@blamejs/blamejs-shop 0.4.68 → 0.4.70
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/admin.js +8 -6
- package/lib/asset-manifest.json +1 -1
- package/lib/giftcards.js +29 -5
- package/lib/security-middleware.js +65 -23
- package/lib/storefront.js +10 -7
- package/lib/vendor/MANIFEST.json +319 -267
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +58 -5
- package/lib/vendor/blamejs/examples/wiki/README.md +1 -1
- package/lib/vendor/blamejs/examples/wiki/docker-compose.prod.yml +9 -8
- package/lib/vendor/blamejs/examples/wiki/docker-compose.yml +10 -9
- package/lib/vendor/blamejs/examples/wiki/env-snapshot.json +4 -3
- package/lib/vendor/blamejs/examples/wiki/lib/build-app.js +33 -17
- package/lib/vendor/blamejs/examples/wiki/routes/admin.js +7 -10
- package/lib/vendor/blamejs/examples/wiki/server.js +5 -4
- package/lib/vendor/blamejs/examples/wiki/test/e2e.js +5 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +38 -6
- package/lib/vendor/blamejs/lib/agent-event-bus.js +13 -0
- package/lib/vendor/blamejs/lib/agent-idempotency.js +5 -1
- package/lib/vendor/blamejs/lib/agent-snapshot.js +32 -2
- package/lib/vendor/blamejs/lib/ai-aedt-bias-audit.js +2 -1
- package/lib/vendor/blamejs/lib/ai-content-detect.js +1 -3
- package/lib/vendor/blamejs/lib/ai-frontier-protocol.js +1 -1
- package/lib/vendor/blamejs/lib/ai-model-manifest.js +1 -1
- package/lib/vendor/blamejs/lib/ai-output.js +16 -7
- package/lib/vendor/blamejs/lib/api-snapshot.js +4 -1
- package/lib/vendor/blamejs/lib/app-shutdown.js +7 -1
- package/lib/vendor/blamejs/lib/archive-gz.js +9 -0
- package/lib/vendor/blamejs/lib/archive-read.js +9 -7
- package/lib/vendor/blamejs/lib/archive-tar-read.js +51 -8
- package/lib/vendor/blamejs/lib/archive.js +4 -2
- package/lib/vendor/blamejs/lib/asn1-der.js +70 -22
- package/lib/vendor/blamejs/lib/atomic-file.js +204 -2
- package/lib/vendor/blamejs/lib/audit-chain.js +54 -5
- package/lib/vendor/blamejs/lib/audit-daily-review.js +12 -2
- package/lib/vendor/blamejs/lib/audit-sign.js +2 -1
- package/lib/vendor/blamejs/lib/audit-tools.js +108 -23
- package/lib/vendor/blamejs/lib/audit.js +7 -2
- package/lib/vendor/blamejs/lib/auth/access-lock.js +2 -2
- package/lib/vendor/blamejs/lib/auth/bot-challenge.js +1 -1
- package/lib/vendor/blamejs/lib/auth/ciba.js +43 -4
- package/lib/vendor/blamejs/lib/auth/dpop.js +6 -1
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +5 -1
- package/lib/vendor/blamejs/lib/auth/jwt.js +2 -2
- package/lib/vendor/blamejs/lib/auth/lockout.js +18 -2
- package/lib/vendor/blamejs/lib/auth/passkey.js +1 -1
- package/lib/vendor/blamejs/lib/auth/password.js +1 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +33 -13
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +24 -4
- package/lib/vendor/blamejs/lib/auth/status-list.js +14 -2
- package/lib/vendor/blamejs/lib/auth/step-up.js +9 -1
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +21 -2
- package/lib/vendor/blamejs/lib/backup/bundle.js +7 -2
- package/lib/vendor/blamejs/lib/backup/crypto.js +23 -8
- package/lib/vendor/blamejs/lib/backup/index.js +41 -20
- package/lib/vendor/blamejs/lib/backup/manifest.js +7 -1
- package/lib/vendor/blamejs/lib/break-glass.js +41 -22
- package/lib/vendor/blamejs/lib/cbor.js +34 -11
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +7 -3
- package/lib/vendor/blamejs/lib/cert.js +5 -3
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/cloud-events.js +3 -2
- package/lib/vendor/blamejs/lib/cluster-storage.js +7 -3
- package/lib/vendor/blamejs/lib/codepoint-class.js +17 -0
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -1
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +9 -7
- package/lib/vendor/blamejs/lib/compliance.js +1 -1
- package/lib/vendor/blamejs/lib/config-drift.js +22 -8
- package/lib/vendor/blamejs/lib/content-credentials.js +11 -8
- package/lib/vendor/blamejs/lib/content-digest.js +11 -4
- package/lib/vendor/blamejs/lib/cookies.js +10 -2
- package/lib/vendor/blamejs/lib/cose.js +20 -0
- package/lib/vendor/blamejs/lib/crdt.js +2 -1
- package/lib/vendor/blamejs/lib/crypto-field.js +29 -23
- package/lib/vendor/blamejs/lib/crypto.js +18 -4
- package/lib/vendor/blamejs/lib/csp.js +4 -0
- package/lib/vendor/blamejs/lib/daemon.js +4 -1
- package/lib/vendor/blamejs/lib/data-act.js +27 -4
- package/lib/vendor/blamejs/lib/db-file-lifecycle.js +14 -6
- package/lib/vendor/blamejs/lib/db-query.js +69 -9
- package/lib/vendor/blamejs/lib/db.js +32 -15
- package/lib/vendor/blamejs/lib/dora.js +43 -13
- package/lib/vendor/blamejs/lib/dr-runbook.js +1 -1
- package/lib/vendor/blamejs/lib/dsa.js +2 -1
- package/lib/vendor/blamejs/lib/dsr.js +22 -8
- package/lib/vendor/blamejs/lib/early-hints.js +19 -0
- package/lib/vendor/blamejs/lib/eat.js +5 -1
- package/lib/vendor/blamejs/lib/external-db.js +60 -4
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +30 -5
- package/lib/vendor/blamejs/lib/flag-providers.js +6 -2
- package/lib/vendor/blamejs/lib/forms.js +1 -1
- package/lib/vendor/blamejs/lib/gate-contract.js +46 -5
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +18 -9
- package/lib/vendor/blamejs/lib/graphql-federation.js +17 -4
- package/lib/vendor/blamejs/lib/guard-all.js +2 -2
- package/lib/vendor/blamejs/lib/guard-dsn.js +1 -1
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-html.js +9 -11
- package/lib/vendor/blamejs/lib/guard-imap-command.js +1 -1
- package/lib/vendor/blamejs/lib/guard-jmap.js +1 -1
- package/lib/vendor/blamejs/lib/guard-json.js +14 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +1 -1
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +1 -1
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +1 -1
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +1 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +8 -9
- package/lib/vendor/blamejs/lib/html-balance.js +7 -3
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +33 -12
- package/lib/vendor/blamejs/lib/http-client.js +225 -53
- package/lib/vendor/blamejs/lib/iab-tcf.js +3 -2
- package/lib/vendor/blamejs/lib/importmap-integrity.js +41 -1
- package/lib/vendor/blamejs/lib/incident-report.js +9 -6
- package/lib/vendor/blamejs/lib/json-patch.js +1 -1
- package/lib/vendor/blamejs/lib/json-path.js +24 -3
- package/lib/vendor/blamejs/lib/jtd.js +2 -2
- package/lib/vendor/blamejs/lib/legal-hold.js +24 -8
- package/lib/vendor/blamejs/lib/log.js +2 -2
- package/lib/vendor/blamejs/lib/mail-agent.js +2 -2
- package/lib/vendor/blamejs/lib/mail-arf.js +1 -1
- package/lib/vendor/blamejs/lib/mail-auth.js +3 -3
- package/lib/vendor/blamejs/lib/mail-bimi.js +16 -16
- package/lib/vendor/blamejs/lib/mail-bounce.js +3 -3
- package/lib/vendor/blamejs/lib/mail-crypto-smime.js +71 -6
- package/lib/vendor/blamejs/lib/mail-deploy.js +9 -5
- package/lib/vendor/blamejs/lib/mail-greylist.js +2 -4
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -4
- package/lib/vendor/blamejs/lib/mail-journal.js +11 -8
- package/lib/vendor/blamejs/lib/mail-mdn.js +8 -4
- package/lib/vendor/blamejs/lib/mail-rbl.js +2 -4
- package/lib/vendor/blamejs/lib/mail-scan.js +3 -5
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +4 -1
- package/lib/vendor/blamejs/lib/mail-server-registry.js +1 -1
- package/lib/vendor/blamejs/lib/mail-server-tls.js +9 -2
- package/lib/vendor/blamejs/lib/mail-spam-score.js +2 -4
- package/lib/vendor/blamejs/lib/mail-store-fts.js +1 -1
- package/lib/vendor/blamejs/lib/mail.js +22 -2
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +24 -0
- package/lib/vendor/blamejs/lib/mcp.js +6 -4
- package/lib/vendor/blamejs/lib/mdoc.js +26 -3
- package/lib/vendor/blamejs/lib/metrics.js +14 -3
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +10 -4
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +26 -18
- package/lib/vendor/blamejs/lib/middleware/clear-site-data.js +5 -1
- package/lib/vendor/blamejs/lib/middleware/compression.js +9 -0
- package/lib/vendor/blamejs/lib/middleware/cors.js +32 -23
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +60 -21
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -4
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +28 -4
- package/lib/vendor/blamejs/lib/middleware/network-allowlist.js +61 -30
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +25 -16
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +24 -6
- package/lib/vendor/blamejs/lib/middleware/speculation-rules.js +6 -3
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +2 -2
- package/lib/vendor/blamejs/lib/money.js +1 -1
- package/lib/vendor/blamejs/lib/mtls-ca.js +10 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +1 -1
- package/lib/vendor/blamejs/lib/network-dns.js +9 -2
- package/lib/vendor/blamejs/lib/network-dnssec.js +2 -1
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +23 -5
- package/lib/vendor/blamejs/lib/network-tls.js +27 -5
- package/lib/vendor/blamejs/lib/network-tsig.js +2 -2
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -1
- package/lib/vendor/blamejs/lib/nist-crosswalk.js +1 -1
- package/lib/vendor/blamejs/lib/ntp-check.js +28 -0
- package/lib/vendor/blamejs/lib/numeric-bounds.js +9 -0
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +1 -2
- package/lib/vendor/blamejs/lib/object-store/gcs-bucket-ops.js +4 -2
- package/lib/vendor/blamejs/lib/object-store/gcs.js +6 -4
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -2
- package/lib/vendor/blamejs/lib/object-store/http-request.js +30 -1
- package/lib/vendor/blamejs/lib/object-store/local.js +37 -17
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +1 -2
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +20 -4
- package/lib/vendor/blamejs/lib/outbox.js +11 -4
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +1 -1
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +21 -3
- package/lib/vendor/blamejs/lib/queue-local.js +10 -3
- package/lib/vendor/blamejs/lib/redact.js +7 -3
- package/lib/vendor/blamejs/lib/request-helpers.js +201 -23
- package/lib/vendor/blamejs/lib/resource-access-lock.js +3 -3
- package/lib/vendor/blamejs/lib/restore-bundle.js +46 -18
- package/lib/vendor/blamejs/lib/restore-rollback.js +10 -4
- package/lib/vendor/blamejs/lib/restore.js +19 -0
- package/lib/vendor/blamejs/lib/retention.js +20 -4
- package/lib/vendor/blamejs/lib/router.js +17 -4
- package/lib/vendor/blamejs/lib/safe-ical.js +2 -2
- package/lib/vendor/blamejs/lib/safe-icap.js +1 -1
- package/lib/vendor/blamejs/lib/safe-json.js +44 -0
- package/lib/vendor/blamejs/lib/safe-sieve.js +1 -1
- package/lib/vendor/blamejs/lib/safe-vcard.js +1 -1
- package/lib/vendor/blamejs/lib/sandbox-worker.js +6 -0
- package/lib/vendor/blamejs/lib/sandbox.js +1 -1
- package/lib/vendor/blamejs/lib/scheduler.js +17 -1
- package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +16 -0
- package/lib/vendor/blamejs/lib/session.js +27 -3
- package/lib/vendor/blamejs/lib/sql.js +3 -3
- package/lib/vendor/blamejs/lib/static.js +65 -13
- package/lib/vendor/blamejs/lib/template.js +7 -5
- package/lib/vendor/blamejs/lib/tenant-quota.js +52 -19
- package/lib/vendor/blamejs/lib/tsa.js +5 -2
- package/lib/vendor/blamejs/lib/vault/index.js +5 -0
- package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +22 -26
- package/lib/vendor/blamejs/lib/vault/passphrase-source.js +8 -3
- package/lib/vendor/blamejs/lib/vault/rotate.js +13 -18
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +4 -1
- package/lib/vendor/blamejs/lib/vc.js +1 -1
- package/lib/vendor/blamejs/lib/vendor/MANIFEST.json +10 -10
- package/lib/vendor/blamejs/lib/vendor/public-suffix-list.dat +23 -10
- package/lib/vendor/blamejs/lib/vendor/public-suffix-list.data.js +5498 -5494
- package/lib/vendor/blamejs/lib/webhook.js +16 -1
- package/lib/vendor/blamejs/lib/websocket.js +1 -1
- package/lib/vendor/blamejs/lib/worm.js +1 -1
- package/lib/vendor/blamejs/lib/ws-client.js +57 -46
- package/lib/vendor/blamejs/lib/x509-chain.js +44 -0
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.14.json +122 -0
- package/lib/vendor/blamejs/scripts/check-vendor-currency.js +119 -4
- package/lib/vendor/blamejs/test/00-primitives.js +5 -1
- package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +18 -4
- package/lib/vendor/blamejs/test/layer-0-primitives/a2a-tasks.test.js +42 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-idempotency.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/agent-snapshot.test.js +47 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-gz.test.js +24 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-tar-hardening.test.js +160 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/asn1-der.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +30 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-open-nofollow.test.js +79 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-write-excl.test.js +132 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-write-stream.test.js +181 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-chain-corrupted-anchor.test.js +65 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-chain-incremental-verify.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-daily-review.test.js +48 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-signing-key-rotation.test.js +13 -3
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-verifybundle-tamper.test.js +122 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-jwt-defenses.test.js +5 -3
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-lockout.test.js +21 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-status-list.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +62 -3
- package/lib/vendor/blamejs/test/layer-0-primitives/clear-site-data.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cluster-storage.test.js +40 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +146 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-sanctions.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/compression-range.test.js +115 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/content-credentials.test.js +17 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/cors.test.js +27 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-field-per-row-key.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csrf-protect.test.js +58 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/data-act.test.js +30 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/db-raw-residency-gate.test.js +74 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dora.test.js +20 -6
- package/lib/vendor/blamejs/test/layer-0-primitives/dpop-alg-kty.test.js +64 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +32 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fda-21cfr11.test.js +43 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/fetch-metadata.test.js +30 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +33 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +34 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +72 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-throttle-transform.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/importmap-integrity.test.js +25 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +28 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-header-injection.test.js +58 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +63 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/mdoc.test.js +41 -14
- package/lib/vendor/blamejs/test/layer-0-primitives/network-allowlist.test.js +61 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/object-store-range-header.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/otlp-attr-redaction.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/output-header-hardening.test.js +102 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/parser-verify-hardening.test.js +191 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/proto-shadow-allowlist.test.js +120 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-xff-spoofing.test.js +75 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +128 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/restore-blob-remap.test.js +128 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/retention-sweep-termination.test.js +104 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/router-body-validation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-json-stringify-for-script.test.js +43 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/saml-subjectconfirmation-notonorafter.test.js +48 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +24 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +42 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/step-up.test.js +7 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/template-escape-html.test.js +43 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/tenant-quota.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vault-default-store.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/vendor-currency-classify.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ws-client.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/x509-chain-ca-enforcement.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-5-integration/external-db-residency.test.js +34 -0
- package/package.json +1 -1
|
@@ -91,7 +91,7 @@ function create(opts) {
|
|
|
91
91
|
throw new GdprRopaError("gdpr-ropa/bad-id",
|
|
92
92
|
"gdpr.ropa." + op + ": activity.id must be a non-empty string");
|
|
93
93
|
}
|
|
94
|
-
if (!VALID_LEGAL_BASES
|
|
94
|
+
if (!Object.prototype.hasOwnProperty.call(VALID_LEGAL_BASES, activity.legalBasis)) {
|
|
95
95
|
throw new GdprRopaError("gdpr-ropa/bad-legal-basis",
|
|
96
96
|
"gdpr.ropa." + op + ": activity.legalBasis must be one of " + Object.keys(VALID_LEGAL_BASES).join(", "));
|
|
97
97
|
}
|
|
@@ -127,7 +127,7 @@ function create(opts) {
|
|
|
127
127
|
registeredAt: existing.registeredAt,
|
|
128
128
|
lastUpdatedAt: now(),
|
|
129
129
|
});
|
|
130
|
-
if (patch.legalBasis && !VALID_LEGAL_BASES
|
|
130
|
+
if (patch.legalBasis && !Object.prototype.hasOwnProperty.call(VALID_LEGAL_BASES, merged.legalBasis)) {
|
|
131
131
|
throw new GdprRopaError("gdpr-ropa/bad-legal-basis",
|
|
132
132
|
"gdpr.ropa.update: legalBasis must be one of " + Object.keys(VALID_LEGAL_BASES).join(", "));
|
|
133
133
|
}
|
|
@@ -173,6 +173,21 @@ function create(opts) {
|
|
|
173
173
|
activities: list(),
|
|
174
174
|
};
|
|
175
175
|
}
|
|
176
|
+
// Quote a CSV cell AND neutralize spreadsheet formula injection (CWE-1236):
|
|
177
|
+
// a value beginning with = + - @ TAB or CR is evaluated as a formula by
|
|
178
|
+
// Excel / Google Sheets when the export is opened, so a RoPA field like
|
|
179
|
+
// "=HYPERLINK(...)" or "=cmd|..." would execute. Prefix such a value with a
|
|
180
|
+
// single quote so the spreadsheet renders it as literal text; then RFC-4180
|
|
181
|
+
// quote (double internal quotes).
|
|
182
|
+
function _csvCell(v) {
|
|
183
|
+
var s = (v === undefined || v === null) ? ""
|
|
184
|
+
: (Array.isArray(v) ? JSON.stringify(v) : String(v));
|
|
185
|
+
var c0 = s.charCodeAt(0);
|
|
186
|
+
if (c0 === 0x3d || c0 === 0x2b || c0 === 0x2d || c0 === 0x40 || c0 === 0x09 || c0 === 0x0d) {
|
|
187
|
+
s = "'" + s;
|
|
188
|
+
}
|
|
189
|
+
return '"' + s.replace(/"/g, '""') + '"';
|
|
190
|
+
}
|
|
176
191
|
function _exportCsv() {
|
|
177
192
|
var headers = [
|
|
178
193
|
"id", "name", "purposes", "legalBasis", "dataCategories",
|
|
@@ -183,13 +198,7 @@ function create(opts) {
|
|
|
183
198
|
var entries = list();
|
|
184
199
|
for (var i = 0; i < entries.length; i++) {
|
|
185
200
|
var e = entries[i];
|
|
186
|
-
|
|
187
|
-
var v = e[h];
|
|
188
|
-
if (v === undefined || v === null) return "";
|
|
189
|
-
if (Array.isArray(v)) return JSON.stringify(v).replace(/"/g, "\"\"");
|
|
190
|
-
return String(v).replace(/"/g, "\"\"");
|
|
191
|
-
});
|
|
192
|
-
rows.push(row.map(function (c) { return '"' + c + '"'; }).join(","));
|
|
201
|
+
rows.push(headers.map(function (h) { return _csvCell(e[h]); }).join(","));
|
|
193
202
|
}
|
|
194
203
|
return rows.join("\n");
|
|
195
204
|
}
|
|
@@ -35,7 +35,13 @@ var ROUTER_TOKEN_MIN_LEN = 32;
|
|
|
35
35
|
var NONCE_MIN_LEN = 16; // string-length floor for nonce entropy, not bytes
|
|
36
36
|
var NONCE_MAX_LEN = 256; // string-length cap, not bytes
|
|
37
37
|
var NONCE_PREVIEW_LEN = 8; // log-preview slice length, not bytes
|
|
38
|
-
|
|
38
|
+
// Word-boundary anchored on BOTH probes. A prefix char-class ([\s,{]) on
|
|
39
|
+
// `_service` was bypassable by an alias with no leading space — `query{x:_service{sdl}}`
|
|
40
|
+
// has `:` before `_service`, which is not in the class, so the SDL trust gate
|
|
41
|
+
// was skipped and the subgraph leaked its full SDL. `\b` already prevents
|
|
42
|
+
// matching substrings like `my_service` (no boundary between `y` and `_`), so
|
|
43
|
+
// the prefix class only added the bypass.
|
|
44
|
+
var SDL_PROBE_RE = /\b_service\b|\b_entities\b/;
|
|
39
45
|
|
|
40
46
|
/**
|
|
41
47
|
* @primitive b.graphqlFederation.queryProbesSdl
|
|
@@ -173,14 +179,21 @@ function guardSdl(opts) {
|
|
|
173
179
|
return function graphqlFedGuard(req, res, next) {
|
|
174
180
|
Promise.resolve().then(function () {
|
|
175
181
|
return _readBody(req, errorClass).then(function (rawBody) {
|
|
176
|
-
var
|
|
182
|
+
var probesSdl = false;
|
|
177
183
|
try {
|
|
178
184
|
var parsed = typeof rawBody === "string" ? safeJson.parse(rawBody, { maxBytes: C.BYTES.mib(1) }) : rawBody; // routed via safeJson.parse
|
|
179
|
-
|
|
185
|
+
// A GraphQL HTTP batch is a JSON ARRAY of operations; probe EVERY
|
|
186
|
+
// element's query, not just `parsed.query` (which is undefined for an
|
|
187
|
+
// array → the SDL gate was skipped and a batched `_service{sdl}`
|
|
188
|
+
// operation leaked the SDL on batching-enabled subgraphs).
|
|
189
|
+
var candidates = Array.isArray(parsed)
|
|
190
|
+
? parsed.map(function (o) { return o && typeof o === "object" ? o.query : null; })
|
|
191
|
+
: [parsed && typeof parsed === "object" ? parsed.query : null];
|
|
192
|
+
probesSdl = candidates.some(queryProbesSdl);
|
|
180
193
|
} catch (_e) { /* not JSON; pass through */ }
|
|
181
194
|
if (req.body === undefined) req.body = rawBody;
|
|
182
195
|
|
|
183
|
-
if (!
|
|
196
|
+
if (!probesSdl) {
|
|
184
197
|
if (typeof next === "function") next();
|
|
185
198
|
return;
|
|
186
199
|
}
|
|
@@ -128,12 +128,12 @@ function _verifyParity() {
|
|
|
128
128
|
failures.push(g.NAME + ": missing gate(opts) function");
|
|
129
129
|
}
|
|
130
130
|
SHARED_PROFILES.forEach(function (p) {
|
|
131
|
-
if (!g.PROFILES || !g.PROFILES
|
|
131
|
+
if (!g.PROFILES || !Object.prototype.hasOwnProperty.call(g.PROFILES, p)) {
|
|
132
132
|
failures.push(g.NAME + ": does not declare shared profile " + JSON.stringify(p));
|
|
133
133
|
}
|
|
134
134
|
});
|
|
135
135
|
SHARED_POSTURES.forEach(function (p) {
|
|
136
|
-
if (!g.COMPLIANCE_POSTURES || !g.COMPLIANCE_POSTURES
|
|
136
|
+
if (!g.COMPLIANCE_POSTURES || !Object.prototype.hasOwnProperty.call(g.COMPLIANCE_POSTURES, p)) {
|
|
137
137
|
failures.push(g.NAME + ": does not declare shared compliance posture " + JSON.stringify(p));
|
|
138
138
|
}
|
|
139
139
|
});
|
|
@@ -210,7 +210,7 @@ function parse(deliveryStatusBody, opts) {
|
|
|
210
210
|
"parse: per-recipient block missing Action (RFC 3464 §2.3.3)");
|
|
211
211
|
}
|
|
212
212
|
var action = fields["action"].toLowerCase();
|
|
213
|
-
if (!KNOWN_ACTIONS
|
|
213
|
+
if (!Object.prototype.hasOwnProperty.call(KNOWN_ACTIONS, action)) {
|
|
214
214
|
throw new GuardDsnError("guard-dsn/bad-action",
|
|
215
215
|
"parse: Action '" + action + "' not in RFC 3464 §2.3.3 vocabulary");
|
|
216
216
|
}
|
|
@@ -148,7 +148,7 @@ var COMPLIANCE_POSTURES = gateContract.ALL_STRICT_POSTURES;
|
|
|
148
148
|
function check(ctx, opts) {
|
|
149
149
|
opts = opts || {};
|
|
150
150
|
var profile = gateContract.resolveProfileName(opts, COMPLIANCE_POSTURES, DEFAULT_PROFILE);
|
|
151
|
-
if (!PROFILES
|
|
151
|
+
if (!Object.prototype.hasOwnProperty.call(PROFILES, profile)) {
|
|
152
152
|
throw new GuardEnvelopeError("guard-envelope/bad-profile",
|
|
153
153
|
"check: unknown profile '" + profile + "'");
|
|
154
154
|
}
|
|
@@ -107,7 +107,6 @@ var observability = lazyRequire(function () { return require("./observability");
|
|
|
107
107
|
void observability;
|
|
108
108
|
|
|
109
109
|
var _err = GuardHtmlError.factory;
|
|
110
|
-
var HEX_RADIX = 16; // base-16 radix, not byte size
|
|
111
110
|
|
|
112
111
|
// ---- Codepoint catalog (shared via lib/codepoint-class) ----
|
|
113
112
|
|
|
@@ -390,14 +389,11 @@ var NAMED_ENTITY_ASCII = {
|
|
|
390
389
|
// scheme. Returns "" if no scheme.
|
|
391
390
|
function _extractScheme(rawUrl) {
|
|
392
391
|
var s = String(rawUrl || "").trim();
|
|
393
|
-
// Decode HTML numeric entities
|
|
394
|
-
// like javascript
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
s = s.replace(/&#(\d+);/g, function (_m, d) {
|
|
399
|
-
return String.fromCharCode(parseInt(d, 10));
|
|
400
|
-
});
|
|
392
|
+
// Decode HTML numeric entities (hex &#x..; and decimal &#..;, semicolon
|
|
393
|
+
// OPTIONAL) just enough to expose hidden schemes like javascript: or
|
|
394
|
+
// the browser-decoded no-semicolon form javascript:. Shared decoder so
|
|
395
|
+
// guard-html / guard-svg / guard-markdown can't drift (see codepoint-class).
|
|
396
|
+
s = codepointClass.decodeNumericEntities(s);
|
|
401
397
|
// Decode HTML5 named entities that browsers honor inside URL
|
|
402
398
|
// contexts. Without this, payloads like `java	script:alert(1)`
|
|
403
399
|
// bypass the scheme allowlist (the literal `	` between `java`
|
|
@@ -482,9 +478,11 @@ function _tokenize(input, maxBytes) {
|
|
|
482
478
|
|
|
483
479
|
// Comment / CDATA / doctype
|
|
484
480
|
if (s.startsWith("<!--", lt)) {
|
|
485
|
-
|
|
481
|
+
// WHATWG comment end (covers "--!>" + abrupt "<!-->" / "<!--->"), not
|
|
482
|
+
// only "-->", so a smuggled element after an early terminator is split
|
|
483
|
+
// out as a live token instead of hidden inside the comment (mXSS).
|
|
484
|
+
var endC = markupTokenizer.htmlCommentEnd(s, lt);
|
|
486
485
|
if (endC === -1) endC = len;
|
|
487
|
-
else endC += 3;
|
|
488
486
|
tokens.push({ type: "comment", raw: s.slice(lt, endC), start: lt, end: endC });
|
|
489
487
|
pos = endC; continue;
|
|
490
488
|
}
|
|
@@ -242,7 +242,7 @@ function validate(line, opts) {
|
|
|
242
242
|
var verb = (verbSpace === -1 ? rest : rest.slice(0, verbSpace)).toUpperCase();
|
|
243
243
|
var args = verbSpace === -1 ? "" : rest.slice(verbSpace + 1);
|
|
244
244
|
|
|
245
|
-
if (!KNOWN_VERBS
|
|
245
|
+
if (!Object.prototype.hasOwnProperty.call(KNOWN_VERBS, verb)) {
|
|
246
246
|
throw new GuardImapCommandError("guard-imap-command/unknown-verb",
|
|
247
247
|
"guardImapCommand.validate: unknown verb '" + verb + "'");
|
|
248
248
|
}
|
|
@@ -196,7 +196,7 @@ function validate(rawBody, opts) {
|
|
|
196
196
|
throw new GuardJmapError("urn:ietf:params:jmap:error:invalidArguments",
|
|
197
197
|
"guardJmap.validate: `using[" + ui + "]` must be a string capability URI");
|
|
198
198
|
}
|
|
199
|
-
if (!CORE_CAPABILITIES
|
|
199
|
+
if (!Object.prototype.hasOwnProperty.call(CORE_CAPABILITIES, cap) && !serverCaps[cap]) {
|
|
200
200
|
throw new GuardJmapError("urn:ietf:params:jmap:error:unknownCapability",
|
|
201
201
|
"guardJmap.validate: capability '" + cap + "' not advertised by this server");
|
|
202
202
|
}
|
|
@@ -76,6 +76,7 @@ var pick = require("./pick");
|
|
|
76
76
|
var gateContract = require("./gate-contract");
|
|
77
77
|
var C = require("./constants");
|
|
78
78
|
var safeJson = require("./safe-json");
|
|
79
|
+
var safeBuffer = require("./safe-buffer");
|
|
79
80
|
var { GuardJsonError } = require("./framework-error");
|
|
80
81
|
|
|
81
82
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
@@ -229,12 +230,19 @@ function _scanTree(value, opts, ctx) {
|
|
|
229
230
|
return ctx;
|
|
230
231
|
}
|
|
231
232
|
if (value === null || typeof value !== "object") {
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
233
|
+
// maxStringLength is a BYTE cap (profiles set it via C.BYTES.*). Measure
|
|
234
|
+
// UTF-8 byte length, not value.length (UTF-16 code units) — otherwise a
|
|
235
|
+
// multibyte string (emoji / CJK / accented) under-enforces the cap by up
|
|
236
|
+
// to ~3x and the snippet mislabels the count.
|
|
237
|
+
if (typeof value === "string") {
|
|
238
|
+
var strBytes = safeBuffer.byteLengthOf(value);
|
|
239
|
+
if (strBytes > opts.maxStringLength) {
|
|
240
|
+
ctx.stringTooLongHits.push({
|
|
241
|
+
kind: "string-too-long",
|
|
242
|
+
snippet: "string byte length " + strBytes +
|
|
243
|
+
" exceeds maxStringLength " + opts.maxStringLength + " bytes",
|
|
244
|
+
});
|
|
245
|
+
}
|
|
238
246
|
}
|
|
239
247
|
return ctx;
|
|
240
248
|
}
|
|
@@ -123,7 +123,7 @@ function validate(move, opts) {
|
|
|
123
123
|
|
|
124
124
|
// System-folder allowlist OR admin scope OR allowed-folders.
|
|
125
125
|
var dest = move.toFolder;
|
|
126
|
-
if (SYSTEM_FOLDERS
|
|
126
|
+
if (Object.prototype.hasOwnProperty.call(SYSTEM_FOLDERS, dest)) return move;
|
|
127
127
|
var isAdmin = move.actor.mailScope === "admin";
|
|
128
128
|
if (isAdmin) return move;
|
|
129
129
|
var allowed = Array.isArray(move.actor.allowedFolders) ? move.actor.allowedFolders : null;
|
|
@@ -249,7 +249,7 @@ function validate(line, opts) {
|
|
|
249
249
|
var verb = (firstSpace === -1 ? line : line.slice(0, firstSpace)).toUpperCase();
|
|
250
250
|
var rest = firstSpace === -1 ? "" : line.slice(firstSpace + 1);
|
|
251
251
|
|
|
252
|
-
if (!KNOWN_VERBS
|
|
252
|
+
if (!Object.prototype.hasOwnProperty.call(KNOWN_VERBS, verb)) {
|
|
253
253
|
throw new GuardManageSieveCommandError("guard-managesieve-command/unknown-verb",
|
|
254
254
|
"guardManageSieveCommand.validate: unknown verb '" + verb + "' (RFC 5804 §2)");
|
|
255
255
|
}
|
|
@@ -183,7 +183,7 @@ function validate(line, opts) {
|
|
|
183
183
|
var verb = (firstSpace === -1 ? line : line.slice(0, firstSpace)).toUpperCase();
|
|
184
184
|
var rest = firstSpace === -1 ? "" : line.slice(firstSpace + 1);
|
|
185
185
|
|
|
186
|
-
if (!KNOWN_VERBS
|
|
186
|
+
if (!Object.prototype.hasOwnProperty.call(KNOWN_VERBS, verb)) {
|
|
187
187
|
throw new GuardPop3CommandError("guard-pop3-command/unknown-verb",
|
|
188
188
|
"guardPop3Command.validate: unknown verb '" + verb + "' (RFC 1939 §6)");
|
|
189
189
|
}
|
|
@@ -210,7 +210,7 @@ function validate(line, opts) {
|
|
|
210
210
|
var verb = (firstSpace === -1 ? line : line.slice(0, firstSpace)).toUpperCase();
|
|
211
211
|
var rest = firstSpace === -1 ? "" : line.slice(firstSpace + 1);
|
|
212
212
|
|
|
213
|
-
if (!KNOWN_VERBS
|
|
213
|
+
if (!Object.prototype.hasOwnProperty.call(KNOWN_VERBS, verb)) {
|
|
214
214
|
throw new GuardSmtpCommandError("guard-smtp-command/unknown-verb",
|
|
215
215
|
"guardSmtpCommand.validate: unknown verb '" + verb + "' (RFC 5321 §3)");
|
|
216
216
|
}
|
|
@@ -119,7 +119,6 @@ var observability = lazyRequire(function () { return require("./observability");
|
|
|
119
119
|
void observability;
|
|
120
120
|
|
|
121
121
|
var _err = GuardSvgError.factory;
|
|
122
|
-
var HEX_RADIX = 16; // base-16 radix, not byte size
|
|
123
122
|
|
|
124
123
|
// ---- Codepoint catalog (shared via lib/codepoint-class) ----
|
|
125
124
|
|
|
@@ -329,12 +328,9 @@ var SVG_NAMED_ENTITY_ASCII = {
|
|
|
329
328
|
|
|
330
329
|
function _extractScheme(rawUrl) {
|
|
331
330
|
var s = String(rawUrl || "").trim();
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
s = s.replace(/&#(\d+);/g, function (_m, d) {
|
|
336
|
-
return String.fromCharCode(parseInt(d, 10));
|
|
337
|
-
});
|
|
331
|
+
// Numeric entities (hex/decimal, semicolon OPTIONAL) via the shared decoder
|
|
332
|
+
// so guard-html / guard-svg / guard-markdown can't drift (see codepoint-class).
|
|
333
|
+
s = codepointClass.decodeNumericEntities(s);
|
|
338
334
|
s = s.replace(/&([A-Za-z][A-Za-z0-9]+);/g, function (m, name) {
|
|
339
335
|
if (Object.prototype.hasOwnProperty.call(SVG_NAMED_ENTITY_ASCII, name)) {
|
|
340
336
|
return SVG_NAMED_ENTITY_ASCII[name];
|
|
@@ -401,8 +397,11 @@ function _tokenize(input, maxBytes) {
|
|
|
401
397
|
}
|
|
402
398
|
|
|
403
399
|
if (s.startsWith("<!--", lt)) {
|
|
404
|
-
|
|
405
|
-
|
|
400
|
+
// WHATWG comment end ("--!>" + abrupt "<!-->" / "<!--->"), not only
|
|
401
|
+
// "-->", so the comment boundary matches a browser parsing inline SVG
|
|
402
|
+
// and no element is smuggled past the sanitizer (mXSS differential).
|
|
403
|
+
var endC = markupTokenizer.htmlCommentEnd(s, lt);
|
|
404
|
+
if (endC === -1) endC = len;
|
|
406
405
|
tokens.push({ type: "comment", raw: s.slice(lt, endC), start: lt, end: endC });
|
|
407
406
|
pos = endC; continue;
|
|
408
407
|
}
|
|
@@ -110,7 +110,10 @@ function check(html) {
|
|
|
110
110
|
html.charCodeAt(i + 1) === 0x21 /* ! */ &&
|
|
111
111
|
html.charCodeAt(i + 2) === 0x2D &&
|
|
112
112
|
html.charCodeAt(i + 3) === 0x2D) {
|
|
113
|
-
|
|
113
|
+
// WHATWG comment end ("--!>" + abrupt "<!-->" / "<!--->"), not only
|
|
114
|
+
// "-->", so the structural scan agrees with a browser on where the
|
|
115
|
+
// comment ends (the comment-parser differential).
|
|
116
|
+
var endComment = markupTokenizer.htmlCommentEnd(html, i);
|
|
114
117
|
if (endComment === -1) {
|
|
115
118
|
var pos = _posToLineColumn(html, i);
|
|
116
119
|
return {
|
|
@@ -121,7 +124,7 @@ function check(html) {
|
|
|
121
124
|
column: pos.column,
|
|
122
125
|
};
|
|
123
126
|
}
|
|
124
|
-
i = endComment
|
|
127
|
+
i = endComment;
|
|
125
128
|
continue;
|
|
126
129
|
}
|
|
127
130
|
|
|
@@ -218,7 +221,7 @@ function check(html) {
|
|
|
218
221
|
// Open tag (or self-closing).
|
|
219
222
|
if (selfClose || VOID_TAGS[tag]) {
|
|
220
223
|
// No push.
|
|
221
|
-
} else if (RAW_TEXT_TAGS
|
|
224
|
+
} else if (Object.prototype.hasOwnProperty.call(RAW_TEXT_TAGS, tag)) {
|
|
222
225
|
// Skip raw-text content AND its closing tag entirely. Inside
|
|
223
226
|
// <script>/<style>/<textarea>/<title> the `<` characters are
|
|
224
227
|
// text, not markup — re-entering the tag scanner on
|
|
@@ -294,6 +297,7 @@ function check(html) {
|
|
|
294
297
|
// distinguish a structural problem from a content-safety reject.
|
|
295
298
|
var lazyRequire = require("./lazy-require");
|
|
296
299
|
var _guardHtml = lazyRequire(function () { return require("./guard-html"); });
|
|
300
|
+
var markupTokenizer = require("./markup-tokenizer");
|
|
297
301
|
|
|
298
302
|
/**
|
|
299
303
|
* @primitive b.htmlBalance.checkSafe
|
|
@@ -60,9 +60,9 @@
|
|
|
60
60
|
* }
|
|
61
61
|
*/
|
|
62
62
|
|
|
63
|
-
var nodeFs = require("node:fs");
|
|
64
63
|
var nodePath = require("node:path");
|
|
65
64
|
var C = require("./constants");
|
|
65
|
+
var atomicFile = require("./atomic-file");
|
|
66
66
|
var numericBounds = require("./numeric-bounds");
|
|
67
67
|
var safeAsync = require("./safe-async");
|
|
68
68
|
var safeJson = require("./safe-json");
|
|
@@ -439,7 +439,10 @@ function create(opts) {
|
|
|
439
439
|
var rows = getAll();
|
|
440
440
|
var serialized = JSON.stringify(rows);
|
|
441
441
|
var blob = vault ? vault.seal(serialized) : serialized;
|
|
442
|
-
|
|
442
|
+
// Atomic, symlink-refusing write: a bare writeFileSync follows a symlink
|
|
443
|
+
// planted at filePath (CWE-59) and can leave a torn jar if the process
|
|
444
|
+
// dies mid-write. writeSync stages into a no-follow exclusive temp + renames.
|
|
445
|
+
atomicFile.writeSync(filePath, blob, { fileMode: 0o600 });
|
|
443
446
|
}
|
|
444
447
|
var flushScheduler = safeAsync.makeScheduledFlush(flushDebounceMs, function () {
|
|
445
448
|
if (!filePath) return;
|
|
@@ -475,18 +478,36 @@ function create(opts) {
|
|
|
475
478
|
// Persist file may be operator-tampered (or vault-sealed) — route through
|
|
476
479
|
// safeJson with an explicit byte cap so a maliciously-large file can't
|
|
477
480
|
// OOM the process before the parse fails.
|
|
478
|
-
if (filePath
|
|
481
|
+
if (filePath) {
|
|
482
|
+
// Capped fd-bound read (no existsSync check-then-read window): the cap now
|
|
483
|
+
// precedes the file allocation so a maliciously-large persist file can't OOM
|
|
484
|
+
// the process before parse. refuseSymlink+inodeCheck: the jar file is
|
|
485
|
+
// operator-local + may hold a vault-sealed (secret) blob, and is never a
|
|
486
|
+
// k8s-style projected-secret mount. A MISSING file is the normal first run.
|
|
487
|
+
var raw = null;
|
|
479
488
|
try {
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
var rows = safeJson.parse(serialized, { maxBytes: C.BYTES.mib(16) });
|
|
484
|
-
setFromSerialized(rows);
|
|
485
|
-
}
|
|
489
|
+
raw = atomicFile.fdSafeReadSync(filePath, {
|
|
490
|
+
maxBytes: C.BYTES.mib(16), encoding: "utf8", refuseSymlink: true, inodeCheck: true,
|
|
491
|
+
});
|
|
486
492
|
} catch (e) {
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
493
|
+
if (e && e.code === "ENOENT") { raw = null; } // first run — no persist file yet
|
|
494
|
+
else {
|
|
495
|
+
throw _err("LOAD_FAILED",
|
|
496
|
+
"cookieJar.create: failed to load persist file '" + filePath + "': " +
|
|
497
|
+
(e.message || String(e)));
|
|
498
|
+
}
|
|
499
|
+
}
|
|
500
|
+
if (raw !== null) {
|
|
501
|
+
try {
|
|
502
|
+
var serialized = vault ? vault.unseal(raw) : raw;
|
|
503
|
+
if (serialized && serialized.length > 0) {
|
|
504
|
+
setFromSerialized(safeJson.parse(serialized, { maxBytes: C.BYTES.mib(16) }));
|
|
505
|
+
}
|
|
506
|
+
} catch (e) {
|
|
507
|
+
throw _err("LOAD_FAILED",
|
|
508
|
+
"cookieJar.create: failed to load persist file '" + filePath + "': " +
|
|
509
|
+
(e.message || String(e)));
|
|
510
|
+
}
|
|
490
511
|
}
|
|
491
512
|
}
|
|
492
513
|
|