@blamejs/core 0.14.1 → 0.14.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/_test/crypto-fixtures.js +3 -3
- package/lib/a2a-tasks.js +18 -18
- package/lib/a2a.js +4 -4
- package/lib/acme.js +3 -3
- package/lib/agent-idempotency.js +1 -1
- package/lib/agent-orchestrator.js +8 -8
- package/lib/agent-posture-chain.js +2 -2
- package/lib/agent-saga.js +1 -1
- package/lib/agent-snapshot.js +1 -1
- package/lib/agent-stream.js +1 -1
- package/lib/agent-tenant.js +1 -1
- package/lib/agent-trace.js +3 -3
- package/lib/ai-capability.js +1 -1
- package/lib/ai-dp.js +4 -4
- package/lib/ai-input.js +3 -3
- package/lib/ai-model-manifest.js +7 -7
- package/lib/ai-pref.js +3 -3
- package/lib/archive-gz.js +2 -2
- package/lib/archive-read.js +25 -25
- package/lib/archive-tar-read.js +2 -2
- package/lib/archive-tar.js +20 -20
- package/lib/archive-wrap.js +10 -10
- package/lib/argon2-builtin.js +1 -1
- package/lib/asn1-der.js +34 -34
- package/lib/atomic-file.js +2 -2
- package/lib/audit-daily-review.js +3 -3
- package/lib/audit-sign.js +5 -5
- package/lib/audit-tools.js +1 -1
- package/lib/audit.js +2 -2
- package/lib/auth/acr-vocabulary.js +2 -2
- package/lib/auth/bot-challenge.js +3 -3
- package/lib/auth/ciba.js +7 -7
- package/lib/auth/dpop.js +3 -3
- package/lib/auth/fido-mds3.js +8 -8
- package/lib/auth/jwt-external.js +5 -5
- package/lib/auth/oauth.js +2 -2
- package/lib/auth/oid4vci.js +9 -9
- package/lib/auth/oid4vp.js +2 -2
- package/lib/auth/openid-federation.js +2 -2
- package/lib/auth/passkey.js +3 -3
- package/lib/auth/saml.js +23 -23
- package/lib/auth/sd-jwt-vc-disclosure.js +1 -1
- package/lib/auth/sd-jwt-vc.js +4 -4
- package/lib/auth/status-list.js +10 -10
- package/lib/auth/step-up.js +1 -1
- package/lib/auth-bot-challenge.js +1 -1
- package/lib/backup/index.js +7 -7
- package/lib/base32.js +8 -8
- package/lib/budr.js +2 -2
- package/lib/cache-status.js +2 -2
- package/lib/calendar.js +23 -23
- package/lib/cbor.js +12 -12
- package/lib/cdn-cache-control.js +1 -1
- package/lib/cert.js +5 -5
- package/lib/cloud-events.js +5 -5
- package/lib/cms-codec.js +21 -21
- package/lib/codepoint-class.js +12 -12
- package/lib/compliance-sanctions-fuzzy.js +4 -4
- package/lib/compliance-sanctions.js +4 -4
- package/lib/compliance.js +29 -29
- package/lib/content-credentials.js +36 -36
- package/lib/cookies.js +1 -1
- package/lib/cose.js +13 -13
- package/lib/cra-report.js +1 -1
- package/lib/crdt.js +1 -1
- package/lib/crypto-field.js +2 -2
- package/lib/crypto-xwing.js +7 -7
- package/lib/crypto.js +6 -6
- package/lib/csp.js +2 -2
- package/lib/cwt.js +4 -4
- package/lib/dark-patterns.js +2 -2
- package/lib/data-act.js +2 -2
- package/lib/db-file-lifecycle.js +4 -4
- package/lib/db-query.js +1 -1
- package/lib/db.js +6 -6
- package/lib/dbsc.js +13 -13
- package/lib/did.js +17 -17
- package/lib/dora.js +4 -4
- package/lib/dsr.js +1 -1
- package/lib/early-hints.js +2 -2
- package/lib/eat.js +4 -4
- package/lib/external-db-migrate.js +1 -1
- package/lib/external-db.js +1 -1
- package/lib/flag-cache.js +1 -1
- package/lib/flag-evaluation-context.js +2 -2
- package/lib/graphql-federation.js +5 -5
- package/lib/guard-agent-registry.js +5 -5
- package/lib/guard-archive.js +24 -24
- package/lib/guard-cidr.js +33 -33
- package/lib/guard-csv.js +1 -1
- package/lib/guard-domain.js +10 -10
- package/lib/guard-dsn.js +4 -4
- package/lib/guard-email.js +19 -19
- package/lib/guard-event-bus-payload.js +4 -4
- package/lib/guard-event-bus-topic.js +6 -6
- package/lib/guard-filename.js +7 -7
- package/lib/guard-graphql.js +9 -9
- package/lib/guard-html-wcag-tagwalk.js +1 -1
- package/lib/guard-html-wcag.js +4 -4
- package/lib/guard-html.js +7 -7
- package/lib/guard-idempotency-key.js +6 -6
- package/lib/guard-image.js +4 -4
- package/lib/guard-imap-command.js +17 -17
- package/lib/guard-jmap.js +20 -20
- package/lib/guard-json.js +12 -12
- package/lib/guard-jsonpath.js +3 -3
- package/lib/guard-jwt.js +4 -4
- package/lib/guard-list-id.js +7 -7
- package/lib/guard-list-unsubscribe.js +8 -8
- package/lib/guard-mail-compose.js +4 -4
- package/lib/guard-mail-move.js +5 -5
- package/lib/guard-mail-query.js +3 -3
- package/lib/guard-mail-reply.js +3 -3
- package/lib/guard-mail-sieve.js +6 -6
- package/lib/guard-managesieve-command.js +25 -25
- package/lib/guard-markdown.js +31 -31
- package/lib/guard-message-id.js +5 -5
- package/lib/guard-mime.js +1 -1
- package/lib/guard-oauth.js +3 -3
- package/lib/guard-pdf.js +6 -6
- package/lib/guard-pop3-command.js +11 -11
- package/lib/guard-posture-chain.js +5 -5
- package/lib/guard-regex.js +10 -10
- package/lib/guard-saga-config.js +5 -5
- package/lib/guard-smtp-command.js +6 -6
- package/lib/guard-snapshot-envelope.js +3 -3
- package/lib/guard-stream-args.js +4 -4
- package/lib/guard-svg.js +11 -11
- package/lib/guard-tenant-id.js +5 -5
- package/lib/guard-time.js +15 -15
- package/lib/guard-trace-context.js +4 -4
- package/lib/guard-uuid.js +11 -11
- package/lib/guard-xml.js +12 -12
- package/lib/guard-yaml.js +16 -16
- package/lib/honeytoken.js +5 -5
- package/lib/http-client.js +1 -1
- package/lib/http-message-signature.js +2 -2
- package/lib/iab-mspa.js +3 -3
- package/lib/iab-tcf.js +70 -70
- package/lib/inbox.js +4 -4
- package/lib/ip-utils.js +15 -15
- package/lib/jose-jwe-experimental.js +2 -2
- package/lib/json-path.js +3 -3
- package/lib/json-schema.js +1 -1
- package/lib/jsonapi.js +3 -3
- package/lib/jtd.js +2 -2
- package/lib/link-header.js +1 -1
- package/lib/local-db-thin.js +1 -1
- package/lib/log.js +1 -1
- package/lib/lro.js +4 -4
- package/lib/mail-agent.js +1 -1
- package/lib/mail-arc-sign.js +6 -6
- package/lib/mail-auth.js +43 -43
- package/lib/mail-bimi.js +3 -3
- package/lib/mail-crypto-pgp.js +31 -31
- package/lib/mail-crypto-smime.js +5 -5
- package/lib/mail-dav.js +1 -1
- package/lib/mail-deploy.js +39 -39
- package/lib/mail-dkim.js +11 -11
- package/lib/mail-greylist.js +12 -12
- package/lib/mail-helo.js +1 -1
- package/lib/mail-journal.js +8 -8
- package/lib/mail-rbl.js +7 -7
- package/lib/mail-scan.js +7 -7
- package/lib/mail-send-deliver.js +2 -2
- package/lib/mail-server-imap.js +12 -12
- package/lib/mail-server-jmap.js +16 -16
- package/lib/mail-server-managesieve.js +4 -4
- package/lib/mail-server-mx.js +17 -17
- package/lib/mail-server-pop3.js +4 -4
- package/lib/mail-server-rate-limit.js +2 -2
- package/lib/mail-server-submission.js +21 -21
- package/lib/mail-sieve.js +2 -2
- package/lib/mail-spam-score.js +5 -5
- package/lib/mail-srs.js +12 -12
- package/lib/mail-store-fts.js +2 -2
- package/lib/mail-store.js +8 -8
- package/lib/mail-unsubscribe.js +4 -4
- package/lib/mail.js +4 -4
- package/lib/mcp-tool-registry.js +4 -4
- package/lib/mcp.js +9 -9
- package/lib/mdoc.js +2 -2
- package/lib/metrics.js +8 -8
- package/lib/middleware/age-gate.js +1 -1
- package/lib/middleware/api-encrypt.js +7 -7
- package/lib/middleware/assetlinks.js +2 -2
- package/lib/middleware/asyncapi-serve.js +2 -2
- package/lib/middleware/bearer-auth.js +5 -5
- package/lib/middleware/body-parser.js +5 -5
- package/lib/middleware/compose-pipeline.js +15 -15
- package/lib/middleware/csp-report.js +4 -4
- package/lib/middleware/daily-byte-quota.js +1 -1
- package/lib/middleware/dpop.js +1 -1
- package/lib/middleware/headers.js +2 -2
- package/lib/middleware/host-allowlist.js +1 -1
- package/lib/middleware/idempotency-key.js +12 -12
- package/lib/middleware/nel.js +1 -1
- package/lib/middleware/openapi-serve.js +2 -2
- package/lib/middleware/protected-resource-metadata.js +2 -2
- package/lib/middleware/require-aal.js +1 -1
- package/lib/middleware/require-bound-key.js +2 -2
- package/lib/middleware/require-content-type.js +1 -1
- package/lib/middleware/require-methods.js +1 -1
- package/lib/middleware/require-step-up.js +2 -2
- package/lib/middleware/scim-server.js +1 -1
- package/lib/middleware/security-txt.js +3 -3
- package/lib/middleware/tus-upload.js +12 -12
- package/lib/middleware/web-app-manifest.js +2 -2
- package/lib/network-byte-quota.js +1 -1
- package/lib/network-dns-resolver.js +23 -23
- package/lib/network-dns.js +29 -29
- package/lib/network-dnssec.js +33 -33
- package/lib/network-smtp-policy.js +10 -10
- package/lib/network-tls.js +87 -87
- package/lib/network-tsig.js +33 -33
- package/lib/nis2-report.js +1 -1
- package/lib/ntp-check.js +3 -3
- package/lib/observability-otlp-exporter.js +17 -17
- package/lib/observability-tracer.js +6 -6
- package/lib/observability.js +8 -8
- package/lib/openapi-yaml.js +1 -1
- package/lib/openapi.js +1 -1
- package/lib/outbox.js +6 -6
- package/lib/pqc-agent.js +4 -4
- package/lib/pqc-software.js +1 -1
- package/lib/privacy-pass.js +5 -5
- package/lib/problem-details.js +5 -5
- package/lib/promise-pool.js +1 -1
- package/lib/protobuf-encoder.js +1 -1
- package/lib/redact.js +2 -2
- package/lib/request-helpers.js +1 -1
- package/lib/router.js +10 -10
- package/lib/safe-async.js +2 -2
- package/lib/safe-dns.js +71 -71
- package/lib/safe-ical.js +19 -19
- package/lib/safe-icap.js +24 -24
- package/lib/safe-jsonpath.js +2 -2
- package/lib/safe-mime.js +10 -10
- package/lib/safe-mount-info.js +3 -3
- package/lib/safe-redirect.js +1 -1
- package/lib/safe-sieve.js +23 -23
- package/lib/safe-smtp.js +1 -1
- package/lib/safe-vcard.js +14 -14
- package/lib/sandbox.js +5 -5
- package/lib/sec-cyber.js +1 -1
- package/lib/self-update-standalone-verifier.js +3 -3
- package/lib/self-update.js +3 -3
- package/lib/server-timing.js +3 -3
- package/lib/session-device-binding.js +7 -7
- package/lib/session.js +8 -8
- package/lib/standard-webhooks.js +4 -4
- package/lib/storage.js +2 -2
- package/lib/stream-throttle.js +1 -1
- package/lib/structured-fields.js +15 -15
- package/lib/subject.js +1 -1
- package/lib/tcpa-10dlc.js +1 -1
- package/lib/tenant-quota.js +3 -3
- package/lib/test-harness.js +1 -1
- package/lib/tracing.js +1 -1
- package/lib/tsa.js +5 -5
- package/lib/uri-template.js +5 -5
- package/lib/vault/index.js +2 -2
- package/lib/vault/seal-pem-file.js +4 -4
- package/lib/vc.js +2 -2
- package/lib/vendor-data.js +1 -1
- package/lib/watcher.js +4 -4
- package/lib/web-push-vapid.js +21 -21
- package/lib/webhook.js +2 -2
- package/lib/websocket.js +3 -3
- package/lib/worker-pool.js +3 -3
- package/lib/ws-client.js +24 -24
- package/lib/xml-c14n.js +2 -2
- package/package.json +1 -1
- package/sbom.cdx.json +6 -6
package/lib/cwt.js
CHANGED
|
@@ -52,7 +52,7 @@ Object.keys(STD).forEach(function (k) { STD_BY_LABEL[STD[k]] = k; });
|
|
|
52
52
|
var NUMERIC_DATE_CLAIMS = { exp: true, nbf: true, iat: true };
|
|
53
53
|
|
|
54
54
|
// CWT CBOR tag (RFC 8392 §6) — 61, encoded as the 2-byte head 0xd8 0x3d.
|
|
55
|
-
var CWT_TAG_PREFIX = Buffer.from([0xd8, 0x3d]); //
|
|
55
|
+
var CWT_TAG_PREFIX = Buffer.from([0xd8, 0x3d]); // CBOR tag-61 head (0xd8=tag 1-byte arg, 0x3d=61)
|
|
56
56
|
|
|
57
57
|
function _nowSec(opts) {
|
|
58
58
|
var ms = (opts && typeof opts.now === "number") ? opts.now : Date.now();
|
|
@@ -62,10 +62,10 @@ function _nowSec(opts) {
|
|
|
62
62
|
// Read a leading CBOR tag head (major type 6) in any of its encodings;
|
|
63
63
|
// returns { tag, len } or null if the buffer doesn't start with a tag.
|
|
64
64
|
function _readTagHead(buf) {
|
|
65
|
-
if (buf.length < 1 || (buf[0] >> 5) !== 6) return null; //
|
|
65
|
+
if (buf.length < 1 || (buf[0] >> 5) !== 6) return null; // CBOR major-type 6 (tag) shift
|
|
66
66
|
var ai = buf[0] & 0x1f;
|
|
67
67
|
if (ai < 24) return { tag: ai, len: 1 };
|
|
68
|
-
if (ai === 24) return buf.length >= 2 ? { tag: buf[1], len: 2 } : null; //
|
|
68
|
+
if (ai === 24) return buf.length >= 2 ? { tag: buf[1], len: 2 } : null; // CBOR additional-info threshold (RFC 8949 §3), not a size
|
|
69
69
|
if (ai === 25) return buf.length >= 3 ? { tag: buf.readUInt16BE(1), len: 3 } : null;
|
|
70
70
|
if (ai === 26) return buf.length >= 5 ? { tag: buf.readUInt32BE(1), len: 5 } : null;
|
|
71
71
|
if (ai === 27) return buf.length >= 9 ? { tag: Number(buf.readBigUInt64BE(1)), len: 9 } : null;
|
|
@@ -178,7 +178,7 @@ async function verify(cwt, opts) {
|
|
|
178
178
|
// an external CBOR encoder may emit a non-minimal but valid tag 61.
|
|
179
179
|
var coseBytes = Buffer.from(cwt);
|
|
180
180
|
var head = _readTagHead(coseBytes);
|
|
181
|
-
if (head && head.tag === 61) coseBytes = coseBytes.subarray(head.len); //
|
|
181
|
+
if (head && head.tag === 61) coseBytes = coseBytes.subarray(head.len); // CWT CBOR tag number (RFC 8392 §6)
|
|
182
182
|
|
|
183
183
|
var verified = await cose.verify(coseBytes, {
|
|
184
184
|
algorithms: opts.algorithms, publicKey: opts.publicKey,
|
package/lib/dark-patterns.js
CHANGED
|
@@ -28,8 +28,8 @@
|
|
|
28
28
|
var audit = require("./audit");
|
|
29
29
|
var { defineClass } = require("./framework-error");
|
|
30
30
|
|
|
31
|
-
var STR_LEN_MAX = 256; //
|
|
32
|
-
var FONT_WEIGHT_MAX = 1000; //
|
|
31
|
+
var STR_LEN_MAX = 256; // string-length cap, not bytes
|
|
32
|
+
var FONT_WEIGHT_MAX = 1000; // CSS font-weight ceiling (CSS Fonts L4)
|
|
33
33
|
var DarkPatternsError = defineClass("DarkPatternsError", { alwaysPermanent: true });
|
|
34
34
|
|
|
35
35
|
var CHANNELS = ["web", "mobile", "phone", "email", "in-person", "mail"];
|
package/lib/data-act.js
CHANGED
|
@@ -298,8 +298,8 @@ function recordSwitchRequest(opts) {
|
|
|
298
298
|
throw new DataActError("dataact/no-data-slices",
|
|
299
299
|
"recordSwitchRequest: dataSlices must be a non-empty array");
|
|
300
300
|
}
|
|
301
|
-
var noticePeriod = typeof opts.noticePeriodDays === "number" ? opts.noticePeriodDays : 30; //
|
|
302
|
-
if (noticePeriod > 30) { //
|
|
301
|
+
var noticePeriod = typeof opts.noticePeriodDays === "number" ? opts.noticePeriodDays : 30; // Art 28 §3 30-day cap
|
|
302
|
+
if (noticePeriod > 30) { // Art 28 §3 30-day cap
|
|
303
303
|
throw new DataActError("dataact/notice-period-too-long",
|
|
304
304
|
"recordSwitchRequest: noticePeriodDays " + noticePeriod + " exceeds Art 28 §3 cap of 30 days");
|
|
305
305
|
}
|
package/lib/db-file-lifecycle.js
CHANGED
|
@@ -74,8 +74,8 @@ var emit = validateOpts.makeNamespacedEmitters("db.fileLifecycle", { audit: audi
|
|
|
74
74
|
var DbFileLifecycleError = defineClass("DbFileLifecycleError", { alwaysPermanent: true });
|
|
75
75
|
|
|
76
76
|
var DEFAULT_FLUSH_INTERVAL_MS = C.TIME.minutes(5);
|
|
77
|
-
var DB_ENC_KEY_BYTES = 32; //
|
|
78
|
-
var TMP_NAME_BYTES = 16; //
|
|
77
|
+
var DB_ENC_KEY_BYTES = 32; // 256-bit symmetric key
|
|
78
|
+
var TMP_NAME_BYTES = 16; // random suffix
|
|
79
79
|
|
|
80
80
|
var _emitAudit = emit.audit;
|
|
81
81
|
var _emitMetric = emit.metric;
|
|
@@ -212,7 +212,7 @@ function fileLifecycle(opts) {
|
|
|
212
212
|
generateToken(TMP_NAME_BYTES) + ".db");
|
|
213
213
|
if (nodeFs.existsSync(encPath)) {
|
|
214
214
|
var packed = nodeFs.readFileSync(encPath);
|
|
215
|
-
if (packed.length < 26) { //
|
|
215
|
+
if (packed.length < 26) { // minimum envelope length
|
|
216
216
|
throw new DbFileLifecycleError("db-file-lifecycle/short-envelope",
|
|
217
217
|
"fileLifecycle: " + encPath + " too short to be a valid envelope (" + packed.length + " bytes)");
|
|
218
218
|
}
|
|
@@ -279,7 +279,7 @@ function fileLifecycle(opts) {
|
|
|
279
279
|
"fileLifecycle.startFlushTimer: timer already running — call stop() first");
|
|
280
280
|
}
|
|
281
281
|
var interval = sopts.intervalMs || flushIntervalMs;
|
|
282
|
-
encTimer = setInterval(function () { // allow:
|
|
282
|
+
encTimer = setInterval(function () { // allow:timer-no-unref — .unref() called immediately below; timer doesn't pin the event loop
|
|
283
283
|
try { flushNow(db); }
|
|
284
284
|
catch (e) {
|
|
285
285
|
_emitAudit("flush_failed", "failure", {
|
package/lib/db-query.js
CHANGED
|
@@ -629,7 +629,7 @@ class Query {
|
|
|
629
629
|
opts = opts || {};
|
|
630
630
|
var limit = opts.limit === undefined ? 25 : opts.limit;
|
|
631
631
|
var offset = opts.offset === undefined ? 0 : opts.offset;
|
|
632
|
-
if (!Number.isInteger(limit) || limit <= 0 || limit > 1000) { //
|
|
632
|
+
if (!Number.isInteger(limit) || limit <= 0 || limit > 1000) { // paginate page-size cap, not bytes
|
|
633
633
|
throw new Error("paginate: limit must be a positive integer ≤ 1000 (default 25)");
|
|
634
634
|
}
|
|
635
635
|
if (!Number.isInteger(offset) || offset < 0) {
|
package/lib/db.js
CHANGED
|
@@ -158,7 +158,7 @@ var tableMetadata = {}; // table name → metadata snapshot (PK/FK/sealed/de
|
|
|
158
158
|
// generous-but-bounded 1M rows so an accidentally-unbounded export
|
|
159
159
|
// surfaces a thrown error instead of OOM. v0.7.67's maxRowsPerQuery
|
|
160
160
|
// bounds .all() / .first() — this is its streaming counterpart.
|
|
161
|
-
var streamLimit = C.BYTES.bytes(1000000); //
|
|
161
|
+
var streamLimit = C.BYTES.bytes(1000000); // row-count ceiling, not bytes
|
|
162
162
|
|
|
163
163
|
// ---- Framework-baked tables ----
|
|
164
164
|
//
|
|
@@ -1501,7 +1501,7 @@ function from(tableName) {
|
|
|
1501
1501
|
// the same SQL string returns the cached Statement (the canonical
|
|
1502
1502
|
// node:sqlite-style win); previously this was ad-hoc and operators
|
|
1503
1503
|
// re-preparing in a hot path leaked fds.
|
|
1504
|
-
var PREPARE_CACHE_MAX = 256; //
|
|
1504
|
+
var PREPARE_CACHE_MAX = 256; // distinct-statement cache cap
|
|
1505
1505
|
var _prepareCache = new Map(); // sql → Statement (insertion order = LRU)
|
|
1506
1506
|
|
|
1507
1507
|
/**
|
|
@@ -1688,7 +1688,7 @@ function _reportSlowSqlite(durationMs, statement) {
|
|
|
1688
1688
|
backend: "sqlite",
|
|
1689
1689
|
bucket: bucket.label,
|
|
1690
1690
|
statementClass: _classifyStatementLocal(statement),
|
|
1691
|
-
"db.statement": String(statement || "").slice(0, 256), //
|
|
1691
|
+
"db.statement": String(statement || "").slice(0, 256), // log-truncation length, not bytes
|
|
1692
1692
|
});
|
|
1693
1693
|
} catch (_e) { /* hot-path observability sink — drop-silent by design */ }
|
|
1694
1694
|
return;
|
|
@@ -1717,7 +1717,7 @@ function execRaw(sql) {
|
|
|
1717
1717
|
// OTel can correlate without an adapter.
|
|
1718
1718
|
"db.system": "sqlite",
|
|
1719
1719
|
"db.operation": String(sql).match(DDL_RE)[1].toUpperCase(),
|
|
1720
|
-
"db.statement": String(sql).slice(0, 256), //
|
|
1720
|
+
"db.statement": String(sql).slice(0, 256), // log-truncation length, not bytes
|
|
1721
1721
|
durationMs: durationMs,
|
|
1722
1722
|
},
|
|
1723
1723
|
});
|
|
@@ -1734,7 +1734,7 @@ function execRaw(sql) {
|
|
|
1734
1734
|
metadata: {
|
|
1735
1735
|
"db.system": "sqlite",
|
|
1736
1736
|
"db.operation": String(sql).match(DDL_RE)[1].toUpperCase(),
|
|
1737
|
-
"db.statement": String(sql).slice(0, 256), //
|
|
1737
|
+
"db.statement": String(sql).slice(0, 256), // log-truncation length, not bytes
|
|
1738
1738
|
durationMs: failureMs,
|
|
1739
1739
|
},
|
|
1740
1740
|
});
|
|
@@ -2684,7 +2684,7 @@ function vacuumAfterErase(opts) {
|
|
|
2684
2684
|
} else {
|
|
2685
2685
|
require("./numeric-bounds").requirePositiveFiniteIntIfPresent(
|
|
2686
2686
|
opts.pages, "pages", DbError, "db/bad-vacuum-pages");
|
|
2687
|
-
var pages = (opts.pages == null) ? 1000 //
|
|
2687
|
+
var pages = (opts.pages == null) ? 1000 // incremental_vacuum default page count
|
|
2688
2688
|
: Math.floor(opts.pages);
|
|
2689
2689
|
sqlStmt = "PRAGMA incremental_vacuum(" + pages + ");";
|
|
2690
2690
|
}
|
package/lib/dbsc.js
CHANGED
|
@@ -69,14 +69,14 @@ var DEFAULT_CHALLENGE_TTL_MS = C.TIME.minutes(5);
|
|
|
69
69
|
function challenge(opts) {
|
|
70
70
|
opts = validateOpts.requireObject(opts, "dbsc.challenge", DbscError, "dbsc/bad-opts");
|
|
71
71
|
validateOpts(opts, ["secretKey", "ttlMs", "nonce"], "dbsc.challenge");
|
|
72
|
-
if (!Buffer.isBuffer(opts.secretKey) || opts.secretKey.length < 32) { //
|
|
72
|
+
if (!Buffer.isBuffer(opts.secretKey) || opts.secretKey.length < 32) { // 32-byte HMAC secret floor
|
|
73
73
|
throw new DbscError("dbsc/bad-secret",
|
|
74
74
|
"challenge: opts.secretKey must be a Buffer (>= 32 bytes)");
|
|
75
75
|
}
|
|
76
76
|
validateOpts.optionalPositiveFinite(opts.ttlMs, "dbsc.challenge: ttlMs",
|
|
77
77
|
DbscError, "dbsc/bad-ttl");
|
|
78
78
|
var ttlMs = opts.ttlMs || DEFAULT_CHALLENGE_TTL_MS;
|
|
79
|
-
var nonceBuf = opts.nonce ? Buffer.from(String(opts.nonce), "utf8") : bCrypto.generateBytes(32); //
|
|
79
|
+
var nonceBuf = opts.nonce ? Buffer.from(String(opts.nonce), "utf8") : bCrypto.generateBytes(32); // 32-byte nonce
|
|
80
80
|
var expiresAt = Date.now() + ttlMs;
|
|
81
81
|
var msg = nonceBuf.toString("base64") + "." + expiresAt;
|
|
82
82
|
var mac = nodeCrypto.createHmac("sha3-512", opts.secretKey).update(msg).digest("base64");
|
|
@@ -110,7 +110,7 @@ function verifyChallenge(challengeStr, opts) {
|
|
|
110
110
|
throw new DbscError("dbsc/bad-challenge",
|
|
111
111
|
"verifyChallenge: challenge must be a string");
|
|
112
112
|
}
|
|
113
|
-
if (!Buffer.isBuffer(opts.secretKey) || opts.secretKey.length < 32) { //
|
|
113
|
+
if (!Buffer.isBuffer(opts.secretKey) || opts.secretKey.length < 32) { // 32-byte HMAC secret floor
|
|
114
114
|
throw new DbscError("dbsc/bad-secret",
|
|
115
115
|
"verifyChallenge: opts.secretKey must be a Buffer (>= 32 bytes)");
|
|
116
116
|
}
|
|
@@ -209,7 +209,7 @@ function verifyBindingAssertion(assertion, opts) {
|
|
|
209
209
|
var ok;
|
|
210
210
|
if (headerJson.alg === "ES256") {
|
|
211
211
|
// JWT raw r||s → DER for nodeCrypto.verify.
|
|
212
|
-
if (sigBytes.length !== 64) { //
|
|
212
|
+
if (sigBytes.length !== 64) { // P-256 r||s shape
|
|
213
213
|
throw new DbscError("dbsc/bad-sig", "ES256 signature must be 64 bytes raw");
|
|
214
214
|
}
|
|
215
215
|
var derSig = _ecdsaRawToDer(sigBytes);
|
|
@@ -237,8 +237,8 @@ function verifyBindingAssertion(assertion, opts) {
|
|
|
237
237
|
"or 'challenge' (server-nonce-bound); without freshness material the " +
|
|
238
238
|
"assertion replays indefinitely");
|
|
239
239
|
}
|
|
240
|
-
var maxAge = (opts.maxAgeSec || 300) * 1000; // allow:raw-
|
|
241
|
-
if (typeof payloadJson.iat === "number" && Date.now() - payloadJson.iat * 1000 > maxAge) { // allow:raw-
|
|
240
|
+
var maxAge = (opts.maxAgeSec || 300) * 1000; // allow:raw-time-literal — 5min default
|
|
241
|
+
if (typeof payloadJson.iat === "number" && Date.now() - payloadJson.iat * 1000 > maxAge) { // allow:raw-time-literal — sec→ms
|
|
242
242
|
throw new DbscError("dbsc/stale",
|
|
243
243
|
"verifyBindingAssertion: iat is more than " + opts.maxAgeSec + "s old");
|
|
244
244
|
}
|
|
@@ -252,23 +252,23 @@ function verifyBindingAssertion(assertion, opts) {
|
|
|
252
252
|
}
|
|
253
253
|
|
|
254
254
|
function _ecdsaRawToDer(raw) {
|
|
255
|
-
if (raw.length !== 64) throw new DbscError("dbsc/bad-sig", "raw r||s must be 64 bytes"); //
|
|
256
|
-
var r = _trimLeadingZeros(raw.slice(0, 32)); //
|
|
257
|
-
var s = _trimLeadingZeros(raw.slice(32)); //
|
|
255
|
+
if (raw.length !== 64) throw new DbscError("dbsc/bad-sig", "raw r||s must be 64 bytes"); // P-256 r||s shape
|
|
256
|
+
var r = _trimLeadingZeros(raw.slice(0, 32)); // 32-byte r
|
|
257
|
+
var s = _trimLeadingZeros(raw.slice(32)); // 32-byte s offset
|
|
258
258
|
function _intDer(buf) {
|
|
259
259
|
// Prepend 0x00 if high bit set (positive INTEGER per DER).
|
|
260
|
-
if (buf[0] & 0x80) buf = Buffer.concat([Buffer.from([0x00]), buf]); //
|
|
261
|
-
return Buffer.concat([Buffer.from([0x02, buf.length]), buf]); //
|
|
260
|
+
if (buf[0] & 0x80) buf = Buffer.concat([Buffer.from([0x00]), buf]); // DER sign-bit pad
|
|
261
|
+
return Buffer.concat([Buffer.from([0x02, buf.length]), buf]); // ASN.1 INTEGER tag
|
|
262
262
|
}
|
|
263
263
|
var rDer = _intDer(r);
|
|
264
264
|
var sDer = _intDer(s);
|
|
265
265
|
var seqBody = Buffer.concat([rDer, sDer]);
|
|
266
|
-
return Buffer.concat([Buffer.from([0x30, seqBody.length]), seqBody]); //
|
|
266
|
+
return Buffer.concat([Buffer.from([0x30, seqBody.length]), seqBody]); // ASN.1 SEQUENCE tag
|
|
267
267
|
}
|
|
268
268
|
|
|
269
269
|
function _trimLeadingZeros(buf) {
|
|
270
270
|
var i = 0;
|
|
271
|
-
while (i < buf.length - 1 && buf[i] === 0x00) i += 1; //
|
|
271
|
+
while (i < buf.length - 1 && buf[i] === 0x00) i += 1; // leading zero byte
|
|
272
272
|
return buf.slice(i);
|
|
273
273
|
}
|
|
274
274
|
|
package/lib/did.js
CHANGED
|
@@ -58,15 +58,15 @@ var B58_MAP = (function () {
|
|
|
58
58
|
for (var i = 0; i < B58_ALPHABET.length; i += 1) m[B58_ALPHABET[i]] = i;
|
|
59
59
|
return m;
|
|
60
60
|
})();
|
|
61
|
-
var MAX_MULTIBASE_CHARS = 1024; //
|
|
62
|
-
var MAX_JWK_B64_CHARS = 8192; //
|
|
61
|
+
var MAX_MULTIBASE_CHARS = 1024; // bounded did:key multibase length (DoS cap)
|
|
62
|
+
var MAX_JWK_B64_CHARS = 8192; // bounded did:jwk encoded-JWK length (DoS cap)
|
|
63
63
|
|
|
64
64
|
// multicodec public-key codes (unsigned-varint) → curve descriptor.
|
|
65
65
|
// keyLen is the multicodec payload: Ed25519 raw 32; EC compressed point.
|
|
66
66
|
var MULTICODEC = {
|
|
67
67
|
0xed: { name: "Ed25519", kind: "okp" }, // ed25519-pub
|
|
68
|
-
0x1200: { name: "P-256", kind: "ec", curveOid: "1.2.840.10045.3.1.7" }, // allow:raw-
|
|
69
|
-
0x1201: { name: "P-384", kind: "ec", curveOid: "1.3.132.0.34" }, //
|
|
68
|
+
0x1200: { name: "P-256", kind: "ec", curveOid: "1.2.840.10045.3.1.7" }, // allow:raw-time-literal — p256-pub multicodec code + OID dotted-form
|
|
69
|
+
0x1201: { name: "P-384", kind: "ec", curveOid: "1.3.132.0.34" }, // p384-pub multicodec code
|
|
70
70
|
0xe7: { name: "secp256k1", kind: "ec", curveOid: "1.3.132.0.10" }, // secp256k1-pub
|
|
71
71
|
};
|
|
72
72
|
var NAME_TO_CODE = {};
|
|
@@ -86,9 +86,9 @@ function _b58decode(str) {
|
|
|
86
86
|
for (var j = 0; j < bytes.length; j += 1) {
|
|
87
87
|
carry += bytes[j] * 58;
|
|
88
88
|
bytes[j] = carry & 0xff;
|
|
89
|
-
carry >>= 8; //
|
|
89
|
+
carry >>= 8; // base-256 carry
|
|
90
90
|
}
|
|
91
|
-
while (carry > 0) { bytes.push(carry & 0xff); carry >>= 8; } //
|
|
91
|
+
while (carry > 0) { bytes.push(carry & 0xff); carry >>= 8; } // base-256 carry
|
|
92
92
|
}
|
|
93
93
|
// Leading '1's are leading zero bytes.
|
|
94
94
|
for (var k = 0; k < str.length && str[k] === "1"; k += 1) bytes.push(0);
|
|
@@ -100,7 +100,7 @@ function _b58encode(buf) {
|
|
|
100
100
|
for (var i = 0; i < buf.length; i += 1) {
|
|
101
101
|
var carry = buf[i];
|
|
102
102
|
for (var j = 0; j < digits.length; j += 1) {
|
|
103
|
-
carry += digits[j] << 8; //
|
|
103
|
+
carry += digits[j] << 8; // base-256 shift
|
|
104
104
|
digits[j] = carry % 58;
|
|
105
105
|
carry = (carry / 58) | 0;
|
|
106
106
|
}
|
|
@@ -115,19 +115,19 @@ function _b58encode(buf) {
|
|
|
115
115
|
// Read an unsigned LEB128 varint (multicodec code). Bounded to 4 bytes.
|
|
116
116
|
function _readVarint(buf) {
|
|
117
117
|
var value = 0, shift = 0, len = 0;
|
|
118
|
-
for (var i = 0; i < buf.length && i < 4; i += 1) { //
|
|
118
|
+
for (var i = 0; i < buf.length && i < 4; i += 1) { // multicodec varint ≤ 4 bytes
|
|
119
119
|
var b = buf[i];
|
|
120
120
|
value |= (b & 0x7f) << shift;
|
|
121
121
|
len += 1;
|
|
122
122
|
if ((b & 0x80) === 0) return { value: value >>> 0, length: len };
|
|
123
|
-
shift += 7; //
|
|
123
|
+
shift += 7; // 7 bits per varint byte
|
|
124
124
|
}
|
|
125
125
|
throw new DidError("did/bad-multicodec", "did: multicodec varint did not terminate");
|
|
126
126
|
}
|
|
127
127
|
function _encodeVarint(code) {
|
|
128
128
|
var out = [];
|
|
129
129
|
var n = code;
|
|
130
|
-
do { var b = n & 0x7f; n >>>= 7; if (n > 0) b |= 0x80; out.push(b); } while (n > 0); //
|
|
130
|
+
do { var b = n & 0x7f; n >>>= 7; if (n > 0) b |= 0x80; out.push(b); } while (n > 0); // LEB128 7-bit groups
|
|
131
131
|
return Buffer.from(out);
|
|
132
132
|
}
|
|
133
133
|
|
|
@@ -137,9 +137,9 @@ var ED25519_SPKI_PREFIX = Buffer.from("302a300506032b6570032100", "hex"); // R
|
|
|
137
137
|
|
|
138
138
|
function _keyObjectFromMulticodec(code, keyBytes) {
|
|
139
139
|
var desc = MULTICODEC[code];
|
|
140
|
-
if (!desc) throw new DidError("did/unsupported-key", "did: unsupported multicodec key code 0x" + code.toString(16)); //
|
|
140
|
+
if (!desc) throw new DidError("did/unsupported-key", "did: unsupported multicodec key code 0x" + code.toString(16)); // hex radix
|
|
141
141
|
if (desc.kind === "okp") {
|
|
142
|
-
if (keyBytes.length !== 32) { //
|
|
142
|
+
if (keyBytes.length !== 32) { // Ed25519 public key is 32 bytes
|
|
143
143
|
throw new DidError("did/bad-key", "did: Ed25519 key must be 32 bytes (got " + keyBytes.length + ")");
|
|
144
144
|
}
|
|
145
145
|
return nodeCrypto.createPublicKey({ key: Buffer.concat([ED25519_SPKI_PREFIX, keyBytes]), format: "der", type: "spki" });
|
|
@@ -152,25 +152,25 @@ function _keyObjectFromMulticodec(code, keyBytes) {
|
|
|
152
152
|
var algid = _ecAlgId(desc.curveOid);
|
|
153
153
|
var bitstr = Buffer.concat([Buffer.from([0x03, keyBytes.length + 1, 0x00]), keyBytes]);
|
|
154
154
|
var body = Buffer.concat([algid, bitstr]);
|
|
155
|
-
var spki = Buffer.concat([Buffer.from([0x30, body.length]), body]); //
|
|
155
|
+
var spki = Buffer.concat([Buffer.from([0x30, body.length]), body]); // SEQUENCE tag; single-byte DER length holds for these curves
|
|
156
156
|
try { return nodeCrypto.createPublicKey({ key: spki, format: "der", type: "spki" }); }
|
|
157
157
|
catch (e) { throw new DidError("did/bad-key", "did: could not import EC key: " + ((e && e.message) || e)); }
|
|
158
158
|
}
|
|
159
159
|
|
|
160
160
|
// AlgorithmIdentifier SEQUENCE { id-ecPublicKey, namedCurve OID }.
|
|
161
161
|
function _ecAlgId(curveOid) {
|
|
162
|
-
var idEcPublicKey = Buffer.from("06072a8648ce3d0201", "hex"); // allow:raw-
|
|
162
|
+
var idEcPublicKey = Buffer.from("06072a8648ce3d0201", "hex"); // allow:raw-time-literal — DER OID for id-ecPublicKey
|
|
163
163
|
var curve = _oidDer(curveOid);
|
|
164
164
|
var inner = Buffer.concat([idEcPublicKey, curve]);
|
|
165
165
|
return Buffer.concat([Buffer.from([0x30, inner.length]), inner]);
|
|
166
166
|
}
|
|
167
167
|
function _oidDer(dotted) {
|
|
168
168
|
var parts = dotted.split(".").map(Number);
|
|
169
|
-
var bytes = [parts[0] * 40 + parts[1]]; //
|
|
169
|
+
var bytes = [parts[0] * 40 + parts[1]]; // X.690 first-arc encoding
|
|
170
170
|
for (var i = 2; i < parts.length; i += 1) {
|
|
171
171
|
var arc = parts[i], stack = [];
|
|
172
|
-
do { stack.unshift(arc & 0x7f); arc >>>= 7; } while (arc > 0); //
|
|
173
|
-
for (var j = 0; j < stack.length - 1; j += 1) stack[j] |= 0x80; //
|
|
172
|
+
do { stack.unshift(arc & 0x7f); arc >>>= 7; } while (arc > 0); // base-128 OID arc
|
|
173
|
+
for (var j = 0; j < stack.length - 1; j += 1) stack[j] |= 0x80; // continuation bit
|
|
174
174
|
bytes = bytes.concat(stack);
|
|
175
175
|
}
|
|
176
176
|
return Buffer.concat([Buffer.from([0x06, bytes.length]), Buffer.from(bytes)]);
|
package/lib/dora.js
CHANGED
|
@@ -46,9 +46,9 @@ var observability = lazyRequire(function () { return require("./observability");
|
|
|
46
46
|
// - Critical-process disruption >= 8h
|
|
47
47
|
// - Reputational impact (media coverage)
|
|
48
48
|
var MAJOR_INCIDENT_THRESHOLDS = Object.freeze({
|
|
49
|
-
affectedClientsAbsolute: 100000, //
|
|
49
|
+
affectedClientsAbsolute: 100000, // RTS 2024/1772 Art. 1(1)(a) regulator-fixed cap (100k clients)
|
|
50
50
|
affectedClientsPercentile: 0.10, // RTS Art. 1(1)(a) — 10% client base
|
|
51
|
-
economicImpactEur: 100000, //
|
|
51
|
+
economicImpactEur: 100000, // RTS 2024/1772 Art. 1(1)(c) regulator-fixed cap (100k EUR)
|
|
52
52
|
geographicMemberStates: 2, // RTS Art. 1(1)(d) — 2+ member states
|
|
53
53
|
durationCriticalProcessMs: C.TIME.hours(8), // RTS Art. 1(1)(e) — 8h
|
|
54
54
|
});
|
|
@@ -56,9 +56,9 @@ var MAJOR_INCIDENT_THRESHOLDS = Object.freeze({
|
|
|
56
56
|
// Article 8 — significant incident (one threshold below major).
|
|
57
57
|
// Default threshold values per ESA guidelines.
|
|
58
58
|
var SIGNIFICANT_INCIDENT_THRESHOLDS = Object.freeze({
|
|
59
|
-
affectedClientsAbsolute: 10000, //
|
|
59
|
+
affectedClientsAbsolute: 10000, // ESA-guideline regulator-fixed cap (10k clients)
|
|
60
60
|
affectedClientsPercentile: 0.01, // 1% client base
|
|
61
|
-
economicImpactEur: 10000, //
|
|
61
|
+
economicImpactEur: 10000, // ESA-guideline regulator-fixed cap (10k EUR)
|
|
62
62
|
durationCriticalProcessMs: C.TIME.hours(2), // 2h
|
|
63
63
|
});
|
|
64
64
|
|
package/lib/dsr.js
CHANGED
|
@@ -368,7 +368,7 @@ function create(opts) {
|
|
|
368
368
|
}
|
|
369
369
|
|
|
370
370
|
function _newTicketId() {
|
|
371
|
-
var ts = String(Date.now()).slice(-7); //
|
|
371
|
+
var ts = String(Date.now()).slice(-7); // last 7 chars of unix-ms timestamp; collision-resistant when paired with the random suffix
|
|
372
372
|
var rnd = bCrypto.generateBytes(C.BYTES.bytes(6)).toString("hex").toUpperCase();
|
|
373
373
|
return "DSR-" + ts + "-" + rnd;
|
|
374
374
|
}
|
package/lib/early-hints.js
CHANGED
|
@@ -67,7 +67,7 @@ var REFUSED_HEADERS = Object.freeze([
|
|
|
67
67
|
]);
|
|
68
68
|
|
|
69
69
|
var LINK_RELATION_RE = /^(preload|preconnect|prefetch|dns-prefetch|modulepreload|prerender|next|prev)$/i;
|
|
70
|
-
var LINK_MAX_BYTES = 4096; //
|
|
70
|
+
var LINK_MAX_BYTES = 4096; // per-link length cap, not bytes
|
|
71
71
|
|
|
72
72
|
/**
|
|
73
73
|
* @primitive b.earlyHints.send
|
|
@@ -194,7 +194,7 @@ function _validateLink(linkValue, idx) {
|
|
|
194
194
|
throw new EarlyHintsError("early-hints/bad-link",
|
|
195
195
|
"link[" + idx + "] missing rel= parameter (RFC 8288)");
|
|
196
196
|
}
|
|
197
|
-
if (relMatch[1].length > 32 || !LINK_RELATION_RE.test(relMatch[1])) { //
|
|
197
|
+
if (relMatch[1].length > 32 || !LINK_RELATION_RE.test(relMatch[1])) { // rel-token length cap, not bytes
|
|
198
198
|
throw new EarlyHintsError("early-hints/bad-link",
|
|
199
199
|
"link[" + idx + "].rel '" + relMatch[1] + "' must be one of: " +
|
|
200
200
|
"preload, preconnect, prefetch, dns-prefetch, modulepreload, prerender, next, prev");
|
package/lib/eat.js
CHANGED
|
@@ -54,10 +54,10 @@ var { defineClass } = require("./framework-error");
|
|
|
54
54
|
var EatError = defineClass("EatError", { alwaysPermanent: true });
|
|
55
55
|
|
|
56
56
|
// RFC 9711 / IANA CWT Claims registry claim keys.
|
|
57
|
-
var EAT = { //
|
|
58
|
-
nonce: 10, ueid: 256, sueids: 257, oemid: 258, hwmodel: 259, hwversion: 260, //
|
|
59
|
-
uptime: 261, oemboot: 262, dbgstat: 263, location: 264, eat_profile: 265, //
|
|
60
|
-
submods: 266, swname: 270, swversion: 271, manifests: 272, measurements: 273, //
|
|
57
|
+
var EAT = { // RFC 9711 / IANA CWT claim-key labels, not byte sizes
|
|
58
|
+
nonce: 10, ueid: 256, sueids: 257, oemid: 258, hwmodel: 259, hwversion: 260, // CWT claim keys
|
|
59
|
+
uptime: 261, oemboot: 262, dbgstat: 263, location: 264, eat_profile: 265, // CWT claim keys
|
|
60
|
+
submods: 266, swname: 270, swversion: 271, manifests: 272, measurements: 273, // CWT claim keys
|
|
61
61
|
};
|
|
62
62
|
var EAT_BY_LABEL = {};
|
|
63
63
|
Object.keys(EAT).forEach(function (k) { EAT_BY_LABEL[EAT[k]] = k; });
|
|
@@ -132,7 +132,7 @@ function _err(code, message) {
|
|
|
132
132
|
// without it, a stolen-and-released migration lock could be wrongly
|
|
133
133
|
// attributed back to the new boot. The token is process-scoped so
|
|
134
134
|
// every replica picks a fresh one at module load.
|
|
135
|
-
var _BOOT_TOKEN = require("node:crypto").randomBytes(8).toString("hex"); //
|
|
135
|
+
var _BOOT_TOKEN = require("node:crypto").randomBytes(8).toString("hex"); // boot-id token entropy
|
|
136
136
|
|
|
137
137
|
function _lockHolderId() {
|
|
138
138
|
return String(process.pid) + "@" +
|
package/lib/external-db.js
CHANGED
|
@@ -755,7 +755,7 @@ async function transaction(fn, opts) {
|
|
|
755
755
|
if (isTransient && attempt <= maxRetries) {
|
|
756
756
|
_emitMetric("externaldb.transaction.retry", 1,
|
|
757
757
|
{ backend: b.name, code: txErr.code, attempt: String(attempt) });
|
|
758
|
-
var jitter = bCrypto.randomInt(0, 6); //
|
|
758
|
+
var jitter = bCrypto.randomInt(0, 6); // 0-5ms jitter
|
|
759
759
|
await safeAsync.sleep(attempt * 5 + jitter); // allow:raw-time-literal — sub-second backoff
|
|
760
760
|
continue;
|
|
761
761
|
}
|
package/lib/flag-cache.js
CHANGED
|
@@ -47,7 +47,7 @@ function cache(downstream, opts) {
|
|
|
47
47
|
// allow:numeric-opt-Infinity — maxEntries default + Math.floor coerce; throws on bad type at config time
|
|
48
48
|
var maxEntries = (typeof opts.maxEntries === "number" && opts.maxEntries > 0)
|
|
49
49
|
? Math.floor(opts.maxEntries)
|
|
50
|
-
: 10000; //
|
|
50
|
+
: 10000; // entry-count default
|
|
51
51
|
var auditOn = opts.audit === true; // off by default — too chatty
|
|
52
52
|
var entries = new Map();
|
|
53
53
|
var hits = 0;
|
|
@@ -96,7 +96,7 @@ function fromRequest(req, opts) {
|
|
|
96
96
|
headers["x-forwarded-for"].split(",")[0].trim()) ||
|
|
97
97
|
(req.connection && req.connection.remoteAddress) || "";
|
|
98
98
|
var ua = headers["user-agent"] || "";
|
|
99
|
-
tk = "anon:" + bCrypto().sha3Hash(ip + ":" + ua).slice(0, 16); //
|
|
99
|
+
tk = "anon:" + bCrypto().sha3Hash(ip + ":" + ua).slice(0, 16); // base16 prefix len
|
|
100
100
|
}
|
|
101
101
|
ctx.targetingKey = tk;
|
|
102
102
|
|
|
@@ -123,7 +123,7 @@ function bucketOf(targetingKey, flagKey) {
|
|
|
123
123
|
// Use first 4 bytes as a uint32, then mod 10000 → 0.00-99.99 with
|
|
124
124
|
// sub-percent granularity.
|
|
125
125
|
var n = digest.readUInt32BE(0);
|
|
126
|
-
return (n % 10000) / 100; //
|
|
126
|
+
return (n % 10000) / 100; // bucket-precision divisor
|
|
127
127
|
}
|
|
128
128
|
|
|
129
129
|
module.exports = {
|
|
@@ -31,10 +31,10 @@ var audit = require("./audit");
|
|
|
31
31
|
var { GraphqlFederationError } = require("./framework-error");
|
|
32
32
|
|
|
33
33
|
var SDL_PROBE_MAX = C.BYTES.kib(64);
|
|
34
|
-
var ROUTER_TOKEN_MIN_LEN = 32; //
|
|
35
|
-
var NONCE_MIN_LEN = 16; //
|
|
36
|
-
var NONCE_MAX_LEN = 256; //
|
|
37
|
-
var NONCE_PREVIEW_LEN = 8; //
|
|
34
|
+
var ROUTER_TOKEN_MIN_LEN = 32; // string-length floor for token entropy, not bytes
|
|
35
|
+
var NONCE_MIN_LEN = 16; // string-length floor for nonce entropy, not bytes
|
|
36
|
+
var NONCE_MAX_LEN = 256; // string-length cap, not bytes
|
|
37
|
+
var NONCE_PREVIEW_LEN = 8; // log-preview slice length, not bytes
|
|
38
38
|
var SDL_PROBE_RE = /(^|[\s,{])_service\b|_entities\b/;
|
|
39
39
|
|
|
40
40
|
/**
|
|
@@ -175,7 +175,7 @@ function guardSdl(opts) {
|
|
|
175
175
|
return _readBody(req, errorClass).then(function (rawBody) {
|
|
176
176
|
var query = null;
|
|
177
177
|
try {
|
|
178
|
-
var parsed = typeof rawBody === "string" ? safeJson.parse(rawBody, { maxBytes: C.BYTES.mib(1) }) : rawBody; //
|
|
178
|
+
var parsed = typeof rawBody === "string" ? safeJson.parse(rawBody, { maxBytes: C.BYTES.mib(1) }) : rawBody; // routed via safeJson.parse
|
|
179
179
|
query = parsed && typeof parsed === "object" ? parsed.query : null;
|
|
180
180
|
} catch (_e) { /* not JSON; pass through */ }
|
|
181
181
|
if (req.body === undefined) req.body = rawBody;
|
|
@@ -29,9 +29,9 @@ var GuardAgentRegistryError = defineClass("GuardAgentRegistryError", { alwaysPer
|
|
|
29
29
|
var DEFAULT_PROFILE = "strict";
|
|
30
30
|
|
|
31
31
|
var PROFILES = Object.freeze({
|
|
32
|
-
strict: { maxNameBytes: 64, maxKindBytes: 32 },
|
|
33
|
-
balanced: { maxNameBytes: 128, maxKindBytes: 64 },
|
|
34
|
-
permissive: { maxNameBytes: 512, maxKindBytes: 128 },
|
|
32
|
+
strict: { maxNameBytes: 64, maxKindBytes: 32 },
|
|
33
|
+
balanced: { maxNameBytes: 128, maxKindBytes: 64 },
|
|
34
|
+
permissive: { maxNameBytes: 512, maxKindBytes: 128 },
|
|
35
35
|
});
|
|
36
36
|
|
|
37
37
|
var COMPLIANCE_POSTURES = Object.freeze({
|
|
@@ -132,11 +132,11 @@ function _checkName(name, profile) {
|
|
|
132
132
|
}
|
|
133
133
|
for (var i = 0; i < name.length; i += 1) {
|
|
134
134
|
var c = name.charCodeAt(i);
|
|
135
|
-
if (c > 0x7F) { //
|
|
135
|
+
if (c > 0x7F) { // ASCII-only cap
|
|
136
136
|
throw new GuardAgentRegistryError("agent-registry/non-ascii",
|
|
137
137
|
"guardAgentRegistry.validate: name contains non-ASCII codepoint at offset " + i);
|
|
138
138
|
}
|
|
139
|
-
if (c < 0x20 || c === 0x7F || c === 0x2F || c === 0x5C) { //
|
|
139
|
+
if (c < 0x20 || c === 0x7F || c === 0x2F || c === 0x5C) { // C0 / DEL / slash / backslash
|
|
140
140
|
throw new GuardAgentRegistryError("agent-registry/bad-name-char",
|
|
141
141
|
"guardAgentRegistry.validate: name contains forbidden char 0x" + c.toString(16));
|
|
142
142
|
}
|
package/lib/guard-archive.js
CHANGED
|
@@ -93,17 +93,17 @@ var ARCHIVE_EXTENSIONS = Object.freeze([
|
|
|
93
93
|
// Magic-byte signatures keyed by format name. First N bytes uniquely
|
|
94
94
|
// identify the format; we read up to 8 bytes for matching.
|
|
95
95
|
var MAGIC_SIGNATURES = Object.freeze([
|
|
96
|
-
{ format: "zip", bytes: [0x50, 0x4B, 0x03, 0x04] }, //
|
|
97
|
-
{ format: "zip", bytes: [0x50, 0x4B, 0x05, 0x06] }, //
|
|
98
|
-
{ format: "zip", bytes: [0x50, 0x4B, 0x07, 0x08] }, //
|
|
99
|
-
{ format: "gzip", bytes: [0x1F, 0x8B] }, //
|
|
100
|
-
{ format: "bzip2", bytes: [0x42, 0x5A, 0x68] }, //
|
|
101
|
-
{ format: "xz", bytes: [0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00] }, //
|
|
102
|
-
{ format: "7z", bytes: [0x37, 0x7A, 0xBC, 0xAF, 0x27, 0x1C] }, //
|
|
103
|
-
{ format: "rar4", bytes: [0x52, 0x61, 0x72, 0x21, 0x1A, 0x07, 0x00] }, //
|
|
104
|
-
{ format: "rar5", bytes: [0x52, 0x61, 0x72, 0x21, 0x1A, 0x07, 0x01, 0x00] }, //
|
|
105
|
-
{ format: "lzma", bytes: [0x5D, 0x00, 0x00] }, //
|
|
106
|
-
{ format: "zstd", bytes: [0x28, 0xB5, 0x2F, 0xFD] }, //
|
|
96
|
+
{ format: "zip", bytes: [0x50, 0x4B, 0x03, 0x04] }, // ZIP local file header magic per APPNOTE.TXT §4.3.7
|
|
97
|
+
{ format: "zip", bytes: [0x50, 0x4B, 0x05, 0x06] }, // ZIP empty-archive end-of-central-directory magic
|
|
98
|
+
{ format: "zip", bytes: [0x50, 0x4B, 0x07, 0x08] }, // ZIP spanned-archive marker
|
|
99
|
+
{ format: "gzip", bytes: [0x1F, 0x8B] }, // gzip magic per RFC 1952 §2.3.1
|
|
100
|
+
{ format: "bzip2", bytes: [0x42, 0x5A, 0x68] }, // bzip2 "BZh" magic
|
|
101
|
+
{ format: "xz", bytes: [0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00] }, // XZ magic per xz spec §2.1.1.1
|
|
102
|
+
{ format: "7z", bytes: [0x37, 0x7A, 0xBC, 0xAF, 0x27, 0x1C] }, // 7-zip magic per 7z spec
|
|
103
|
+
{ format: "rar4", bytes: [0x52, 0x61, 0x72, 0x21, 0x1A, 0x07, 0x00] }, // RAR4 magic
|
|
104
|
+
{ format: "rar5", bytes: [0x52, 0x61, 0x72, 0x21, 0x1A, 0x07, 0x01, 0x00] }, // RAR5 magic
|
|
105
|
+
{ format: "lzma", bytes: [0x5D, 0x00, 0x00] }, // LZMA magic byte sequence (heuristic)
|
|
106
|
+
{ format: "zstd", bytes: [0x28, 0xB5, 0x2F, 0xFD] }, // Zstandard magic per RFC 8478 §3.1.1
|
|
107
107
|
// tar is identified by the "ustar" magic at byte offset 257 inside
|
|
108
108
|
// the first 512-byte header; handled separately in inspectMagic().
|
|
109
109
|
]);
|
|
@@ -126,12 +126,12 @@ var PROFILES = Object.freeze({
|
|
|
126
126
|
caseInsensitiveCollisionPolicy: "reject",
|
|
127
127
|
sparseEntryPolicy: "reject",
|
|
128
128
|
filenameProfile: "balanced", // per-entry name validation profile
|
|
129
|
-
maxEntries: 100, //
|
|
129
|
+
maxEntries: 100, // entry count cap, not byte size
|
|
130
130
|
maxTotalBytes: C.BYTES.mib(100),
|
|
131
131
|
maxEntryBytes: C.BYTES.mib(50),
|
|
132
|
-
maxCompressionRatio: 100, //
|
|
133
|
-
maxAggregateRatio: 200, //
|
|
134
|
-
maxNestedDepth: 0, //
|
|
132
|
+
maxCompressionRatio: 100, // ratio multiplier, not byte size
|
|
133
|
+
maxAggregateRatio: 200, // aggregate-ratio multiplier, not byte size
|
|
134
|
+
maxNestedDepth: 0, // recursion depth, not byte size
|
|
135
135
|
},
|
|
136
136
|
"balanced": {
|
|
137
137
|
bidiPolicy: "reject",
|
|
@@ -148,12 +148,12 @@ var PROFILES = Object.freeze({
|
|
|
148
148
|
caseInsensitiveCollisionPolicy: "audit",
|
|
149
149
|
sparseEntryPolicy: "audit",
|
|
150
150
|
filenameProfile: "balanced",
|
|
151
|
-
maxEntries: 10000, //
|
|
151
|
+
maxEntries: 10000, // entry count cap, not byte size
|
|
152
152
|
maxTotalBytes: C.BYTES.gib(1),
|
|
153
153
|
maxEntryBytes: C.BYTES.mib(500),
|
|
154
|
-
maxCompressionRatio: 100, //
|
|
155
|
-
maxAggregateRatio: 1000, //
|
|
156
|
-
maxNestedDepth: 2, //
|
|
154
|
+
maxCompressionRatio: 100, // ratio multiplier, not byte size
|
|
155
|
+
maxAggregateRatio: 1000, // aggregate-ratio multiplier, not byte size
|
|
156
|
+
maxNestedDepth: 2, // recursion depth, not byte size
|
|
157
157
|
},
|
|
158
158
|
"permissive": {
|
|
159
159
|
bidiPolicy: "audit",
|
|
@@ -170,12 +170,12 @@ var PROFILES = Object.freeze({
|
|
|
170
170
|
caseInsensitiveCollisionPolicy: "audit",
|
|
171
171
|
sparseEntryPolicy: "audit",
|
|
172
172
|
filenameProfile: "permissive",
|
|
173
|
-
maxEntries: 100000, //
|
|
173
|
+
maxEntries: 100000, // entry count cap, not byte size
|
|
174
174
|
maxTotalBytes: C.BYTES.gib(10),
|
|
175
175
|
maxEntryBytes: C.BYTES.gib(2),
|
|
176
|
-
maxCompressionRatio: 1000, //
|
|
177
|
-
maxAggregateRatio: 10000, //
|
|
178
|
-
maxNestedDepth: 4, //
|
|
176
|
+
maxCompressionRatio: 1000, // ratio multiplier, not byte size
|
|
177
|
+
maxAggregateRatio: 10000, // aggregate-ratio multiplier, not byte size
|
|
178
|
+
maxNestedDepth: 4, // recursion depth, not byte size
|
|
179
179
|
},
|
|
180
180
|
});
|
|
181
181
|
|
|
@@ -869,7 +869,7 @@ module.exports = {
|
|
|
869
869
|
kind: "entries",
|
|
870
870
|
contentType: "application/zip",
|
|
871
871
|
extension: ".zip",
|
|
872
|
-
benignEntries: [{ name: "README.txt", size: 1000, compressedSize: 500 }], //
|
|
872
|
+
benignEntries: [{ name: "README.txt", size: 1000, compressedSize: 500 }], // integration-fixture sample size, not byte config
|
|
873
873
|
// Hostile: zip-slip path traversal in entry name (CVE-2025-3445 class).
|
|
874
874
|
hostileEntries: [{ name: "../etc/passwd", size: 100, compressedSize: 50 }],
|
|
875
875
|
}),
|