@blamejs/blamejs-shop 0.4.56 → 0.4.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/package.json +1 -1
|
@@ -53,6 +53,7 @@
|
|
|
53
53
|
|
|
54
54
|
var nodeCrypto = require("node:crypto");
|
|
55
55
|
var bCrypto = require("./crypto");
|
|
56
|
+
var safeBuffer = require("./safe-buffer");
|
|
56
57
|
var asn1 = require("./asn1-der");
|
|
57
58
|
var cms = require("./cms-codec");
|
|
58
59
|
var validateOpts = require("./validate-opts");
|
|
@@ -104,12 +105,12 @@ var DIGEST_OID_TO_NODE = {
|
|
|
104
105
|
"2.16.840.1.101.3.4.2.10": "sha3-512",
|
|
105
106
|
};
|
|
106
107
|
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
}
|
|
108
|
+
var _bytes = safeBuffer.makeByteCoercer({
|
|
109
|
+
errorClass: TsaError,
|
|
110
|
+
typeCode: "tsa/bad-bytes",
|
|
111
|
+
messagePrefix: "tsa: ",
|
|
112
|
+
messageSuffix: " must be Buffer / Uint8Array / string",
|
|
113
|
+
});
|
|
113
114
|
|
|
114
115
|
function _normHex(h) {
|
|
115
116
|
return String(h).replace(/[^0-9a-fA-F]/g, "").replace(/^0+(?=.)/, "").toUpperCase();
|
|
@@ -658,15 +659,10 @@ function verifyToken(token, opts) {
|
|
|
658
659
|
throw new TsaError("tsa/bad-trust-anchors",
|
|
659
660
|
"tsa.verifyToken: trustAnchorsPem must be a non-empty PEM string or array of PEM strings");
|
|
660
661
|
}
|
|
661
|
-
// A supplied opts.at must be a valid Date — an Invalid Date would
|
|
662
|
-
//
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
if (!(opts.at instanceof Date) || !isFinite(opts.at.getTime())) {
|
|
666
|
-
throw new TsaError("tsa/bad-at", "tsa.verifyToken: opts.at must be a valid Date");
|
|
667
|
-
}
|
|
668
|
-
at = opts.at;
|
|
669
|
-
}
|
|
662
|
+
// A supplied opts.at must be a valid Date — an Invalid Date would make
|
|
663
|
+
// every validity-window comparison NaN (silently disabling it).
|
|
664
|
+
validateOpts.optionalDate(opts.at, "tsa.verifyToken: opts.at", TsaError, "tsa/bad-at");
|
|
665
|
+
var at = (opts.at !== undefined && opts.at !== null) ? opts.at : tst.genTime;
|
|
670
666
|
_verifyChain(signerCertDer, sd.certificates, anchors, at);
|
|
671
667
|
}
|
|
672
668
|
|
|
@@ -28,6 +28,7 @@
|
|
|
28
28
|
*/
|
|
29
29
|
|
|
30
30
|
var numericBounds = require("./numeric-bounds");
|
|
31
|
+
var pick = require("./pick");
|
|
31
32
|
|
|
32
33
|
function _format(primitive, unknownKey, allowedKeys) {
|
|
33
34
|
return primitive + ": unknown option '" + unknownKey + "'. " +
|
|
@@ -78,13 +79,18 @@ function auditShape(audit, callerLabel, errorClass, code) {
|
|
|
78
79
|
// _throw — shared error-emission for the optional* validators. Routes
|
|
79
80
|
// through the caller's framework-error class when supplied, falls back
|
|
80
81
|
// to plain Error so this helper itself stays decoupled from any one
|
|
81
|
-
// error hierarchy.
|
|
82
|
-
|
|
82
|
+
// error hierarchy. `permanent` (optional) is forwarded as the framework
|
|
83
|
+
// error's third constructor argument so callers whose config-time failure
|
|
84
|
+
// is non-retryable (a misconfigured dependency never becomes valid on
|
|
85
|
+
// retry) keep that flag when they route through these validators instead
|
|
86
|
+
// of hand-throwing; omitted → undefined → the class default (false), so
|
|
87
|
+
// existing callers are unaffected.
|
|
88
|
+
function _throw(errorClass, code, msg, defaultCode, permanent) {
|
|
83
89
|
if (errorClass && errorClass.factory) {
|
|
84
|
-
throw errorClass.factory(code || "BAD_OPT", msg);
|
|
90
|
+
throw errorClass.factory(code || "BAD_OPT", msg, permanent);
|
|
85
91
|
}
|
|
86
92
|
if (typeof errorClass === "function") {
|
|
87
|
-
throw new errorClass(code || defaultCode, msg);
|
|
93
|
+
throw new errorClass(code || defaultCode, msg, permanent);
|
|
88
94
|
}
|
|
89
95
|
throw new Error(msg);
|
|
90
96
|
}
|
|
@@ -132,6 +138,15 @@ function optionalFiniteNonNegative(value, label, errorClass, code) {
|
|
|
132
138
|
return value;
|
|
133
139
|
}
|
|
134
140
|
|
|
141
|
+
function optionalDate(value, label, errorClass, code) {
|
|
142
|
+
if (value === undefined || value === null) return value;
|
|
143
|
+
if (!(value instanceof Date) || !isFinite(value.getTime())) {
|
|
144
|
+
_throw(errorClass, code, (label || "opt") + " must be a valid Date",
|
|
145
|
+
"validate-opts/bad-date");
|
|
146
|
+
}
|
|
147
|
+
return value;
|
|
148
|
+
}
|
|
149
|
+
|
|
135
150
|
function optionalPositiveFinite(value, label, errorClass, code) {
|
|
136
151
|
if (value === undefined || value === null) return value;
|
|
137
152
|
if (typeof value !== "number" || !isFinite(value) || value <= 0) {
|
|
@@ -218,18 +233,25 @@ function requireObject(opts, callerLabel, errorClass, code) {
|
|
|
218
233
|
// (b.agent.*.reseal stores, b.dsr / b.outbox create() backends, etc.)
|
|
219
234
|
// into one definition. Throws on null / non-object / any missing-or-
|
|
220
235
|
// non-function method; returns obj on success.
|
|
221
|
-
|
|
236
|
+
//
|
|
237
|
+
// `permanent` (optional) forwards to the framework error's permanent flag
|
|
238
|
+
// — pass true for a config-time dependency check whose failure is not
|
|
239
|
+
// retryable (a backend/store/vault missing its contract never becomes
|
|
240
|
+
// valid on retry). Omitted → the error class default (false), matching
|
|
241
|
+
// the historical bare `new Err(code, msg)` shape, so existing callers are
|
|
242
|
+
// unchanged.
|
|
243
|
+
function requireMethods(obj, methods, callerLabel, errorClass, code, permanent) {
|
|
222
244
|
var label = callerLabel || "dependency";
|
|
223
245
|
if (!obj || typeof obj !== "object") {
|
|
224
246
|
_throw(errorClass, code, label + " must be an object exposing { " +
|
|
225
247
|
methods.join(", ") + " }, got " + (obj === null ? "null" : typeof obj),
|
|
226
|
-
"validate-opts/bad-methods-object");
|
|
248
|
+
"validate-opts/bad-methods-object", permanent);
|
|
227
249
|
}
|
|
228
250
|
for (var i = 0; i < methods.length; i += 1) {
|
|
229
251
|
if (typeof obj[methods[i]] !== "function") {
|
|
230
252
|
_throw(errorClass, code, label + " must expose a " + methods[i] +
|
|
231
253
|
"() method (requires { " + methods.join(", ") + " })",
|
|
232
|
-
"validate-opts/missing-method");
|
|
254
|
+
"validate-opts/missing-method", permanent);
|
|
233
255
|
}
|
|
234
256
|
}
|
|
235
257
|
return obj;
|
|
@@ -331,6 +353,128 @@ function optionalPlainObject(value, label, errorClass, code, description) {
|
|
|
331
353
|
return value;
|
|
332
354
|
}
|
|
333
355
|
|
|
356
|
+
// _SHAPE_RULES — rule-token → validator dispatch table for `shape`. Each
|
|
357
|
+
// validator has the uniform (value, label, errorClass, code) signature, so the
|
|
358
|
+
// table drives them all from a declarative schema.
|
|
359
|
+
var _SHAPE_RULES = {
|
|
360
|
+
"required-string": requireNonEmptyString,
|
|
361
|
+
"optional-string": optionalNonEmptyString,
|
|
362
|
+
"optional-string-array": optionalNonEmptyStringArray,
|
|
363
|
+
"optional-boolean": optionalBoolean,
|
|
364
|
+
"optional-positive-int": optionalPositiveInt,
|
|
365
|
+
"optional-positive-finite": optionalPositiveFinite,
|
|
366
|
+
"optional-non-negative": optionalFiniteNonNegative,
|
|
367
|
+
"optional-date": optionalDate,
|
|
368
|
+
"optional-function": optionalFunction,
|
|
369
|
+
"optional-plain-object": optionalPlainObject,
|
|
370
|
+
"optional-port": optionalPort,
|
|
371
|
+
// numeric-bounds finite-int family (rejects Infinity/NaN, unlike the
|
|
372
|
+
// optional-positive-int sugar) — so byte/count caps declare in the shape
|
|
373
|
+
// rather than a separate numericBounds call outside it.
|
|
374
|
+
"optional-positive-finite-int": numericBounds.requirePositiveFiniteIntIfPresent,
|
|
375
|
+
"optional-non-negative-finite-int": numericBounds.requireNonNegativeFiniteIntIfPresent,
|
|
376
|
+
"required-positive-finite-int": numericBounds.requirePositiveFiniteInt,
|
|
377
|
+
};
|
|
378
|
+
|
|
379
|
+
// shape — declarative opts validator. Collapses the `requireObject(opts) +
|
|
380
|
+
// requireNonEmptyString(opts.a) + optionalPositiveFinite(opts.b) + ...` preamble
|
|
381
|
+
// that every create()/build() factory re-rolls into one schema-driven call.
|
|
382
|
+
// The schema is expressive enough that a factory never has to contort its
|
|
383
|
+
// validation to fit a fixed vocabulary — each opt's rule is ANY of:
|
|
384
|
+
//
|
|
385
|
+
// - a rule TOKEN (see _SHAPE_RULES) — sugar for the common per-field checks,
|
|
386
|
+
// using the call-wide `code`;
|
|
387
|
+
// - a per-field DESCRIPTOR `{ rule: "<token>", code?, label? }` — keeps a
|
|
388
|
+
// DISTINCT per-field code (BAD_THIRD_PARTY vs BAD_CONSUMER_REF) or a custom
|
|
389
|
+
// label, so behavior a per-field test asserts is preserved;
|
|
390
|
+
// - an injected-DEPENDENCY `{ methods: [...], optional?, code?, label? }` —
|
|
391
|
+
// validated via requireMethods;
|
|
392
|
+
// - a NESTED `{ shape: {...}, optional?, code?, label? }` — recurses into a
|
|
393
|
+
// sub-object field (e.g. opts.authServer.{issuer,jwksUri});
|
|
394
|
+
// - an arbitrary VALIDATOR FUNCTION `(value, label, errorClass, code, opts)
|
|
395
|
+
// => void` that throws on invalid — the universal hatch for a bespoke check.
|
|
396
|
+
// It receives the whole `opts` as the 5th arg, so CROSS-FIELD logic ("field
|
|
397
|
+
// B required when opts.a === X", a custom message, a numeric-bounds call)
|
|
398
|
+
// lives IN the shape rather than as a hand-rolled check outside it.
|
|
399
|
+
//
|
|
400
|
+
// Validates `opts` is an object, then dispatches each declared field; returns
|
|
401
|
+
// opts. An unknown rule token throws at call time — a schema typo is the
|
|
402
|
+
// author's bug, surfaced loudly rather than silently skipping a field.
|
|
403
|
+
//
|
|
404
|
+
// The schema is ALWAYS the authoritative, exhaustive opts contract — there is
|
|
405
|
+
// no opt-in: any key present on `opts` that the schema does not declare (nor
|
|
406
|
+
// list in `options.allow`) is rejected. This is mandatory by design, so the
|
|
407
|
+
// "future code adds an opt but forgets to validate it" gap cannot reopen — an
|
|
408
|
+
// undeclared opt can't be silently consumed, because it is refused here;
|
|
409
|
+
// adding it forces declaring its rule in the schema, where it is validated.
|
|
410
|
+
// (A field declared in the schema is always validated; exhaustiveness adds the
|
|
411
|
+
// converse — nothing reaches the body unvalidated.) `options.allow` is the only
|
|
412
|
+
// escape: an explicit list of keys a factory forwards to a sub-component rather
|
|
413
|
+
// than validating locally — there is no "skip the contract" mode.
|
|
414
|
+
function shape(opts, schema, callerLabel, errorClass, code, options) {
|
|
415
|
+
requireObject(opts, callerLabel, errorClass, code);
|
|
416
|
+
var fields = Object.keys(schema);
|
|
417
|
+
for (var i = 0; i < fields.length; i += 1) {
|
|
418
|
+
var field = fields[i];
|
|
419
|
+
var rule = schema[field];
|
|
420
|
+
var fieldCode = code;
|
|
421
|
+
var label = (callerLabel || "opts") + ": " + field;
|
|
422
|
+
var value = opts[field];
|
|
423
|
+
// Arbitrary validator function — the universal hatch. Receives the whole
|
|
424
|
+
// `opts` as a 5th arg so a rule can do CROSS-FIELD validation (e.g. "field B
|
|
425
|
+
// is required when opts.a === 'material'") without dropping back to inline
|
|
426
|
+
// checks outside the shape.
|
|
427
|
+
if (typeof rule === "function") { rule(value, label, errorClass, fieldCode, opts); continue; }
|
|
428
|
+
if (rule && typeof rule === "object") {
|
|
429
|
+
if (Array.isArray(rule.methods)) {
|
|
430
|
+
if (rule.optional && (value === undefined || value === null)) continue;
|
|
431
|
+
requireMethods(value, rule.methods, rule.label || label, errorClass, rule.code || code, rule.permanent);
|
|
432
|
+
continue;
|
|
433
|
+
}
|
|
434
|
+
// Nested sub-object: validate it is an object, then recurse.
|
|
435
|
+
if (rule.shape && typeof rule.shape === "object") {
|
|
436
|
+
if (rule.optional && (value === undefined || value === null)) continue;
|
|
437
|
+
requireObject(value, rule.label || label, errorClass, rule.code || code);
|
|
438
|
+
shape(value, rule.shape, rule.label || label, errorClass, rule.code || code);
|
|
439
|
+
continue;
|
|
440
|
+
}
|
|
441
|
+
// Per-field descriptor: { rule, code?, label? }.
|
|
442
|
+
if (typeof rule.rule === "string") {
|
|
443
|
+
if (typeof rule.code === "string") fieldCode = rule.code;
|
|
444
|
+
if (typeof rule.label === "string") label = rule.label;
|
|
445
|
+
rule = rule.rule;
|
|
446
|
+
} else {
|
|
447
|
+
_throw(errorClass, code, (callerLabel || "opts") +
|
|
448
|
+
": unsupported shape rule object for field " + field,
|
|
449
|
+
"validate-opts/bad-shape-rule");
|
|
450
|
+
}
|
|
451
|
+
}
|
|
452
|
+
if (rule === "required-object") { requireObject(value, label, errorClass, fieldCode); continue; }
|
|
453
|
+
var fn = _SHAPE_RULES[rule];
|
|
454
|
+
if (typeof fn !== "function") {
|
|
455
|
+
_throw(errorClass, code, (callerLabel || "opts") +
|
|
456
|
+
": unknown shape rule " + JSON.stringify(rule) + " for field " + field,
|
|
457
|
+
"validate-opts/bad-shape-rule");
|
|
458
|
+
}
|
|
459
|
+
fn(value, label, errorClass, fieldCode);
|
|
460
|
+
}
|
|
461
|
+
// Exhaustive contract enforcement — always on (the schema is complete).
|
|
462
|
+
var declared = Object.create(null);
|
|
463
|
+
for (var d = 0; d < fields.length; d += 1) declared[fields[d]] = true;
|
|
464
|
+
var allowList = (options && options.allow) || [];
|
|
465
|
+
for (var a = 0; a < allowList.length; a += 1) declared[allowList[a]] = true;
|
|
466
|
+
var present = Object.keys(opts);
|
|
467
|
+
for (var p = 0; p < present.length; p += 1) {
|
|
468
|
+
if (!declared[present[p]]) {
|
|
469
|
+
_throw(errorClass, code, (callerLabel || "opts") +
|
|
470
|
+
": unknown opt " + JSON.stringify(present[p]) +
|
|
471
|
+
" (not in the validated shape; add it to the schema or pass options.allow)",
|
|
472
|
+
"validate-opts/unknown-opt");
|
|
473
|
+
}
|
|
474
|
+
}
|
|
475
|
+
return opts;
|
|
476
|
+
}
|
|
477
|
+
|
|
334
478
|
// makeAuditEmitter — closure factory parallel to safeAsync.makeDropCallback.
|
|
335
479
|
// Replaces the per-file `function _emit(action, info) { if (!audit) return;
|
|
336
480
|
// try { audit.safeEmit(Object.assign({ action: action }, info || {})); }
|
|
@@ -412,7 +556,7 @@ function assignOwnEnumerable(target, source, reservedKeys) {
|
|
|
412
556
|
var entries = [];
|
|
413
557
|
for (var i = 0; i < keys.length; i += 1) {
|
|
414
558
|
var k = keys[i];
|
|
415
|
-
if (k
|
|
559
|
+
if (pick.isPoisonedKey(k)) continue;
|
|
416
560
|
if (reserved[k]) continue;
|
|
417
561
|
entries.push([k, source[k]]);
|
|
418
562
|
}
|
|
@@ -445,6 +589,7 @@ module.exports.auditShape = auditShape;
|
|
|
445
589
|
module.exports.optionalBoolean = optionalBoolean;
|
|
446
590
|
module.exports.optionalPositiveInt = optionalPositiveInt;
|
|
447
591
|
module.exports.optionalFiniteNonNegative = optionalFiniteNonNegative;
|
|
592
|
+
module.exports.optionalDate = optionalDate;
|
|
448
593
|
module.exports.optionalPositiveFinite = optionalPositiveFinite;
|
|
449
594
|
module.exports.optionalPort = optionalPort;
|
|
450
595
|
module.exports.optionalFunction = optionalFunction;
|
|
@@ -456,6 +601,7 @@ module.exports.requireNonEmptyString = requireNonEmptyString;
|
|
|
456
601
|
module.exports.observabilityShape = observabilityShape;
|
|
457
602
|
module.exports.requireObject = requireObject;
|
|
458
603
|
module.exports.requireMethods = requireMethods;
|
|
604
|
+
module.exports.shape = shape;
|
|
459
605
|
module.exports.applyDefaults = applyDefaults;
|
|
460
606
|
module.exports.makeAuditEmitter = makeAuditEmitter;
|
|
461
607
|
module.exports.makeNamespacedEmitters = makeNamespacedEmitters;
|
|
@@ -185,7 +185,6 @@ function sealPemFile(opts) {
|
|
|
185
185
|
// optionalPositiveFinite above already threw on a bad-shaped opts.pollInterval;
|
|
186
186
|
// here only undefined / null / valid-positive-finite remain.
|
|
187
187
|
var pollInterval = opts.pollInterval || DEFAULT_POLL_MS;
|
|
188
|
-
var auditOn = opts.audit !== false;
|
|
189
188
|
var onResealed = typeof opts.onResealed === "function" ? opts.onResealed : null;
|
|
190
189
|
var onError = typeof opts.onError === "function" ? opts.onError : null;
|
|
191
190
|
validateOpts.optionalPositiveFinite(opts.maxSourceBytes,
|
|
@@ -200,16 +199,7 @@ function sealPemFile(opts) {
|
|
|
200
199
|
var resealing = false;
|
|
201
200
|
var pendingMtime = null;
|
|
202
201
|
|
|
203
|
-
|
|
204
|
-
if (!auditOn) return;
|
|
205
|
-
try {
|
|
206
|
-
audit().safeEmit({
|
|
207
|
-
action: "vault.seal_pem_file." + action,
|
|
208
|
-
outcome: outcome,
|
|
209
|
-
metadata: metadata || {},
|
|
210
|
-
});
|
|
211
|
-
} catch (_e) { /* drop-silent */ }
|
|
212
|
-
}
|
|
202
|
+
var _emitAudit = audit().namespaced("vault.seal_pem_file", opts.audit);
|
|
213
203
|
|
|
214
204
|
function _writeSealed(plaintextBytes) {
|
|
215
205
|
// atomicFile.writeSync already does the .tmp + fsync + rename +
|
|
@@ -274,43 +264,35 @@ function sealPemFile(opts) {
|
|
|
274
264
|
// source isn't a symlink we don't expect, then read via fd so
|
|
275
265
|
// a swap-after-stat doesn't change which bytes we read.
|
|
276
266
|
try {
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
}
|
|
307
|
-
if (read !== fstat.size) {
|
|
308
|
-
throw new SealPemFileError("seal-pem-file/short-read",
|
|
309
|
-
"short read: " + read + " of " + fstat.size + " bytes");
|
|
310
|
-
}
|
|
311
|
-
} finally {
|
|
312
|
-
try { nodeFs.closeSync(fd); } catch (_e) { /* close best-effort */ }
|
|
313
|
-
}
|
|
267
|
+
// TOCTOU-safe read via atomic-file with the strongest guards:
|
|
268
|
+
// symlink refusal + inode-equality + a byte cap. The bespoke
|
|
269
|
+
// SealPemFileError codes/messages are preserved via errorFor; this
|
|
270
|
+
// call sits inside the outer try/catch that wraps any failure into
|
|
271
|
+
// seal-pem-file/source-read-failed + audit + the onError callback.
|
|
272
|
+
plaintext = atomicFile.fdSafeReadSync(source, {
|
|
273
|
+
refuseSymlink: true,
|
|
274
|
+
inodeCheck: true,
|
|
275
|
+
maxBytes: maxSourceBytes,
|
|
276
|
+
errorFor: function (kind, detail) {
|
|
277
|
+
if (kind === "symlink") {
|
|
278
|
+
return new SealPemFileError("seal-pem-file/symlink-refused",
|
|
279
|
+
"source is a symlink (refused; follow + re-stat opens TOCTOU)");
|
|
280
|
+
}
|
|
281
|
+
if (kind === "too-large") {
|
|
282
|
+
return new SealPemFileError("seal-pem-file/source-too-large",
|
|
283
|
+
"source size " + detail.size + " exceeds maxSourceBytes " + maxSourceBytes);
|
|
284
|
+
}
|
|
285
|
+
if (kind === "toctou") {
|
|
286
|
+
return new SealPemFileError("seal-pem-file/toctou-detected",
|
|
287
|
+
"source mutated between lstat and open (TOCTOU defense)");
|
|
288
|
+
}
|
|
289
|
+
if (kind === "short-read") {
|
|
290
|
+
return new SealPemFileError("seal-pem-file/short-read",
|
|
291
|
+
"short read: " + detail.read + " of " + detail.size + " bytes");
|
|
292
|
+
}
|
|
293
|
+
return undefined;
|
|
294
|
+
},
|
|
295
|
+
});
|
|
314
296
|
}
|
|
315
297
|
catch (e) {
|
|
316
298
|
var err = new SealPemFileError("seal-pem-file/source-read-failed",
|
|
@@ -48,6 +48,7 @@
|
|
|
48
48
|
|
|
49
49
|
var lazyRequire = require("./lazy-require");
|
|
50
50
|
var validateOpts = require("./validate-opts");
|
|
51
|
+
var pick = require("./pick");
|
|
51
52
|
var C = require("./constants");
|
|
52
53
|
var { defineClass } = require("./framework-error");
|
|
53
54
|
var VaultAadError = defineClass("VaultAadError", { alwaysPermanent: true });
|
|
@@ -80,7 +81,7 @@ function _canonicalize(parts) {
|
|
|
80
81
|
chunks.push(Buffer.from([AAD_VERSION]));
|
|
81
82
|
for (var i = 0; i < keys.length; i += 1) {
|
|
82
83
|
var key = keys[i];
|
|
83
|
-
if (key
|
|
84
|
+
if (pick.isPoisonedKey(key)) {
|
|
84
85
|
throw new VaultAadError("vault-aad/bad-aad",
|
|
85
86
|
"AAD field name " + JSON.stringify(key) + " is forbidden (poisoned key)");
|
|
86
87
|
}
|
|
@@ -130,7 +131,7 @@ function buildContextAad(parts) {
|
|
|
130
131
|
var out = {};
|
|
131
132
|
for (var k in parts) {
|
|
132
133
|
if (!Object.prototype.hasOwnProperty.call(parts, k)) continue;
|
|
133
|
-
if (k
|
|
134
|
+
if (pick.isPoisonedKey(k)) continue;
|
|
134
135
|
if (parts[k] == null) continue;
|
|
135
136
|
out[k] = parts[k];
|
|
136
137
|
}
|
|
@@ -316,13 +316,8 @@ async function verify(secured, opts) {
|
|
|
316
316
|
if (!opts.publicKey && typeof opts.keyResolver !== "function") {
|
|
317
317
|
throw new VcError("vc/no-key", "vc.verify: pass publicKey or keyResolver");
|
|
318
318
|
}
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
if (!(opts.at instanceof Date) || !isFinite(opts.at.getTime())) {
|
|
322
|
-
throw new VcError("vc/bad-at", "vc.verify: opts.at must be a valid Date");
|
|
323
|
-
}
|
|
324
|
-
at = opts.at;
|
|
325
|
-
}
|
|
319
|
+
validateOpts.optionalDate(opts.at, "vc.verify: opts.at", VcError, "vc/bad-at");
|
|
320
|
+
var at = (opts.at !== undefined && opts.at !== null) ? opts.at : new Date();
|
|
326
321
|
|
|
327
322
|
var result = await _verifySecured(secured, opts, JOSE_TYP, COSE_TYP);
|
|
328
323
|
|
|
@@ -475,18 +475,39 @@ function document(opts) {
|
|
|
475
475
|
throw new VexError("vex/bad-opts",
|
|
476
476
|
"document: opts must be a non-null object");
|
|
477
477
|
}
|
|
478
|
-
validateOpts.
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
478
|
+
validateOpts.shape(opts, {
|
|
479
|
+
documentId: { rule: "required-string", code: "vex/missing-documentId", label: "documentId" },
|
|
480
|
+
title: { rule: "required-string", code: "vex/missing-title", label: "title" },
|
|
481
|
+
trackingId: { rule: "required-string", code: "vex/missing-trackingId", label: "trackingId" },
|
|
482
|
+
trackingVersion: { rule: "required-string", code: "vex/missing-trackingVersion", label: "trackingVersion" },
|
|
483
|
+
currentReleaseDate: { rule: "required-string", code: "vex/missing-currentReleaseDate", label: "currentReleaseDate" },
|
|
484
|
+
initialReleaseDate: { rule: "required-string", code: "vex/missing-initialReleaseDate", label: "initialReleaseDate" },
|
|
485
|
+
// publisher is required; the missing/sub-field checks own their own
|
|
486
|
+
// codes (vex/missing-publisher{,-name,-namespace}) the test asserts
|
|
487
|
+
// on. A truthy non-plain-object (array / string) is rejected with
|
|
488
|
+
// vex/bad-opts (optional-plain-object semantics) BEFORE the absent
|
|
489
|
+
// check, then a null/undefined publisher throws vex/missing-publisher,
|
|
490
|
+
// then name/namespace are required non-empty strings.
|
|
491
|
+
publisher: function (v, label, e, c) {
|
|
492
|
+
validateOpts.optionalPlainObject(v, label, e, c);
|
|
493
|
+
if (!v || typeof v !== "object") {
|
|
494
|
+
throw new VexError("vex/missing-publisher",
|
|
495
|
+
"document: publisher object is required ({ name, namespace })");
|
|
496
|
+
}
|
|
497
|
+
validateOpts.requireNonEmptyString(v.name, "publisher.name", VexError, "vex/missing-publisher-name");
|
|
498
|
+
validateOpts.requireNonEmptyString(v.namespace, "publisher.namespace", VexError, "vex/missing-publisher-namespace");
|
|
499
|
+
},
|
|
500
|
+
// The body's Array.isArray check throws vex/bad-statements; the shape
|
|
501
|
+
// only needs to accept the key (an array is not a plain object).
|
|
502
|
+
statements: function () {},
|
|
503
|
+
tlp: "optional-string",
|
|
504
|
+
lang: "optional-string",
|
|
505
|
+
trackingStatus: "optional-string",
|
|
506
|
+
productTreeNames: "optional-plain-object",
|
|
507
|
+
distributionText: { rule: "optional-string", code: "vex/bad-distribution-text", label: "document.distributionText" },
|
|
508
|
+
// distributor is copied onto distribution as-is when truthy.
|
|
509
|
+
distributor: function () {},
|
|
510
|
+
}, "document", VexError, "vex/bad-opts");
|
|
490
511
|
if (!Array.isArray(opts.statements)) {
|
|
491
512
|
throw new VexError("vex/bad-statements",
|
|
492
513
|
"document: statements must be an array of b.vex.statement objects");
|
|
@@ -530,7 +551,8 @@ function document(opts) {
|
|
|
530
551
|
throw new VexError("vex/bad-product-tree-names",
|
|
531
552
|
"document: productTreeNames must be a { <productId>: <displayName> } object");
|
|
532
553
|
}
|
|
533
|
-
|
|
554
|
+
// distributionText is validated by the shape's optional-string rule
|
|
555
|
+
// above (label "document.distributionText", code vex/bad-distribution-text).
|
|
534
556
|
// FIRST TLP 2.0 + CSAF §3.2.1.12.1.1.1 — distribution.text is
|
|
535
557
|
// REQUIRED when TLP label is RED or AMBER+STRICT (the
|
|
536
558
|
// recipient-restricted tiers carry mandatory boilerplate prose).
|
|
@@ -109,22 +109,25 @@ function buildVapidAuthHeader(opts) {
|
|
|
109
109
|
validateOpts(opts, ["subscription", "contact", "privateKeyPem",
|
|
110
110
|
"publicKeyB64Url", "ttlSec"],
|
|
111
111
|
"webPush.buildVapidAuthHeader");
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
"
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
112
|
+
validateOpts.shape(opts, {
|
|
113
|
+
subscription: function (value) {
|
|
114
|
+
if (!value || typeof value.endpoint !== "string") {
|
|
115
|
+
throw new WebPushError("web-push/bad-subscription",
|
|
116
|
+
"buildVapidAuthHeader: opts.subscription must include a string endpoint");
|
|
117
|
+
}
|
|
118
|
+
},
|
|
119
|
+
contact: function (value) {
|
|
120
|
+
validateOpts.requireNonEmptyString(value, "contact",
|
|
121
|
+
WebPushError, "web-push/bad-contact");
|
|
122
|
+
if (!/^(mailto:|https:)/i.test(value)) {
|
|
123
|
+
throw new WebPushError("web-push/bad-contact",
|
|
124
|
+
"buildVapidAuthHeader: contact must start with 'mailto:' or 'https:' per RFC 8292 §2");
|
|
125
|
+
}
|
|
126
|
+
},
|
|
127
|
+
privateKeyPem: { rule: "required-string", code: "web-push/bad-key", label: "privateKeyPem" },
|
|
128
|
+
publicKeyB64Url: { rule: "required-string", code: "web-push/bad-key", label: "publicKeyB64Url" },
|
|
129
|
+
ttlSec: { rule: "optional-positive-finite", code: "web-push/bad-ttl" },
|
|
130
|
+
}, "webPush.buildVapidAuthHeader", WebPushError, "web-push/bad-opts");
|
|
128
131
|
var ttlSec = opts.ttlSec || C.TIME.hours(12);
|
|
129
132
|
// Audience: origin of the subscription endpoint per RFC 8292 §2.
|
|
130
133
|
var endpointUrl;
|
|
@@ -232,10 +235,10 @@ function encrypt(opts) {
|
|
|
232
235
|
throw new WebPushError("web-push/bad-subscription",
|
|
233
236
|
"encrypt: subscription must have a keys: { p256dh, auth } object");
|
|
234
237
|
}
|
|
235
|
-
validateOpts.
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
238
|
+
validateOpts.shape(opts.subscription.keys, {
|
|
239
|
+
p256dh: { rule: "required-string", code: "web-push/bad-p256dh", label: "p256dh" },
|
|
240
|
+
auth: { rule: "required-string", code: "web-push/bad-auth", label: "auth" },
|
|
241
|
+
}, "webPush.encrypt.keys", WebPushError, "web-push/bad-opts");
|
|
239
242
|
var plaintext = Buffer.isBuffer(opts.payload) ? opts.payload
|
|
240
243
|
: typeof opts.payload === "string" ? Buffer.from(opts.payload, "utf8")
|
|
241
244
|
: null;
|