@blamejs/blamejs-shop 0.4.56 → 0.4.58
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/affiliates.js +35 -4
- package/lib/api-keys.js +17 -2
- package/lib/asset-manifest.json +1 -1
- package/lib/backorder.js +21 -4
- package/lib/click-and-collect.js +11 -2
- package/lib/credit-limits.js +132 -84
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/package.json +1 -1
|
@@ -80,8 +80,11 @@
|
|
|
80
80
|
*/
|
|
81
81
|
|
|
82
82
|
var C = require("./constants");
|
|
83
|
+
var codepointClass = require("./codepoint-class");
|
|
84
|
+
var structuredFields = require("./structured-fields");
|
|
83
85
|
var { defineClass } = require("./framework-error");
|
|
84
86
|
var gateContract = require("./gate-contract");
|
|
87
|
+
var pick = require("./pick");
|
|
85
88
|
|
|
86
89
|
var SafeIcalError = defineClass("SafeIcalError", { alwaysPermanent: true });
|
|
87
90
|
|
|
@@ -369,13 +372,11 @@ function _parseContentLine(line) {
|
|
|
369
372
|
|
|
370
373
|
// Refuse NUL, C0 control bytes (other than TAB), and DEL in the
|
|
371
374
|
// value. Header-injection / log-poisoning defense.
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
" in property value (header-injection defense)");
|
|
378
|
-
}
|
|
375
|
+
var ctrlAt = codepointClass.firstControlCharOffset(value); // NUL / C0 (except TAB) / DEL refusal
|
|
376
|
+
if (ctrlAt !== -1) {
|
|
377
|
+
throw new SafeIcalError("safe-ical/control-char-in-value",
|
|
378
|
+
"safeIcal.parse: control char 0x" + value.charCodeAt(ctrlAt).toString(16) +
|
|
379
|
+
" in property value (header-injection defense)");
|
|
379
380
|
}
|
|
380
381
|
|
|
381
382
|
// Split params off the property name.
|
|
@@ -391,7 +392,7 @@ function _parseContentLine(line) {
|
|
|
391
392
|
}
|
|
392
393
|
var pname = seg.slice(0, eq).toUpperCase();
|
|
393
394
|
var pvalue = seg.slice(eq + 1);
|
|
394
|
-
if (pname
|
|
395
|
+
if (pick.isPoisonedKey(pname)) continue;
|
|
395
396
|
if (params[pname]) {
|
|
396
397
|
params[pname].push(_stripDoubleQuotes(pvalue));
|
|
397
398
|
} else {
|
|
@@ -412,26 +413,11 @@ function _findUnquotedColon(line) {
|
|
|
412
413
|
}
|
|
413
414
|
|
|
414
415
|
function _splitUnquoted(s, sep) {
|
|
415
|
-
|
|
416
|
-
var inQ = false;
|
|
417
|
-
var start = 0;
|
|
418
|
-
for (var i = 0; i < s.length; i++) {
|
|
419
|
-
var c = s.charAt(i);
|
|
420
|
-
if (c === '"') { inQ = !inQ; continue; }
|
|
421
|
-
if (c === sep && !inQ) {
|
|
422
|
-
out.push(s.slice(start, i));
|
|
423
|
-
start = i + 1;
|
|
424
|
-
}
|
|
425
|
-
}
|
|
426
|
-
out.push(s.slice(start));
|
|
427
|
-
return out;
|
|
416
|
+
return structuredFields.splitUnquoted(s, sep);
|
|
428
417
|
}
|
|
429
418
|
|
|
430
419
|
function _stripDoubleQuotes(s) {
|
|
431
|
-
|
|
432
|
-
return s.slice(1, -1);
|
|
433
|
-
}
|
|
434
|
-
return s;
|
|
420
|
+
return structuredFields.stripDoubleQuotes(s);
|
|
435
421
|
}
|
|
436
422
|
|
|
437
423
|
// ---- Component parser (RFC 5545 §3.6) ----
|
|
@@ -504,7 +490,7 @@ function _parseComponent(lines, startIdx, ctx, depth) {
|
|
|
504
490
|
"safeIcal.parse: property count in " + compName +
|
|
505
491
|
" exceeds maxPropertiesPerComponent=" + ctx.caps.maxPropertiesPerComponent);
|
|
506
492
|
}
|
|
507
|
-
if (pn
|
|
493
|
+
if (pick.isPoisonedKey(pn)) {
|
|
508
494
|
i += 1;
|
|
509
495
|
continue;
|
|
510
496
|
}
|
|
@@ -37,6 +37,7 @@
|
|
|
37
37
|
// ---- Error class ----
|
|
38
38
|
|
|
39
39
|
var C = require("./constants");
|
|
40
|
+
var pick = require("./pick");
|
|
40
41
|
var safeBuffer = require("./safe-buffer");
|
|
41
42
|
var safeUrl = require("./safe-url");
|
|
42
43
|
var time = require("./time");
|
|
@@ -93,8 +94,6 @@ var DEFAULT_MAX_DEPTH = 100;
|
|
|
93
94
|
var DEFAULT_MAX_KEYS = 10_000;
|
|
94
95
|
var ABSOLUTE_MAX_KEYS = 1_000_000;
|
|
95
96
|
|
|
96
|
-
var POISONED_KEYS = new Set(["__proto__", "constructor", "prototype"]);
|
|
97
|
-
|
|
98
97
|
// ---- parse ----
|
|
99
98
|
|
|
100
99
|
/**
|
|
@@ -242,7 +241,7 @@ function parseOrDefault(input, fallback, opts) {
|
|
|
242
241
|
}
|
|
243
242
|
|
|
244
243
|
function _stripProtoKeys(key, value) {
|
|
245
|
-
if (
|
|
244
|
+
if (pick.isPoisonedKey(key)) return undefined;
|
|
246
245
|
return value;
|
|
247
246
|
}
|
|
248
247
|
|
|
@@ -256,7 +255,7 @@ function _walkAndCheck(value, depth, maxDepth, allowProto, maxKeys) {
|
|
|
256
255
|
return;
|
|
257
256
|
}
|
|
258
257
|
if (!allowProto) {
|
|
259
|
-
POISONED_KEYS.forEach(function (k) {
|
|
258
|
+
pick.POISONED_KEYS.forEach(function (k) {
|
|
260
259
|
if (Object.prototype.hasOwnProperty.call(value, k)) delete value[k];
|
|
261
260
|
});
|
|
262
261
|
}
|
|
@@ -338,7 +337,7 @@ function stringify(value, opts) {
|
|
|
338
337
|
}
|
|
339
338
|
|
|
340
339
|
function replacer(key, val) {
|
|
341
|
-
if (!allowProto &&
|
|
340
|
+
if (!allowProto && pick.isPoisonedKey(key)) return undefined;
|
|
342
341
|
return val;
|
|
343
342
|
}
|
|
344
343
|
|
|
@@ -373,7 +372,7 @@ function _cleanCycles(value, replacement, allowProto) {
|
|
|
373
372
|
out = {};
|
|
374
373
|
for (var k in v) {
|
|
375
374
|
if (!Object.prototype.hasOwnProperty.call(v, k)) continue;
|
|
376
|
-
if (!allowProto &&
|
|
375
|
+
if (!allowProto && pick.isPoisonedKey(k)) continue;
|
|
377
376
|
out[k] = walk(v[k]);
|
|
378
377
|
}
|
|
379
378
|
}
|
|
@@ -432,7 +431,7 @@ function canonical(value) {
|
|
|
432
431
|
if (typeof v === "string") return JSON.stringify(v);
|
|
433
432
|
if (Array.isArray(v)) return "[" + v.map(ser).join(",") + "]";
|
|
434
433
|
if (typeof v === "object") {
|
|
435
|
-
var keys = Object.keys(v).filter(function (k) { return !
|
|
434
|
+
var keys = Object.keys(v).filter(function (k) { return !pick.isPoisonedKey(k); }).sort();
|
|
436
435
|
var pairs = keys.map(function (k) { return JSON.stringify(k) + ":" + ser(v[k]); });
|
|
437
436
|
return "{" + pairs.join(",") + "}";
|
|
438
437
|
}
|
|
@@ -942,5 +941,5 @@ module.exports = {
|
|
|
942
941
|
ABSOLUTE_MAX_BYTES: ABSOLUTE_MAX_BYTES,
|
|
943
942
|
ABSOLUTE_MAX_DEPTH: ABSOLUTE_MAX_DEPTH,
|
|
944
943
|
ABSOLUTE_MAX_KEYS: ABSOLUTE_MAX_KEYS,
|
|
945
|
-
POISONED_KEYS:
|
|
944
|
+
POISONED_KEYS: pick.POISONED_KEYS.slice(),
|
|
946
945
|
};
|
|
@@ -38,6 +38,7 @@
|
|
|
38
38
|
|
|
39
39
|
var codepointClass = require("./codepoint-class");
|
|
40
40
|
var C = require("./constants");
|
|
41
|
+
var safeBuffer = require("./safe-buffer");
|
|
41
42
|
var { defineClass, FrameworkError } = require("./framework-error");
|
|
42
43
|
|
|
43
44
|
// SafeJsonPathError — alwaysPermanent because every code path is a
|
|
@@ -86,7 +87,7 @@ function _hasControlOrNul(value) {
|
|
|
86
87
|
// legitimate use in a JSON pointer / key / path expression.
|
|
87
88
|
for (var i = 0; i < value.length; i++) {
|
|
88
89
|
var c = value.charCodeAt(i);
|
|
89
|
-
if (
|
|
90
|
+
if (codepointClass.isForbiddenControlChar(c)) return true; // ASCII control-byte range
|
|
90
91
|
}
|
|
91
92
|
if (codepointClass.BIDI_RE.test(value)) return true; // allow:regex-no-length-cap — callers cap length via MAX_KEY_BYTES / MAX_EXPRESSION_BYTES
|
|
92
93
|
if (codepointClass.ZERO_WIDTH_RE.test(value)) return true; // allow:regex-no-length-cap — callers cap length via MAX_KEY_BYTES / MAX_EXPRESSION_BYTES
|
|
@@ -108,9 +109,9 @@ function validateKey(key, opts) {
|
|
|
108
109
|
"validateKey: key must be non-empty");
|
|
109
110
|
}
|
|
110
111
|
var maxBytes = opts.maxBytes || MAX_KEY_BYTES;
|
|
111
|
-
if (key
|
|
112
|
+
if (safeBuffer.byteLengthOf(key) > maxBytes) {
|
|
112
113
|
throw _err("safe-jsonpath/key-too-long",
|
|
113
|
-
"validateKey: key exceeds " + maxBytes + " bytes (got " + key
|
|
114
|
+
"validateKey: key exceeds " + maxBytes + " bytes (got " + safeBuffer.byteLengthOf(key) + ")");
|
|
114
115
|
}
|
|
115
116
|
if (_hasControlOrNul(key)) {
|
|
116
117
|
throw _err("safe-jsonpath/key-control-char",
|
|
@@ -167,9 +168,9 @@ function validateExpression(expr, opts) {
|
|
|
167
168
|
"validateExpression: expr must be non-empty");
|
|
168
169
|
}
|
|
169
170
|
var maxBytes = opts.maxBytes || MAX_EXPRESSION_BYTES;
|
|
170
|
-
if (expr
|
|
171
|
+
if (safeBuffer.byteLengthOf(expr) > maxBytes) {
|
|
171
172
|
throw _err("safe-jsonpath/expression-too-long",
|
|
172
|
-
"validateExpression: expr exceeds " + maxBytes + " bytes (got " + expr
|
|
173
|
+
"validateExpression: expr exceeds " + maxBytes + " bytes (got " + safeBuffer.byteLengthOf(expr) + ")");
|
|
173
174
|
}
|
|
174
175
|
if (_hasControlOrNul(expr)) {
|
|
175
176
|
throw _err("safe-jsonpath/expression-control-char",
|
|
@@ -45,7 +45,12 @@
|
|
|
45
45
|
*/
|
|
46
46
|
|
|
47
47
|
var C = require("./constants");
|
|
48
|
+
var safeBuffer = require("./safe-buffer");
|
|
49
|
+
var numericBounds = require("./numeric-bounds");
|
|
50
|
+
var codepointClass = require("./codepoint-class");
|
|
51
|
+
var structuredFields = require("./structured-fields");
|
|
48
52
|
var { defineClass } = require("./framework-error");
|
|
53
|
+
var pick = require("./pick");
|
|
49
54
|
|
|
50
55
|
var SafeMimeError = defineClass("SafeMimeError", { alwaysPermanent: true });
|
|
51
56
|
|
|
@@ -147,7 +152,7 @@ function parse(bytes, opts) {
|
|
|
147
152
|
var encodings = _normalizeStringSet(opts.transferEncodingAllowlist || DEFAULT_TRANSFER_ENCODINGS);
|
|
148
153
|
|
|
149
154
|
var buf = _toBuffer(bytes);
|
|
150
|
-
if (buf
|
|
155
|
+
if (safeBuffer.byteLengthOf(buf) > maxMessageBytes) {
|
|
151
156
|
throw new SafeMimeError("safe-mime/oversize-message",
|
|
152
157
|
"safeMime.parse: message size " + buf.length + " exceeds maxMessageBytes " + maxMessageBytes);
|
|
153
158
|
}
|
|
@@ -398,7 +403,7 @@ function _parsePart(buf, ctx, depth) {
|
|
|
398
403
|
};
|
|
399
404
|
}
|
|
400
405
|
|
|
401
|
-
if (bodyBytes
|
|
406
|
+
if (safeBuffer.byteLengthOf(bodyBytes) > ctx.maxBodyBytes) {
|
|
402
407
|
throw new SafeMimeError("safe-mime/oversize-body",
|
|
403
408
|
"safeMime.parse: body " + bodyBytes.length + " bytes exceeds maxBodyBytes=" + ctx.maxBodyBytes);
|
|
404
409
|
}
|
|
@@ -413,7 +418,7 @@ function _parsePart(buf, ctx, depth) {
|
|
|
413
418
|
"safeMime.parse: charset '" + charset + "' not in allowlist; refused");
|
|
414
419
|
}
|
|
415
420
|
var decodedBody = _decodeBody(bodyBytes, encoding);
|
|
416
|
-
if (decodedBody
|
|
421
|
+
if (safeBuffer.byteLengthOf(decodedBody) > ctx.maxBodyBytes) {
|
|
417
422
|
throw new SafeMimeError("safe-mime/oversize-body",
|
|
418
423
|
"safeMime.parse: decoded body " + decodedBody.length +
|
|
419
424
|
" bytes exceeds maxBodyBytes=" + ctx.maxBodyBytes);
|
|
@@ -458,13 +463,13 @@ function _parseHeaders(buf, ctx) {
|
|
|
458
463
|
var headerMap = Object.create(null);
|
|
459
464
|
for (var i = 0; i < lines.length; i += 1) {
|
|
460
465
|
var line = lines[i];
|
|
461
|
-
var
|
|
462
|
-
if (
|
|
466
|
+
var khv = structuredFields.parseKeyValuePiece(line, ":");
|
|
467
|
+
if (khv.value === null) {
|
|
463
468
|
throw new SafeMimeError("safe-mime/malformed-headers",
|
|
464
469
|
"safeMime.parse: header line missing colon: " + _previewBytes(line));
|
|
465
470
|
}
|
|
466
|
-
var name =
|
|
467
|
-
var value =
|
|
471
|
+
var name = khv.key;
|
|
472
|
+
var value = khv.value.trim();
|
|
468
473
|
// Refuse NUL, CR, LF, and other C0 control chars in header values.
|
|
469
474
|
// Tab (0x09) is allowed (header folding). C1 control range
|
|
470
475
|
// (0x80-0x9F) NOT refused — legitimate non-ASCII via EAI/RFC 2047
|
|
@@ -473,17 +478,15 @@ function _parseHeaders(buf, ctx) {
|
|
|
473
478
|
// string prefix) rather than the UTF-16 code-unit index, so the
|
|
474
479
|
// operator audit log lines up with the wire-level byte stream
|
|
475
480
|
// they're inspecting.
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
hcc.toString(16) + " at byte offset " + byteOffset); // toString radix 16 hex, not bytes
|
|
483
|
-
}
|
|
481
|
+
var hci = codepointClass.firstControlCharOffset(value); // C0 control char (except TAB) + DEL refusal
|
|
482
|
+
if (hci !== -1) {
|
|
483
|
+
var byteOffset = Buffer.byteLength(value.slice(0, hci), "utf8");
|
|
484
|
+
throw new SafeMimeError("safe-mime/control-char-in-header",
|
|
485
|
+
"safeMime.parse: header '" + name + "' contains control char 0x" +
|
|
486
|
+
value.charCodeAt(hci).toString(16) + " at byte offset " + byteOffset); // toString radix 16 hex, not bytes
|
|
484
487
|
}
|
|
485
488
|
value = _decodeRfc2047Words(value);
|
|
486
|
-
if (name
|
|
489
|
+
if (pick.isPoisonedKey(name)) continue;
|
|
487
490
|
if (!headerMap[name]) headerMap[name] = [];
|
|
488
491
|
headerMap[name].push(value);
|
|
489
492
|
}
|
|
@@ -525,19 +528,14 @@ function _parseContentType(value) {
|
|
|
525
528
|
var parts = String(value).split(";");
|
|
526
529
|
var type = parts[0].toLowerCase().trim();
|
|
527
530
|
var params = Object.create(null);
|
|
528
|
-
|
|
529
|
-
|
|
530
|
-
if (p.length === 0) continue;
|
|
531
|
-
var eq = p.indexOf("=");
|
|
532
|
-
if (eq < 0) continue;
|
|
533
|
-
var k = p.slice(0, eq).toLowerCase().trim();
|
|
534
|
-
var v = p.slice(eq + 1).trim();
|
|
531
|
+
var kvps = structuredFields.parseKeyValuePieces(parts, 1);
|
|
532
|
+
structuredFields.forEachKeyValue(kvps, function (k, v) {
|
|
535
533
|
if (v.length >= 2 && v.charAt(0) === '"' && v.charAt(v.length - 1) === '"') {
|
|
536
534
|
v = v.slice(1, -1).replace(/\\(.)/g, "$1");
|
|
537
535
|
}
|
|
538
|
-
if (k
|
|
536
|
+
if (pick.isPoisonedKey(k)) return;
|
|
539
537
|
params[k] = v;
|
|
540
|
-
}
|
|
538
|
+
});
|
|
541
539
|
return { type: type, params: params };
|
|
542
540
|
}
|
|
543
541
|
|
|
@@ -779,10 +777,8 @@ function _toBuffer(input) {
|
|
|
779
777
|
|
|
780
778
|
function _intOpt(opts, key, fallback) {
|
|
781
779
|
if (opts[key] === undefined || opts[key] === null) return fallback;
|
|
782
|
-
|
|
783
|
-
|
|
784
|
-
"safeMime.parse: opts." + key + " must be a positive finite integer (got " + opts[key] + ")");
|
|
785
|
-
}
|
|
780
|
+
numericBounds.requirePositiveFiniteInt(opts[key],
|
|
781
|
+
"safeMime.parse: opts." + key, SafeMimeError, "safe-mime/bad-opt");
|
|
786
782
|
return opts[key];
|
|
787
783
|
}
|
|
788
784
|
|
|
@@ -40,15 +40,12 @@
|
|
|
40
40
|
|
|
41
41
|
var safeUrl = require("./safe-url");
|
|
42
42
|
var validateOpts = require("./validate-opts");
|
|
43
|
+
var codepointClass = require("./codepoint-class");
|
|
43
44
|
|
|
44
45
|
var DEFAULT_FALLBACK = "/";
|
|
45
46
|
|
|
46
47
|
function _hasControlChar(s) {
|
|
47
|
-
|
|
48
|
-
var c = s.charCodeAt(i);
|
|
49
|
-
if (c < 0x20 || c === 0x7f) return true; // ASCII control range thresholds
|
|
50
|
-
}
|
|
51
|
-
return false;
|
|
48
|
+
return codepointClass.firstControlCharOffset(s, { forbidTab: true }) !== -1;
|
|
52
49
|
}
|
|
53
50
|
|
|
54
51
|
function resolve(rawTarget, opts) {
|
|
@@ -98,6 +98,8 @@
|
|
|
98
98
|
|
|
99
99
|
var C = require("./constants");
|
|
100
100
|
var safeJson = require("./safe-json");
|
|
101
|
+
var pick = require("./pick");
|
|
102
|
+
var ipUtils = require("./ip-utils");
|
|
101
103
|
var { defineClass } = require("./framework-error");
|
|
102
104
|
|
|
103
105
|
// Maximum URL length per RFC 7230 §3.1.1 guidance — also reused as the
|
|
@@ -154,7 +156,6 @@ var SafeSchemaError = defineClass("SafeSchemaError", { alwaysPermanent: true });
|
|
|
154
156
|
// Object.prototype by submitting a JSON body with __proto__ /
|
|
155
157
|
// constructor / prototype keys, even if the operator schema is
|
|
156
158
|
// .passthrough().
|
|
157
|
-
var POISONED_KEYS = new Set(["__proto__", "constructor", "prototype"]);
|
|
158
159
|
|
|
159
160
|
// Pragmatic regexes — RFC-correct is impractical without exploding the
|
|
160
161
|
// regex (especially email). Operators wanting deeper validation chain
|
|
@@ -169,7 +170,7 @@ var UUID_RE = /^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0
|
|
|
169
170
|
var DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
|
|
170
171
|
// ISO-8601 datetime with timezone (Z or ±HH:MM); fractional seconds optional.
|
|
171
172
|
var DATETIME_RE = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d+)?(?:Z|[+-]\d{2}:\d{2})$/;
|
|
172
|
-
var IPV4_RE =
|
|
173
|
+
var IPV4_RE = ipUtils.IPV4_RE; // canonical strict dotted-quad — single source in lib/ip-utils.js
|
|
173
174
|
// CUID v1 / v2: 25-char base36, starts with 'c'. Common in TypeScript ecosystems.
|
|
174
175
|
var CUID_RE = /^c[a-z0-9]{24}$/;
|
|
175
176
|
// ULID: Crockford-base32, 26 chars, time-sortable.
|
|
@@ -1012,7 +1013,7 @@ function object(shape) {
|
|
|
1012
1013
|
// such a key) gets a refusal at construction time.
|
|
1013
1014
|
var allOwnKeys = Object.getOwnPropertyNames(shape);
|
|
1014
1015
|
for (var ai = 0; ai < allOwnKeys.length; ai++) {
|
|
1015
|
-
if (
|
|
1016
|
+
if (pick.isPoisonedKey(allOwnKeys[ai])) {
|
|
1016
1017
|
throw new SafeSchemaError("safe-schema/poisoned-shape-key",
|
|
1017
1018
|
"object shape: key '" + allOwnKeys[ai] + "' is forbidden (prototype-pollution defense)");
|
|
1018
1019
|
}
|
|
@@ -1054,7 +1055,7 @@ function _objectWithMode(shape, keys, mode) {
|
|
|
1054
1055
|
// Prototype-pollution defense — refuse __proto__/constructor/
|
|
1055
1056
|
// prototype regardless of mode. .passthrough() never propagates
|
|
1056
1057
|
// these because they are always rejected as input.
|
|
1057
|
-
if (
|
|
1058
|
+
if (pick.isPoisonedKey(ik)) {
|
|
1058
1059
|
issues.push({
|
|
1059
1060
|
path: path.concat([ik]),
|
|
1060
1061
|
code: "object/poisoned-key",
|
|
@@ -1449,7 +1450,7 @@ function record(a, b) {
|
|
|
1449
1450
|
for (var i = 0; i < keys.length; i++) {
|
|
1450
1451
|
var k = keys[i];
|
|
1451
1452
|
// Prototype-pollution defense — same shape as object() schema.
|
|
1452
|
-
if (
|
|
1453
|
+
if (pick.isPoisonedKey(k)) {
|
|
1453
1454
|
issues.push({
|
|
1454
1455
|
path: path.concat([k]),
|
|
1455
1456
|
code: "record/poisoned-key",
|
|
@@ -1533,7 +1534,7 @@ function discriminatedUnion(discriminator, options) {
|
|
|
1533
1534
|
throw new SafeSchemaError("safe-schema/bad-discriminator",
|
|
1534
1535
|
"discriminatedUnion: discriminator must be a non-empty string key name");
|
|
1535
1536
|
}
|
|
1536
|
-
if (
|
|
1537
|
+
if (pick.isPoisonedKey(discriminator)) {
|
|
1537
1538
|
throw new SafeSchemaError("safe-schema/poisoned-discriminator",
|
|
1538
1539
|
"discriminatedUnion: discriminator key '" + discriminator + "' is forbidden");
|
|
1539
1540
|
}
|
|
@@ -429,6 +429,69 @@ function countPlaceholders(sql) {
|
|
|
429
429
|
return count;
|
|
430
430
|
}
|
|
431
431
|
|
|
432
|
+
/**
|
|
433
|
+
* @primitive b.safeSql.toPositional
|
|
434
|
+
* @signature b.safeSql.toPositional(sql, dialect)
|
|
435
|
+
* @since 0.15.13
|
|
436
|
+
* @status stable
|
|
437
|
+
* @related b.safeSql.countPlaceholders, b.sql
|
|
438
|
+
*
|
|
439
|
+
* Rewrite bound `?` placeholders to Postgres `$N` positional form,
|
|
440
|
+
* skipping any `?` inside a string literal (`'...'` / `"..."` /
|
|
441
|
+
* `` `...` ``, doubled-quote escape aware) or a line / block comment. For
|
|
442
|
+
* any non-Postgres dialect the SQL is returned unchanged (`?` is already
|
|
443
|
+
* the wire form). This is the same quote- and comment-aware scan as
|
|
444
|
+
* `countPlaceholders`, extended to emit the rewritten string and to skip
|
|
445
|
+
* MySQL backtick-quoted identifiers; the query builder and the cluster
|
|
446
|
+
* store both compose it so the rewrite lives in one place.
|
|
447
|
+
*
|
|
448
|
+
* @example
|
|
449
|
+
* var b = require("blamejs");
|
|
450
|
+
* b.safeSql.toPositional("a = ? AND b = ?", "postgres");
|
|
451
|
+
* // → "a = $1 AND b = $2"
|
|
452
|
+
*
|
|
453
|
+
* b.safeSql.toPositional("note = 'is ? literal' AND id = ?", "postgres");
|
|
454
|
+
* // → "note = 'is ? literal' AND id = $1"
|
|
455
|
+
*/
|
|
456
|
+
function toPositional(sql, dialect) {
|
|
457
|
+
if (dialect !== "postgres") return sql;
|
|
458
|
+
var out = "";
|
|
459
|
+
var n = 0;
|
|
460
|
+
var i = 0;
|
|
461
|
+
var len = sql.length;
|
|
462
|
+
while (i < len) {
|
|
463
|
+
var c = sql.charAt(i);
|
|
464
|
+
var nx = i + 1 < len ? sql.charAt(i + 1) : "";
|
|
465
|
+
if (c === "'" || c === '"' || c === "`") {
|
|
466
|
+
out += c;
|
|
467
|
+
i += 1;
|
|
468
|
+
while (i < len) {
|
|
469
|
+
var q = sql.charAt(i);
|
|
470
|
+
if (q === c) {
|
|
471
|
+
if (sql.charAt(i + 1) === c) { out += c + c; i += 2; continue; }
|
|
472
|
+
out += c; i += 1; break;
|
|
473
|
+
}
|
|
474
|
+
out += q; i += 1;
|
|
475
|
+
}
|
|
476
|
+
continue;
|
|
477
|
+
}
|
|
478
|
+
if (c === "-" && nx === "-") {
|
|
479
|
+
while (i < len && sql.charAt(i) !== "\n") { out += sql.charAt(i); i += 1; }
|
|
480
|
+
continue;
|
|
481
|
+
}
|
|
482
|
+
if (c === "/" && nx === "*") {
|
|
483
|
+
out += "/*"; i += 2;
|
|
484
|
+
while (i < len && !(sql.charAt(i) === "*" && sql.charAt(i + 1) === "/")) { out += sql.charAt(i); i += 1; }
|
|
485
|
+
if (i < len) { out += "*/"; i += 2; }
|
|
486
|
+
continue;
|
|
487
|
+
}
|
|
488
|
+
if (c === "?") { n += 1; out += "$" + n; i += 1; continue; }
|
|
489
|
+
out += c;
|
|
490
|
+
i += 1;
|
|
491
|
+
}
|
|
492
|
+
return out;
|
|
493
|
+
}
|
|
494
|
+
|
|
432
495
|
/**
|
|
433
496
|
* @primitive b.safeSql.DEFAULT_IDENTIFIER_RE
|
|
434
497
|
* @signature b.safeSql.DEFAULT_IDENTIFIER_RE
|
|
@@ -557,7 +620,69 @@ function assertSingleStatement(sql, opts) {
|
|
|
557
620
|
return sql;
|
|
558
621
|
}
|
|
559
622
|
|
|
623
|
+
/**
|
|
624
|
+
* @primitive b.safeSql.assertNoRawStringLiteral
|
|
625
|
+
* @signature b.safeSql.assertNoRawStringLiteral(sql, where, makeError?)
|
|
626
|
+
* @since 0.15.13
|
|
627
|
+
* @status stable
|
|
628
|
+
* @related b.safeSql.assertSingleStatement, b.safeSql.countPlaceholders, b.sql
|
|
629
|
+
*
|
|
630
|
+
* The one quote/comment-aware scan that refuses a `'...'` STRING LITERAL in
|
|
631
|
+
* raw SQL — the injection backstop for the b.sql builder's raw fragments and
|
|
632
|
+
* the external-db raw-query path, which must bind every value with a `?`
|
|
633
|
+
* placeholder rather than splice a literal. Walks the SQL skipping `"..."`
|
|
634
|
+
* quoted identifiers (doubled-quote escapes handled), `-- line` comments, and
|
|
635
|
+
* slash-star block comments; on the first top-level `'` it throws the caller's
|
|
636
|
+
* error (`makeError(where)` returns the Error to throw). Both b.sql and the
|
|
637
|
+
* external-db raw gate route through this single scan so a fix to the scanner
|
|
638
|
+
* cannot drift between them.
|
|
639
|
+
*
|
|
640
|
+
* @example
|
|
641
|
+
* b.safeSql.assertNoRawStringLiteral("WHERE id = ?", "where"); // ok (no literal)
|
|
642
|
+
* try { b.safeSql.assertNoRawStringLiteral("WHERE name = 'x'", "where"); }
|
|
643
|
+
* catch (e) { e.code; } // → "sql/raw-literal"
|
|
644
|
+
*/
|
|
645
|
+
function assertNoRawStringLiteral(sql, where, makeError) {
|
|
646
|
+
var mkErr = typeof makeError === "function" ? makeError : function (w) {
|
|
647
|
+
return new SafeSqlError(w + ": raw SQL must not contain a string literal ('...') — bind every " +
|
|
648
|
+
"value with a ? placeholder, or pass { allowLiterals: true } when the literal " +
|
|
649
|
+
"is static and operator-controlled.", "sql/raw-literal");
|
|
650
|
+
};
|
|
651
|
+
var i = 0;
|
|
652
|
+
var len = sql.length;
|
|
653
|
+
while (i < len) {
|
|
654
|
+
var ch = sql.charAt(i);
|
|
655
|
+
var next = i + 1 < len ? sql.charAt(i + 1) : "";
|
|
656
|
+
if (ch === '"') {
|
|
657
|
+
i += 1;
|
|
658
|
+
while (i < len) {
|
|
659
|
+
if (sql.charAt(i) === '"') {
|
|
660
|
+
if (sql.charAt(i + 1) === '"') { i += 2; continue; }
|
|
661
|
+
i += 1; break;
|
|
662
|
+
}
|
|
663
|
+
i += 1;
|
|
664
|
+
}
|
|
665
|
+
continue;
|
|
666
|
+
}
|
|
667
|
+
if (ch === "-" && next === "-") {
|
|
668
|
+
while (i < len && sql.charAt(i) !== "\n") i += 1;
|
|
669
|
+
continue;
|
|
670
|
+
}
|
|
671
|
+
if (ch === "/" && next === "*") {
|
|
672
|
+
i += 2;
|
|
673
|
+
while (i < len && !(sql.charAt(i) === "*" && sql.charAt(i + 1) === "/")) i += 1;
|
|
674
|
+
i += 2;
|
|
675
|
+
continue;
|
|
676
|
+
}
|
|
677
|
+
if (ch === "'") {
|
|
678
|
+
throw mkErr(where);
|
|
679
|
+
}
|
|
680
|
+
i += 1;
|
|
681
|
+
}
|
|
682
|
+
}
|
|
683
|
+
|
|
560
684
|
module.exports = {
|
|
685
|
+
assertNoRawStringLiteral: assertNoRawStringLiteral,
|
|
561
686
|
validateIdentifier: validateIdentifier,
|
|
562
687
|
assertSingleStatement: assertSingleStatement,
|
|
563
688
|
quoteIdentifier: quoteIdentifier,
|
|
@@ -565,6 +690,7 @@ module.exports = {
|
|
|
565
690
|
quoteList: quoteList,
|
|
566
691
|
assertOneOf: assertOneOf,
|
|
567
692
|
countPlaceholders: countPlaceholders,
|
|
693
|
+
toPositional: toPositional,
|
|
568
694
|
SafeSqlError: SafeSqlError,
|
|
569
695
|
// Exposed so consumers can compose their own validators
|
|
570
696
|
DEFAULT_IDENTIFIER_RE: DEFAULT_IDENTIFIER_RE,
|
|
@@ -62,8 +62,11 @@
|
|
|
62
62
|
*/
|
|
63
63
|
|
|
64
64
|
var C = require("./constants");
|
|
65
|
+
var codepointClass = require("./codepoint-class");
|
|
66
|
+
var structuredFields = require("./structured-fields");
|
|
65
67
|
var { defineClass } = require("./framework-error");
|
|
66
68
|
var gateContract = require("./gate-contract");
|
|
69
|
+
var pick = require("./pick");
|
|
67
70
|
|
|
68
71
|
var SafeVcardError = defineClass("SafeVcardError", { alwaysPermanent: true });
|
|
69
72
|
|
|
@@ -280,13 +283,11 @@ function _parseContentLine(line) {
|
|
|
280
283
|
var head = line.slice(0, colonIdx);
|
|
281
284
|
var value = line.slice(colonIdx + 1);
|
|
282
285
|
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
" in property value (header-injection defense)");
|
|
289
|
-
}
|
|
286
|
+
var ctrlAt = codepointClass.firstControlCharOffset(value); // C0 (except TAB) + DEL refusal
|
|
287
|
+
if (ctrlAt !== -1) {
|
|
288
|
+
throw new SafeVcardError("safe-vcard/control-char-in-value",
|
|
289
|
+
"safeVcard.parse: control char 0x" + value.charCodeAt(ctrlAt).toString(16) +
|
|
290
|
+
" in property value (header-injection defense)");
|
|
290
291
|
}
|
|
291
292
|
|
|
292
293
|
// RFC 6350 §3.3 — property name may be prefixed by an optional
|
|
@@ -310,7 +311,7 @@ function _parseContentLine(line) {
|
|
|
310
311
|
}
|
|
311
312
|
var pname = seg.slice(0, eq).toUpperCase();
|
|
312
313
|
var pvalue = seg.slice(eq + 1);
|
|
313
|
-
if (pname
|
|
314
|
+
if (pick.isPoisonedKey(pname)) continue;
|
|
314
315
|
if (params[pname]) {
|
|
315
316
|
params[pname].push(_stripDoubleQuotes(pvalue));
|
|
316
317
|
} else {
|
|
@@ -331,26 +332,11 @@ function _findUnquotedColon(line) {
|
|
|
331
332
|
}
|
|
332
333
|
|
|
333
334
|
function _splitUnquoted(s, sep) {
|
|
334
|
-
|
|
335
|
-
var inQ = false;
|
|
336
|
-
var start = 0;
|
|
337
|
-
for (var i = 0; i < s.length; i++) {
|
|
338
|
-
var c = s.charAt(i);
|
|
339
|
-
if (c === '"') { inQ = !inQ; continue; }
|
|
340
|
-
if (c === sep && !inQ) {
|
|
341
|
-
out.push(s.slice(start, i));
|
|
342
|
-
start = i + 1;
|
|
343
|
-
}
|
|
344
|
-
}
|
|
345
|
-
out.push(s.slice(start));
|
|
346
|
-
return out;
|
|
335
|
+
return structuredFields.splitUnquoted(s, sep);
|
|
347
336
|
}
|
|
348
337
|
|
|
349
338
|
function _stripDoubleQuotes(s) {
|
|
350
|
-
|
|
351
|
-
return s.slice(1, -1);
|
|
352
|
-
}
|
|
353
|
-
return s;
|
|
339
|
+
return structuredFields.stripDoubleQuotes(s);
|
|
354
340
|
}
|
|
355
341
|
|
|
356
342
|
function _parseVcard(lines, startIdx, caps, extraProps) {
|
|
@@ -399,7 +385,7 @@ function _parseVcard(lines, startIdx, caps, extraProps) {
|
|
|
399
385
|
"safeVcard.parse: property count exceeds maxPropertiesPerCard=" +
|
|
400
386
|
caps.maxPropertiesPerCard);
|
|
401
387
|
}
|
|
402
|
-
if (pn
|
|
388
|
+
if (pick.isPoisonedKey(pn)) {
|
|
403
389
|
i += 1;
|
|
404
390
|
continue;
|
|
405
391
|
}
|
|
@@ -40,6 +40,13 @@ var workerThreads = require("node:worker_threads");
|
|
|
40
40
|
var allowed = Array.isArray(data.allowedGlobals) ? data.allowedGlobals : [];
|
|
41
41
|
var maxResultBytes = (typeof data.maxResultBytes === "number") ? data.maxResultBytes : null;
|
|
42
42
|
|
|
43
|
+
// Capture the real UTF-8 byte counter BEFORE the global strip below deletes
|
|
44
|
+
// `Buffer`. The result cap is a BYTE budget — measuring the serialized
|
|
45
|
+
// result with `String.length` (UTF-16 code units) under-enforces it on
|
|
46
|
+
// multibyte output. A detached `Buffer.byteLength` keeps working after
|
|
47
|
+
// `delete globalThis.Buffer`.
|
|
48
|
+
var byteLength = Buffer.byteLength;
|
|
49
|
+
|
|
43
50
|
var ALWAYS_AVAILABLE = [
|
|
44
51
|
"Object", "Array", "String", "Number", "Boolean", "Symbol",
|
|
45
52
|
"Promise", "Error", "TypeError", "RangeError", "RegExp",
|
|
@@ -113,10 +120,10 @@ var workerThreads = require("node:worker_threads");
|
|
|
113
120
|
});
|
|
114
121
|
return;
|
|
115
122
|
}
|
|
116
|
-
if (maxResultBytes !== null && serialized && serialized
|
|
123
|
+
if (maxResultBytes !== null && serialized && byteLength(serialized, "utf8") > maxResultBytes) {
|
|
117
124
|
workerThreads.parentPort.postMessage({
|
|
118
125
|
ok: false, code: "sandbox/oversized-result",
|
|
119
|
-
message: "sandbox result exceeded maxResultBytes (" + serialized
|
|
126
|
+
message: "sandbox result exceeded maxResultBytes (" + byteLength(serialized, "utf8") + " > " + maxResultBytes + ")",
|
|
120
127
|
runtimeMs: runtimeMs, peakBytes: peakBytes,
|
|
121
128
|
});
|
|
122
129
|
return;
|
|
@@ -82,6 +82,7 @@ var nodePath = require("node:path");
|
|
|
82
82
|
var lazyRequire = require("./lazy-require");
|
|
83
83
|
var validateOpts = require("./validate-opts");
|
|
84
84
|
var numericBounds = require("./numeric-bounds");
|
|
85
|
+
var safeBuffer = require("./safe-buffer");
|
|
85
86
|
var C = require("./constants");
|
|
86
87
|
var { SandboxError } = require("./framework-error");
|
|
87
88
|
|
|
@@ -201,9 +202,9 @@ function run(opts) {
|
|
|
201
202
|
return Promise.reject(new SandboxError("sandbox/bad-input",
|
|
202
203
|
"sandbox.run: opts.input is not JSON-serializable: " + (eSer && eSer.message)));
|
|
203
204
|
}
|
|
204
|
-
if (inputJson !== null && inputJson
|
|
205
|
+
if (inputJson !== null && safeBuffer.byteLengthOf(inputJson) > maxBytes) {
|
|
205
206
|
return Promise.reject(new SandboxError("sandbox/input-too-large",
|
|
206
|
-
"sandbox.run: opts.input serialized to " + inputJson
|
|
207
|
+
"sandbox.run: opts.input serialized to " + safeBuffer.byteLengthOf(inputJson) + " bytes (>" + maxBytes + ")"));
|
|
207
208
|
}
|
|
208
209
|
|
|
209
210
|
var workerThreads;
|