@blamejs/blamejs-shop 0.4.56 → 0.4.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/package.json +1 -1
|
@@ -69,9 +69,9 @@
|
|
|
69
69
|
*/
|
|
70
70
|
|
|
71
71
|
var lazyRequire = require("./lazy-require");
|
|
72
|
+
var safeBuffer = require("./safe-buffer");
|
|
72
73
|
var gateContract = require("./gate-contract");
|
|
73
74
|
var C = require("./constants");
|
|
74
|
-
var numericBounds = require("./numeric-bounds");
|
|
75
75
|
var { GuardPdfError } = require("./framework-error");
|
|
76
76
|
|
|
77
77
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
@@ -132,34 +132,9 @@ var PROFILES = Object.freeze({
|
|
|
132
132
|
},
|
|
133
133
|
});
|
|
134
134
|
|
|
135
|
-
var DEFAULTS =
|
|
136
|
-
mode: "enforce",
|
|
137
|
-
}));
|
|
135
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES);
|
|
138
136
|
|
|
139
|
-
var COMPLIANCE_POSTURES =
|
|
140
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
141
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
142
|
-
}),
|
|
143
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
144
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
145
|
-
}),
|
|
146
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
147
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
148
|
-
}),
|
|
149
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
150
|
-
forensicSnippetBytes: C.BYTES.bytes(1024),
|
|
151
|
-
}),
|
|
152
|
-
});
|
|
153
|
-
|
|
154
|
-
function _resolveOpts(opts) {
|
|
155
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
156
|
-
profiles: PROFILES,
|
|
157
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
158
|
-
defaults: DEFAULTS,
|
|
159
|
-
errorClass: GuardPdfError,
|
|
160
|
-
errCodePrefix: "pdf",
|
|
161
|
-
});
|
|
162
|
-
}
|
|
137
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 512 });
|
|
163
138
|
|
|
164
139
|
function _hasPdfMagic(buf) {
|
|
165
140
|
if (!buf || typeof buf.length !== "number" || buf.length < PDF_MAGIC.length) {
|
|
@@ -180,7 +155,7 @@ function _detectIssues(metadata, opts) {
|
|
|
180
155
|
}
|
|
181
156
|
|
|
182
157
|
var bytes = metadata.bytes;
|
|
183
|
-
if (bytes && typeof bytes.length === "number" && bytes
|
|
158
|
+
if (bytes && typeof bytes.length === "number" && safeBuffer.byteLengthOf(bytes) > opts.maxBytes) {
|
|
184
159
|
return [{ kind: "pdf-cap", severity: "high",
|
|
185
160
|
ruleId: "pdf.pdf-cap",
|
|
186
161
|
snippet: "pdf bytes exceed maxBytes " + opts.maxBytes }];
|
|
@@ -339,15 +314,13 @@ function _detectIssues(metadata, opts) {
|
|
|
339
314
|
* launch.issues.some(function (i) { return i.kind === "launch-action"; });
|
|
340
315
|
* // → true
|
|
341
316
|
*/
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
350
|
-
}
|
|
317
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
318
|
+
// (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
|
|
319
|
+
// input, resolveOpts(opts)))`, with the maxBytes / maxPageCount caps
|
|
320
|
+
// declared via `intOpts`. maxEmbeddedFileCount allows 0 (strict refuses all
|
|
321
|
+
// embedded files) so it is NOT an intOpt — the positive-finite check would
|
|
322
|
+
// reject the strict default. The @primitive block above documents the
|
|
323
|
+
// resulting public ABI.
|
|
351
324
|
|
|
352
325
|
/**
|
|
353
326
|
* @primitive b.guardPdf.sanitize
|
|
@@ -356,13 +329,19 @@ function validate(input, opts) {
|
|
|
356
329
|
* @status stable
|
|
357
330
|
* @related b.guardPdf.validate, b.guardPdf.gate
|
|
358
331
|
*
|
|
359
|
-
*
|
|
360
|
-
*
|
|
361
|
-
*
|
|
362
|
-
* the
|
|
363
|
-
*
|
|
364
|
-
*
|
|
365
|
-
*
|
|
332
|
+
* Disarm-by-refusal. PDF active content (`/JavaScript`, `/Launch`,
|
|
333
|
+
* `/OpenAction`, embedded files) and encryption live in a
|
|
334
|
+
* cross-referenced object graph; excising them safely needs a vendored
|
|
335
|
+
* PDF parser, which the framework does not ship (a parser per format is
|
|
336
|
+
* a supply-chain hop, and a fragile in-house excision on a security
|
|
337
|
+
* primitive is worse than an honest refusal). So `sanitize` forces every
|
|
338
|
+
* active-content / exfil / encryption policy to `reject` and re-throws
|
|
339
|
+
* `GuardPdfError` on any finding — it never hands back a PDF that still
|
|
340
|
+
* carries JavaScript, a launch/open action, embedded files, or
|
|
341
|
+
* encryption. A PDF with none of these passes through unchanged
|
|
342
|
+
* (genuinely nothing to strip). Operators needing a repaired file run a
|
|
343
|
+
* vendored disarm tool (e.g. `qpdf --decrypt` plus removing
|
|
344
|
+
* `/OpenAction` / `/Names` / `/JavaScript`).
|
|
366
345
|
*
|
|
367
346
|
* @opts
|
|
368
347
|
* profile: "strict"|"balanced"|"permissive",
|
|
@@ -379,12 +358,21 @@ function validate(input, opts) {
|
|
|
379
358
|
* }
|
|
380
359
|
*/
|
|
381
360
|
function sanitize(input, opts) {
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
361
|
+
var resolved = module.exports.resolveOpts(opts);
|
|
362
|
+
// Force the active-content / exfil / encryption policies to reject, then
|
|
363
|
+
// refuse anything the validate chain flags. The object graph can't be
|
|
364
|
+
// edited without a parser, so disarm collapses to "refuse if not already
|
|
365
|
+
// inert" — never a silent passthrough of a live action.
|
|
366
|
+
var strict = Object.assign({}, resolved, {
|
|
367
|
+
magicPolicy: "reject",
|
|
368
|
+
openActionPolicy: "reject",
|
|
369
|
+
embeddedFilePolicy: "reject",
|
|
370
|
+
embeddedFileCountPolicy: "reject",
|
|
371
|
+
encryptedPolicy: "reject",
|
|
372
|
+
});
|
|
373
|
+
var issues = _detectIssues(input, strict);
|
|
374
|
+
gateContract.throwOnRefusalSeverity(issues,
|
|
375
|
+
{ errorClass: GuardPdfError, codePrefix: "pdf" });
|
|
388
376
|
return input;
|
|
389
377
|
}
|
|
390
378
|
|
|
@@ -400,8 +388,10 @@ function sanitize(input, opts) {
|
|
|
400
388
|
* { "application/pdf": gate } })` or `b.staticServe`. Operators pass
|
|
401
389
|
* `ctx.metadata` (the parser's structural report) plus the original
|
|
402
390
|
* `bytes`. Action chain: `serve` (no issues) → `audit-only`
|
|
403
|
-
* (warn-only) → `refuse` (any critical / high).
|
|
404
|
-
*
|
|
391
|
+
* (warn-only) → `refuse` (any critical / high). The gate does not
|
|
392
|
+
* rewrite bytes; `b.guardPdf.sanitize(bag)` is disarm-by-refusal (it
|
|
393
|
+
* refuses any PDF still carrying active content / embedded files /
|
|
394
|
+
* encryption rather than silently passing it through).
|
|
405
395
|
*
|
|
406
396
|
* @opts
|
|
407
397
|
* profile: "strict"|"balanced"|"permissive",
|
|
@@ -422,25 +412,21 @@ function sanitize(input, opts) {
|
|
|
422
412
|
* verdict.issues[0].kind; // → "javascript-action"
|
|
423
413
|
*/
|
|
424
414
|
function gate(opts) {
|
|
425
|
-
opts =
|
|
415
|
+
opts = gateContract.resolveProfileAndPosture(opts, {
|
|
416
|
+
profiles: PROFILES,
|
|
417
|
+
compliancePostures: COMPLIANCE_POSTURES,
|
|
418
|
+
defaults: DEFAULTS,
|
|
419
|
+
errorClass: GuardPdfError,
|
|
420
|
+
errCodePrefix: "pdf",
|
|
421
|
+
});
|
|
426
422
|
return gateContract.buildGuardGate(
|
|
427
423
|
opts.name || "guardPdf:" + (opts.profile || "default"),
|
|
428
424
|
opts,
|
|
429
425
|
async function (ctx) {
|
|
430
426
|
var meta = ctx && (ctx.metadata || ctx.pdfMetadata);
|
|
431
427
|
if (!meta) return { ok: true, action: "serve" };
|
|
432
|
-
var rv = validate(meta, opts);
|
|
433
|
-
|
|
434
|
-
var hasCritical = rv.issues.some(function (i) {
|
|
435
|
-
return i.severity === "critical";
|
|
436
|
-
});
|
|
437
|
-
var hasHigh = rv.issues.some(function (i) {
|
|
438
|
-
return i.severity === "high";
|
|
439
|
-
});
|
|
440
|
-
if (!hasCritical && !hasHigh) {
|
|
441
|
-
return { ok: true, action: "audit-only", issues: rv.issues };
|
|
442
|
-
}
|
|
443
|
-
return { ok: false, action: "refuse", issues: rv.issues };
|
|
428
|
+
var rv = module.exports.validate(meta, opts);
|
|
429
|
+
return gateContract.severityDisposition(rv.issues);
|
|
444
430
|
});
|
|
445
431
|
}
|
|
446
432
|
|
|
@@ -492,10 +478,13 @@ var INTEGRATION_FIXTURES = Object.freeze({
|
|
|
492
478
|
// Assembled from the gate-contract guard factory: error class, registry
|
|
493
479
|
// exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
|
|
494
480
|
// compliancePosture / loadRulePack wiring, plus the per-guard inspection
|
|
495
|
-
// surface
|
|
496
|
-
//
|
|
497
|
-
// `
|
|
498
|
-
//
|
|
481
|
+
// surface. validate + sanitize are generated from `detect` (_detectIssues)
|
|
482
|
+
// and `sanitizeTransform` (_sanitizeTransform) with the positive-finite-int
|
|
483
|
+
// caps declared via `intOpts` (maxEmbeddedFileCount is excluded — strict
|
|
484
|
+
// defaults it to 0). The pdf extra (inspectMagic) passes through verbatim.
|
|
485
|
+
// KIND="metadata" is a custom kind, so the bespoke `gate`
|
|
486
|
+
// (operator-feeds-metadata ctx.metadata reader) is REQUIRED and carries the
|
|
487
|
+
// JavaScript / launch-action / embedded-file chain unchanged.
|
|
499
488
|
module.exports = gateContract.defineGuard({
|
|
500
489
|
name: "pdf",
|
|
501
490
|
kind: "metadata",
|
|
@@ -504,8 +493,12 @@ module.exports = gateContract.defineGuard({
|
|
|
504
493
|
defaults: DEFAULTS,
|
|
505
494
|
postures: COMPLIANCE_POSTURES,
|
|
506
495
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
507
|
-
|
|
508
|
-
|
|
496
|
+
// detect reads a structured `{ bytes, hasJavaScript, ... }` metadata report,
|
|
497
|
+
// not text. The generated validate's default "raw" input contract hands the
|
|
498
|
+
// bag straight to detect (which owns its own bad-input).
|
|
499
|
+
detect: _detectIssues,
|
|
500
|
+
sanitize: sanitize,
|
|
501
|
+
intOpts: ["maxBytes", "maxPageCount"],
|
|
509
502
|
gate: gate,
|
|
510
503
|
extra: {
|
|
511
504
|
inspectMagic: inspectMagic,
|
|
@@ -75,6 +75,8 @@
|
|
|
75
75
|
|
|
76
76
|
var { defineClass } = require("./framework-error");
|
|
77
77
|
var gateContract = require("./gate-contract");
|
|
78
|
+
var codepointClass = require("./codepoint-class");
|
|
79
|
+
var safeBuffer = require("./safe-buffer");
|
|
78
80
|
|
|
79
81
|
var GuardPop3CommandError = defineClass("GuardPop3CommandError", { alwaysPermanent: true });
|
|
80
82
|
|
|
@@ -167,17 +169,14 @@ function validate(line, opts) {
|
|
|
167
169
|
throw new GuardPop3CommandError("guard-pop3-command/empty-line",
|
|
168
170
|
"guardPop3Command.validate: empty command line");
|
|
169
171
|
}
|
|
170
|
-
if (line
|
|
172
|
+
if (safeBuffer.byteLengthOf(line) > caps.maxLineBytes) {
|
|
171
173
|
throw new GuardPop3CommandError("guard-pop3-command/line-too-long",
|
|
172
|
-
"guardPop3Command.validate: line " + line
|
|
174
|
+
"guardPop3Command.validate: line " + safeBuffer.byteLengthOf(line) + " bytes exceeds cap " + caps.maxLineBytes);
|
|
173
175
|
}
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
throw new GuardPop3CommandError("guard-pop3-command/bad-byte",
|
|
179
|
-
"guardPop3Command.validate: control byte 0x" + c.toString(16) + " at offset " + i); // hex format literal in error message
|
|
180
|
-
}
|
|
176
|
+
var ctrlAt = codepointClass.firstControlCharOffset(line, { allowLf: caps.allowBareLf }); // bare LF permitted only when caps allow
|
|
177
|
+
if (ctrlAt !== -1) {
|
|
178
|
+
throw new GuardPop3CommandError("guard-pop3-command/bad-byte",
|
|
179
|
+
"guardPop3Command.validate: control byte 0x" + line.charCodeAt(ctrlAt).toString(16) + " at offset " + ctrlAt); // hex format literal in error message
|
|
181
180
|
}
|
|
182
181
|
|
|
183
182
|
var firstSpace = line.indexOf(" ");
|
|
@@ -200,9 +199,9 @@ function validate(line, opts) {
|
|
|
200
199
|
case "USER":
|
|
201
200
|
if (!rest) throw new GuardPop3CommandError("guard-pop3-command/missing-username",
|
|
202
201
|
"guardPop3Command.validate: USER requires a name argument");
|
|
203
|
-
if (rest
|
|
202
|
+
if (safeBuffer.byteLengthOf(rest) > caps.maxUsernameBytes) {
|
|
204
203
|
throw new GuardPop3CommandError("guard-pop3-command/username-too-long",
|
|
205
|
-
"guardPop3Command.validate: USER name " + rest
|
|
204
|
+
"guardPop3Command.validate: USER name " + safeBuffer.byteLengthOf(rest) + " bytes exceeds cap " + caps.maxUsernameBytes);
|
|
206
205
|
}
|
|
207
206
|
if (opts.tls === false && profileName === "strict") {
|
|
208
207
|
throw new GuardPop3CommandError("guard-pop3-command/cleartext-auth",
|
|
@@ -213,9 +212,9 @@ function validate(line, opts) {
|
|
|
213
212
|
case "PASS":
|
|
214
213
|
if (!rest) throw new GuardPop3CommandError("guard-pop3-command/missing-password",
|
|
215
214
|
"guardPop3Command.validate: PASS requires a password argument");
|
|
216
|
-
if (rest
|
|
215
|
+
if (safeBuffer.byteLengthOf(rest) > caps.maxPasswordBytes) {
|
|
217
216
|
throw new GuardPop3CommandError("guard-pop3-command/password-too-long",
|
|
218
|
-
"guardPop3Command.validate: PASS argument " + rest
|
|
217
|
+
"guardPop3Command.validate: PASS argument " + safeBuffer.byteLengthOf(rest) + " bytes exceeds cap " + caps.maxPasswordBytes);
|
|
219
218
|
}
|
|
220
219
|
if (opts.tls === false && profileName === "strict") {
|
|
221
220
|
throw new GuardPop3CommandError("guard-pop3-command/cleartext-auth",
|
|
@@ -27,6 +27,7 @@
|
|
|
27
27
|
|
|
28
28
|
var { defineClass } = require("./framework-error");
|
|
29
29
|
var gateContract = require("./gate-contract");
|
|
30
|
+
var codepointClass = require("./codepoint-class");
|
|
30
31
|
|
|
31
32
|
var GuardPostureChainError = defineClass("GuardPostureChainError", { alwaysPermanent: true });
|
|
32
33
|
|
|
@@ -127,7 +128,7 @@ function validate(envelope, opts) {
|
|
|
127
128
|
throw new GuardPostureChainError("posture-chain/non-ascii-hop",
|
|
128
129
|
"guardPostureChain.validate: chainTrail[" + h + "] has non-ASCII codepoint");
|
|
129
130
|
}
|
|
130
|
-
if (hc
|
|
131
|
+
if (codepointClass.isForbiddenControlChar(hc, { forbidTab: true })) { // C0/DEL
|
|
131
132
|
throw new GuardPostureChainError("posture-chain/bad-hop-char",
|
|
132
133
|
"guardPostureChain.validate: chainTrail[" + h + "] has forbidden char 0x" + hc.toString(16));
|
|
133
134
|
}
|
|
@@ -45,11 +45,9 @@
|
|
|
45
45
|
* Regex-pattern content-safety guard — refuses user-supplied pattern strings that exhibit catastrophic-backtracking (ReDoS) shapes BEFORE the framework compiles them with `new RegExp(...)`.
|
|
46
46
|
*/
|
|
47
47
|
|
|
48
|
-
var codepointClass = require("./codepoint-class");
|
|
49
48
|
var lazyRequire = require("./lazy-require");
|
|
50
49
|
var gateContract = require("./gate-contract");
|
|
51
50
|
var C = require("./constants");
|
|
52
|
-
var numericBounds = require("./numeric-bounds");
|
|
53
51
|
var { GuardRegexError } = require("./framework-error");
|
|
54
52
|
|
|
55
53
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
@@ -82,10 +80,7 @@ var EXTGLOB_HEAD_RE = /[*+?@!]\(/g;
|
|
|
82
80
|
|
|
83
81
|
var PROFILES = Object.freeze({
|
|
84
82
|
"strict": {
|
|
85
|
-
|
|
86
|
-
controlPolicy: "reject",
|
|
87
|
-
nullBytePolicy: "reject",
|
|
88
|
-
zeroWidthPolicy: "reject",
|
|
83
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
89
84
|
nestedQuantPolicy: "reject",
|
|
90
85
|
alternationQuantPolicy: "reject",
|
|
91
86
|
boundedRepeatPolicy: "reject",
|
|
@@ -100,10 +95,7 @@ var PROFILES = Object.freeze({
|
|
|
100
95
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
101
96
|
},
|
|
102
97
|
"balanced": {
|
|
103
|
-
|
|
104
|
-
controlPolicy: "reject",
|
|
105
|
-
nullBytePolicy: "reject",
|
|
106
|
-
zeroWidthPolicy: "reject",
|
|
98
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
107
99
|
nestedQuantPolicy: "reject",
|
|
108
100
|
alternationQuantPolicy: "audit",
|
|
109
101
|
boundedRepeatPolicy: "audit",
|
|
@@ -117,10 +109,7 @@ var PROFILES = Object.freeze({
|
|
|
117
109
|
maxRuntimeMs: C.TIME.seconds(2),
|
|
118
110
|
},
|
|
119
111
|
"permissive": {
|
|
120
|
-
|
|
121
|
-
controlPolicy: "reject", // controls refused at every profile
|
|
122
|
-
nullBytePolicy: "reject", // null refused at every profile
|
|
123
|
-
zeroWidthPolicy: "reject", // zero-width refused at every profile
|
|
112
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
124
113
|
nestedQuantPolicy: "reject", // canonical ReDoS class refused at every profile
|
|
125
114
|
alternationQuantPolicy: "allow",
|
|
126
115
|
boundedRepeatPolicy: "audit",
|
|
@@ -135,56 +124,15 @@ var PROFILES = Object.freeze({
|
|
|
135
124
|
},
|
|
136
125
|
});
|
|
137
126
|
|
|
138
|
-
var DEFAULTS =
|
|
139
|
-
mode: "enforce",
|
|
140
|
-
}));
|
|
127
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES);
|
|
141
128
|
|
|
142
|
-
var COMPLIANCE_POSTURES =
|
|
143
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
144
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
145
|
-
}),
|
|
146
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
147
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
148
|
-
}),
|
|
149
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
150
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
151
|
-
}),
|
|
152
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
153
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
154
|
-
}),
|
|
155
|
-
});
|
|
129
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
|
|
156
130
|
|
|
157
|
-
function _resolveOpts(opts) {
|
|
158
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
159
|
-
profiles: PROFILES,
|
|
160
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
161
|
-
defaults: DEFAULTS,
|
|
162
|
-
errorClass: GuardRegexError,
|
|
163
|
-
errCodePrefix: "regex",
|
|
164
|
-
});
|
|
165
|
-
}
|
|
166
131
|
|
|
167
132
|
function _detectIssues(input, opts) {
|
|
168
|
-
var
|
|
169
|
-
if (
|
|
170
|
-
|
|
171
|
-
ruleId: "regex.bad-input",
|
|
172
|
-
snippet: "regex pattern is not a string" }];
|
|
173
|
-
}
|
|
174
|
-
if (input.length === 0) {
|
|
175
|
-
return [{ kind: "empty", severity: "high",
|
|
176
|
-
ruleId: "regex.empty",
|
|
177
|
-
snippet: "regex pattern is empty" }];
|
|
178
|
-
}
|
|
179
|
-
if (Buffer.byteLength(input, "utf8") > opts.maxPatternBytes) {
|
|
180
|
-
return [{ kind: "pattern-cap", severity: "high",
|
|
181
|
-
ruleId: "regex.pattern-cap",
|
|
182
|
-
snippet: "regex pattern exceeds maxPatternBytes " +
|
|
183
|
-
opts.maxPatternBytes }];
|
|
184
|
-
}
|
|
185
|
-
|
|
186
|
-
var charThreats = codepointClass.detectCharThreats(input, opts, "regex");
|
|
187
|
-
for (var ci = 0; ci < charThreats.length; ci += 1) issues.push(charThreats[ci]);
|
|
133
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "regex", noun: "regex pattern", cap: { bytes: opts.maxPatternBytes, kind: "pattern-cap", snippet: "regex pattern exceeds maxPatternBytes " + opts.maxPatternBytes } });
|
|
134
|
+
if (pre.done) return pre.issues;
|
|
135
|
+
var issues = pre.issues;
|
|
188
136
|
|
|
189
137
|
if (opts.nestedQuantPolicy !== "allow" && NESTED_QUANT_RE.test(input)) { // allow:regex-no-length-cap — input bounded by maxPatternBytes
|
|
190
138
|
issues.push({
|
|
@@ -394,13 +342,9 @@ function _detectNestedExtglob(input, opts, issues) {
|
|
|
394
342
|
* hostile.ok; // → false
|
|
395
343
|
* hostile.issues.some(function (i) { return i.kind === "nested-quantifier"; }); // → true
|
|
396
344
|
*/
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
["maxBytes", "maxPatternBytes", "maxBoundedRepeat", "maxConsecutiveStars"],
|
|
401
|
-
"guardRegex.validate", GuardRegexError, "regex.bad-opt");
|
|
402
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
403
|
-
}
|
|
345
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
346
|
+
// (_detectIssues), with the positive-finite-int caps declared via `intOpts`.
|
|
347
|
+
// The @primitive block above documents the resulting ABI.
|
|
404
348
|
|
|
405
349
|
/**
|
|
406
350
|
* @primitive b.guardRegex.sanitize
|
|
@@ -444,15 +388,11 @@ function validate(input, opts) {
|
|
|
444
388
|
* e.code; // → "regex.nested-quantifier"
|
|
445
389
|
* }
|
|
446
390
|
*/
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
var issues = _detectIssues(input, opts);
|
|
453
|
-
gateContract.throwOnRefusalSeverity(issues, {
|
|
454
|
-
errorClass: GuardRegexError, codePrefix: "regex",
|
|
455
|
-
});
|
|
391
|
+
// _sanitizeTransform — the normalize tail applied by defineGuard's generated
|
|
392
|
+
// sanitize AFTER resolve -> detect -> throwOnRefusalSeverity. Regex patterns
|
|
393
|
+
// cannot be safely repaired, so the transform is a pass-through: a non-string
|
|
394
|
+
// or any critical/high finding refuses upstream, clean input returns verbatim.
|
|
395
|
+
function _sanitizeTransform(input) {
|
|
456
396
|
return input;
|
|
457
397
|
}
|
|
458
398
|
|
|
@@ -500,7 +440,7 @@ function sanitize(input, opts) {
|
|
|
500
440
|
* });
|
|
501
441
|
*/
|
|
502
442
|
function gate(opts) {
|
|
503
|
-
opts =
|
|
443
|
+
opts = _guard.resolveOpts(opts);
|
|
504
444
|
return gateContract.buildGuardGate(
|
|
505
445
|
opts.name || "guardRegex:" + (opts.profile || "default"),
|
|
506
446
|
opts,
|
|
@@ -509,18 +449,8 @@ function gate(opts) {
|
|
|
509
449
|
if (pattern === undefined || pattern === null) {
|
|
510
450
|
return { ok: true, action: "serve" };
|
|
511
451
|
}
|
|
512
|
-
var rv = validate(pattern, opts);
|
|
513
|
-
|
|
514
|
-
var hasCritical = rv.issues.some(function (i) {
|
|
515
|
-
return i.severity === "critical";
|
|
516
|
-
});
|
|
517
|
-
var hasHigh = rv.issues.some(function (i) {
|
|
518
|
-
return i.severity === "high";
|
|
519
|
-
});
|
|
520
|
-
if (!hasCritical && !hasHigh) {
|
|
521
|
-
return { ok: true, action: "audit-only", issues: rv.issues };
|
|
522
|
-
}
|
|
523
|
-
return { ok: false, action: "refuse", issues: rv.issues };
|
|
452
|
+
var rv = module.exports.validate(pattern, opts);
|
|
453
|
+
return gateContract.severityDisposition(rv.issues);
|
|
524
454
|
});
|
|
525
455
|
}
|
|
526
456
|
|
|
@@ -531,20 +461,14 @@ function gate(opts) {
|
|
|
531
461
|
// in gate-contract.js, instantiated per guard by the page generator.
|
|
532
462
|
|
|
533
463
|
// ---- adaptive integration-test fixtures (consumed by layer-5 host harness) ----
|
|
534
|
-
var INTEGRATION_FIXTURES =
|
|
535
|
-
kind: "identifier",
|
|
536
|
-
benignBytes: Buffer.from("^[a-z]+$", "utf8"),
|
|
537
|
-
hostileBytes: Buffer.from("(a+)+b", "utf8"),
|
|
538
|
-
benignIdentifier: "^[a-z]+$",
|
|
539
|
-
hostileIdentifier: "(a+)+b",
|
|
540
|
-
});
|
|
464
|
+
var INTEGRATION_FIXTURES = gateContract.identifierFixtures("^[a-z]+$", "(a+)+b");
|
|
541
465
|
|
|
542
466
|
// Assembled from the gate-contract guard factory: error class, registry
|
|
543
467
|
// exports (NAME / KIND / INTEGRATION_FIXTURES), buildProfile /
|
|
544
468
|
// compliancePosture / loadRulePack wiring, plus the per-guard inspection
|
|
545
469
|
// surface (validate / sanitize / gate). The bespoke `gate` carries
|
|
546
470
|
// guardRegex's ctx.identifier || ctx.pattern dispatch unchanged.
|
|
547
|
-
module.exports = gateContract.defineGuard({
|
|
471
|
+
var _guard = module.exports = gateContract.defineGuard({
|
|
548
472
|
name: "regex",
|
|
549
473
|
kind: "identifier",
|
|
550
474
|
errorClass: GuardRegexError,
|
|
@@ -552,7 +476,8 @@ module.exports = gateContract.defineGuard({
|
|
|
552
476
|
defaults: DEFAULTS,
|
|
553
477
|
postures: COMPLIANCE_POSTURES,
|
|
554
478
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
555
|
-
|
|
556
|
-
|
|
479
|
+
detect: _detectIssues,
|
|
480
|
+
sanitizeTransform: _sanitizeTransform,
|
|
481
|
+
intOpts: ["maxBytes", "maxPatternBytes", "maxBoundedRepeat", "maxConsecutiveStars"],
|
|
557
482
|
gate: gate,
|
|
558
483
|
});
|
|
@@ -17,6 +17,7 @@
|
|
|
17
17
|
|
|
18
18
|
var { defineClass } = require("./framework-error");
|
|
19
19
|
var gateContract = require("./gate-contract");
|
|
20
|
+
var codepointClass = require("./codepoint-class");
|
|
20
21
|
|
|
21
22
|
var GuardSagaConfigError = defineClass("GuardSagaConfigError", { alwaysPermanent: true });
|
|
22
23
|
|
|
@@ -80,7 +81,7 @@ function validate(config, opts) {
|
|
|
80
81
|
throw new GuardSagaConfigError("saga-config/non-ascii-name",
|
|
81
82
|
"guardSagaConfig.validate: name has non-ASCII codepoint at offset " + i);
|
|
82
83
|
}
|
|
83
|
-
if (c
|
|
84
|
+
if (codepointClass.isForbiddenControlChar(c, { forbidTab: true })) { // C0/DEL
|
|
84
85
|
throw new GuardSagaConfigError("saga-config/bad-name-char",
|
|
85
86
|
"guardSagaConfig.validate: name has forbidden char 0x" + c.toString(16));
|
|
86
87
|
}
|