@blamejs/core 0.15.12 → 0.15.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/index.js +2 -0
- package/lib/a2a-tasks.js +45 -29
- package/lib/acme.js +6 -5
- package/lib/agent-event-bus.js +18 -4
- package/lib/agent-idempotency.js +7 -6
- package/lib/agent-orchestrator.js +2 -5
- package/lib/agent-saga.js +3 -5
- package/lib/agent-snapshot.js +32 -2
- package/lib/agent-tenant.js +2 -5
- package/lib/ai-adverse-decision.js +2 -15
- package/lib/ai-aedt-bias-audit.js +2 -1
- package/lib/ai-capability.js +1 -6
- package/lib/ai-content-detect.js +1 -3
- package/lib/ai-dp.js +1 -5
- package/lib/ai-frontier-protocol.js +1 -1
- package/lib/ai-input.js +2 -2
- package/lib/ai-model-manifest.js +1 -1
- package/lib/ai-output.js +16 -7
- package/lib/ai-pref.js +3 -8
- package/lib/ai-quota.js +3 -14
- package/lib/api-key.js +37 -28
- package/lib/api-snapshot.js +4 -1
- package/lib/app-shutdown.js +7 -1
- package/lib/archive-adapters.js +2 -4
- package/lib/archive-entry-policy.js +32 -0
- package/lib/archive-gz.js +9 -0
- package/lib/archive-read.js +14 -24
- package/lib/archive-tar-read.js +56 -24
- package/lib/archive.js +6 -12
- package/lib/arg-parser.js +7 -6
- package/lib/asn1-der.js +70 -22
- package/lib/asyncapi-traits.js +2 -6
- package/lib/atomic-file.js +312 -33
- package/lib/audit-chain.js +183 -54
- package/lib/audit-daily-review.js +36 -16
- package/lib/audit-emit.js +82 -0
- package/lib/audit-sign.js +258 -0
- package/lib/audit-tools.js +108 -23
- package/lib/audit.js +91 -2
- package/lib/auth/access-lock.js +7 -29
- package/lib/auth/bot-challenge.js +1 -1
- package/lib/auth/ciba.js +43 -4
- package/lib/auth/dpop.js +29 -36
- package/lib/auth/fido-mds3.js +14 -16
- package/lib/auth/jwt-external.js +26 -8
- package/lib/auth/jwt.js +15 -17
- package/lib/auth/lockout.js +24 -27
- package/lib/auth/oauth.js +67 -45
- package/lib/auth/oid4vci.js +55 -32
- package/lib/auth/oid4vp.js +3 -2
- package/lib/auth/openid-federation.js +6 -6
- package/lib/auth/passkey.js +4 -4
- package/lib/auth/password.js +8 -2
- package/lib/auth/saml.js +70 -40
- package/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/auth/sd-jwt-vc.js +25 -5
- package/lib/auth/status-list.js +21 -9
- package/lib/auth/step-up.js +15 -13
- package/lib/auth-bot-challenge.js +27 -39
- package/lib/backup/bundle.js +18 -20
- package/lib/backup/crypto.js +23 -8
- package/lib/backup/index.js +55 -67
- package/lib/backup/manifest.js +7 -1
- package/lib/bounded-map.js +112 -1
- package/lib/breach-deadline.js +1 -11
- package/lib/break-glass.js +41 -22
- package/lib/cache.js +7 -18
- package/lib/cbor.js +36 -12
- package/lib/cdn-cache-control.js +15 -12
- package/lib/cert.js +8 -13
- package/lib/chain-writer.js +162 -47
- package/lib/cli.js +10 -2
- package/lib/client-hints.js +7 -9
- package/lib/cloud-events.js +43 -33
- package/lib/cluster-storage.js +9 -41
- package/lib/cms-codec.js +2 -1
- package/lib/codepoint-class.js +84 -1
- package/lib/compliance-ai-act-logging.js +1 -6
- package/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/compliance-eaa.js +2 -12
- package/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/compliance-sanctions.js +11 -21
- package/lib/compliance.js +3 -10
- package/lib/config-drift.js +24 -20
- package/lib/content-credentials.js +11 -8
- package/lib/content-digest.js +21 -12
- package/lib/cookies.js +15 -13
- package/lib/cose.js +39 -11
- package/lib/cra-report.js +1 -11
- package/lib/crdt.js +2 -1
- package/lib/crypto-field.js +34 -33
- package/lib/crypto.js +138 -7
- package/lib/csp.js +239 -3
- package/lib/daemon.js +46 -42
- package/lib/data-act.js +46 -13
- package/lib/db-file-lifecycle.js +14 -6
- package/lib/db-query.js +75 -49
- package/lib/db.js +66 -27
- package/lib/dbsc.js +5 -6
- package/lib/ddl-change-control.js +18 -14
- package/lib/deprecate.js +4 -5
- package/lib/did.js +6 -2
- package/lib/dora.js +43 -13
- package/lib/dr-runbook.js +1 -1
- package/lib/dsa.js +2 -1
- package/lib/dsr.js +30 -20
- package/lib/early-hints.js +19 -0
- package/lib/eat.js +5 -1
- package/lib/external-db-migrate.js +21 -22
- package/lib/external-db.js +74 -30
- package/lib/fda-21cfr11.js +42 -13
- package/lib/fdx.js +22 -18
- package/lib/file-upload.js +80 -66
- package/lib/flag-evaluation-context.js +5 -8
- package/lib/flag-providers.js +6 -2
- package/lib/forms.js +1 -1
- package/lib/framework-error.js +12 -0
- package/lib/framework-schema.js +19 -0
- package/lib/fsm.js +7 -12
- package/lib/gate-contract.js +911 -39
- package/lib/gdpr-ropa.js +22 -22
- package/lib/graphql-federation.js +18 -5
- package/lib/guard-agent-registry.js +2 -1
- package/lib/guard-all.js +3 -2
- package/lib/guard-archive.js +9 -30
- package/lib/guard-auth.js +23 -80
- package/lib/guard-cidr.js +20 -96
- package/lib/guard-csv.js +135 -196
- package/lib/guard-domain.js +23 -106
- package/lib/guard-dsn.js +17 -14
- package/lib/guard-email.js +46 -53
- package/lib/guard-envelope.js +2 -2
- package/lib/guard-event-bus-topic.js +2 -1
- package/lib/guard-filename.js +12 -60
- package/lib/guard-graphql.js +28 -75
- package/lib/guard-html-wcag.js +15 -2
- package/lib/guard-html.js +74 -128
- package/lib/guard-idempotency-key.js +2 -1
- package/lib/guard-image.js +280 -77
- package/lib/guard-imap-command.js +9 -10
- package/lib/guard-jmap.js +1 -1
- package/lib/guard-json.js +101 -109
- package/lib/guard-jsonpath.js +20 -88
- package/lib/guard-jwt.js +32 -114
- package/lib/guard-list-id.js +2 -7
- package/lib/guard-list-unsubscribe.js +2 -7
- package/lib/guard-mail-compose.js +5 -6
- package/lib/guard-mail-move.js +3 -2
- package/lib/guard-mail-query.js +5 -3
- package/lib/guard-mail-sieve.js +6 -7
- package/lib/guard-managesieve-command.js +6 -5
- package/lib/guard-markdown.js +76 -110
- package/lib/guard-message-id.js +5 -6
- package/lib/guard-mime.js +20 -99
- package/lib/guard-oauth.js +19 -73
- package/lib/guard-pdf.js +65 -72
- package/lib/guard-pop3-command.js +13 -14
- package/lib/guard-posture-chain.js +2 -1
- package/lib/guard-regex.js +24 -99
- package/lib/guard-saga-config.js +2 -1
- package/lib/guard-shell.js +22 -87
- package/lib/guard-smtp-command.js +9 -12
- package/lib/guard-sql.js +15 -13
- package/lib/guard-stream-args.js +2 -1
- package/lib/guard-svg.js +103 -149
- package/lib/guard-template.js +23 -80
- package/lib/guard-tenant-id.js +2 -1
- package/lib/guard-text.js +592 -0
- package/lib/guard-time.js +27 -95
- package/lib/guard-uuid.js +21 -93
- package/lib/guard-xml.js +76 -106
- package/lib/guard-yaml.js +24 -60
- package/lib/html-balance.js +7 -3
- package/lib/http-client-cache.js +5 -12
- package/lib/http-client-cookie-jar.js +35 -16
- package/lib/http-client.js +233 -74
- package/lib/http-message-signature.js +3 -2
- package/lib/i18n-messageformat.js +5 -7
- package/lib/i18n.js +83 -26
- package/lib/iab-tcf.js +3 -2
- package/lib/importmap-integrity.js +41 -1
- package/lib/inbox.js +8 -8
- package/lib/incident-report.js +12 -27
- package/lib/ip-utils.js +49 -6
- package/lib/jobs.js +3 -2
- package/lib/json-patch.js +1 -1
- package/lib/json-path.js +24 -3
- package/lib/jtd.js +2 -2
- package/lib/keychain.js +6 -18
- package/lib/legal-hold.js +30 -23
- package/lib/log-stream-cloudwatch.js +44 -112
- package/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/log-stream-otlp.js +16 -80
- package/lib/log-stream-webhook.js +20 -92
- package/lib/log.js +2 -2
- package/lib/mail-agent.js +2 -2
- package/lib/mail-arc-sign.js +8 -3
- package/lib/mail-arf.js +4 -3
- package/lib/mail-auth.js +43 -69
- package/lib/mail-bimi.js +35 -55
- package/lib/mail-bounce.js +3 -3
- package/lib/mail-crypto-pgp.js +3 -2
- package/lib/mail-crypto-smime.js +71 -6
- package/lib/mail-dav.js +8 -35
- package/lib/mail-deploy.js +15 -14
- package/lib/mail-dkim.js +19 -38
- package/lib/mail-greylist.js +17 -30
- package/lib/mail-helo.js +4 -7
- package/lib/mail-journal.js +13 -9
- package/lib/mail-mdn.js +12 -7
- package/lib/mail-rbl.js +7 -12
- package/lib/mail-scan.js +5 -7
- package/lib/mail-send-deliver.js +33 -20
- package/lib/mail-server-imap.js +32 -87
- package/lib/mail-server-jmap.js +39 -52
- package/lib/mail-server-managesieve.js +29 -83
- package/lib/mail-server-mx.js +33 -74
- package/lib/mail-server-net.js +177 -0
- package/lib/mail-server-pop3.js +30 -83
- package/lib/mail-server-rate-limit.js +30 -6
- package/lib/mail-server-registry.js +1 -1
- package/lib/mail-server-submission.js +34 -73
- package/lib/mail-server-tls.js +98 -2
- package/lib/mail-spam-score.js +9 -12
- package/lib/mail-store-fts.js +1 -1
- package/lib/mail-store.js +3 -2
- package/lib/mail.js +28 -13
- package/lib/markup-escape.js +31 -0
- package/lib/markup-tokenizer.js +78 -0
- package/lib/mcp-tool-registry.js +26 -23
- package/lib/mcp.js +7 -5
- package/lib/mdoc.js +36 -14
- package/lib/metrics.js +46 -33
- package/lib/middleware/age-gate.js +3 -23
- package/lib/middleware/api-encrypt.js +13 -24
- package/lib/middleware/assetlinks.js +2 -7
- package/lib/middleware/bearer-auth.js +2 -1
- package/lib/middleware/body-parser.js +41 -52
- package/lib/middleware/bot-disclose.js +7 -10
- package/lib/middleware/bot-guard.js +28 -28
- package/lib/middleware/clear-site-data.js +5 -1
- package/lib/middleware/compression.js +9 -0
- package/lib/middleware/cors.js +32 -23
- package/lib/middleware/csrf-protect.js +73 -23
- package/lib/middleware/daily-byte-quota.js +12 -30
- package/lib/middleware/deny-response.js +19 -1
- package/lib/middleware/fetch-metadata.js +35 -4
- package/lib/middleware/idempotency-key.js +4 -20
- package/lib/middleware/network-allowlist.js +61 -30
- package/lib/middleware/rate-limit.js +45 -44
- package/lib/middleware/scim-server.js +5 -3
- package/lib/middleware/security-headers.js +33 -7
- package/lib/middleware/security-txt.js +2 -6
- package/lib/middleware/speculation-rules.js +6 -3
- package/lib/middleware/tus-upload.js +14 -29
- package/lib/middleware/web-app-manifest.js +2 -7
- package/lib/migrations.js +4 -13
- package/lib/mime-parse.js +34 -17
- package/lib/module-loader.js +44 -0
- package/lib/money.js +105 -0
- package/lib/mtls-ca.js +125 -41
- package/lib/network-byte-quota.js +4 -18
- package/lib/network-dane.js +8 -6
- package/lib/network-dns-resolver.js +98 -7
- package/lib/network-dns.js +9 -2
- package/lib/network-dnssec.js +18 -17
- package/lib/network-heartbeat.js +3 -2
- package/lib/network-smtp-policy.js +52 -46
- package/lib/network-tls.js +67 -47
- package/lib/network-tsig.js +2 -2
- package/lib/nis2-report.js +2 -12
- package/lib/nist-crosswalk.js +1 -1
- package/lib/nonce-store.js +81 -3
- package/lib/ntp-check.js +28 -0
- package/lib/numeric-bounds.js +31 -8
- package/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/object-store/azure-blob.js +6 -47
- package/lib/object-store/gcs-bucket-ops.js +4 -2
- package/lib/object-store/gcs.js +14 -75
- package/lib/object-store/http-put.js +2 -7
- package/lib/object-store/http-request.js +157 -0
- package/lib/object-store/local.js +37 -17
- package/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/object-store/sigv4.js +10 -79
- package/lib/observability-otlp-exporter.js +29 -29
- package/lib/observability.js +95 -0
- package/lib/openapi-paths-builder.js +7 -3
- package/lib/otel-export.js +7 -10
- package/lib/outbox.js +54 -41
- package/lib/pagination.js +11 -15
- package/lib/parsers/safe-env.js +5 -4
- package/lib/parsers/safe-ini.js +10 -4
- package/lib/parsers/safe-toml.js +11 -9
- package/lib/parsers/safe-xml.js +3 -3
- package/lib/parsers/safe-yaml.js +28 -9
- package/lib/pick.js +63 -5
- package/lib/pipl-cn.js +69 -59
- package/lib/privacy-pass.js +8 -6
- package/lib/problem-details.js +2 -5
- package/lib/pubsub.js +4 -8
- package/lib/queue-local.js +10 -3
- package/lib/redact.js +9 -4
- package/lib/render.js +4 -2
- package/lib/request-helpers.js +334 -29
- package/lib/resource-access-lock.js +3 -3
- package/lib/restore-bundle.js +46 -18
- package/lib/restore-rollback.js +10 -4
- package/lib/restore.js +24 -22
- package/lib/retention.js +23 -9
- package/lib/router.js +17 -4
- package/lib/safe-async.js +457 -0
- package/lib/safe-buffer.js +137 -6
- package/lib/safe-decompress.js +2 -1
- package/lib/safe-dns.js +2 -1
- package/lib/safe-ical.js +14 -28
- package/lib/safe-icap.js +1 -1
- package/lib/safe-json.js +51 -8
- package/lib/safe-jsonpath.js +6 -5
- package/lib/safe-mime.js +25 -29
- package/lib/safe-redirect.js +2 -5
- package/lib/safe-schema.js +7 -6
- package/lib/safe-sieve.js +1 -1
- package/lib/safe-sql.js +126 -0
- package/lib/safe-vcard.js +13 -27
- package/lib/sandbox-worker.js +15 -2
- package/lib/sandbox.js +4 -3
- package/lib/scheduler.js +22 -13
- package/lib/sec-cyber.js +82 -37
- package/lib/seeders.js +4 -11
- package/lib/self-update-standalone-verifier.js +16 -0
- package/lib/self-update.js +92 -69
- package/lib/session-device-binding.js +112 -66
- package/lib/session.js +219 -7
- package/lib/sql.js +228 -81
- package/lib/sse.js +6 -10
- package/lib/static.js +201 -111
- package/lib/storage.js +4 -2
- package/lib/structured-fields.js +275 -16
- package/lib/template.js +7 -5
- package/lib/tenant-quota.js +53 -38
- package/lib/tsa.js +16 -17
- package/lib/validate-opts.js +154 -8
- package/lib/vault/index.js +5 -0
- package/lib/vault/passphrase-ops.js +22 -26
- package/lib/vault/passphrase-source.js +8 -3
- package/lib/vault/rotate.js +13 -18
- package/lib/vault/seal-pem-file.js +34 -49
- package/lib/vault-aad.js +3 -2
- package/lib/vc.js +3 -8
- package/lib/vendor/MANIFEST.json +10 -10
- package/lib/vendor/public-suffix-list.dat +23 -10
- package/lib/vendor/public-suffix-list.data.js +5498 -5494
- package/lib/vex.js +35 -13
- package/lib/web-push-vapid.js +23 -20
- package/lib/webhook-dispatcher.js +706 -0
- package/lib/webhook.js +59 -19
- package/lib/websocket-channels.js +9 -7
- package/lib/websocket.js +8 -4
- package/lib/worm.js +3 -4
- package/lib/ws-client.js +65 -56
- package/lib/x509-chain.js +44 -0
- package/package.json +1 -1
- package/sbom.cdx.json +6 -6
package/lib/guard-yaml.js
CHANGED
|
@@ -69,7 +69,6 @@ var codepointClass = require("./codepoint-class");
|
|
|
69
69
|
var lazyRequire = require("./lazy-require");
|
|
70
70
|
var gateContract = require("./gate-contract");
|
|
71
71
|
var C = require("./constants");
|
|
72
|
-
var numericBounds = require("./numeric-bounds");
|
|
73
72
|
var safeYamlLazy = lazyRequire(function () { return require("./parsers/safe-yaml"); });
|
|
74
73
|
var { GuardYamlError } = require("./framework-error");
|
|
75
74
|
|
|
@@ -120,10 +119,7 @@ var PROFILES = Object.freeze({
|
|
|
120
119
|
leadingZeroPolicy: "reject",
|
|
121
120
|
duplicateKeyPolicy: "reject",
|
|
122
121
|
mergeKeyPolicy: "reject",
|
|
123
|
-
|
|
124
|
-
controlPolicy: "reject",
|
|
125
|
-
nullBytePolicy: "reject",
|
|
126
|
-
zeroWidthPolicy: "reject",
|
|
122
|
+
...gateContract.CHAR_THREATS_REJECT_ALL,
|
|
127
123
|
safeCoreTagsAllowed: false,
|
|
128
124
|
maxBytes: C.BYTES.mib(2),
|
|
129
125
|
maxDepth: 8, // recursion depth, not byte size
|
|
@@ -177,37 +173,13 @@ var PROFILES = Object.freeze({
|
|
|
177
173
|
},
|
|
178
174
|
});
|
|
179
175
|
|
|
180
|
-
var DEFAULTS =
|
|
181
|
-
|
|
182
|
-
maxRuntimeMs: C.TIME.seconds(10),
|
|
183
|
-
}));
|
|
184
|
-
|
|
185
|
-
var COMPLIANCE_POSTURES = Object.freeze({
|
|
186
|
-
"hipaa": Object.assign({}, PROFILES["strict"], {
|
|
187
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
188
|
-
}),
|
|
189
|
-
"pci-dss": Object.assign({}, PROFILES["strict"], {
|
|
190
|
-
forensicSnippetBytes: C.BYTES.bytes(256),
|
|
191
|
-
}),
|
|
192
|
-
"gdpr": Object.assign({}, PROFILES["balanced"], {
|
|
193
|
-
forensicSnippetBytes: C.BYTES.bytes(128),
|
|
194
|
-
}),
|
|
195
|
-
"soc2": Object.assign({}, PROFILES["strict"], {
|
|
196
|
-
forensicSnippetBytes: C.BYTES.bytes(512),
|
|
197
|
-
}),
|
|
176
|
+
var DEFAULTS = gateContract.strictDefaults(PROFILES, {
|
|
177
|
+
maxRuntimeMs: C.TIME.seconds(10),
|
|
198
178
|
});
|
|
199
179
|
|
|
200
|
-
|
|
180
|
+
var COMPLIANCE_POSTURES = gateContract.compliancePostures(PROFILES, { base: 256 });
|
|
201
181
|
|
|
202
|
-
|
|
203
|
-
return gateContract.resolveProfileAndPosture(opts, {
|
|
204
|
-
profiles: PROFILES,
|
|
205
|
-
compliancePostures: COMPLIANCE_POSTURES,
|
|
206
|
-
defaults: DEFAULTS,
|
|
207
|
-
errorClass: GuardYamlError,
|
|
208
|
-
errCodePrefix: "yaml",
|
|
209
|
-
});
|
|
210
|
-
}
|
|
182
|
+
// ---- Helpers ----
|
|
211
183
|
|
|
212
184
|
function _isDangerousTag(tag) {
|
|
213
185
|
for (var i = 0; i < DANGEROUS_TAG_PREFIXES.length; i += 1) {
|
|
@@ -237,16 +209,9 @@ function _scanTags(text) {
|
|
|
237
209
|
}
|
|
238
210
|
|
|
239
211
|
function _detectIssues(input, opts) {
|
|
240
|
-
var
|
|
241
|
-
if (
|
|
242
|
-
|
|
243
|
-
snippet: "input is not a string" }];
|
|
244
|
-
}
|
|
245
|
-
if (input.length > opts.maxBytes) {
|
|
246
|
-
return [{ kind: "too-large", severity: "high", ruleId: "yaml.too-large",
|
|
247
|
-
snippet: "input " + input.length +
|
|
248
|
-
" bytes exceeds maxBytes " + opts.maxBytes }];
|
|
249
|
-
}
|
|
212
|
+
var pre = gateContract.detectStringInput(input, opts, { name: "yaml", noun: "input", emptyMode: "skip", scanCodepoints: false, cap: { bytes: opts.maxBytes, kind: "too-large", snippet: function (byteLen, max) { return "input " + byteLen + " bytes exceeds maxBytes " + max; } } });
|
|
213
|
+
if (pre.done) return pre.issues;
|
|
214
|
+
var issues = pre.issues;
|
|
250
215
|
|
|
251
216
|
// 1. Tag-injection scan.
|
|
252
217
|
var tagHits = _scanTags(input);
|
|
@@ -496,21 +461,12 @@ function _detectDuplicateKeysYaml(text) {
|
|
|
496
461
|
* rv.ok; // → false
|
|
497
462
|
* rv.issues.some(function (i) { return i.kind === "dangerous-tag"; }); // → true
|
|
498
463
|
*/
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
if (typeof input !== "string") {
|
|
506
|
-
return {
|
|
507
|
-
ok: false,
|
|
508
|
-
issues: [{ kind: "bad-input", severity: "high",
|
|
509
|
-
snippet: "input is not a string" }],
|
|
510
|
-
};
|
|
511
|
-
}
|
|
512
|
-
return gateContract.aggregateIssues(_detectIssues(input, opts));
|
|
513
|
-
}
|
|
464
|
+
// validate is assembled by gateContract.defineGuard from `detect`
|
|
465
|
+
// (_detectIssues) below — `validate(input, opts) = aggregateIssues(detect(
|
|
466
|
+
// input, resolveOpts(opts)))`, with the positive-finite-int opt caps declared
|
|
467
|
+
// via `intOpts`. A non-string input refuses through `_detectIssues`'s own
|
|
468
|
+
// bad-input branch, so the result shape is unchanged. The @primitive block
|
|
469
|
+
// above documents the resulting public ABI.
|
|
514
470
|
|
|
515
471
|
/**
|
|
516
472
|
* @primitive b.guardYaml.parse
|
|
@@ -548,7 +504,13 @@ function validate(input, opts) {
|
|
|
548
504
|
* safe.age; // → 30
|
|
549
505
|
*/
|
|
550
506
|
function parse(input, opts) {
|
|
551
|
-
opts =
|
|
507
|
+
opts = gateContract.resolveProfileAndPosture(opts, {
|
|
508
|
+
profiles: PROFILES,
|
|
509
|
+
compliancePostures: COMPLIANCE_POSTURES,
|
|
510
|
+
defaults: DEFAULTS,
|
|
511
|
+
errorClass: GuardYamlError,
|
|
512
|
+
errCodePrefix: "yaml",
|
|
513
|
+
});
|
|
552
514
|
if (typeof input !== "string") {
|
|
553
515
|
throw _err("yaml.bad-input", "parse requires string input");
|
|
554
516
|
}
|
|
@@ -605,7 +567,9 @@ module.exports = gateContract.defineGuard({
|
|
|
605
567
|
mimeTypes: ["application/yaml", "application/x-yaml", "text/yaml", "text/x-yaml"],
|
|
606
568
|
extensions: [".yml", ".yaml"],
|
|
607
569
|
integrationFixtures: INTEGRATION_FIXTURES,
|
|
608
|
-
|
|
570
|
+
detect: _detectIssues,
|
|
571
|
+
intOpts: ["maxBytes", "maxDepth", "maxAnchors", "maxAliasDepth",
|
|
572
|
+
"maxDocuments", "maxNodes", "maxScalarLength"],
|
|
609
573
|
extra: {
|
|
610
574
|
parse: parse,
|
|
611
575
|
DANGEROUS_TAG_PREFIXES: DANGEROUS_TAG_PREFIXES,
|
package/lib/html-balance.js
CHANGED
|
@@ -110,7 +110,10 @@ function check(html) {
|
|
|
110
110
|
html.charCodeAt(i + 1) === 0x21 /* ! */ &&
|
|
111
111
|
html.charCodeAt(i + 2) === 0x2D &&
|
|
112
112
|
html.charCodeAt(i + 3) === 0x2D) {
|
|
113
|
-
|
|
113
|
+
// WHATWG comment end ("--!>" + abrupt "<!-->" / "<!--->"), not only
|
|
114
|
+
// "-->", so the structural scan agrees with a browser on where the
|
|
115
|
+
// comment ends (the comment-parser differential).
|
|
116
|
+
var endComment = markupTokenizer.htmlCommentEnd(html, i);
|
|
114
117
|
if (endComment === -1) {
|
|
115
118
|
var pos = _posToLineColumn(html, i);
|
|
116
119
|
return {
|
|
@@ -121,7 +124,7 @@ function check(html) {
|
|
|
121
124
|
column: pos.column,
|
|
122
125
|
};
|
|
123
126
|
}
|
|
124
|
-
i = endComment
|
|
127
|
+
i = endComment;
|
|
125
128
|
continue;
|
|
126
129
|
}
|
|
127
130
|
|
|
@@ -218,7 +221,7 @@ function check(html) {
|
|
|
218
221
|
// Open tag (or self-closing).
|
|
219
222
|
if (selfClose || VOID_TAGS[tag]) {
|
|
220
223
|
// No push.
|
|
221
|
-
} else if (RAW_TEXT_TAGS
|
|
224
|
+
} else if (Object.prototype.hasOwnProperty.call(RAW_TEXT_TAGS, tag)) {
|
|
222
225
|
// Skip raw-text content AND its closing tag entirely. Inside
|
|
223
226
|
// <script>/<style>/<textarea>/<title> the `<` characters are
|
|
224
227
|
// text, not markup — re-entering the tag scanner on
|
|
@@ -294,6 +297,7 @@ function check(html) {
|
|
|
294
297
|
// distinguish a structural problem from a content-safety reject.
|
|
295
298
|
var lazyRequire = require("./lazy-require");
|
|
296
299
|
var _guardHtml = lazyRequire(function () { return require("./guard-html"); });
|
|
300
|
+
var markupTokenizer = require("./markup-tokenizer");
|
|
297
301
|
|
|
298
302
|
/**
|
|
299
303
|
* @primitive b.htmlBalance.checkSafe
|
package/lib/http-client-cache.js
CHANGED
|
@@ -47,6 +47,7 @@ var canonicalJson = require("./canonical-json");
|
|
|
47
47
|
var safeUrl = require("./safe-url");
|
|
48
48
|
var structuredFields = require("./structured-fields");
|
|
49
49
|
var validateOpts = require("./validate-opts");
|
|
50
|
+
var numericBounds = require("./numeric-bounds");
|
|
50
51
|
var { HttpClientError } = require("./framework-error");
|
|
51
52
|
|
|
52
53
|
// ---- Tunables ----------------------------------------------------------
|
|
@@ -393,18 +394,10 @@ function memoryStore(opts) {
|
|
|
393
394
|
if (typeof opts !== "object") {
|
|
394
395
|
throw _hcErr("httpclient/cache-bad-opts", "memoryStore: opts must be an object");
|
|
395
396
|
}
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
"memoryStore: maxBytes must be a positive integer");
|
|
401
|
-
}
|
|
402
|
-
if (opts.maxEntries !== undefined &&
|
|
403
|
-
(typeof opts.maxEntries !== "number" || !isFinite(opts.maxEntries) ||
|
|
404
|
-
opts.maxEntries <= 0 || Math.floor(opts.maxEntries) !== opts.maxEntries)) {
|
|
405
|
-
throw _hcErr("httpclient/cache-bad-opts",
|
|
406
|
-
"memoryStore: maxEntries must be a positive integer");
|
|
407
|
-
}
|
|
397
|
+
numericBounds.requirePositiveFiniteIntIfPresent(opts.maxBytes,
|
|
398
|
+
"memoryStore: maxBytes", HttpClientError, "httpclient/cache-bad-opts", { permanent: true });
|
|
399
|
+
numericBounds.requirePositiveFiniteIntIfPresent(opts.maxEntries,
|
|
400
|
+
"memoryStore: maxEntries", HttpClientError, "httpclient/cache-bad-opts", { permanent: true });
|
|
408
401
|
if (opts.evictionPolicy !== undefined && opts.evictionPolicy !== "lru") {
|
|
409
402
|
throw _hcErr("httpclient/cache-bad-opts",
|
|
410
403
|
"memoryStore: evictionPolicy must be 'lru' (got " + JSON.stringify(opts.evictionPolicy) + ")");
|
|
@@ -60,9 +60,9 @@
|
|
|
60
60
|
* }
|
|
61
61
|
*/
|
|
62
62
|
|
|
63
|
-
var nodeFs = require("node:fs");
|
|
64
63
|
var nodePath = require("node:path");
|
|
65
64
|
var C = require("./constants");
|
|
65
|
+
var atomicFile = require("./atomic-file");
|
|
66
66
|
var numericBounds = require("./numeric-bounds");
|
|
67
67
|
var safeAsync = require("./safe-async");
|
|
68
68
|
var safeJson = require("./safe-json");
|
|
@@ -170,10 +170,8 @@ function create(opts) {
|
|
|
170
170
|
}
|
|
171
171
|
var vault = opts.vault || null;
|
|
172
172
|
if (persist === "vault") {
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
"cookieJar.create: persist: 'vault' requires opts.vault with seal/unseal (pass b.vault)");
|
|
176
|
-
}
|
|
173
|
+
validateOpts.requireMethods(vault, ["seal", "unseal"],
|
|
174
|
+
"cookieJar.create: persist: 'vault' opts.vault (pass b.vault)", CookieJarError, "BAD_OPT");
|
|
177
175
|
}
|
|
178
176
|
var filePath = null;
|
|
179
177
|
if (persist === "file") {
|
|
@@ -441,7 +439,10 @@ function create(opts) {
|
|
|
441
439
|
var rows = getAll();
|
|
442
440
|
var serialized = JSON.stringify(rows);
|
|
443
441
|
var blob = vault ? vault.seal(serialized) : serialized;
|
|
444
|
-
|
|
442
|
+
// Atomic, symlink-refusing write: a bare writeFileSync follows a symlink
|
|
443
|
+
// planted at filePath (CWE-59) and can leave a torn jar if the process
|
|
444
|
+
// dies mid-write. writeSync stages into a no-follow exclusive temp + renames.
|
|
445
|
+
atomicFile.writeSync(filePath, blob, { fileMode: 0o600 });
|
|
445
446
|
}
|
|
446
447
|
var flushScheduler = safeAsync.makeScheduledFlush(flushDebounceMs, function () {
|
|
447
448
|
if (!filePath) return;
|
|
@@ -477,18 +478,36 @@ function create(opts) {
|
|
|
477
478
|
// Persist file may be operator-tampered (or vault-sealed) — route through
|
|
478
479
|
// safeJson with an explicit byte cap so a maliciously-large file can't
|
|
479
480
|
// OOM the process before the parse fails.
|
|
480
|
-
if (filePath
|
|
481
|
+
if (filePath) {
|
|
482
|
+
// Capped fd-bound read (no existsSync check-then-read window): the cap now
|
|
483
|
+
// precedes the file allocation so a maliciously-large persist file can't OOM
|
|
484
|
+
// the process before parse. refuseSymlink+inodeCheck: the jar file is
|
|
485
|
+
// operator-local + may hold a vault-sealed (secret) blob, and is never a
|
|
486
|
+
// k8s-style projected-secret mount. A MISSING file is the normal first run.
|
|
487
|
+
var raw = null;
|
|
481
488
|
try {
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
var rows = safeJson.parse(serialized, { maxBytes: C.BYTES.mib(16) });
|
|
486
|
-
setFromSerialized(rows);
|
|
487
|
-
}
|
|
489
|
+
raw = atomicFile.fdSafeReadSync(filePath, {
|
|
490
|
+
maxBytes: C.BYTES.mib(16), encoding: "utf8", refuseSymlink: true, inodeCheck: true,
|
|
491
|
+
});
|
|
488
492
|
} catch (e) {
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
493
|
+
if (e && e.code === "ENOENT") { raw = null; } // first run — no persist file yet
|
|
494
|
+
else {
|
|
495
|
+
throw _err("LOAD_FAILED",
|
|
496
|
+
"cookieJar.create: failed to load persist file '" + filePath + "': " +
|
|
497
|
+
(e.message || String(e)));
|
|
498
|
+
}
|
|
499
|
+
}
|
|
500
|
+
if (raw !== null) {
|
|
501
|
+
try {
|
|
502
|
+
var serialized = vault ? vault.unseal(raw) : raw;
|
|
503
|
+
if (serialized && serialized.length > 0) {
|
|
504
|
+
setFromSerialized(safeJson.parse(serialized, { maxBytes: C.BYTES.mib(16) }));
|
|
505
|
+
}
|
|
506
|
+
} catch (e) {
|
|
507
|
+
throw _err("LOAD_FAILED",
|
|
508
|
+
"cookieJar.create: failed to load persist file '" + filePath + "': " +
|
|
509
|
+
(e.message || String(e)));
|
|
510
|
+
}
|
|
492
511
|
}
|
|
493
512
|
}
|
|
494
513
|
|