@blamejs/core 0.14.0 → 0.14.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/_test/crypto-fixtures.js +3 -3
- package/lib/a2a-tasks.js +18 -18
- package/lib/a2a.js +4 -4
- package/lib/acme.js +3 -3
- package/lib/agent-idempotency.js +1 -1
- package/lib/agent-orchestrator.js +8 -8
- package/lib/agent-posture-chain.js +2 -2
- package/lib/agent-saga.js +1 -1
- package/lib/agent-snapshot.js +1 -1
- package/lib/agent-stream.js +1 -1
- package/lib/agent-tenant.js +1 -1
- package/lib/agent-trace.js +3 -3
- package/lib/ai-capability.js +1 -1
- package/lib/ai-dp.js +4 -4
- package/lib/ai-input.js +3 -3
- package/lib/ai-model-manifest.js +7 -7
- package/lib/ai-pref.js +3 -3
- package/lib/archive-gz.js +2 -2
- package/lib/archive-read.js +25 -25
- package/lib/archive-tar-read.js +2 -2
- package/lib/archive-tar.js +20 -20
- package/lib/archive-wrap.js +10 -10
- package/lib/argon2-builtin.js +1 -1
- package/lib/asn1-der.js +45 -34
- package/lib/atomic-file.js +2 -2
- package/lib/audit-daily-review.js +3 -3
- package/lib/audit-sign.js +5 -5
- package/lib/audit-tools.js +1 -1
- package/lib/audit.js +2 -2
- package/lib/auth/acr-vocabulary.js +2 -2
- package/lib/auth/bot-challenge.js +3 -3
- package/lib/auth/ciba.js +7 -7
- package/lib/auth/dpop.js +3 -3
- package/lib/auth/fido-mds3.js +8 -8
- package/lib/auth/jar.js +11 -0
- package/lib/auth/jwt-external.js +5 -5
- package/lib/auth/oauth.js +7 -9
- package/lib/auth/oid4vci.js +10 -10
- package/lib/auth/oid4vp.js +2 -2
- package/lib/auth/openid-federation.js +2 -2
- package/lib/auth/passkey.js +3 -3
- package/lib/auth/saml.js +29 -25
- package/lib/auth/sd-jwt-vc-disclosure.js +1 -1
- package/lib/auth/sd-jwt-vc.js +4 -4
- package/lib/auth/status-list.js +10 -10
- package/lib/auth/step-up.js +1 -1
- package/lib/auth-bot-challenge.js +1 -1
- package/lib/backup/index.js +7 -7
- package/lib/base32.js +8 -8
- package/lib/budr.js +2 -2
- package/lib/cache-status.js +2 -2
- package/lib/calendar.js +23 -23
- package/lib/cbor.js +12 -12
- package/lib/cdn-cache-control.js +1 -1
- package/lib/cert.js +5 -5
- package/lib/cloud-events.js +5 -5
- package/lib/cms-codec.js +21 -21
- package/lib/codepoint-class.js +12 -12
- package/lib/compliance-sanctions-fuzzy.js +4 -4
- package/lib/compliance-sanctions.js +4 -4
- package/lib/compliance.js +29 -29
- package/lib/content-credentials.js +36 -36
- package/lib/cookies.js +1 -1
- package/lib/cose.js +13 -13
- package/lib/cra-report.js +1 -1
- package/lib/crdt.js +1 -1
- package/lib/crypto-field.js +2 -2
- package/lib/crypto-xwing.js +7 -7
- package/lib/crypto.js +6 -6
- package/lib/csp.js +2 -2
- package/lib/cwt.js +4 -4
- package/lib/dark-patterns.js +2 -2
- package/lib/data-act.js +2 -2
- package/lib/db-file-lifecycle.js +4 -4
- package/lib/db-query.js +1 -1
- package/lib/db.js +6 -6
- package/lib/dbsc.js +13 -13
- package/lib/did.js +17 -17
- package/lib/dora.js +4 -4
- package/lib/dsr.js +1 -1
- package/lib/early-hints.js +2 -2
- package/lib/eat.js +4 -4
- package/lib/external-db-migrate.js +1 -1
- package/lib/external-db.js +1 -1
- package/lib/flag-cache.js +1 -1
- package/lib/flag-evaluation-context.js +2 -2
- package/lib/graphql-federation.js +4 -4
- package/lib/guard-agent-registry.js +5 -5
- package/lib/guard-archive.js +24 -24
- package/lib/guard-cidr.js +33 -33
- package/lib/guard-csv.js +1 -1
- package/lib/guard-domain.js +10 -10
- package/lib/guard-dsn.js +4 -4
- package/lib/guard-email.js +19 -19
- package/lib/guard-event-bus-payload.js +4 -4
- package/lib/guard-event-bus-topic.js +6 -6
- package/lib/guard-filename.js +7 -7
- package/lib/guard-graphql.js +9 -9
- package/lib/guard-html-wcag-tagwalk.js +1 -1
- package/lib/guard-html-wcag.js +4 -4
- package/lib/guard-html.js +7 -7
- package/lib/guard-idempotency-key.js +6 -6
- package/lib/guard-image.js +4 -4
- package/lib/guard-imap-command.js +17 -17
- package/lib/guard-jmap.js +20 -20
- package/lib/guard-json.js +12 -12
- package/lib/guard-jsonpath.js +3 -3
- package/lib/guard-jwt.js +4 -4
- package/lib/guard-list-id.js +7 -7
- package/lib/guard-list-unsubscribe.js +8 -8
- package/lib/guard-mail-compose.js +4 -4
- package/lib/guard-mail-move.js +5 -5
- package/lib/guard-mail-query.js +3 -3
- package/lib/guard-mail-reply.js +3 -3
- package/lib/guard-mail-sieve.js +6 -6
- package/lib/guard-managesieve-command.js +25 -25
- package/lib/guard-markdown.js +31 -31
- package/lib/guard-message-id.js +5 -5
- package/lib/guard-mime.js +1 -1
- package/lib/guard-oauth.js +3 -3
- package/lib/guard-pdf.js +6 -6
- package/lib/guard-pop3-command.js +11 -11
- package/lib/guard-posture-chain.js +5 -5
- package/lib/guard-regex.js +10 -10
- package/lib/guard-saga-config.js +5 -5
- package/lib/guard-smtp-command.js +6 -6
- package/lib/guard-snapshot-envelope.js +3 -3
- package/lib/guard-stream-args.js +4 -4
- package/lib/guard-svg.js +11 -11
- package/lib/guard-tenant-id.js +5 -5
- package/lib/guard-time.js +15 -15
- package/lib/guard-trace-context.js +4 -4
- package/lib/guard-uuid.js +11 -11
- package/lib/guard-xml.js +12 -12
- package/lib/guard-yaml.js +16 -16
- package/lib/honeytoken.js +5 -5
- package/lib/http-client.js +1 -1
- package/lib/http-message-signature.js +2 -2
- package/lib/iab-mspa.js +3 -3
- package/lib/iab-tcf.js +70 -70
- package/lib/inbox.js +4 -4
- package/lib/ip-utils.js +15 -15
- package/lib/jose-jwe-experimental.js +2 -2
- package/lib/json-path.js +3 -3
- package/lib/json-schema.js +1 -1
- package/lib/jsonapi.js +3 -3
- package/lib/jtd.js +2 -2
- package/lib/link-header.js +1 -1
- package/lib/local-db-thin.js +1 -1
- package/lib/log.js +1 -1
- package/lib/lro.js +4 -4
- package/lib/mail-agent.js +1 -1
- package/lib/mail-arc-sign.js +6 -6
- package/lib/mail-auth.js +43 -43
- package/lib/mail-bimi.js +3 -3
- package/lib/mail-crypto-pgp.js +53 -45
- package/lib/mail-crypto-smime.js +5 -5
- package/lib/mail-dav.js +1 -1
- package/lib/mail-deploy.js +39 -39
- package/lib/mail-dkim.js +11 -11
- package/lib/mail-greylist.js +12 -12
- package/lib/mail-helo.js +1 -1
- package/lib/mail-journal.js +8 -8
- package/lib/mail-rbl.js +7 -7
- package/lib/mail-scan.js +7 -7
- package/lib/mail-send-deliver.js +2 -2
- package/lib/mail-server-imap.js +12 -12
- package/lib/mail-server-jmap.js +16 -16
- package/lib/mail-server-managesieve.js +4 -4
- package/lib/mail-server-mx.js +17 -17
- package/lib/mail-server-pop3.js +4 -4
- package/lib/mail-server-rate-limit.js +2 -2
- package/lib/mail-server-submission.js +21 -21
- package/lib/mail-sieve.js +2 -2
- package/lib/mail-spam-score.js +5 -5
- package/lib/mail-srs.js +12 -12
- package/lib/mail-store-fts.js +2 -2
- package/lib/mail-store.js +8 -8
- package/lib/mail-unsubscribe.js +4 -4
- package/lib/mail.js +4 -4
- package/lib/mcp-tool-registry.js +4 -4
- package/lib/mcp.js +8 -8
- package/lib/mdoc.js +2 -2
- package/lib/metrics.js +8 -8
- package/lib/middleware/age-gate.js +1 -1
- package/lib/middleware/api-encrypt.js +7 -7
- package/lib/middleware/assetlinks.js +2 -2
- package/lib/middleware/asyncapi-serve.js +2 -2
- package/lib/middleware/bearer-auth.js +5 -5
- package/lib/middleware/body-parser.js +5 -5
- package/lib/middleware/compose-pipeline.js +15 -15
- package/lib/middleware/csp-report.js +4 -4
- package/lib/middleware/daily-byte-quota.js +1 -1
- package/lib/middleware/dpop.js +1 -1
- package/lib/middleware/headers.js +2 -2
- package/lib/middleware/host-allowlist.js +1 -1
- package/lib/middleware/idempotency-key.js +12 -12
- package/lib/middleware/nel.js +1 -1
- package/lib/middleware/openapi-serve.js +2 -2
- package/lib/middleware/protected-resource-metadata.js +2 -2
- package/lib/middleware/require-aal.js +1 -1
- package/lib/middleware/require-bound-key.js +2 -2
- package/lib/middleware/require-content-type.js +1 -1
- package/lib/middleware/require-methods.js +1 -1
- package/lib/middleware/require-step-up.js +2 -2
- package/lib/middleware/scim-server.js +1 -1
- package/lib/middleware/security-txt.js +3 -3
- package/lib/middleware/tus-upload.js +12 -12
- package/lib/middleware/web-app-manifest.js +2 -2
- package/lib/network-byte-quota.js +1 -1
- package/lib/network-dns-resolver.js +23 -23
- package/lib/network-dns.js +29 -29
- package/lib/network-dnssec.js +33 -33
- package/lib/network-smtp-policy.js +10 -10
- package/lib/network-tls.js +99 -94
- package/lib/network-tsig.js +33 -33
- package/lib/nis2-report.js +1 -1
- package/lib/ntp-check.js +3 -3
- package/lib/observability-otlp-exporter.js +17 -17
- package/lib/observability-tracer.js +6 -6
- package/lib/observability.js +8 -8
- package/lib/openapi-yaml.js +1 -1
- package/lib/openapi.js +1 -1
- package/lib/outbox.js +6 -6
- package/lib/pqc-agent.js +4 -4
- package/lib/pqc-software.js +1 -1
- package/lib/privacy-pass.js +5 -5
- package/lib/problem-details.js +5 -5
- package/lib/promise-pool.js +1 -1
- package/lib/protobuf-encoder.js +9 -1
- package/lib/queue.js +4 -2
- package/lib/redact.js +2 -2
- package/lib/request-helpers.js +1 -1
- package/lib/router.js +10 -10
- package/lib/safe-async.js +2 -2
- package/lib/safe-dns.js +71 -71
- package/lib/safe-ical.js +19 -19
- package/lib/safe-icap.js +24 -24
- package/lib/safe-jsonpath.js +2 -2
- package/lib/safe-mime.js +10 -10
- package/lib/safe-mount-info.js +3 -3
- package/lib/safe-redirect.js +1 -1
- package/lib/safe-sieve.js +23 -23
- package/lib/safe-smtp.js +1 -1
- package/lib/safe-vcard.js +14 -14
- package/lib/sandbox.js +5 -5
- package/lib/sec-cyber.js +1 -1
- package/lib/self-update-standalone-verifier.js +3 -3
- package/lib/self-update.js +3 -3
- package/lib/server-timing.js +3 -3
- package/lib/session-device-binding.js +7 -7
- package/lib/session.js +8 -8
- package/lib/standard-webhooks.js +4 -4
- package/lib/storage.js +2 -2
- package/lib/stream-throttle.js +1 -1
- package/lib/structured-fields.js +15 -15
- package/lib/subject.js +1 -1
- package/lib/tcpa-10dlc.js +1 -1
- package/lib/tenant-quota.js +3 -3
- package/lib/test-harness.js +1 -1
- package/lib/tracing.js +1 -1
- package/lib/tsa.js +5 -5
- package/lib/uri-template.js +5 -5
- package/lib/vault/index.js +2 -2
- package/lib/vault/seal-pem-file.js +4 -4
- package/lib/vc.js +2 -2
- package/lib/vendor-data.js +1 -1
- package/lib/watcher.js +4 -4
- package/lib/web-push-vapid.js +21 -21
- package/lib/webhook.js +2 -2
- package/lib/websocket.js +3 -3
- package/lib/worker-pool.js +3 -3
- package/lib/ws-client.js +24 -24
- package/lib/xml-c14n.js +2 -2
- package/package.json +1 -1
- package/sbom.cdx.json +6 -6
package/lib/safe-icap.js
CHANGED
|
@@ -80,7 +80,7 @@ var { defineClass } = require("./framework-error");
|
|
|
80
80
|
|
|
81
81
|
var SafeIcapError = defineClass("SafeIcapError", { alwaysPermanent: true });
|
|
82
82
|
|
|
83
|
-
//
|
|
83
|
+
// RFC 3507 §4.3.3 enumerated ICAP response status codes.
|
|
84
84
|
var ALLOWED_STATUS = Object.freeze({
|
|
85
85
|
100: "Continue",
|
|
86
86
|
200: "OK",
|
|
@@ -98,7 +98,7 @@ var ALLOWED_STATUS = Object.freeze({
|
|
|
98
98
|
505: "ICAP Version Not Supported",
|
|
99
99
|
});
|
|
100
100
|
|
|
101
|
-
//
|
|
101
|
+
// RFC 3507 §4.4 Encapsulated section names.
|
|
102
102
|
var ENCAPSULATED_PARTS = Object.freeze({
|
|
103
103
|
"req-hdr": true,
|
|
104
104
|
"req-body": true,
|
|
@@ -114,19 +114,19 @@ var PROFILES = Object.freeze({
|
|
|
114
114
|
strict: {
|
|
115
115
|
maxResponseHeaderBytes: C.BYTES.kib(8),
|
|
116
116
|
maxBodyBytes: C.BYTES.mib(1),
|
|
117
|
-
maxHeaderCount: 64, //
|
|
117
|
+
maxHeaderCount: 64, // count, not bytes
|
|
118
118
|
maxHeaderValueBytes: C.BYTES.kib(4),
|
|
119
119
|
},
|
|
120
120
|
balanced: {
|
|
121
121
|
maxResponseHeaderBytes: C.BYTES.kib(32),
|
|
122
122
|
maxBodyBytes: C.BYTES.mib(16),
|
|
123
|
-
maxHeaderCount: 128, //
|
|
123
|
+
maxHeaderCount: 128, // count, not bytes
|
|
124
124
|
maxHeaderValueBytes: C.BYTES.kib(16),
|
|
125
125
|
},
|
|
126
126
|
permissive: {
|
|
127
127
|
maxResponseHeaderBytes: C.BYTES.kib(256),
|
|
128
128
|
maxBodyBytes: C.BYTES.mib(256),
|
|
129
|
-
maxHeaderCount: 256, //
|
|
129
|
+
maxHeaderCount: 256, // count, not bytes
|
|
130
130
|
maxHeaderValueBytes: C.BYTES.kib(64),
|
|
131
131
|
},
|
|
132
132
|
});
|
|
@@ -277,10 +277,10 @@ function compliancePosture(posture) {
|
|
|
277
277
|
|
|
278
278
|
function _findHeaderEnd(buf, maxHeaderBytes) {
|
|
279
279
|
var stop = Math.min(buf.length, maxHeaderBytes);
|
|
280
|
-
for (var i = 0; i + 3 < stop; i += 1) { //
|
|
280
|
+
for (var i = 0; i + 3 < stop; i += 1) { // 4-byte CRLFCRLF terminator
|
|
281
281
|
if (buf[i] === 0x0d && buf[i + 1] === 0x0a &&
|
|
282
282
|
buf[i + 2] === 0x0d && buf[i + 3] === 0x0a) {
|
|
283
|
-
return i + 4; //
|
|
283
|
+
return i + 4; // past the CRLFCRLF
|
|
284
284
|
}
|
|
285
285
|
}
|
|
286
286
|
return -1;
|
|
@@ -293,18 +293,18 @@ function _refuseBadHeaderBytes(buf, headerEnd) {
|
|
|
293
293
|
// not preceded by CR are smuggling vectors.
|
|
294
294
|
for (var i = 0; i < headerEnd; i += 1) {
|
|
295
295
|
var byte = buf[i];
|
|
296
|
-
if (byte === 0) { //
|
|
296
|
+
if (byte === 0) { // NUL byte refusal
|
|
297
297
|
throw new SafeIcapError("safe-icap/nul-in-header",
|
|
298
298
|
"safeIcap.parse: NUL byte in header region at offset=" + i);
|
|
299
299
|
}
|
|
300
|
-
if (byte === 0x0d) { //
|
|
301
|
-
if (i + 1 >= headerEnd || buf[i + 1] !== 0x0a) { //
|
|
300
|
+
if (byte === 0x0d) { // CR
|
|
301
|
+
if (i + 1 >= headerEnd || buf[i + 1] !== 0x0a) { // LF
|
|
302
302
|
throw new SafeIcapError("safe-icap/bare-cr-or-lf",
|
|
303
303
|
"safeIcap.parse: bare-CR (CR without LF) at offset=" + i +
|
|
304
304
|
" (RFC 3507 §4.3.1 ICAP-response-injection defense)");
|
|
305
305
|
}
|
|
306
|
-
} else if (byte === 0x0a) { //
|
|
307
|
-
if (i === 0 || buf[i - 1] !== 0x0d) { //
|
|
306
|
+
} else if (byte === 0x0a) { // LF
|
|
307
|
+
if (i === 0 || buf[i - 1] !== 0x0d) { // CR
|
|
308
308
|
throw new SafeIcapError("safe-icap/bare-cr-or-lf",
|
|
309
309
|
"safeIcap.parse: bare-LF (LF without CR) at offset=" + i +
|
|
310
310
|
" (RFC 3507 §4.3.1 ICAP-response-injection defense)");
|
|
@@ -319,7 +319,7 @@ function _splitCrlf(buf, start, end) {
|
|
|
319
319
|
var lines = [];
|
|
320
320
|
var lineStart = start;
|
|
321
321
|
for (var i = start; i + 1 < end; i += 1) {
|
|
322
|
-
if (buf[i] === 0x0d && buf[i + 1] === 0x0a) { //
|
|
322
|
+
if (buf[i] === 0x0d && buf[i + 1] === 0x0a) { // CRLF terminator
|
|
323
323
|
lines.push(buf.toString("ascii", lineStart, i));
|
|
324
324
|
i += 1;
|
|
325
325
|
lineStart = i + 1;
|
|
@@ -335,7 +335,7 @@ function _parseStatusLine(line) {
|
|
|
335
335
|
if (line.indexOf("ICAP/") !== 0) {
|
|
336
336
|
throw new SafeIcapError("safe-icap/bad-status-line",
|
|
337
337
|
"safeIcap.parse: status line must start with 'ICAP/' (got '" +
|
|
338
|
-
line.slice(0, 16) + "')"); //
|
|
338
|
+
line.slice(0, 16) + "')"); // bound diagnostic slice
|
|
339
339
|
}
|
|
340
340
|
var sp1 = line.indexOf(" ");
|
|
341
341
|
if (sp1 === -1) {
|
|
@@ -349,7 +349,7 @@ function _parseStatusLine(line) {
|
|
|
349
349
|
throw new SafeIcapError("safe-icap/bad-status-line",
|
|
350
350
|
"safeIcap.parse: status code not 3 ASCII digits (got '" + codeStr + "')");
|
|
351
351
|
}
|
|
352
|
-
var statusCode = parseInt(codeStr, 10); //
|
|
352
|
+
var statusCode = parseInt(codeStr, 10); // base-10 radix
|
|
353
353
|
if (!Object.prototype.hasOwnProperty.call(ALLOWED_STATUS, statusCode)) {
|
|
354
354
|
throw new SafeIcapError("safe-icap/unexpected-status",
|
|
355
355
|
"safeIcap.parse: status code " + statusCode +
|
|
@@ -364,7 +364,7 @@ function _parseHeaderLine(line, maxValueBytes) {
|
|
|
364
364
|
var colon = line.indexOf(":");
|
|
365
365
|
if (colon === -1) {
|
|
366
366
|
throw new SafeIcapError("safe-icap/bad-status-line",
|
|
367
|
-
"safeIcap.parse: header line missing ':' (got '" + line.slice(0, 32) + "')"); //
|
|
367
|
+
"safeIcap.parse: header line missing ':' (got '" + line.slice(0, 32) + "')"); // bound diagnostic slice
|
|
368
368
|
}
|
|
369
369
|
var name = line.slice(0, colon).toLowerCase();
|
|
370
370
|
if (name.length === 0) {
|
|
@@ -375,13 +375,13 @@ function _parseHeaderLine(line, maxValueBytes) {
|
|
|
375
375
|
// plus a fixed punctuation set). Refuse anything else.
|
|
376
376
|
for (var i = 0; i < name.length; i += 1) {
|
|
377
377
|
var cc = name.charCodeAt(i);
|
|
378
|
-
var ok = (cc >= 0x30 && cc <= 0x39) || //
|
|
379
|
-
(cc >= 0x41 && cc <= 0x5a) || //
|
|
380
|
-
(cc >= 0x61 && cc <= 0x7a) || //
|
|
381
|
-
cc === 0x21 || cc === 0x23 || cc === 0x24 || cc === 0x25 || //
|
|
382
|
-
cc === 0x26 || cc === 0x27 || cc === 0x2a || cc === 0x2b || //
|
|
383
|
-
cc === 0x2d || cc === 0x2e || cc === 0x5e || cc === 0x5f || //
|
|
384
|
-
cc === 0x60 || cc === 0x7c || cc === 0x7e; //
|
|
378
|
+
var ok = (cc >= 0x30 && cc <= 0x39) || // DIGIT 0-9
|
|
379
|
+
(cc >= 0x41 && cc <= 0x5a) || // UPPER (lowercased above; defensive)
|
|
380
|
+
(cc >= 0x61 && cc <= 0x7a) || // lower a-z
|
|
381
|
+
cc === 0x21 || cc === 0x23 || cc === 0x24 || cc === 0x25 || // ! # $ %
|
|
382
|
+
cc === 0x26 || cc === 0x27 || cc === 0x2a || cc === 0x2b || // & ' * +
|
|
383
|
+
cc === 0x2d || cc === 0x2e || cc === 0x5e || cc === 0x5f || // - . ^ _
|
|
384
|
+
cc === 0x60 || cc === 0x7c || cc === 0x7e; // ` | ~
|
|
385
385
|
if (!ok) {
|
|
386
386
|
throw new SafeIcapError("safe-icap/bad-status-line",
|
|
387
387
|
"safeIcap.parse: invalid char in header name '" + name + "' (RFC 7230 §3.2.6 tchar)");
|
|
@@ -447,7 +447,7 @@ function _parseEncapsulated(value) {
|
|
|
447
447
|
"safeIcap.parse: Encapsulated offset for '" + part + "' must be a non-negative integer (got '" +
|
|
448
448
|
offStr + "')");
|
|
449
449
|
}
|
|
450
|
-
var off = parseInt(offStr, 10); //
|
|
450
|
+
var off = parseInt(offStr, 10); // base-10 radix
|
|
451
451
|
if (!isFinite(off) || off < 0) {
|
|
452
452
|
throw new SafeIcapError("safe-icap/bad-encapsulated",
|
|
453
453
|
"safeIcap.parse: Encapsulated offset for '" + part + "' must be a non-negative integer (got '" +
|
package/lib/safe-jsonpath.js
CHANGED
|
@@ -86,7 +86,7 @@ function _hasControlOrNul(value) {
|
|
|
86
86
|
// legitimate use in a JSON pointer / key / path expression.
|
|
87
87
|
for (var i = 0; i < value.length; i++) {
|
|
88
88
|
var c = value.charCodeAt(i);
|
|
89
|
-
if (c === 0 || (c < 32 && c !== 9) || c === 127) return true; //
|
|
89
|
+
if (c === 0 || (c < 32 && c !== 9) || c === 127) return true; // ASCII control-byte range
|
|
90
90
|
}
|
|
91
91
|
if (codepointClass.BIDI_RE.test(value)) return true; // allow:regex-no-length-cap — callers cap length via MAX_KEY_BYTES / MAX_EXPRESSION_BYTES
|
|
92
92
|
if (codepointClass.ZERO_WIDTH_RE.test(value)) return true; // allow:regex-no-length-cap — callers cap length via MAX_KEY_BYTES / MAX_EXPRESSION_BYTES
|
|
@@ -203,7 +203,7 @@ function validateExpression(expr, opts) {
|
|
|
203
203
|
var maxDepth = opts.maxDepth || MAX_EXPRESSION_DEPTH;
|
|
204
204
|
for (var j = 0; j < expr.length; j++) {
|
|
205
205
|
var ch = expr.charCodeAt(j);
|
|
206
|
-
if (ch === 91 /* [ */ || ch === 40 /* ( */ || ch === 123 /* { */) { //
|
|
206
|
+
if (ch === 91 /* [ */ || ch === 40 /* ( */ || ch === 123 /* { */) { // ASCII '[' '(' '{' codepoints
|
|
207
207
|
depth += 1;
|
|
208
208
|
if (depth > maxDepth) {
|
|
209
209
|
throw _err("safe-jsonpath/expression-too-deep",
|
package/lib/safe-mime.js
CHANGED
|
@@ -49,7 +49,7 @@ var { defineClass } = require("./framework-error");
|
|
|
49
49
|
|
|
50
50
|
var SafeMimeError = defineClass("SafeMimeError", { alwaysPermanent: true });
|
|
51
51
|
|
|
52
|
-
var DEFAULT_MAX_PARTS = 64; //
|
|
52
|
+
var DEFAULT_MAX_PARTS = 64; // total parts cap, not bytes
|
|
53
53
|
var DEFAULT_MAX_NESTING_DEPTH = 16;
|
|
54
54
|
var DEFAULT_MAX_BOUNDARY = 70; // RFC 2046 §5.1.1
|
|
55
55
|
var DEFAULT_MAX_HEADER_BYTES = C.BYTES.kib(64);
|
|
@@ -61,7 +61,7 @@ var DEFAULT_MAX_HEADER_BYTES = C.BYTES.kib(64);
|
|
|
61
61
|
// strict 78-byte refusal would reject legitimate mail. We enforce
|
|
62
62
|
// only the 998-byte MUST. Future drift attempting to "fix" this to
|
|
63
63
|
// 78 would be a regression and should fail the audit gate.
|
|
64
|
-
var DEFAULT_MAX_HEADER_LINE = 998; //
|
|
64
|
+
var DEFAULT_MAX_HEADER_LINE = 998; // RFC 5322 §2.1.1 MUST (998); the SHOULD (78) is by design not enforced
|
|
65
65
|
// Per-message header-count cap. RFC 5322 places no upper bound on
|
|
66
66
|
// the number of headers in a message; without one, a sender can pack
|
|
67
67
|
// tens of thousands of one-byte headers into the maxHeaderBytes budget
|
|
@@ -71,7 +71,7 @@ var DEFAULT_MAX_HEADER_LINE = 998; // allow:raw-byte-l
|
|
|
71
71
|
// Microsoft 365 `MaxRecipientEnvelopePerMessage`) cap in the low
|
|
72
72
|
// hundreds; the framework picks 512 as a generous default with
|
|
73
73
|
// `maxHeaderCount` exposed for operators that legitimately need more.
|
|
74
|
-
var DEFAULT_MAX_HEADER_COUNT = 512; //
|
|
74
|
+
var DEFAULT_MAX_HEADER_COUNT = 512; // DoS bound, not bytes
|
|
75
75
|
var DEFAULT_MAX_BODY_BYTES = C.BYTES.mib(25);
|
|
76
76
|
var DEFAULT_MAX_MESSAGE_BYTES = C.BYTES.mib(50);
|
|
77
77
|
|
|
@@ -475,11 +475,11 @@ function _parseHeaders(buf, ctx) {
|
|
|
475
475
|
// they're inspecting.
|
|
476
476
|
for (var hci = 0; hci < value.length; hci += 1) {
|
|
477
477
|
var hcc = value.charCodeAt(hci);
|
|
478
|
-
if ((hcc < 0x20 && hcc !== 0x09) || hcc === 0x7F) { //
|
|
478
|
+
if ((hcc < 0x20 && hcc !== 0x09) || hcc === 0x7F) { // C0 control char + DEL refusal
|
|
479
479
|
var byteOffset = Buffer.byteLength(value.slice(0, hci), "utf8");
|
|
480
480
|
throw new SafeMimeError("safe-mime/control-char-in-header",
|
|
481
481
|
"safeMime.parse: header '" + name + "' contains control char 0x" +
|
|
482
|
-
hcc.toString(16) + " at byte offset " + byteOffset); //
|
|
482
|
+
hcc.toString(16) + " at byte offset " + byteOffset); // toString radix 16 hex, not bytes
|
|
483
483
|
}
|
|
484
484
|
}
|
|
485
485
|
value = _decodeRfc2047Words(value);
|
|
@@ -596,7 +596,7 @@ function _splitMultipart(buf, boundary) {
|
|
|
596
596
|
var _BOUNDARY_BCHARSNOSPACE = /^[0-9A-Za-z'()+_,./:=?-]+$/; // allow:regex-no-length-cap — length checked separately
|
|
597
597
|
var _BOUNDARY_BCHARS_WITH_SP = /^[0-9A-Za-z'()+_,./:=? -]+$/; // allow:regex-no-length-cap — length checked separately
|
|
598
598
|
function _isValidMimeBoundary(value) {
|
|
599
|
-
if (typeof value !== "string" || value.length === 0 || value.length > 70) return false; //
|
|
599
|
+
if (typeof value !== "string" || value.length === 0 || value.length > 70) return false; // RFC 2046 §5.1.1 bound
|
|
600
600
|
// First char MUST be bcharsnospace; remainder MAY be bchars (which
|
|
601
601
|
// permits SP). Last char MUST also be bcharsnospace (no trailing SP).
|
|
602
602
|
if (!_BOUNDARY_BCHARSNOSPACE.test(value.charAt(0))) return false;
|
|
@@ -652,7 +652,7 @@ function _decodeQuotedPrintable(buf) {
|
|
|
652
652
|
var s = buf.toString("binary");
|
|
653
653
|
s = s.replace(/=\r?\n/g, "");
|
|
654
654
|
s = s.replace(/=([0-9A-Fa-f]{2})/g, function (_, hex) {
|
|
655
|
-
return String.fromCharCode(parseInt(hex, 16)); //
|
|
655
|
+
return String.fromCharCode(parseInt(hex, 16)); // parseInt radix 16, not bytes
|
|
656
656
|
});
|
|
657
657
|
return Buffer.from(s, "binary");
|
|
658
658
|
}
|
|
@@ -666,7 +666,7 @@ function _decodeRfc2047Words(value) {
|
|
|
666
666
|
raw = Buffer.from(text, "base64");
|
|
667
667
|
} else {
|
|
668
668
|
raw = Buffer.from(text.replace(/_/g, " ").replace(/=([0-9A-Fa-f]{2})/g,
|
|
669
|
-
function (__, hex) { return String.fromCharCode(parseInt(hex, 16)); }), "binary"); //
|
|
669
|
+
function (__, hex) { return String.fromCharCode(parseInt(hex, 16)); }), "binary"); // parseInt radix 16, not bytes
|
|
670
670
|
}
|
|
671
671
|
// RFC 2047 §5 encoded-word header-injection defense — after
|
|
672
672
|
// base64 / Q-encoded decode, check the DECODED bytes for header
|
|
@@ -714,7 +714,7 @@ function _decodeBufferAs(buf, charset) {
|
|
|
714
714
|
// Byte-pair endian flip into a temporary buffer, then decode as
|
|
715
715
|
// utf-16le. Allocates a single buffer (no per-character churn).
|
|
716
716
|
function _decodeUtf16BE(buf) {
|
|
717
|
-
var n = buf.length & ~1; //
|
|
717
|
+
var n = buf.length & ~1; // pair alignment mask
|
|
718
718
|
var swapped = Buffer.alloc(n);
|
|
719
719
|
for (var i = 0; i < n; i += 2) {
|
|
720
720
|
swapped[i] = buf[i + 1];
|
|
@@ -806,7 +806,7 @@ function _normalizeCharsetName(c) {
|
|
|
806
806
|
|
|
807
807
|
function _previewBytes(line) {
|
|
808
808
|
if (typeof line !== "string") line = String(line);
|
|
809
|
-
return line.length > 64 ? line.slice(0, 64) + "..." : line; //
|
|
809
|
+
return line.length > 64 ? line.slice(0, 64) + "..." : line; // log-preview length cap
|
|
810
810
|
}
|
|
811
811
|
|
|
812
812
|
module.exports = {
|
package/lib/safe-mount-info.js
CHANGED
|
@@ -115,7 +115,7 @@ function parse(text, opts) {
|
|
|
115
115
|
numericBounds.requirePositiveFiniteIntIfPresent(opts.maxLines,
|
|
116
116
|
"safeMountInfo.parse: opts.maxLines",
|
|
117
117
|
SafeMountInfoError, "safe-mount-info/bad-arg");
|
|
118
|
-
var maxLines = (typeof opts.maxLines === "number") ? opts.maxLines : 4096; //
|
|
118
|
+
var maxLines = (typeof opts.maxLines === "number") ? opts.maxLines : 4096; // line cap matches max kernel-published mount count
|
|
119
119
|
var strict = opts.strict === true;
|
|
120
120
|
var lines = text.split("\n");
|
|
121
121
|
// `text.split("\n").length` counts the trailing empty segment that
|
|
@@ -150,7 +150,7 @@ function parse(text, opts) {
|
|
|
150
150
|
}
|
|
151
151
|
var preFields = ln.slice(0, sepIdx).split(" ");
|
|
152
152
|
var postFields = ln.slice(sepIdx + 3).split(" ");
|
|
153
|
-
if (preFields.length < 6 || postFields.length < 1) { //
|
|
153
|
+
if (preFields.length < 6 || postFields.length < 1) { // kernel-mandated minimum field counts
|
|
154
154
|
if (strict) {
|
|
155
155
|
throw new SafeMountInfoError(
|
|
156
156
|
"safe-mount-info/parse-failed",
|
|
@@ -251,7 +251,7 @@ function bestMatch(entries, path) {
|
|
|
251
251
|
if (path === mp ||
|
|
252
252
|
(path.length > mp.length &&
|
|
253
253
|
path.indexOf(mp) === 0 &&
|
|
254
|
-
(mp === "/" || path.charCodeAt(mp.length) === 47 /* "/" */))) { //
|
|
254
|
+
(mp === "/" || path.charCodeAt(mp.length) === 47 /* "/" */))) { // ASCII forward-slash
|
|
255
255
|
if (mp.length > bestLen) {
|
|
256
256
|
bestLen = mp.length;
|
|
257
257
|
best = e;
|
package/lib/safe-redirect.js
CHANGED
|
@@ -46,7 +46,7 @@ var DEFAULT_FALLBACK = "/";
|
|
|
46
46
|
function _hasControlChar(s) {
|
|
47
47
|
for (var i = 0; i < s.length; i += 1) {
|
|
48
48
|
var c = s.charCodeAt(i);
|
|
49
|
-
if (c < 0x20 || c === 0x7f) return true; //
|
|
49
|
+
if (c < 0x20 || c === 0x7f) return true; // ASCII control range thresholds
|
|
50
50
|
}
|
|
51
51
|
return false;
|
|
52
52
|
}
|
package/lib/safe-sieve.js
CHANGED
|
@@ -53,32 +53,32 @@ var { defineClass } = require("./framework-error");
|
|
|
53
53
|
var SafeSieveError = defineClass("SafeSieveError", { alwaysPermanent: true });
|
|
54
54
|
|
|
55
55
|
var DEFAULTS = Object.freeze({
|
|
56
|
-
maxScriptBytes: 65536, //
|
|
57
|
-
maxDepth: 32, //
|
|
58
|
-
maxIfChainLen: 32, //
|
|
59
|
-
maxStringListLen: 256,
|
|
60
|
-
maxStringBytes: 4096, //
|
|
61
|
-
maxArgsPerCmd: 32, //
|
|
62
|
-
maxRequiredCaps: 32,
|
|
56
|
+
maxScriptBytes: 65536, // 64 KiB
|
|
57
|
+
maxDepth: 32, // block nesting cap
|
|
58
|
+
maxIfChainLen: 32, // elsif/elsif... cap
|
|
59
|
+
maxStringListLen: 256,
|
|
60
|
+
maxStringBytes: 4096, // per-string cap
|
|
61
|
+
maxArgsPerCmd: 32, // per-command arg cap
|
|
62
|
+
maxRequiredCaps: 32,
|
|
63
63
|
});
|
|
64
64
|
|
|
65
65
|
var PROFILES = Object.freeze({
|
|
66
66
|
strict: Object.assign({}, DEFAULTS),
|
|
67
67
|
balanced: Object.assign({}, DEFAULTS, {
|
|
68
|
-
maxScriptBytes: 262144, //
|
|
69
|
-
maxDepth: 64,
|
|
70
|
-
maxIfChainLen: 64,
|
|
71
|
-
maxStringListLen: 1024,
|
|
72
|
-
maxStringBytes: 16384,
|
|
73
|
-
maxArgsPerCmd: 64,
|
|
68
|
+
maxScriptBytes: 262144, // 256 KiB
|
|
69
|
+
maxDepth: 64,
|
|
70
|
+
maxIfChainLen: 64,
|
|
71
|
+
maxStringListLen: 1024,
|
|
72
|
+
maxStringBytes: 16384,
|
|
73
|
+
maxArgsPerCmd: 64,
|
|
74
74
|
}),
|
|
75
75
|
permissive: Object.assign({}, DEFAULTS, {
|
|
76
|
-
maxScriptBytes: 1048576, //
|
|
77
|
-
maxDepth: 128,
|
|
78
|
-
maxIfChainLen: 128,
|
|
79
|
-
maxStringListLen: 4096,
|
|
80
|
-
maxStringBytes: 65536,
|
|
81
|
-
maxArgsPerCmd: 128,
|
|
76
|
+
maxScriptBytes: 1048576, // 1 MiB
|
|
77
|
+
maxDepth: 128,
|
|
78
|
+
maxIfChainLen: 128,
|
|
79
|
+
maxStringListLen: 4096,
|
|
80
|
+
maxStringBytes: 65536,
|
|
81
|
+
maxArgsPerCmd: 128,
|
|
82
82
|
}),
|
|
83
83
|
});
|
|
84
84
|
|
|
@@ -110,7 +110,7 @@ var KNOWN_CAPABILITIES = Object.freeze({
|
|
|
110
110
|
"variables": false, // RFC 5229
|
|
111
111
|
"vacation": false, // RFC 5230
|
|
112
112
|
"relational": false, // RFC 5231
|
|
113
|
-
"imap4flags": false, // RFC 5232 //
|
|
113
|
+
"imap4flags": false, // RFC 5232 // RFC number
|
|
114
114
|
"subaddress": false, // RFC 5233
|
|
115
115
|
"spamtest": false, // RFC 5235
|
|
116
116
|
"virustest": false, // RFC 5235
|
|
@@ -219,7 +219,7 @@ function _tokenize(script, caps) {
|
|
|
219
219
|
|
|
220
220
|
// Control bytes outside strings refused (NUL / C0 except TAB/LF/CR).
|
|
221
221
|
if (c < 0x20 && c !== 0x09 && c !== 0x0A && c !== 0x0D) {
|
|
222
|
-
_error("control byte 0x" + c.toString(16) + " refused outside string literal"); //
|
|
222
|
+
_error("control byte 0x" + c.toString(16) + " refused outside string literal"); // base-16 toString radix
|
|
223
223
|
}
|
|
224
224
|
if (c === 0x7F) _error("DEL byte refused outside string literal");
|
|
225
225
|
|
|
@@ -265,7 +265,7 @@ function _tokenize(script, caps) {
|
|
|
265
265
|
var num = parseInt(script.slice(nStart, i), 10);
|
|
266
266
|
if (i < n) {
|
|
267
267
|
var suf = script.charCodeAt(i);
|
|
268
|
-
if (suf === 0x4B || suf === 0x6B) { num *= 1024; _advance(suf); } //
|
|
268
|
+
if (suf === 0x4B || suf === 0x6B) { num *= 1024; _advance(suf); } // K
|
|
269
269
|
else if (suf === 0x4D || suf === 0x6D) { num *= 1024 * 1024; _advance(suf); } // allow:raw-byte-literal — M
|
|
270
270
|
else if (suf === 0x47 || suf === 0x67) { num *= 1024 * 1024 * 1024; _advance(suf); } // allow:raw-byte-literal — G
|
|
271
271
|
}
|
|
@@ -360,7 +360,7 @@ function _tokenize(script, caps) {
|
|
|
360
360
|
continue;
|
|
361
361
|
}
|
|
362
362
|
|
|
363
|
-
_error("unexpected byte 0x" + c.toString(16)); //
|
|
363
|
+
_error("unexpected byte 0x" + c.toString(16)); // base-16 toString radix
|
|
364
364
|
}
|
|
365
365
|
|
|
366
366
|
tokens.push({ k: "eof", line: line, col: col });
|
package/lib/safe-smtp.js
CHANGED
|
@@ -71,7 +71,7 @@ function findDotTerminator(buf) {
|
|
|
71
71
|
throw new SafeSmtpError("safe-smtp/bad-input",
|
|
72
72
|
"findDotTerminator: input must be a Buffer");
|
|
73
73
|
}
|
|
74
|
-
for (var i = 0; i <= buf.length - 5; i += 1) { //
|
|
74
|
+
for (var i = 0; i <= buf.length - 5; i += 1) { // 5-byte CRLF.CRLF terminator length
|
|
75
75
|
if (buf[i] === 0x0d && buf[i + 1] === 0x0a &&
|
|
76
76
|
buf[i + 2] === 0x2e &&
|
|
77
77
|
buf[i + 3] === 0x0d && buf[i + 4] === 0x0a) {
|
package/lib/safe-vcard.js
CHANGED
|
@@ -71,22 +71,22 @@ var PROFILES = Object.freeze({
|
|
|
71
71
|
maxBytes: C.BYTES.kib(256),
|
|
72
72
|
maxLineBytes: C.BYTES.kib(8),
|
|
73
73
|
maxEmbedBytes: C.BYTES.mib(1),
|
|
74
|
-
maxCards: 16, //
|
|
75
|
-
maxPropertiesPerCard: 256, //
|
|
74
|
+
maxCards: 16, // card count cap, not byte size
|
|
75
|
+
maxPropertiesPerCard: 256, // prop count cap, not byte size
|
|
76
76
|
}),
|
|
77
77
|
balanced: Object.freeze({
|
|
78
78
|
maxBytes: C.BYTES.mib(1),
|
|
79
79
|
maxLineBytes: C.BYTES.kib(32),
|
|
80
80
|
maxEmbedBytes: C.BYTES.mib(4),
|
|
81
|
-
maxCards: 256, //
|
|
82
|
-
maxPropertiesPerCard: 1024, //
|
|
81
|
+
maxCards: 256, // card count cap, not byte size
|
|
82
|
+
maxPropertiesPerCard: 1024, // prop count cap, not byte size
|
|
83
83
|
}),
|
|
84
84
|
permissive: Object.freeze({
|
|
85
85
|
maxBytes: C.BYTES.mib(4),
|
|
86
86
|
maxLineBytes: C.BYTES.kib(128),
|
|
87
87
|
maxEmbedBytes: C.BYTES.mib(16),
|
|
88
|
-
maxCards: 4096, //
|
|
89
|
-
maxPropertiesPerCard: 4096, //
|
|
88
|
+
maxCards: 4096, // card count cap, not byte size
|
|
89
|
+
maxPropertiesPerCard: 4096, // prop count cap, not byte size
|
|
90
90
|
}),
|
|
91
91
|
});
|
|
92
92
|
|
|
@@ -270,7 +270,7 @@ function _unfold(s, caps) {
|
|
|
270
270
|
var line = raw[i];
|
|
271
271
|
if (line.length === 0) continue;
|
|
272
272
|
var firstChar = line.charCodeAt(0);
|
|
273
|
-
if (firstChar === 0x20 || firstChar === 0x09) { //
|
|
273
|
+
if (firstChar === 0x20 || firstChar === 0x09) { // SPACE / HTAB fold markers per RFC 6350 §3.2
|
|
274
274
|
if (unfolded.length === 0) {
|
|
275
275
|
throw new SafeVcardError("safe-vcard/bad-line",
|
|
276
276
|
"safeVcard.parse: continuation line before any content line");
|
|
@@ -304,7 +304,7 @@ function _parseContentLine(line) {
|
|
|
304
304
|
|
|
305
305
|
for (var k = 0; k < value.length; k++) {
|
|
306
306
|
var cc = value.charCodeAt(k);
|
|
307
|
-
if ((cc < 0x20 && cc !== 0x09) || cc === 0x7F) { //
|
|
307
|
+
if ((cc < 0x20 && cc !== 0x09) || cc === 0x7F) { // C0 + DEL refusal
|
|
308
308
|
throw new SafeVcardError("safe-vcard/control-char-in-value",
|
|
309
309
|
"safeVcard.parse: control char 0x" + cc.toString(16) +
|
|
310
310
|
" in property value (header-injection defense)");
|
|
@@ -346,8 +346,8 @@ function _findUnquotedColon(line) {
|
|
|
346
346
|
var inQ = false;
|
|
347
347
|
for (var i = 0; i < line.length; i++) {
|
|
348
348
|
var c = line.charCodeAt(i);
|
|
349
|
-
if (c === 0x22) { inQ = !inQ; continue; } //
|
|
350
|
-
if (c === 0x3A && !inQ) return i; //
|
|
349
|
+
if (c === 0x22) { inQ = !inQ; continue; } // DQUOTE per RFC 6350 §3.3
|
|
350
|
+
if (c === 0x3A && !inQ) return i; // colon separator per RFC 6350 §3.3
|
|
351
351
|
}
|
|
352
352
|
return -1;
|
|
353
353
|
}
|
|
@@ -443,15 +443,15 @@ function _embedByteLength(value) {
|
|
|
443
443
|
var dataMatch = /^data:[^;,]*;base64,(.*)$/i.exec(value);
|
|
444
444
|
if (dataMatch) {
|
|
445
445
|
var payload = dataMatch[1].replace(/\s+/g, "");
|
|
446
|
-
return Math.floor(payload.length * 3 / 4); //
|
|
446
|
+
return Math.floor(payload.length * 3 / 4); // base64 3/4 decode ratio per RFC 4648 §4
|
|
447
447
|
}
|
|
448
448
|
// ENCODING=b / ENCODING=BASE64 puts the raw base64 in the value
|
|
449
449
|
// directly (the param is parsed separately upstream; we do not have
|
|
450
450
|
// access here, so check whether the payload is base64-shaped).
|
|
451
|
-
if (/^[A-Za-z0-9+/=\r\n\t ]+$/.test(value) && value.length > 32) { //
|
|
451
|
+
if (/^[A-Za-z0-9+/=\r\n\t ]+$/.test(value) && value.length > 32) { // heuristic threshold for base64 detection
|
|
452
452
|
var compact = value.replace(/\s+/g, "");
|
|
453
453
|
if (compact.length > 0 && compact.length % 4 === 0) {
|
|
454
|
-
return Math.floor(compact.length * 3 / 4); //
|
|
454
|
+
return Math.floor(compact.length * 3 / 4); // base64 3/4 decode ratio per RFC 4648 §4
|
|
455
455
|
}
|
|
456
456
|
}
|
|
457
457
|
return Buffer.byteLength(value, "utf8");
|
|
@@ -459,7 +459,7 @@ function _embedByteLength(value) {
|
|
|
459
459
|
|
|
460
460
|
function _preview(s) {
|
|
461
461
|
if (typeof s !== "string") s = String(s);
|
|
462
|
-
return s.length > 64 ? s.slice(0, 64) + "..." : s; //
|
|
462
|
+
return s.length > 64 ? s.slice(0, 64) + "..." : s; // log-preview length cap
|
|
463
463
|
}
|
|
464
464
|
|
|
465
465
|
module.exports = {
|
package/lib/sandbox.js
CHANGED
|
@@ -221,11 +221,11 @@ function run(opts) {
|
|
|
221
221
|
// The MiB-unit caps below are integers passed directly to v8's
|
|
222
222
|
// resourceLimits (already typed in MiB by the v8 API), not byte
|
|
223
223
|
// counts - the constants helpers don't apply.
|
|
224
|
-
var minHeapFloorMib = 64; //
|
|
225
|
-
var youngGenCapMib = 32; //
|
|
226
|
-
var youngGenFloorMib = 8; //
|
|
227
|
-
var codeRangeCapMib = 16; //
|
|
228
|
-
var codeRangeFloorMib = 8; //
|
|
224
|
+
var minHeapFloorMib = 64; // MiB unit count, not bytes
|
|
225
|
+
var youngGenCapMib = 32; // MiB unit count, not bytes
|
|
226
|
+
var youngGenFloorMib = 8; // MiB unit count, not bytes
|
|
227
|
+
var codeRangeCapMib = 16; // MiB unit count, not bytes
|
|
228
|
+
var codeRangeFloorMib = 8; // MiB unit count, not bytes
|
|
229
229
|
var stackMib = 4; // MiB unit count, not bytes
|
|
230
230
|
var heapMib = Math.max(minHeapFloorMib, Math.floor(maxBytes / oneMib));
|
|
231
231
|
var resourceLimits = {
|
package/lib/sec-cyber.js
CHANGED
|
@@ -203,7 +203,7 @@ function eightKArtifact(opts) {
|
|
|
203
203
|
return {
|
|
204
204
|
artifact: { markdown: markdown, json: artifactJson },
|
|
205
205
|
deadline: deadline,
|
|
206
|
-
deadlineBusinessDays: agDelayRequested ? null : 4, //
|
|
206
|
+
deadlineBusinessDays: agDelayRequested ? null : 4, // SEC Item 1.05 4-business-day deadline (17 CFR §229.106(c)(1))
|
|
207
207
|
};
|
|
208
208
|
}
|
|
209
209
|
|
|
@@ -237,7 +237,7 @@ function verify(assetPath, signaturePath, pubkeyPem) {
|
|
|
237
237
|
// are allowed to see. Without this, a concurrent appender grows
|
|
238
238
|
// the file under us and the readSync returns more bytes than the
|
|
239
239
|
// fullBuf was sized for.
|
|
240
|
-
var capped = chunk.length; //
|
|
240
|
+
var capped = chunk.length; // buffer length is the read upper bound
|
|
241
241
|
if (remaining < capped) capped = remaining;
|
|
242
242
|
var n = nodeFs.readSync(assetFd, chunk, 0, capped, null);
|
|
243
243
|
if (n === 0) break;
|
|
@@ -275,7 +275,7 @@ function verify(assetPath, signaturePath, pubkeyPem) {
|
|
|
275
275
|
// verifier.verify ONCE — calling it a second time after a failed
|
|
276
276
|
// verify returns stale state and silently passes tampered assets.
|
|
277
277
|
// 96 = P-384 IEEE-P1363 signature length; protocol constant, not a byte-size.
|
|
278
|
-
var dsaEncoding = signature.length === 96 ? "ieee-p1363" : "der"; //
|
|
278
|
+
var dsaEncoding = signature.length === 96 ? "ieee-p1363" : "der"; // IEEE-P1363 P-384 signature length
|
|
279
279
|
ok = verifier.verify({ key: key, dsaEncoding: dsaEncoding }, signature);
|
|
280
280
|
} else if (alg === "ed25519") {
|
|
281
281
|
// fullBuf may be shorter than allocated (sparse files / size-races);
|
|
@@ -287,7 +287,7 @@ function verify(assetPath, signaturePath, pubkeyPem) {
|
|
|
287
287
|
|
|
288
288
|
if (!ok) {
|
|
289
289
|
throw new Error("standalone-verifier.verify: " + alg + " signature INVALID for " +
|
|
290
|
-
assetPath + " (sha3-512=" + sha3Hex.slice(0, 16) + "...). " + //
|
|
290
|
+
assetPath + " (sha3-512=" + sha3Hex.slice(0, 16) + "...). " + // 16-char hex prefix for forensic display, not bytes
|
|
291
291
|
"Either the asset was tampered with after signing, the signature " +
|
|
292
292
|
"doesn't match this asset, or the pubkey doesn't match the signing key.");
|
|
293
293
|
}
|
package/lib/self-update.js
CHANGED
|
@@ -140,7 +140,7 @@ function _isAllNumeric(s) {
|
|
|
140
140
|
if (typeof s !== "string" || s.length === 0) return false;
|
|
141
141
|
for (var i = 0; i < s.length; i += 1) {
|
|
142
142
|
var c = s.charCodeAt(i);
|
|
143
|
-
if (c < 0x30 || c > 0x39) return false; //
|
|
143
|
+
if (c < 0x30 || c > 0x39) return false; // ASCII codepoint range for digits
|
|
144
144
|
}
|
|
145
145
|
return true;
|
|
146
146
|
}
|
|
@@ -349,7 +349,7 @@ async function poll(opts) {
|
|
|
349
349
|
"selfUpdate.poll: request failed: " + ((e && e.message) || String(e)));
|
|
350
350
|
}
|
|
351
351
|
|
|
352
|
-
if (res.statusCode === 304) { //
|
|
352
|
+
if (res.statusCode === 304) { // HTTP status code (RFC 7232), not bytes
|
|
353
353
|
_safeAuditEmit("selfupdate.poll.checked", "success", {
|
|
354
354
|
releasesUrl: opts.releasesUrl,
|
|
355
355
|
currentVersion: opts.currentVersion,
|
|
@@ -357,7 +357,7 @@ async function poll(opts) {
|
|
|
357
357
|
etagHit: true,
|
|
358
358
|
});
|
|
359
359
|
return { available: false, latestTag: null, currentVersion: opts.currentVersion,
|
|
360
|
-
asset: null, signature: null, etag: opts.etag, statusCode: 304 }; //
|
|
360
|
+
asset: null, signature: null, etag: opts.etag, statusCode: 304 }; // HTTP status code (RFC 7232), not bytes
|
|
361
361
|
}
|
|
362
362
|
if (res.statusCode < 200 || res.statusCode >= 300) {
|
|
363
363
|
_safeAuditEmit("selfupdate.poll.checked", "denied", {
|
package/lib/server-timing.js
CHANGED
|
@@ -42,7 +42,7 @@ var ServerTimingError = defineClass("ServerTimingError", { alwaysPermanent: true
|
|
|
42
42
|
|
|
43
43
|
// W3C Server-Timing §3 — metric-name is token shape (RFC 7230). Cap
|
|
44
44
|
// at 128 chars for sanity; operator-supplied desc is sf-string.
|
|
45
|
-
var METRIC_NAME_RE = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]{1,128}$/; //
|
|
45
|
+
var METRIC_NAME_RE = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]{1,128}$/; // RFC 7230 token shape + length cap
|
|
46
46
|
|
|
47
47
|
function _quoteDesc(s) {
|
|
48
48
|
return "\"" + String(s).replace(/\\/g, "\\\\").replace(/"/g, "\\\"") + "\"";
|
|
@@ -73,7 +73,7 @@ function create() {
|
|
|
73
73
|
function mark(name, durationMs, description) {
|
|
74
74
|
validateOpts.requireNonEmptyString(
|
|
75
75
|
name, "serverTiming.mark.name", ServerTimingError, "server-timing/bad-name");
|
|
76
|
-
if (name.length > 128 || !METRIC_NAME_RE.test(name)) { //
|
|
76
|
+
if (name.length > 128 || !METRIC_NAME_RE.test(name)) { // metric-name length cap, not bytes
|
|
77
77
|
throw new ServerTimingError("server-timing/bad-name",
|
|
78
78
|
"metric name '" + name + "' must match RFC 7230 token + <= 128 chars");
|
|
79
79
|
}
|
|
@@ -156,7 +156,7 @@ function _now() {
|
|
|
156
156
|
// to Date.now in environments without it.
|
|
157
157
|
if (typeof process !== "undefined" && typeof process.hrtime === "function" &&
|
|
158
158
|
typeof process.hrtime.bigint === "function") {
|
|
159
|
-
return Number(process.hrtime.bigint() / 1000n) / 1000; //
|
|
159
|
+
return Number(process.hrtime.bigint() / 1000n) / 1000; // hrtime ns→ms scale, not bytes
|
|
160
160
|
}
|
|
161
161
|
return Date.now();
|
|
162
162
|
}
|