their wiki sections render from the single-sourced @abiTemplate blocks
|
|
469
397
|
// in gate-contract.js, instantiated per guard by the page generator.
|
|
470
398
|
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
benignBytes: Buffer.from("application/json", "utf8"),
|
|
474
|
-
hostileBytes: Buffer.from("application/x-msdownload", "utf8"),
|
|
475
|
-
benignIdentifier: "application/json",
|
|
476
|
-
// Hostile: risky-type — refused at strict (executable script-host
|
|
477
|
-
// class).
|
|
478
|
-
hostileIdentifier: "application/x-msdownload",
|
|
479
|
-
});
|
|
399
|
+
// Hostile: risky-type — refused at strict (executable script-host class).
|
|
400
|
+
var INTEGRATION_FIXTURES = gateContract.identifierFixtures("application/json", "application/x-msdownload");
|
|
480
401
|
|
|
481
402
|
// Assembled from the gate-contract guard factory: error class, registry
|
|
482
403
|
// exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
|
|
@@ -488,10 +409,10 @@ module.exports = gateContract.defineGuard({
|
|
|
488
409
|
kind: "identifier",
|
|
489
410
|
errorClass: GuardMimeError,
|
|
490
411
|
profiles: PROFILES,
|
|
491
|
-
|
|
492
|
-
postures: COMPLIANCE_POSTURES,
|
|
412
|
+
base: 128,
|
|
493
413
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
494
|
-
|
|
495
|
-
|
|
414
|
+
detect: _detectIssues,
|
|
415
|
+
sanitizeTransform: _sanitizeTransform,
|
|
416
|
+
intOpts: ["maxBytes"],
|
|
496
417
|
ctxFields: ["identifier", "mime"],
|
|
497
418
|
});
|
|
@@ -83,7 +83,6 @@ var codepointClass = require("./codepoint-class");
|
|
|
83
83
|
var lazyRequire = require("./lazy-require");
|
|
84
84
|
var gateContract = require("./gate-contract");
|
|
85
85
|
var C = require("./constants");
|
|
86
|
-
var numericBounds = require("./numeric-bounds");
|
|
87
86
|
var { GuardOauthError } = require("./framework-error");
|
|
88
87
|
|
|
89
88
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
@@ -96,10 +95,7 @@ var DEFAULT_RESPONSE_TYPES = Object.freeze(["code"]);
|
|
|
96
95
|
|
|
97
96
|
var PROFILES = Object.freeze({
|
|
98
97
|
"strict": {
|
|
99
|
-
|
|
100
|
-
controlPolicy: "reject",
|
|
101
|
-
nullBytePolicy: "reject",
|
|
102
|
-
zeroWidthPolicy: "reject",
|
|
98
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
103
99
|
pkcePolicy: "require-s256",
|
|
104
100
|
statePolicy: "require",
|
|
105
101
|
redirectUriPolicy: "require-exact-allowlist",
|
|
@@ -113,10 +109,7 @@ var PROFILES = Object.freeze({
|
|
|
113
109
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
114
110
|
},
|
|
115
111
|
"balanced": {
|
|
116
|
-
|
|
117
|
-
controlPolicy: "reject",
|
|
118
|
-
nullBytePolicy: "reject",
|
|
119
|
-
zeroWidthPolicy: "reject",
|
|
112
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
120
113
|
pkcePolicy: "require-any", // S256 or plain
|
|
121
114
|
statePolicy: "require",
|
|
122
115
|
redirectUriPolicy: "require-exact-allowlist",
|
|
@@ -130,10 +123,7 @@ var PROFILES = Object.freeze({
|
|
|
130
123
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
131
124
|
},
|
|
132
125
|
"permissive": {
|
|
133
|
-
|
|
134
|
-
controlPolicy: "reject", // controls refused at every profile
|
|
135
|
-
nullBytePolicy: "reject", // null refused at every profile
|
|
136
|
-
zeroWidthPolicy: "reject", // zero-width refused at every profile
|
|
126
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
137
127
|
pkcePolicy: "audit",
|
|
138
128
|
statePolicy: "audit",
|
|
139
129
|
redirectUriPolicy: "audit",
|
|
@@ -148,35 +138,6 @@ var PROFILES = Object.freeze({
|
|
|
148
138
|
},
|
|
149
139
|
});
|
|
150
140
|
|
|
151
|
-
var DEFAULTS = Object.freeze(Object.assign({}, PROFILES["strict"], {
|
|
152
|
-
mode: "enforce",
|
|
153
|
-
}));
|
|
154
|
-
|
|
155
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
156
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
157
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
158
|
-
}),
|
|
159
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
160
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
161
|
-
}),
|
|
162
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
163
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
164
|
-
}),
|
|
165
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
166
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
167
|
-
}),
|
|
168
|
-
});
|
|
169
|
-
|
|
170
|
-
function _resolveOpts(opts) {
|
|
171
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
172
|
-
profiles: PROFILES,
|
|
173
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
174
|
-
defaults: DEFAULTS,
|
|
175
|
-
errorClass: GuardOauthError,
|
|
176
|
-
errCodePrefix: "oauth",
|
|
177
|
-
});
|
|
178
|
-
}
|
|
179
|
-
|
|
180
141
|
function _detectIssues(flow, opts) {
|
|
181
142
|
var issues = [];
|
|
182
143
|
if (!flow || typeof flow !== "object") {
|
|
@@ -401,13 +362,9 @@ function _detectIssues(flow, opts) {
|
|
|
401
362
|
* });
|
|
402
363
|
* ok.ok; // → true
|
|
403
364
|
*/
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
["maxBytes", "maxParamBytes"],
|
|
408
|
-
"guardOauth.validate", GuardOauthError, "oauth.bad-opt");
|
|
409
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
410
|
-
}
|
|
365
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
366
|
+
// (_detectIssues), with the maxBytes/maxParamBytes caps declared via
|
|
367
|
+
// `intOpts`. The @primitive block above documents the resulting ABI.
|
|
411
368
|
|
|
412
369
|
/**
|
|
413
370
|
* @primitive b.guardOauth.sanitize
|
|
@@ -439,12 +396,11 @@ function validate(input, opts) {
|
|
|
439
396
|
* e.code; // → "oauth.pkce-missing"
|
|
440
397
|
* }
|
|
441
398
|
*/
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
gateContract.throwOnRefusalSeverity(issues, { errorClass: GuardOauthError, codePrefix: "oauth" });
|
|
399
|
+
// _sanitizeTransform — the normalize tail applied by defineGuard's generated
|
|
400
|
+
// sanitize AFTER resolve -> detect -> throwOnRefusalSeverity. OAuth flows
|
|
401
|
+
// can't be repaired: any critical/high finding refuses upstream, so the
|
|
402
|
+
// transform passes the already-validated bundle through unchanged.
|
|
403
|
+
function _sanitizeTransform(input) {
|
|
448
404
|
return input;
|
|
449
405
|
}
|
|
450
406
|
|
|
@@ -490,25 +446,15 @@ function sanitize(input, opts) {
|
|
|
490
446
|
* rv.action; // → "refuse"
|
|
491
447
|
*/
|
|
492
448
|
function gate(opts) {
|
|
493
|
-
opts =
|
|
449
|
+
opts = _guard.resolveOpts(opts);
|
|
494
450
|
return gateContract.buildGuardGate(
|
|
495
451
|
opts.name || "guardOauth:" + (opts.profile || "default"),
|
|
496
452
|
opts,
|
|
497
453
|
async function (ctx) {
|
|
498
454
|
var flow = ctx && (ctx.oauthFlow || ctx.flow);
|
|
499
455
|
if (!flow) return { ok: true, action: "serve" };
|
|
500
|
-
var rv = validate(flow, opts);
|
|
501
|
-
|
|
502
|
-
var hasCritical = rv.issues.some(function (i) {
|
|
503
|
-
return i.severity === "critical";
|
|
504
|
-
});
|
|
505
|
-
var hasHigh = rv.issues.some(function (i) {
|
|
506
|
-
return i.severity === "high";
|
|
507
|
-
});
|
|
508
|
-
if (!hasCritical && !hasHigh) {
|
|
509
|
-
return { ok: true, action: "audit-only", issues: rv.issues };
|
|
510
|
-
}
|
|
511
|
-
return { ok: false, action: "refuse", issues: rv.issues };
|
|
456
|
+
var rv = module.exports.validate(flow, opts);
|
|
457
|
+
return gateContract.severityDisposition(rv.issues);
|
|
512
458
|
});
|
|
513
459
|
}
|
|
514
460
|
|
|
@@ -555,15 +501,15 @@ var INTEGRATION_FIXTURES = Object.freeze({
|
|
|
555
501
|
// surface (validate / sanitize / bespoke gate) passed through verbatim.
|
|
556
502
|
// The custom KIND ("oauth-flow") is accepted because the bespoke gate
|
|
557
503
|
// reads its own ctx fields (ctx.oauthFlow / ctx.flow).
|
|
558
|
-
module.exports = gateContract.defineGuard({
|
|
504
|
+
var _guard = module.exports = gateContract.defineGuard({
|
|
559
505
|
name: "oauth",
|
|
560
506
|
kind: "oauth-flow",
|
|
561
507
|
errorClass: GuardOauthError,
|
|
562
508
|
profiles: PROFILES,
|
|
563
|
-
|
|
564
|
-
postures: COMPLIANCE_POSTURES,
|
|
509
|
+
base: 256,
|
|
565
510
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
566
|
-
|
|
567
|
-
|
|
511
|
+
detect: _detectIssues,
|
|
512
|
+
sanitizeTransform: _sanitizeTransform,
|
|
513
|
+
intOpts: ["maxBytes", "maxParamBytes"],
|
|
568
514
|
gate: gate,
|
|
569
515
|
});
|