@blamejs/core 0.14.0 → 0.14.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/_test/crypto-fixtures.js +3 -3
- package/lib/a2a-tasks.js +18 -18
- package/lib/a2a.js +4 -4
- package/lib/acme.js +3 -3
- package/lib/agent-idempotency.js +1 -1
- package/lib/agent-orchestrator.js +8 -8
- package/lib/agent-posture-chain.js +2 -2
- package/lib/agent-saga.js +1 -1
- package/lib/agent-snapshot.js +1 -1
- package/lib/agent-stream.js +1 -1
- package/lib/agent-tenant.js +1 -1
- package/lib/agent-trace.js +3 -3
- package/lib/ai-capability.js +1 -1
- package/lib/ai-dp.js +4 -4
- package/lib/ai-input.js +3 -3
- package/lib/ai-model-manifest.js +7 -7
- package/lib/ai-pref.js +3 -3
- package/lib/archive-gz.js +2 -2
- package/lib/archive-read.js +25 -25
- package/lib/archive-tar-read.js +2 -2
- package/lib/archive-tar.js +20 -20
- package/lib/archive-wrap.js +10 -10
- package/lib/argon2-builtin.js +1 -1
- package/lib/asn1-der.js +45 -34
- package/lib/atomic-file.js +2 -2
- package/lib/audit-daily-review.js +3 -3
- package/lib/audit-sign.js +5 -5
- package/lib/audit-tools.js +1 -1
- package/lib/audit.js +2 -2
- package/lib/auth/acr-vocabulary.js +2 -2
- package/lib/auth/bot-challenge.js +3 -3
- package/lib/auth/ciba.js +7 -7
- package/lib/auth/dpop.js +3 -3
- package/lib/auth/fido-mds3.js +8 -8
- package/lib/auth/jar.js +11 -0
- package/lib/auth/jwt-external.js +5 -5
- package/lib/auth/oauth.js +7 -9
- package/lib/auth/oid4vci.js +10 -10
- package/lib/auth/oid4vp.js +2 -2
- package/lib/auth/openid-federation.js +2 -2
- package/lib/auth/passkey.js +3 -3
- package/lib/auth/saml.js +29 -25
- package/lib/auth/sd-jwt-vc-disclosure.js +1 -1
- package/lib/auth/sd-jwt-vc.js +4 -4
- package/lib/auth/status-list.js +10 -10
- package/lib/auth/step-up.js +1 -1
- package/lib/auth-bot-challenge.js +1 -1
- package/lib/backup/index.js +7 -7
- package/lib/base32.js +8 -8
- package/lib/budr.js +2 -2
- package/lib/cache-status.js +2 -2
- package/lib/calendar.js +23 -23
- package/lib/cbor.js +12 -12
- package/lib/cdn-cache-control.js +1 -1
- package/lib/cert.js +5 -5
- package/lib/cloud-events.js +5 -5
- package/lib/cms-codec.js +21 -21
- package/lib/codepoint-class.js +12 -12
- package/lib/compliance-sanctions-fuzzy.js +4 -4
- package/lib/compliance-sanctions.js +4 -4
- package/lib/compliance.js +29 -29
- package/lib/content-credentials.js +36 -36
- package/lib/cookies.js +1 -1
- package/lib/cose.js +13 -13
- package/lib/cra-report.js +1 -1
- package/lib/crdt.js +1 -1
- package/lib/crypto-field.js +2 -2
- package/lib/crypto-xwing.js +7 -7
- package/lib/crypto.js +6 -6
- package/lib/csp.js +2 -2
- package/lib/cwt.js +4 -4
- package/lib/dark-patterns.js +2 -2
- package/lib/data-act.js +2 -2
- package/lib/db-file-lifecycle.js +4 -4
- package/lib/db-query.js +1 -1
- package/lib/db.js +6 -6
- package/lib/dbsc.js +13 -13
- package/lib/did.js +17 -17
- package/lib/dora.js +4 -4
- package/lib/dsr.js +1 -1
- package/lib/early-hints.js +2 -2
- package/lib/eat.js +4 -4
- package/lib/external-db-migrate.js +1 -1
- package/lib/external-db.js +1 -1
- package/lib/flag-cache.js +1 -1
- package/lib/flag-evaluation-context.js +2 -2
- package/lib/graphql-federation.js +4 -4
- package/lib/guard-agent-registry.js +5 -5
- package/lib/guard-archive.js +24 -24
- package/lib/guard-cidr.js +33 -33
- package/lib/guard-csv.js +1 -1
- package/lib/guard-domain.js +10 -10
- package/lib/guard-dsn.js +4 -4
- package/lib/guard-email.js +19 -19
- package/lib/guard-event-bus-payload.js +4 -4
- package/lib/guard-event-bus-topic.js +6 -6
- package/lib/guard-filename.js +7 -7
- package/lib/guard-graphql.js +9 -9
- package/lib/guard-html-wcag-tagwalk.js +1 -1
- package/lib/guard-html-wcag.js +4 -4
- package/lib/guard-html.js +7 -7
- package/lib/guard-idempotency-key.js +6 -6
- package/lib/guard-image.js +4 -4
- package/lib/guard-imap-command.js +17 -17
- package/lib/guard-jmap.js +20 -20
- package/lib/guard-json.js +12 -12
- package/lib/guard-jsonpath.js +3 -3
- package/lib/guard-jwt.js +4 -4
- package/lib/guard-list-id.js +7 -7
- package/lib/guard-list-unsubscribe.js +8 -8
- package/lib/guard-mail-compose.js +4 -4
- package/lib/guard-mail-move.js +5 -5
- package/lib/guard-mail-query.js +3 -3
- package/lib/guard-mail-reply.js +3 -3
- package/lib/guard-mail-sieve.js +6 -6
- package/lib/guard-managesieve-command.js +25 -25
- package/lib/guard-markdown.js +31 -31
- package/lib/guard-message-id.js +5 -5
- package/lib/guard-mime.js +1 -1
- package/lib/guard-oauth.js +3 -3
- package/lib/guard-pdf.js +6 -6
- package/lib/guard-pop3-command.js +11 -11
- package/lib/guard-posture-chain.js +5 -5
- package/lib/guard-regex.js +10 -10
- package/lib/guard-saga-config.js +5 -5
- package/lib/guard-smtp-command.js +6 -6
- package/lib/guard-snapshot-envelope.js +3 -3
- package/lib/guard-stream-args.js +4 -4
- package/lib/guard-svg.js +11 -11
- package/lib/guard-tenant-id.js +5 -5
- package/lib/guard-time.js +15 -15
- package/lib/guard-trace-context.js +4 -4
- package/lib/guard-uuid.js +11 -11
- package/lib/guard-xml.js +12 -12
- package/lib/guard-yaml.js +16 -16
- package/lib/honeytoken.js +5 -5
- package/lib/http-client.js +1 -1
- package/lib/http-message-signature.js +2 -2
- package/lib/iab-mspa.js +3 -3
- package/lib/iab-tcf.js +70 -70
- package/lib/inbox.js +4 -4
- package/lib/ip-utils.js +15 -15
- package/lib/jose-jwe-experimental.js +2 -2
- package/lib/json-path.js +3 -3
- package/lib/json-schema.js +1 -1
- package/lib/jsonapi.js +3 -3
- package/lib/jtd.js +2 -2
- package/lib/link-header.js +1 -1
- package/lib/local-db-thin.js +1 -1
- package/lib/log.js +1 -1
- package/lib/lro.js +4 -4
- package/lib/mail-agent.js +1 -1
- package/lib/mail-arc-sign.js +6 -6
- package/lib/mail-auth.js +43 -43
- package/lib/mail-bimi.js +3 -3
- package/lib/mail-crypto-pgp.js +53 -45
- package/lib/mail-crypto-smime.js +5 -5
- package/lib/mail-dav.js +1 -1
- package/lib/mail-deploy.js +39 -39
- package/lib/mail-dkim.js +11 -11
- package/lib/mail-greylist.js +12 -12
- package/lib/mail-helo.js +1 -1
- package/lib/mail-journal.js +8 -8
- package/lib/mail-rbl.js +7 -7
- package/lib/mail-scan.js +7 -7
- package/lib/mail-send-deliver.js +2 -2
- package/lib/mail-server-imap.js +12 -12
- package/lib/mail-server-jmap.js +16 -16
- package/lib/mail-server-managesieve.js +4 -4
- package/lib/mail-server-mx.js +17 -17
- package/lib/mail-server-pop3.js +4 -4
- package/lib/mail-server-rate-limit.js +2 -2
- package/lib/mail-server-submission.js +21 -21
- package/lib/mail-sieve.js +2 -2
- package/lib/mail-spam-score.js +5 -5
- package/lib/mail-srs.js +12 -12
- package/lib/mail-store-fts.js +2 -2
- package/lib/mail-store.js +8 -8
- package/lib/mail-unsubscribe.js +4 -4
- package/lib/mail.js +4 -4
- package/lib/mcp-tool-registry.js +4 -4
- package/lib/mcp.js +8 -8
- package/lib/mdoc.js +2 -2
- package/lib/metrics.js +8 -8
- package/lib/middleware/age-gate.js +1 -1
- package/lib/middleware/api-encrypt.js +7 -7
- package/lib/middleware/assetlinks.js +2 -2
- package/lib/middleware/asyncapi-serve.js +2 -2
- package/lib/middleware/bearer-auth.js +5 -5
- package/lib/middleware/body-parser.js +5 -5
- package/lib/middleware/compose-pipeline.js +15 -15
- package/lib/middleware/csp-report.js +4 -4
- package/lib/middleware/daily-byte-quota.js +1 -1
- package/lib/middleware/dpop.js +1 -1
- package/lib/middleware/headers.js +2 -2
- package/lib/middleware/host-allowlist.js +1 -1
- package/lib/middleware/idempotency-key.js +12 -12
- package/lib/middleware/nel.js +1 -1
- package/lib/middleware/openapi-serve.js +2 -2
- package/lib/middleware/protected-resource-metadata.js +2 -2
- package/lib/middleware/require-aal.js +1 -1
- package/lib/middleware/require-bound-key.js +2 -2
- package/lib/middleware/require-content-type.js +1 -1
- package/lib/middleware/require-methods.js +1 -1
- package/lib/middleware/require-step-up.js +2 -2
- package/lib/middleware/scim-server.js +1 -1
- package/lib/middleware/security-txt.js +3 -3
- package/lib/middleware/tus-upload.js +12 -12
- package/lib/middleware/web-app-manifest.js +2 -2
- package/lib/network-byte-quota.js +1 -1
- package/lib/network-dns-resolver.js +23 -23
- package/lib/network-dns.js +29 -29
- package/lib/network-dnssec.js +33 -33
- package/lib/network-smtp-policy.js +10 -10
- package/lib/network-tls.js +99 -94
- package/lib/network-tsig.js +33 -33
- package/lib/nis2-report.js +1 -1
- package/lib/ntp-check.js +3 -3
- package/lib/observability-otlp-exporter.js +17 -17
- package/lib/observability-tracer.js +6 -6
- package/lib/observability.js +8 -8
- package/lib/openapi-yaml.js +1 -1
- package/lib/openapi.js +1 -1
- package/lib/outbox.js +6 -6
- package/lib/pqc-agent.js +4 -4
- package/lib/pqc-software.js +1 -1
- package/lib/privacy-pass.js +5 -5
- package/lib/problem-details.js +5 -5
- package/lib/promise-pool.js +1 -1
- package/lib/protobuf-encoder.js +9 -1
- package/lib/queue.js +4 -2
- package/lib/redact.js +2 -2
- package/lib/request-helpers.js +1 -1
- package/lib/router.js +10 -10
- package/lib/safe-async.js +2 -2
- package/lib/safe-dns.js +71 -71
- package/lib/safe-ical.js +19 -19
- package/lib/safe-icap.js +24 -24
- package/lib/safe-jsonpath.js +2 -2
- package/lib/safe-mime.js +10 -10
- package/lib/safe-mount-info.js +3 -3
- package/lib/safe-redirect.js +1 -1
- package/lib/safe-sieve.js +23 -23
- package/lib/safe-smtp.js +1 -1
- package/lib/safe-vcard.js +14 -14
- package/lib/sandbox.js +5 -5
- package/lib/sec-cyber.js +1 -1
- package/lib/self-update-standalone-verifier.js +3 -3
- package/lib/self-update.js +3 -3
- package/lib/server-timing.js +3 -3
- package/lib/session-device-binding.js +7 -7
- package/lib/session.js +8 -8
- package/lib/standard-webhooks.js +4 -4
- package/lib/storage.js +2 -2
- package/lib/stream-throttle.js +1 -1
- package/lib/structured-fields.js +15 -15
- package/lib/subject.js +1 -1
- package/lib/tcpa-10dlc.js +1 -1
- package/lib/tenant-quota.js +3 -3
- package/lib/test-harness.js +1 -1
- package/lib/tracing.js +1 -1
- package/lib/tsa.js +5 -5
- package/lib/uri-template.js +5 -5
- package/lib/vault/index.js +2 -2
- package/lib/vault/seal-pem-file.js +4 -4
- package/lib/vc.js +2 -2
- package/lib/vendor-data.js +1 -1
- package/lib/watcher.js +4 -4
- package/lib/web-push-vapid.js +21 -21
- package/lib/webhook.js +2 -2
- package/lib/websocket.js +3 -3
- package/lib/worker-pool.js +3 -3
- package/lib/ws-client.js +24 -24
- package/lib/xml-c14n.js +2 -2
- package/package.json +1 -1
- package/sbom.cdx.json +6 -6
package/lib/iab-tcf.js
CHANGED
|
@@ -100,14 +100,14 @@ var { defineClass } = require("./framework-error");
|
|
|
100
100
|
var IabTcfError = defineClass("IabTcfError", { alwaysPermanent: true });
|
|
101
101
|
|
|
102
102
|
// TCF v2.3 spec values.
|
|
103
|
-
var TCF_V23_CORE_VERSION = 4; //
|
|
104
|
-
var TCF_V23_POLICY_VERSION = 4; //
|
|
103
|
+
var TCF_V23_CORE_VERSION = 4; // TCF spec version, not bytes
|
|
104
|
+
var TCF_V23_POLICY_VERSION = 4; // TCF policy version, not bytes
|
|
105
105
|
// SEGMENT_TYPE_CORE = 0 documented but not declared as a const — the
|
|
106
106
|
// core segment is identified positionally (segment[0]) not by the
|
|
107
107
|
// 3-bit type prefix the secondary segments use.
|
|
108
|
-
var SEGMENT_TYPE_DISCLOSED_VENDORS = 1; //
|
|
109
|
-
var SEGMENT_TYPE_ALLOWED_VENDORS = 2; //
|
|
110
|
-
var SEGMENT_TYPE_PUBLISHER_TC = 3; //
|
|
108
|
+
var SEGMENT_TYPE_DISCLOSED_VENDORS = 1; // TCF segment-type marker, not bytes
|
|
109
|
+
var SEGMENT_TYPE_ALLOWED_VENDORS = 2; // TCF segment-type marker, not bytes
|
|
110
|
+
var SEGMENT_TYPE_PUBLISHER_TC = 3; // TCF segment-type marker, not bytes
|
|
111
111
|
var MAX_TC_STRING_BYTES = 64 * 1024; // allow:raw-byte-literal — request-payload cap
|
|
112
112
|
|
|
113
113
|
// base64url decode (no padding) → Buffer.
|
|
@@ -124,7 +124,7 @@ function _b64urlDecode(s) {
|
|
|
124
124
|
// Bit-level reader over a Buffer.
|
|
125
125
|
function _bitReader(buf) {
|
|
126
126
|
var bitOffset = 0;
|
|
127
|
-
var totalBits = buf.length * 8; //
|
|
127
|
+
var totalBits = buf.length * 8; // bits per byte
|
|
128
128
|
function read(n) {
|
|
129
129
|
if (bitOffset + n > totalBits) {
|
|
130
130
|
throw IabTcfError.factory("iab-tcf/bad-length",
|
|
@@ -137,7 +137,7 @@ function _bitReader(buf) {
|
|
|
137
137
|
var v = 0;
|
|
138
138
|
for (var i = 0; i < n; i += 1) {
|
|
139
139
|
var byteIdx = (bitOffset + i) >> 3;
|
|
140
|
-
var bitIdx = 7 - ((bitOffset + i) & 7); //
|
|
140
|
+
var bitIdx = 7 - ((bitOffset + i) & 7); // high-bit-first ordering
|
|
141
141
|
v = (v * 2) + ((buf[byteIdx] >> bitIdx) & 1);
|
|
142
142
|
}
|
|
143
143
|
bitOffset += n;
|
|
@@ -159,25 +159,25 @@ function _bitReader(buf) {
|
|
|
159
159
|
|
|
160
160
|
function _parseCore(buf) {
|
|
161
161
|
var r = _bitReader(buf);
|
|
162
|
-
var version = r.read(6); //
|
|
163
|
-
var createdRaw = r.read(36); //
|
|
164
|
-
var lastUpdatedRaw = r.read(36); //
|
|
165
|
-
var cmpId = r.read(12); //
|
|
166
|
-
var cmpVersion = r.read(12); //
|
|
167
|
-
var consentScreen = r.read(6); //
|
|
162
|
+
var version = r.read(6); // TCF spec field width, not bytes
|
|
163
|
+
var createdRaw = r.read(36); // TCF spec field width
|
|
164
|
+
var lastUpdatedRaw = r.read(36); // TCF spec field width
|
|
165
|
+
var cmpId = r.read(12); // TCF spec field width
|
|
166
|
+
var cmpVersion = r.read(12); // TCF spec field width
|
|
167
|
+
var consentScreen = r.read(6); // TCF spec field width
|
|
168
168
|
// ConsentLanguage (12 bits = 2 chars × 6 bits, ASCII A-Z mapped 0-25)
|
|
169
|
-
var lang0 = r.read(6); //
|
|
170
|
-
var lang1 = r.read(6); //
|
|
171
|
-
var consentLanguage = String.fromCharCode(0x41 + lang0) + String.fromCharCode(0x41 + lang1); //
|
|
172
|
-
var vendorListVersion = r.read(12); //
|
|
173
|
-
var policyVersion = r.read(6); //
|
|
169
|
+
var lang0 = r.read(6); // TCF spec field width
|
|
170
|
+
var lang1 = r.read(6); // TCF spec field width
|
|
171
|
+
var consentLanguage = String.fromCharCode(0x41 + lang0) + String.fromCharCode(0x41 + lang1); // ASCII 'A' offset
|
|
172
|
+
var vendorListVersion = r.read(12); // TCF spec field width
|
|
173
|
+
var policyVersion = r.read(6); // TCF spec field width
|
|
174
174
|
var isServiceSpecific = r.read(1) === 1;
|
|
175
175
|
var useNonStandardStacks = r.read(1) === 1;
|
|
176
|
-
var specialFeatureOptins = r.readBitField(12); //
|
|
177
|
-
var purposesConsent = r.readBitField(24); //
|
|
178
|
-
var purposesLI = r.readBitField(24); //
|
|
176
|
+
var specialFeatureOptins = r.readBitField(12); // TCF spec field width
|
|
177
|
+
var purposesConsent = r.readBitField(24); // TCF spec field width
|
|
178
|
+
var purposesLI = r.readBitField(24); // TCF spec field width
|
|
179
179
|
var purposeOneTreatment = r.read(1) === 1;
|
|
180
|
-
var publisherCC = String.fromCharCode(0x41 + r.read(6)) + String.fromCharCode(0x41 + r.read(6)); //
|
|
180
|
+
var publisherCC = String.fromCharCode(0x41 + r.read(6)) + String.fromCharCode(0x41 + r.read(6)); // TCF spec field width
|
|
181
181
|
// MaxVendorIdConsent + ranged fields skipped for compactness — the
|
|
182
182
|
// framework's defensive parse only extracts the top-level shape +
|
|
183
183
|
// the vendorConsents/LIs bitmaps when present.
|
|
@@ -215,17 +215,17 @@ function _parseCore(buf) {
|
|
|
215
215
|
// restrictions", which would let a malformed string validate.
|
|
216
216
|
function _parsePublisherRestrictions(r) {
|
|
217
217
|
var out = [];
|
|
218
|
-
var num = r.read(12); //
|
|
218
|
+
var num = r.read(12); // TCF spec field width
|
|
219
219
|
for (var i = 0; i < num; i += 1) {
|
|
220
|
-
var purposeId = r.read(6); //
|
|
220
|
+
var purposeId = r.read(6); // TCF spec field width
|
|
221
221
|
var restrictionType = r.read(2);
|
|
222
|
-
var numEntries = r.read(12); //
|
|
222
|
+
var numEntries = r.read(12); // TCF spec field width
|
|
223
223
|
var vendorIds = [];
|
|
224
224
|
for (var e = 0; e < numEntries; e += 1) {
|
|
225
225
|
var isRange = r.read(1) === 1;
|
|
226
|
-
var startVendorId = r.read(16); //
|
|
226
|
+
var startVendorId = r.read(16); // TCF spec field width
|
|
227
227
|
if (isRange) {
|
|
228
|
-
var endVendorId = r.read(16); //
|
|
228
|
+
var endVendorId = r.read(16); // TCF spec field width
|
|
229
229
|
for (var v = startVendorId; v <= endVendorId; v += 1) vendorIds.push(v);
|
|
230
230
|
} else {
|
|
231
231
|
vendorIds.push(startVendorId);
|
|
@@ -240,10 +240,10 @@ function _parsePublisherRestrictions(r) {
|
|
|
240
240
|
// then a custom-purpose count and its two bit-fields.
|
|
241
241
|
function _parsePublisherTC(buf) {
|
|
242
242
|
var r = _bitReader(buf);
|
|
243
|
-
r.read(3); //
|
|
244
|
-
var pubPurposesConsent = r.readBitField(24); //
|
|
245
|
-
var pubPurposesLI = r.readBitField(24); //
|
|
246
|
-
var numCustomPurposes = r.read(6); //
|
|
243
|
+
r.read(3); // segment-type prefix
|
|
244
|
+
var pubPurposesConsent = r.readBitField(24); // TCF spec field width
|
|
245
|
+
var pubPurposesLI = r.readBitField(24); // TCF spec field width
|
|
246
|
+
var numCustomPurposes = r.read(6); // TCF spec field width
|
|
247
247
|
var customConsent = r.readBitField(numCustomPurposes);
|
|
248
248
|
var customLI = r.readBitField(numCustomPurposes);
|
|
249
249
|
return {
|
|
@@ -259,16 +259,16 @@ function _parsePublisherTC(buf) {
|
|
|
259
259
|
// Vendor section: MaxVendorId (16 bits) + IsRangeEncoding (1 bit) +
|
|
260
260
|
// either bitmap (MaxVendorId bits) or RangeEntries.
|
|
261
261
|
function _parseVendorSection(r) {
|
|
262
|
-
var maxVendorId = r.read(16); //
|
|
262
|
+
var maxVendorId = r.read(16); // TCF spec field width
|
|
263
263
|
var isRangeEncoding = r.read(1) === 1;
|
|
264
264
|
var ids = new Set();
|
|
265
265
|
if (isRangeEncoding) {
|
|
266
|
-
var numEntries = r.read(12); //
|
|
266
|
+
var numEntries = r.read(12); // TCF spec field width
|
|
267
267
|
for (var i = 0; i < numEntries; i += 1) {
|
|
268
268
|
var isRange = r.read(1) === 1;
|
|
269
|
-
var startVendorId = r.read(16); //
|
|
269
|
+
var startVendorId = r.read(16); // TCF spec field width
|
|
270
270
|
if (isRange) {
|
|
271
|
-
var endVendorId = r.read(16); //
|
|
271
|
+
var endVendorId = r.read(16); // TCF spec field width
|
|
272
272
|
for (var v = startVendorId; v <= endVendorId; v += 1) ids.add(v);
|
|
273
273
|
} else {
|
|
274
274
|
ids.add(startVendorId);
|
|
@@ -286,7 +286,7 @@ function _parseVendorSection(r) {
|
|
|
286
286
|
// SegmentType (3 bits) + MaxVendorId + IsRangeEncoding + section.
|
|
287
287
|
function _parseSecondaryVendorSegment(buf, expectedType) {
|
|
288
288
|
var r = _bitReader(buf);
|
|
289
|
-
var segType = r.read(3); //
|
|
289
|
+
var segType = r.read(3); // TCF spec field width
|
|
290
290
|
if (segType !== expectedType) {
|
|
291
291
|
throw IabTcfError.factory("iab-tcf/bad-segment-type",
|
|
292
292
|
"iabTcf: expected segment type " + expectedType + ", got " + segType);
|
|
@@ -347,7 +347,7 @@ function parseString(tcString) {
|
|
|
347
347
|
continue;
|
|
348
348
|
}
|
|
349
349
|
if (segBuf.length === 0) continue;
|
|
350
|
-
var segType = (segBuf[0] >> 5) & 0x07; //
|
|
350
|
+
var segType = (segBuf[0] >> 5) & 0x07; // TCF segment-type lives in top 3 bits
|
|
351
351
|
try {
|
|
352
352
|
if (segType === SEGMENT_TYPE_DISCLOSED_VENDORS) {
|
|
353
353
|
disclosedVendors = { present: true, vendorIds: _parseSecondaryVendorSegment(segBuf, SEGMENT_TYPE_DISCLOSED_VENDORS).ids };
|
|
@@ -567,18 +567,18 @@ function _bitWriter() {
|
|
|
567
567
|
function writeVendorSection(ids) {
|
|
568
568
|
var clean = _idArray(ids);
|
|
569
569
|
var maxVendorId = clean.length ? clean[clean.length - 1] : 0;
|
|
570
|
-
writeInt(maxVendorId, 16); //
|
|
570
|
+
writeInt(maxVendorId, 16); // TCF spec field width
|
|
571
571
|
if (maxVendorId === 0) { writeBool(false); return; }
|
|
572
572
|
var runs = _idRuns(clean);
|
|
573
|
-
var rangeBits = 1 + 12; //
|
|
574
|
-
runs.forEach(function (run) { rangeBits += 1 + 16 + (run[0] === run[1] ? 0 : 16); }); //
|
|
573
|
+
var rangeBits = 1 + 12; // TCF spec field width
|
|
574
|
+
runs.forEach(function (run) { rangeBits += 1 + 16 + (run[0] === run[1] ? 0 : 16); }); // TCF spec field width
|
|
575
575
|
var bitfieldBits = 1 + maxVendorId;
|
|
576
576
|
if (rangeBits < bitfieldBits) {
|
|
577
577
|
writeBool(true);
|
|
578
|
-
writeInt(runs.length, 12); //
|
|
578
|
+
writeInt(runs.length, 12); // TCF spec field width
|
|
579
579
|
runs.forEach(function (run) {
|
|
580
|
-
if (run[0] === run[1]) { writeBool(false); writeInt(run[0], 16); } //
|
|
581
|
-
else { writeBool(true); writeInt(run[0], 16); writeInt(run[1], 16); } //
|
|
580
|
+
if (run[0] === run[1]) { writeBool(false); writeInt(run[0], 16); } // TCF spec field width
|
|
581
|
+
else { writeBool(true); writeInt(run[0], 16); writeInt(run[1], 16); } // TCF spec field width
|
|
582
582
|
});
|
|
583
583
|
} else {
|
|
584
584
|
writeBool(false);
|
|
@@ -586,10 +586,10 @@ function _bitWriter() {
|
|
|
586
586
|
}
|
|
587
587
|
}
|
|
588
588
|
function toBuffer() {
|
|
589
|
-
var padded = bits + "0".repeat((8 - (bits.length % 8)) % 8); //
|
|
590
|
-
var byteLen = padded.length / 8; //
|
|
589
|
+
var padded = bits + "0".repeat((8 - (bits.length % 8)) % 8); // pad to whole bytes
|
|
590
|
+
var byteLen = padded.length / 8; // bits per byte
|
|
591
591
|
var out = Buffer.alloc(byteLen);
|
|
592
|
-
for (var i = 0; i < byteLen; i += 1) out[i] = parseInt(padded.slice(i * 8, i * 8 + 8), 2); //
|
|
592
|
+
for (var i = 0; i < byteLen; i += 1) out[i] = parseInt(padded.slice(i * 8, i * 8 + 8), 2); // bits per byte
|
|
593
593
|
return out;
|
|
594
594
|
}
|
|
595
595
|
return { writeInt: writeInt, writeBool: writeBool, writeBitField: writeBitField, writeVendorSection: writeVendorSection, toBuffer: toBuffer };
|
|
@@ -603,23 +603,23 @@ function _writeLetters(w, s, label) {
|
|
|
603
603
|
var str = String(s).toUpperCase();
|
|
604
604
|
if (str.length !== 2) throw IabTcfError.factory("iab-tcf/bad-value", "iabTcf.encode: " + label + " must be a 2-letter code, got '" + s + "'");
|
|
605
605
|
for (var i = 0; i < 2; i += 1) {
|
|
606
|
-
var v = str.charCodeAt(i) - 0x41; //
|
|
606
|
+
var v = str.charCodeAt(i) - 0x41; // ASCII 'A' offset
|
|
607
607
|
if (v < 0 || v > 25) throw IabTcfError.factory("iab-tcf/bad-value", "iabTcf.encode: '" + str.charAt(i) + "' is not an A-Z letter");
|
|
608
|
-
w.writeInt(v, 6); //
|
|
608
|
+
w.writeInt(v, 6); // TCF spec field width
|
|
609
609
|
}
|
|
610
610
|
}
|
|
611
611
|
|
|
612
612
|
function _encodePublisherTC(pub) {
|
|
613
613
|
var w = _bitWriter();
|
|
614
|
-
w.writeInt(SEGMENT_TYPE_PUBLISHER_TC, 3); //
|
|
615
|
-
w.writeBitField(pub.pubPurposesConsent || [], 24); //
|
|
616
|
-
w.writeBitField(pub.pubPurposesLITransparency || [], 24); //
|
|
614
|
+
w.writeInt(SEGMENT_TYPE_PUBLISHER_TC, 3); // segment-type prefix
|
|
615
|
+
w.writeBitField(pub.pubPurposesConsent || [], 24); // TCF spec field width
|
|
616
|
+
w.writeBitField(pub.pubPurposesLITransparency || [], 24); // TCF spec field width
|
|
617
617
|
var custom = _idArray(pub.customPurposesConsent || []);
|
|
618
618
|
var customLI = _idArray(pub.customPurposesLITransparency || []);
|
|
619
619
|
var n = pub.numCustomPurposes != null
|
|
620
620
|
? pub.numCustomPurposes
|
|
621
621
|
: Math.max(custom.length ? custom[custom.length - 1] : 0, customLI.length ? customLI[customLI.length - 1] : 0);
|
|
622
|
-
w.writeInt(n, 6); //
|
|
622
|
+
w.writeInt(n, 6); // TCF spec field width
|
|
623
623
|
w.writeBitField(custom, n);
|
|
624
624
|
w.writeBitField(customLI, n);
|
|
625
625
|
return _b64urlEncode(w.toBuffer());
|
|
@@ -654,47 +654,47 @@ function encode(obj) {
|
|
|
654
654
|
}
|
|
655
655
|
var c = obj.core;
|
|
656
656
|
var w = _bitWriter();
|
|
657
|
-
w.writeInt(c.version != null ? c.version : TCF_V23_CORE_VERSION, 6); //
|
|
658
|
-
w.writeInt(_decisec(c.createdAt), 36); //
|
|
659
|
-
w.writeInt(_decisec(c.lastUpdatedAt != null ? c.lastUpdatedAt : c.createdAt), 36); //
|
|
660
|
-
w.writeInt(c.cmpId || 0, 12); //
|
|
661
|
-
w.writeInt(c.cmpVersion || 0, 12); //
|
|
662
|
-
w.writeInt(c.consentScreen || 0, 6); //
|
|
657
|
+
w.writeInt(c.version != null ? c.version : TCF_V23_CORE_VERSION, 6); // TCF spec field width
|
|
658
|
+
w.writeInt(_decisec(c.createdAt), 36); // TCF spec field width
|
|
659
|
+
w.writeInt(_decisec(c.lastUpdatedAt != null ? c.lastUpdatedAt : c.createdAt), 36); // TCF spec field width
|
|
660
|
+
w.writeInt(c.cmpId || 0, 12); // TCF spec field width
|
|
661
|
+
w.writeInt(c.cmpVersion || 0, 12); // TCF spec field width
|
|
662
|
+
w.writeInt(c.consentScreen || 0, 6); // TCF spec field width
|
|
663
663
|
_writeLetters(w, c.consentLanguage || "EN", "consentLanguage");
|
|
664
|
-
w.writeInt(c.vendorListVersion || 0, 12); //
|
|
665
|
-
w.writeInt(c.policyVersion != null ? c.policyVersion : TCF_V23_POLICY_VERSION, 6); //
|
|
664
|
+
w.writeInt(c.vendorListVersion || 0, 12); // TCF spec field width
|
|
665
|
+
w.writeInt(c.policyVersion != null ? c.policyVersion : TCF_V23_POLICY_VERSION, 6); // TCF spec field width
|
|
666
666
|
w.writeBool(c.isServiceSpecific !== false);
|
|
667
667
|
w.writeBool(c.useNonStandardStacks === true);
|
|
668
|
-
w.writeBitField(c.specialFeatureOptins || [], 12); //
|
|
669
|
-
w.writeBitField(c.purposesConsent || [], 24); //
|
|
670
|
-
w.writeBitField(c.purposesLI || [], 24); //
|
|
668
|
+
w.writeBitField(c.specialFeatureOptins || [], 12); // TCF spec field width
|
|
669
|
+
w.writeBitField(c.purposesConsent || [], 24); // TCF spec field width
|
|
670
|
+
w.writeBitField(c.purposesLI || [], 24); // TCF spec field width
|
|
671
671
|
w.writeBool(c.purposeOneTreatment === true);
|
|
672
672
|
_writeLetters(w, c.publisherCC || "AA", "publisherCC");
|
|
673
673
|
w.writeVendorSection(c.vendorConsents || []);
|
|
674
674
|
w.writeVendorSection(c.vendorLIs || []);
|
|
675
675
|
var restrictions = c.publisherRestrictions || [];
|
|
676
|
-
w.writeInt(restrictions.length, 12); //
|
|
676
|
+
w.writeInt(restrictions.length, 12); // TCF spec field width
|
|
677
677
|
restrictions.forEach(function (pr) {
|
|
678
|
-
w.writeInt(pr.purposeId, 6); //
|
|
678
|
+
w.writeInt(pr.purposeId, 6); // TCF spec field width
|
|
679
679
|
w.writeInt(typeof pr.restrictionType === "number" ? pr.restrictionType : 0, 2);
|
|
680
680
|
var runs = _idRuns(_idArray(pr.vendorIds || []));
|
|
681
|
-
w.writeInt(runs.length, 12); //
|
|
681
|
+
w.writeInt(runs.length, 12); // TCF spec field width
|
|
682
682
|
runs.forEach(function (run) {
|
|
683
|
-
if (run[0] === run[1]) { w.writeBool(false); w.writeInt(run[0], 16); } //
|
|
684
|
-
else { w.writeBool(true); w.writeInt(run[0], 16); w.writeInt(run[1], 16); } //
|
|
683
|
+
if (run[0] === run[1]) { w.writeBool(false); w.writeInt(run[0], 16); } // TCF spec field width
|
|
684
|
+
else { w.writeBool(true); w.writeInt(run[0], 16); w.writeInt(run[1], 16); } // TCF spec field width
|
|
685
685
|
});
|
|
686
686
|
});
|
|
687
687
|
var segs = [_b64urlEncode(w.toBuffer())];
|
|
688
688
|
|
|
689
689
|
if (obj.disclosedVendors != null) {
|
|
690
690
|
var dw = _bitWriter();
|
|
691
|
-
dw.writeInt(SEGMENT_TYPE_DISCLOSED_VENDORS, 3); //
|
|
691
|
+
dw.writeInt(SEGMENT_TYPE_DISCLOSED_VENDORS, 3); // segment-type prefix
|
|
692
692
|
dw.writeVendorSection(obj.disclosedVendors);
|
|
693
693
|
segs.push(_b64urlEncode(dw.toBuffer()));
|
|
694
694
|
}
|
|
695
695
|
if (obj.allowedVendors != null) {
|
|
696
696
|
var aw = _bitWriter();
|
|
697
|
-
aw.writeInt(SEGMENT_TYPE_ALLOWED_VENDORS, 3); //
|
|
697
|
+
aw.writeInt(SEGMENT_TYPE_ALLOWED_VENDORS, 3); // segment-type prefix
|
|
698
698
|
aw.writeVendorSection(obj.allowedVendors);
|
|
699
699
|
segs.push(_b64urlEncode(aw.toBuffer()));
|
|
700
700
|
}
|
package/lib/inbox.js
CHANGED
|
@@ -151,14 +151,14 @@ function create(opts) {
|
|
|
151
151
|
var qTable = safeSql.quoteIdentifier(tableRaw, "sqlite");
|
|
152
152
|
var qIndex = safeSql.quoteIdentifier(tableRaw + "_received_at_idx", "sqlite");
|
|
153
153
|
var retentionDays = (typeof opts.retentionDays === "number" && opts.retentionDays > 0) // allow:numeric-opt-Infinity
|
|
154
|
-
? opts.retentionDays : 30; //
|
|
154
|
+
? opts.retentionDays : 30; // default retention days
|
|
155
155
|
var auditOn = opts.audit !== false;
|
|
156
156
|
var maxPayloadBytes = (typeof opts.maxPayloadBytes === "number" && opts.maxPayloadBytes > 0) // allow:numeric-opt-Infinity
|
|
157
157
|
? opts.maxPayloadBytes : C.BYTES.kib(64);
|
|
158
158
|
var messageIdMaxLen = (typeof opts.messageIdMaxLen === "number" && opts.messageIdMaxLen > 0) // allow:numeric-opt-Infinity
|
|
159
|
-
? opts.messageIdMaxLen : 256; //
|
|
159
|
+
? opts.messageIdMaxLen : 256; // message-id length cap
|
|
160
160
|
var sourceMaxLen = (typeof opts.sourceMaxLen === "number" && opts.sourceMaxLen > 0) // allow:numeric-opt-Infinity
|
|
161
|
-
? opts.sourceMaxLen : 256; //
|
|
161
|
+
? opts.sourceMaxLen : 256; // source length cap
|
|
162
162
|
|
|
163
163
|
function _emitAudit(action, outcome, metadata) {
|
|
164
164
|
if (!auditOn) return;
|
|
@@ -203,7 +203,7 @@ function create(opts) {
|
|
|
203
203
|
function _rejectControlChars(value, label, field) {
|
|
204
204
|
for (var i = 0; i < value.length; i += 1) {
|
|
205
205
|
var code = value.charCodeAt(i);
|
|
206
|
-
if (code === 0 || (code < 32 && code !== 9) || code === 127) { //
|
|
206
|
+
if (code === 0 || (code < 32 && code !== 9) || code === 127) { // ASCII control codepoints (NUL + C0 + DEL); allow tab
|
|
207
207
|
throw new InboxError("inbox/bad-receive",
|
|
208
208
|
label + ": " + field + " contains control character at index " + i +
|
|
209
209
|
" (codepoint " + code + ")");
|
package/lib/ip-utils.js
CHANGED
|
@@ -29,34 +29,34 @@ function expandIpv6Hex(ip) {
|
|
|
29
29
|
var dual = ip.match(/^(.*?):(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$/); // allow:regex-no-length-cap — dotted-quad has fixed shape; LHS bounded by IPv6 group cap below
|
|
30
30
|
if (dual) {
|
|
31
31
|
var v4 = dual[2].split(".").map(Number);
|
|
32
|
-
if (v4.some(function (o) { return !(o >= 0 && o <= 255); })) return null; //
|
|
33
|
-
var hi = (v4[0] << 8) | v4[1]; //
|
|
34
|
-
var lo = (v4[2] << 8) | v4[3]; //
|
|
32
|
+
if (v4.some(function (o) { return !(o >= 0 && o <= 255); })) return null; // IPv4 octet range
|
|
33
|
+
var hi = (v4[0] << 8) | v4[1]; // 16-bit group pack
|
|
34
|
+
var lo = (v4[2] << 8) | v4[3]; // 16-bit group pack
|
|
35
35
|
ip = dual[1] + ":" + hi.toString(16) + ":" + lo.toString(16);
|
|
36
36
|
}
|
|
37
37
|
var dblColon = ip.split("::");
|
|
38
38
|
if (dblColon.length > 2) return null;
|
|
39
39
|
var leftGroups = dblColon[0] === "" ? [] : dblColon[0].split(":");
|
|
40
40
|
var rightGroups = dblColon.length === 2 ? (dblColon[1] === "" ? [] : dblColon[1].split(":")) : [];
|
|
41
|
-
if (dblColon.length === 1 && leftGroups.length !== 8) return null; //
|
|
42
|
-
var fillCount = 8 - leftGroups.length - rightGroups.length; //
|
|
41
|
+
if (dblColon.length === 1 && leftGroups.length !== 8) return null; // RFC 4291 IPv6 group count
|
|
42
|
+
var fillCount = 8 - leftGroups.length - rightGroups.length; // RFC 4291 IPv6 group count
|
|
43
43
|
if (fillCount < 0) return null;
|
|
44
44
|
var fill = [];
|
|
45
45
|
for (var f = 0; f < fillCount; f += 1) fill.push("0");
|
|
46
46
|
var groups = leftGroups.concat(fill).concat(rightGroups);
|
|
47
|
-
if (groups.length !== 8) return null; //
|
|
47
|
+
if (groups.length !== 8) return null; // RFC 4291 IPv6 group count
|
|
48
48
|
var hex = "";
|
|
49
|
-
for (var i = 0; i < 8; i += 1) { //
|
|
49
|
+
for (var i = 0; i < 8; i += 1) { // RFC 4291 IPv6 group count
|
|
50
50
|
var g = groups[i];
|
|
51
|
-
if (g.length === 0 || g.length > 4) return null; //
|
|
51
|
+
if (g.length === 0 || g.length > 4) return null; // RFC 4291 IPv6 hex-group max length
|
|
52
52
|
for (var hc = 0; hc < g.length; hc += 1) {
|
|
53
53
|
var cp = g.charCodeAt(hc);
|
|
54
|
-
var isDigit = cp >= 0x30 && cp <= 0x39; //
|
|
55
|
-
var isLowerHex = cp >= 0x61 && cp <= 0x66; //
|
|
56
|
-
var isUpperHex = cp >= 0x41 && cp <= 0x46; //
|
|
54
|
+
var isDigit = cp >= 0x30 && cp <= 0x39; // ASCII '0'..'9'
|
|
55
|
+
var isLowerHex = cp >= 0x61 && cp <= 0x66; // ASCII 'a'..'f'
|
|
56
|
+
var isUpperHex = cp >= 0x41 && cp <= 0x46; // ASCII 'A'..'F'
|
|
57
57
|
if (!isDigit && !isLowerHex && !isUpperHex) return null;
|
|
58
58
|
}
|
|
59
|
-
hex += g.toLowerCase().padStart(4, "0"); //
|
|
59
|
+
hex += g.toLowerCase().padStart(4, "0"); // 4 hex chars per IPv6 group
|
|
60
60
|
}
|
|
61
61
|
return hex;
|
|
62
62
|
}
|
|
@@ -72,9 +72,9 @@ function expandIpv6Hex(ip) {
|
|
|
72
72
|
function expandIpv6Groups(ip) {
|
|
73
73
|
var hex = expandIpv6Hex(ip);
|
|
74
74
|
if (hex === null) return null;
|
|
75
|
-
var groups = new Array(8); //
|
|
76
|
-
for (var i = 0; i < 8; i += 1) { //
|
|
77
|
-
groups[i] = parseInt(hex.slice(i * 4, i * 4 + 4), 16); //
|
|
75
|
+
var groups = new Array(8); // RFC 4291 IPv6 group count
|
|
76
|
+
for (var i = 0; i < 8; i += 1) { // RFC 4291 IPv6 group count
|
|
77
|
+
groups[i] = parseInt(hex.slice(i * 4, i * 4 + 4), 16); // 4 hex chars per IPv6 group
|
|
78
78
|
}
|
|
79
79
|
return groups;
|
|
80
80
|
}
|
|
@@ -151,7 +151,7 @@ function decrypt(compact, recipientPrivateKeyPem, opts) {
|
|
|
151
151
|
"decrypt: recipientPrivateKeyPem must be a non-empty PEM string");
|
|
152
152
|
}
|
|
153
153
|
var parts = compact.split(".");
|
|
154
|
-
if (parts.length !== 5) { //
|
|
154
|
+
if (parts.length !== 5) { // JWE compact serialization is 5 dot-separated segments (RFC 7516 §3.1)
|
|
155
155
|
throw new JoseJweExperimentalError("jose-jwe-exp/bad-format",
|
|
156
156
|
"decrypt: JWE compact serialization MUST have 5 segments (RFC 7516 §3.1), got " + parts.length);
|
|
157
157
|
}
|
|
@@ -168,7 +168,7 @@ function decrypt(compact, recipientPrivateKeyPem, opts) {
|
|
|
168
168
|
throw new JoseJweExperimentalError("jose-jwe-exp/bad-header",
|
|
169
169
|
"decrypt: protected header is not valid base64url");
|
|
170
170
|
}
|
|
171
|
-
if (headerBytes.length > 4096) { //
|
|
171
|
+
if (headerBytes.length > 4096) { // JWE header byte cap, not bytes-as-storage
|
|
172
172
|
throw new JoseJweExperimentalError("jose-jwe-exp/header-too-large",
|
|
173
173
|
"decrypt: protected header exceeds 4 KiB cap");
|
|
174
174
|
}
|
package/lib/json-path.js
CHANGED
|
@@ -34,7 +34,7 @@ var { defineClass } = require("./framework-error");
|
|
|
34
34
|
|
|
35
35
|
var JsonPathError = defineClass("JsonPathError", { alwaysPermanent: true });
|
|
36
36
|
|
|
37
|
-
var MAX_DESCEND_NODES = 1000000; //
|
|
37
|
+
var MAX_DESCEND_NODES = 1000000; // DoS ceiling on nodes visited by a descendant walk
|
|
38
38
|
|
|
39
39
|
// ---------------------------------------------------------------------------
|
|
40
40
|
// Parser — recursive descent over the RFC 9535 ABNF.
|
|
@@ -179,12 +179,12 @@ _Parser.prototype.parseStringLiteral = function () {
|
|
|
179
179
|
else if (e === "u") {
|
|
180
180
|
var hex = this.s.substr(this.i, 4);
|
|
181
181
|
if (!/^[0-9a-fA-F]{4}$/.test(hex)) this.err("invalid \\u escape");
|
|
182
|
-
var cp = parseInt(hex, 16); this.i += 4; //
|
|
182
|
+
var cp = parseInt(hex, 16); this.i += 4; // base-16 radix for \uXXXX
|
|
183
183
|
// Surrogate pair handling.
|
|
184
184
|
if (cp >= 0xD800 && cp <= 0xDBFF && this.s.substr(this.i, 2) === "\\u") {
|
|
185
185
|
var hex2 = this.s.substr(this.i + 2, 4);
|
|
186
186
|
if (/^[0-9a-fA-F]{4}$/.test(hex2)) {
|
|
187
|
-
var lo = parseInt(hex2, 16); //
|
|
187
|
+
var lo = parseInt(hex2, 16); // base-16 radix for \uXXXX low surrogate
|
|
188
188
|
if (lo >= 0xDC00 && lo <= 0xDFFF) { out += String.fromCharCode(cp, lo); this.i += 6; continue; }
|
|
189
189
|
}
|
|
190
190
|
this.err("invalid surrogate pair");
|
package/lib/json-schema.js
CHANGED
|
@@ -54,7 +54,7 @@ var { defineClass } = require("./framework-error");
|
|
|
54
54
|
var JsonSchemaError = defineClass("JsonSchemaError", { alwaysPermanent: true });
|
|
55
55
|
|
|
56
56
|
var DIALECT_2020_12 = "https://json-schema.org/draft/2020-12/schema";
|
|
57
|
-
var MAX_REF_DEPTH = 10000; //
|
|
57
|
+
var MAX_REF_DEPTH = 10000; // recursion-depth cap (count, not a byte size)
|
|
58
58
|
var DEFAULT_MAX_ERRORS = 100; // error-collection cap
|
|
59
59
|
|
|
60
60
|
function _typeOf(v) {
|
package/lib/jsonapi.js
CHANGED
|
@@ -210,12 +210,12 @@ function parseQuery(queryString, opts) {
|
|
|
210
210
|
return { field: s, asc: asc };
|
|
211
211
|
});
|
|
212
212
|
} else if (rawKey.indexOf("fields[") === 0 && rawKey.charAt(rawKey.length - 1) === "]") {
|
|
213
|
-
var type = rawKey.slice(7, -1); //
|
|
213
|
+
var type = rawKey.slice(7, -1); // `fields[` length
|
|
214
214
|
out.fields[type] = rawVal.split(",").map(function (s) { return s.trim(); }).filter(Boolean);
|
|
215
215
|
} else if (rawKey.indexOf("filter[") === 0 && rawKey.charAt(rawKey.length - 1) === "]") {
|
|
216
|
-
out.filter[rawKey.slice(7, -1)] = rawVal; //
|
|
216
|
+
out.filter[rawKey.slice(7, -1)] = rawVal; // `filter[` length
|
|
217
217
|
} else if (rawKey.indexOf("page[") === 0 && rawKey.charAt(rawKey.length - 1) === "]") {
|
|
218
|
-
out.page[rawKey.slice(5, -1)] = rawVal; //
|
|
218
|
+
out.page[rawKey.slice(5, -1)] = rawVal; // `page[` length
|
|
219
219
|
}
|
|
220
220
|
}
|
|
221
221
|
return out;
|
package/lib/jtd.js
CHANGED
|
@@ -40,8 +40,8 @@ var TYPES = {
|
|
|
40
40
|
int8: 1, uint8: 1, int16: 1, uint16: 1, int32: 1, uint32: 1,
|
|
41
41
|
};
|
|
42
42
|
var INT_RANGES = {
|
|
43
|
-
int8: [-128, 127], uint8: [0, 255], int16: [-32768, 32767], //
|
|
44
|
-
uint16: [0, 65535], int32: [-2147483648, 2147483647], uint32: [0, 4294967295], //
|
|
43
|
+
int8: [-128, 127], uint8: [0, 255], int16: [-32768, 32767], // RFC 8927 integer type bounds
|
|
44
|
+
uint16: [0, 65535], int32: [-2147483648, 2147483647], uint32: [0, 4294967295], // RFC 8927 integer type bounds
|
|
45
45
|
};
|
|
46
46
|
var FORM_KEYWORDS = ["ref", "type", "enum", "elements", "properties", "optionalProperties", "values", "discriminator"];
|
|
47
47
|
var SHARED_KEYWORDS = { definitions: 1, nullable: 1, metadata: 1 };
|
package/lib/link-header.js
CHANGED
|
@@ -32,7 +32,7 @@ var { defineClass } = require("./framework-error");
|
|
|
32
32
|
|
|
33
33
|
var LinkHeaderError = defineClass("LinkHeaderError", { alwaysPermanent: true });
|
|
34
34
|
|
|
35
|
-
var MAX_HEADER_BYTES = 16384; //
|
|
35
|
+
var MAX_HEADER_BYTES = 16384; // defensive cap on a parsed Link header
|
|
36
36
|
|
|
37
37
|
// Split a Link header on the commas that separate links — those OUTSIDE
|
|
38
38
|
// a <uri-reference> and outside a quoted-string. structuredFields'
|
package/lib/local-db-thin.js
CHANGED
|
@@ -65,7 +65,7 @@ var audit = lazyRequire(function () { return require("./audit"); });
|
|
|
65
65
|
// LRU prepared-statement cache cap — same magnitude as lib/db.js's full
|
|
66
66
|
// variant. Daemons issuing more than this many distinct SQL strings
|
|
67
67
|
// likely have a string-concat bug rather than a legitimate need.
|
|
68
|
-
var PREPARE_CACHE_MAX = 256; //
|
|
68
|
+
var PREPARE_CACHE_MAX = 256; // distinct-statement cache cap
|
|
69
69
|
|
|
70
70
|
var ALLOWED_RECOVERY = ["refuse", "rename-and-recreate"];
|
|
71
71
|
|
package/lib/log.js
CHANGED
|
@@ -554,7 +554,7 @@ var _BIDI_CONTROL_RE = /[]/g;
|
|
|
554
554
|
function _escapeBidiControls(s) {
|
|
555
555
|
if (typeof s !== "string" || s.length === 0) return s;
|
|
556
556
|
return s.replace(_BIDI_CONTROL_RE, function (ch) {
|
|
557
|
-
var code = ch.charCodeAt(0).toString(16); //
|
|
557
|
+
var code = ch.charCodeAt(0).toString(16); // Unicode hex radix
|
|
558
558
|
while (code.length < 4) code = "0" + code;
|
|
559
559
|
return "\\u" + code;
|
|
560
560
|
});
|
package/lib/lro.js
CHANGED
|
@@ -71,9 +71,9 @@ function create(opts) {
|
|
|
71
71
|
var prefix = opts.namePrefix || "operations/";
|
|
72
72
|
numericBounds.requirePositiveFiniteIntIfPresent(opts.maxConcurrent, "maxConcurrent",
|
|
73
73
|
LroError, "lro/bad-max-concurrent");
|
|
74
|
-
var maxConcurrent = typeof opts.maxConcurrent === "number" ? opts.maxConcurrent : 1024; //
|
|
74
|
+
var maxConcurrent = typeof opts.maxConcurrent === "number" ? opts.maxConcurrent : 1024; // default in-flight cap
|
|
75
75
|
|
|
76
|
-
function _newName() { return prefix + bCrypto.generateToken(32); } //
|
|
76
|
+
function _newName() { return prefix + bCrypto.generateToken(32); } // 32-char name token
|
|
77
77
|
|
|
78
78
|
function submit(submitOpts) {
|
|
79
79
|
submitOpts = validateOpts.requireObject(submitOpts, "lro.submit",
|
|
@@ -126,7 +126,7 @@ function create(opts) {
|
|
|
126
126
|
stored.done = true;
|
|
127
127
|
// AIP-151 error: { code, message, details? } shape.
|
|
128
128
|
var msg = (err && err.message) || String(err);
|
|
129
|
-
stored.error = { code: 13, message: msg }; //
|
|
129
|
+
stored.error = { code: 13, message: msg }; // google.rpc.Code.INTERNAL = 13
|
|
130
130
|
if (err && err.code) stored.error.errorCode = err.code;
|
|
131
131
|
stored.completedAt = new Date().toISOString();
|
|
132
132
|
});
|
|
@@ -175,7 +175,7 @@ function create(opts) {
|
|
|
175
175
|
}
|
|
176
176
|
// Mark cancelled per AIP-151 — error.code 1 = CANCELLED.
|
|
177
177
|
op.done = true;
|
|
178
|
-
op.error = { code: 1, message: "operation cancelled" }; //
|
|
178
|
+
op.error = { code: 1, message: "operation cancelled" }; // google.rpc.Code.CANCELLED = 1
|
|
179
179
|
op.completedAt = new Date().toISOString();
|
|
180
180
|
return _stripPrivate(op);
|
|
181
181
|
}
|
package/lib/mail-agent.js
CHANGED
|
@@ -89,7 +89,7 @@ var MailAgentError = defineClass("MailAgentError", { alwaysPermanent: true });
|
|
|
89
89
|
|
|
90
90
|
var DEFAULT_QUEUE_TOPIC = "mail.agent.tasks";
|
|
91
91
|
var DEFAULT_TASK_TIMEOUT_MS = C.TIME.seconds(30);
|
|
92
|
-
var DEFAULT_QUEUE_DEPTH_CAP = 1024; //
|
|
92
|
+
var DEFAULT_QUEUE_DEPTH_CAP = 1024; // queue depth, not bytes
|
|
93
93
|
|
|
94
94
|
// Methods that route to worker / queue dispatch under "auto" mode. The
|
|
95
95
|
// rest are fast-path single-row ops that stay local even under "auto".
|
package/lib/mail-arc-sign.js
CHANGED
|
@@ -103,8 +103,8 @@ function _parseHeaderBlock(headerBlock) {
|
|
|
103
103
|
}
|
|
104
104
|
|
|
105
105
|
function _canonRelaxedHeader(name, value) {
|
|
106
|
-
var unfolded = String(value).replace(/\r?\n[ \t]+/g, " "); // allow:duplicate-regex
|
|
107
|
-
var trimmed = unfolded.replace(/[ \t]+/g, " ").replace(/^[ \t]+|[ \t]+$/g, ""); // allow:duplicate-regex
|
|
106
|
+
var unfolded = String(value).replace(/\r?\n[ \t]+/g, " "); // allow:duplicate-regex — DKIM/ARC RFC 6376 §3.4.2 unfolding
|
|
107
|
+
var trimmed = unfolded.replace(/[ \t]+/g, " ").replace(/^[ \t]+|[ \t]+$/g, ""); // allow:duplicate-regex — DKIM/ARC RFC 6376 §3.4.2 WSP collapse
|
|
108
108
|
return name.toLowerCase() + ":" + trimmed + "\r\n";
|
|
109
109
|
}
|
|
110
110
|
|
|
@@ -133,7 +133,7 @@ function _bodyHashB64(body, algorithm) {
|
|
|
133
133
|
// extractor needs the same ceiling so a message arriving with a
|
|
134
134
|
// hostile chain (51+ instances) doesn't expand the per-hop walk to
|
|
135
135
|
// unbounded work before the signer's own validation catches up.
|
|
136
|
-
var ARC_MAX_HOPS_FOR_EXTRACT = 50; //
|
|
136
|
+
var ARC_MAX_HOPS_FOR_EXTRACT = 50; // RFC 8617 §5 chain bound
|
|
137
137
|
|
|
138
138
|
function _arcExtractPriorHops(parsedHeaders) {
|
|
139
139
|
// Walk parsedHeaders; for each ARC-Authentication-Results /
|
|
@@ -182,7 +182,7 @@ function sign(opts) {
|
|
|
182
182
|
validateOpts.requireNonEmptyString(opts.rfc822, "sign: rfc822",
|
|
183
183
|
MailAuthError, "arc-sign/bad-input");
|
|
184
184
|
if (typeof opts.instance !== "number" || !isFinite(opts.instance) ||
|
|
185
|
-
opts.instance < 1 || opts.instance > 50 || //
|
|
185
|
+
opts.instance < 1 || opts.instance > 50 || // RFC 8617 §5 chain bound
|
|
186
186
|
Math.floor(opts.instance) !== opts.instance) {
|
|
187
187
|
throw new MailAuthError("arc-sign/bad-instance",
|
|
188
188
|
"sign: instance must be an integer in [1, 50] — got " + JSON.stringify(opts.instance));
|
|
@@ -211,7 +211,7 @@ function sign(opts) {
|
|
|
211
211
|
throw new MailAuthError("arc-sign/cv-rule",
|
|
212
212
|
"sign: i=1 requires cv=none (per RFC 8617 §5.1.1)");
|
|
213
213
|
}
|
|
214
|
-
if (opts.instance >= 2 && opts.cv === "none") { //
|
|
214
|
+
if (opts.instance >= 2 && opts.cv === "none") { // RFC 8617 chain rule
|
|
215
215
|
throw new MailAuthError("arc-sign/cv-rule",
|
|
216
216
|
"sign: i>=2 disallows cv=none — must be cv=pass or cv=fail (per RFC 8617 §5.1.1)");
|
|
217
217
|
}
|
|
@@ -247,7 +247,7 @@ function sign(opts) {
|
|
|
247
247
|
}
|
|
248
248
|
}
|
|
249
249
|
var timestamp = (typeof opts.timestamp === "number" && opts.timestamp > 0) // allow:numeric-opt-Infinity
|
|
250
|
-
? Math.floor(opts.timestamp) : Math.floor(Date.now() / 1000); //
|
|
250
|
+
? Math.floor(opts.timestamp) : Math.floor(Date.now() / 1000); // Unix epoch seconds divisor
|
|
251
251
|
var auditOn = opts.audit !== false;
|
|
252
252
|
|
|
253
253
|
var keyObject;
|