@cdklabs/cdk-ecs-codedeploy 0.0.428 → 0.0.430

package/node_modules/@aws-sdk/xml-builder/node_modules/fast-xml-parser/src/fxp.d.ts

@@ -1,3 +1,59 @@
+export type ProcessEntitiesOptions = {
+  /**
+   * Whether to enable entity processing
+   * 
+   * Defaults to `true`
+   */
+  enabled?: boolean;
+
+  /**
+   * Maximum size in characters for a single entity definition
+   * 
+   * Defaults to `10000`
+   */
+  maxEntitySize?: number;
+
+  /**
+   * Maximum depth for nested entity references (reserved for future use)
+   * 
+   * Defaults to `10`
+   */
+  maxExpansionDepth?: number;
+
+  /**
+   * Maximum total number of entity expansions allowed
+   * 
+   * Defaults to `1000`
+   */
+  maxTotalExpansions?: number;
+
+  /**
+   * Maximum total expanded content length in characters
+   * 
+   * Defaults to `100000`
+   */
+  maxExpandedLength?: number;
+
+  /**
+   * Array of tag names where entity replacement is allowed.
+   * If null, entities are replaced in all tags.
+   * 
+   * Defaults to `null`
+   */
+  allowedTags?: string[] | null;
+
+  /**
+   * Custom filter function to determine if entities should be replaced in a tag
+   * 
+   * @param tagName - The name of the current tag
+   * @param jPath - The jPath of the current tag
+   * @returns `true` to allow entity replacement, `false` to skip
+   * 
+   * Defaults to `null`
+   */
+  tagFilter?: ((tagName: string, jPath: string) => boolean) | null;
+};
+
 export type X2jOptions = {
   /**
    * Preserve the order of tags in resulting JS object
@@ -10,7 +66,7 @@ export type X2jOptions = {
    * Give a prefix to the attribute name in the resulting JS object
    * 
    * Defaults to '@_'
-   */  
+   */
   attributeNamePrefix?: string;
 
   /**
@@ -161,9 +217,15 @@ export type X2jOptions = {
   /**
    * Whether to process default and DOCTYPE entities
    * 
+   * When `true` - enables entity processing with default limits
+   * 
+   * When `false` - disables all entity processing
+   * 
+   * When `ProcessEntitiesOptions` - enables entity processing with custom configuration
+   * 
    * Defaults to `true`
    */
-  processEntities?: boolean;
+  processEntities?: boolean | ProcessEntitiesOptions;
 
   /**
    * Whether to process HTML entities
@@ -209,7 +271,7 @@ export type X2jOptions = {
    * 
    * Defaults to `(tagName, jPath, attrs) => tagName`
    */
-  updateTag?: (tagName: string, jPath: string, attrs: {[k: string]: string}) =>  string | boolean;
+  updateTag?: (tagName: string, jPath: string, attrs: { [k: string]: string }) => string | boolean;
 
   /**
    * If true, adds a Symbol to all object nodes, accessible by {@link XMLParser.getMetaDataSymbol} with
@@ -232,7 +294,7 @@ export type validationOptions = {
    * Defaults to `false`
    */
   allowBooleanAttributes?: boolean;
-  
+
   /**
    * List of tags without closing tags
    * 
@@ -246,7 +308,7 @@ export type XmlBuilderOptions = {
    * Give a prefix to the attribute name in the resulting JS object
    * 
    * Defaults to '@_'
-   */  
+   */
   attributeNamePrefix?: string;
 
   /**
@@ -393,14 +455,14 @@ export type XmlBuilderOptions = {
   oneListGroup?: boolean;
 };
 
-type ESchema = string | object | Array<string|object>;
+type ESchema = string | object | Array<string | object>;
 
 export type ValidationError = {
-  err: { 
+  err: {
     code: string;
     msg: string,
     line: number,
-    col: number 
+    col: number
   };
 };
 
@@ -424,11 +486,11 @@ export class XMLParser {
    * The XMLMetaData property is only present when {@link X2jOptions.captureMetaData}
    * is true in the options.
    */
-  static getMetaDataSymbol() : Symbol;
+  static getMetaDataSymbol(): Symbol;
 }
 
-export class XMLValidator{
-  static validate(  xmlData: string,  options?: validationOptions): true | ValidationError;
+export class XMLValidator {
+  static validate(xmlData: string, options?: validationOptions): true | ValidationError;
 }
 export class XMLBuilder {
   constructor(options?: XmlBuilderOptions);
@@ -442,4 +504,4 @@ export class XMLBuilder {
 export interface XMLMetaData {
   /** The index, if available, of the character where the XML node began in the input stream. */
   startIndex?: number;
-}
+}

package/node_modules/@aws-sdk/xml-builder/node_modules/fast-xml-parser/src/v6/EntitiesParser.js

@@ -37,12 +37,13 @@ export default class EntitiesParser{
     }
     addExternalEntity(key,val){
       validateEntityName(key);
+      const escaped = key.replace(/[.\-+*:]/g, '\\.');
       if(val.indexOf("&") !== -1) {
         reportWarning(`Entity ${key} is not added as '&' is found in value;`)
         return;
       }else{
-        this.lastEntities[ent] = {
-          regex: new RegExp("&"+key+";","g"),
+        this.lastEntities[key] = {
+          regex: new RegExp("&"+escaped+";","g"),
           val : val
         }
       }
@@ -52,8 +53,9 @@ export default class EntitiesParser{
         const entKeys = Object.keys(entities);
         for (let i = 0; i < entKeys.length; i++) {
           const ent = entKeys[i];
+          const escaped = ent.replace(/[.\-+*:]/g, '\\.');
           this.docTypeEntities[ent] = {
-             regex: new RegExp("&"+ent+";","g"),
+             regex: new RegExp("&"+escaped+";","g"),
              val : entities[ent]
           }
         }
@@ -89,11 +91,11 @@ export default class EntitiesParser{
         }
         return val;
     }
-};
+}
 
 //an entity name should not contains special characters that may be used in regex
 //Eg !?\\\/[]$%{}^&*()<>
-const specialChar = "!?\\\/[]$%{}^&*()<>|+";
+const specialChar = "!?\\/[]$%{}^&*()<>|+";
 
 function validateEntityName(name){
     for (let i = 0; i < specialChar.length; i++) {

package/node_modules/@aws-sdk/xml-builder/node_modules/fast-xml-parser/src/xmlparser/DocTypeReader.js

@@ -1,80 +1,82 @@
-import {isName} from '../util.js';
+import { isName } from '../util.js';
 
-export default class DocTypeReader{
-    constructor(processEntities){
-        this.suppressValidationErr = !processEntities;
+export default class DocTypeReader {
+    constructor(options) {
+        this.suppressValidationErr = !options;
+        this.options = options;
     }
-    
-    readDocType(xmlData, i){
-    
+
+    readDocType(xmlData, i) {
+
         const entities = {};
-        if( xmlData[i + 3] === 'O' &&
+        if (xmlData[i + 3] === 'O' &&
             xmlData[i + 4] === 'C' &&
             xmlData[i + 5] === 'T' &&
             xmlData[i + 6] === 'Y' &&
             xmlData[i + 7] === 'P' &&
-            xmlData[i + 8] === 'E')
-        {    
-            i = i+9;
+            xmlData[i + 8] === 'E') {
+            i = i + 9;
             let angleBracketsCount = 1;
             let hasBody = false, comment = false;
             let exp = "";
-            for(;i<xmlData.length;i++){
+            for (; i < xmlData.length; i++) {
                 if (xmlData[i] === '<' && !comment) { //Determine the tag type
-                    if( hasBody && hasSeq(xmlData, "!ENTITY",i)){
-                        i += 7; 
+                    if (hasBody && hasSeq(xmlData, "!ENTITY", i)) {
+                        i += 7;
                         let entityName, val;
-                        [entityName, val,i] = this.readEntityExp(xmlData,i+1,this.suppressValidationErr);
-                        if(val.indexOf("&") === -1) //Parameter entities are not supported
-                            entities[ entityName ] = {
-                                regx : RegExp( `&${entityName};`,"g"),
+                        [entityName, val, i] = this.readEntityExp(xmlData, i + 1, this.suppressValidationErr);
+                        if (val.indexOf("&") === -1) { //Parameter entities are not supported
+                            const escaped = entityName.replace(/[.\-+*:]/g, '\\.');
+                            entities[entityName] = {
+                                regx: RegExp(`&${escaped};`, "g"),
                                 val: val
                             };
+                        }
                     }
-                    else if( hasBody && hasSeq(xmlData, "!ELEMENT",i))  {
+                    else if (hasBody && hasSeq(xmlData, "!ELEMENT", i)) {
                         i += 8;//Not supported
-                        const {index} = this.readElementExp(xmlData,i+1);
+                        const { index } = this.readElementExp(xmlData, i + 1);
                         i = index;
-                    }else if( hasBody && hasSeq(xmlData, "!ATTLIST",i)){
+                    } else if (hasBody && hasSeq(xmlData, "!ATTLIST", i)) {
                         i += 8;//Not supported
                         // const {index} = this.readAttlistExp(xmlData,i+1);
                         // i = index;
-                    }else if( hasBody && hasSeq(xmlData, "!NOTATION",i)) {
+                    } else if (hasBody && hasSeq(xmlData, "!NOTATION", i)) {
                         i += 9;//Not supported
-                        const {index} = this.readNotationExp(xmlData,i+1,this.suppressValidationErr);
+                        const { index } = this.readNotationExp(xmlData, i + 1, this.suppressValidationErr);
                         i = index;
-                    }else if( hasSeq(xmlData, "!--",i) ) comment = true;
+                    } else if (hasSeq(xmlData, "!--", i)) comment = true;
                     else throw new Error(`Invalid DOCTYPE`);
 
                     angleBracketsCount++;
                     exp = "";
                 } else if (xmlData[i] === '>') { //Read tag content
-                    if(comment){
-                        if( xmlData[i - 1] === "-" && xmlData[i - 2] === "-"){
+                    if (comment) {
+                        if (xmlData[i - 1] === "-" && xmlData[i - 2] === "-") {
                             comment = false;
                             angleBracketsCount--;
                         }
-                    }else{
+                    } else {
                         angleBracketsCount--;
                     }
                     if (angleBracketsCount === 0) {
-                    break;
+                        break;
                     }
-                }else if( xmlData[i] === '['){
+                } else if (xmlData[i] === '[') {
                     hasBody = true;
-                }else{
+                } else {
                     exp += xmlData[i];
                 }
             }
-            if(angleBracketsCount !== 0){
+            if (angleBracketsCount !== 0) {
                 throw new Error(`Unclosed DOCTYPE`);
             }
-        }else{
+        } else {
             throw new Error(`Invalid Tag instead of DOCTYPE`);
         }
-        return {entities, i};
+        return { entities, i };
     }
-    readEntityExp(xmlData, i) {    
+    readEntityExp(xmlData, i) {
         //External entities are not supported
         //    <!ENTITY ext SYSTEM "http://normal-website.com" >
 
@@ -99,10 +101,10 @@ export default class DocTypeReader{
         i = skipWhitespace(xmlData, i);
 
         // Check for unsupported constructs (external entities or parameter entities)
-        if(!this.suppressValidationErr){
+        if (!this.suppressValidationErr) {
             if (xmlData.substring(i, i + 6).toUpperCase() === "SYSTEM") {
                 throw new Error("External entities are not supported");
-            }else if (xmlData[i] === "%") {
+            } else if (xmlData[i] === "%") {
                 throw new Error("Parameter entities are not supported");
             }
         }
@@ -110,8 +112,18 @@ export default class DocTypeReader{
         // Read entity value (internal entity)
         let entityValue = "";
         [i, entityValue] = this.readIdentifierVal(xmlData, i, "entity");
+
+        // Validate entity size
+        if (this.options.enabled !== false &&
+            this.options.maxEntitySize &&
+            entityValue.length > this.options.maxEntitySize) {
+            throw new Error(
+                `Entity "${entityName}" size (${entityValue.length}) exceeds maximum allowed size (${this.options.maxEntitySize})`
+            );
+        }
+
         i--;
-        return [entityName, entityValue, i ];
+        return [entityName, entityValue, i];
     }
 
     readNotationExp(xmlData, i) {
@@ -144,25 +156,25 @@ export default class DocTypeReader{
         let systemIdentifier = null;
 
         if (identifierType === "PUBLIC") {
-            [i, publicIdentifier ] = this.readIdentifierVal(xmlData, i, "publicIdentifier");
+            [i, publicIdentifier] = this.readIdentifierVal(xmlData, i, "publicIdentifier");
 
             // Skip whitespace after public identifier
             i = skipWhitespace(xmlData, i);
 
             // Optionally read system identifier
             if (xmlData[i] === '"' || xmlData[i] === "'") {
-                [i, systemIdentifier ] = this.readIdentifierVal(xmlData, i,"systemIdentifier");
+                [i, systemIdentifier] = this.readIdentifierVal(xmlData, i, "systemIdentifier");
             }
         } else if (identifierType === "SYSTEM") {
             // Read system identifier (mandatory for SYSTEM)
-            [i, systemIdentifier ] = this.readIdentifierVal(xmlData, i, "systemIdentifier");
+            [i, systemIdentifier] = this.readIdentifierVal(xmlData, i, "systemIdentifier");
 
             if (!this.suppressValidationErr && !systemIdentifier) {
                 throw new Error("Missing mandatory system identifier for SYSTEM notation");
             }
         }
-        
-        return {notationName, publicIdentifier, systemIdentifier, index: --i};
+
+        return { notationName, publicIdentifier, systemIdentifier, index: --i };
     }
 
     readIdentifierVal(xmlData, i, type) {
@@ -191,7 +203,7 @@ export default class DocTypeReader{
         // <!ELEMENT title (#PCDATA)>
         // <!ELEMENT book (title, author+)>
         // <!ELEMENT name (content-model)>
-        
+
         // Skip leading whitespace after <!ELEMENT
         i = skipWhitespace(xmlData, i);
 
@@ -211,8 +223,8 @@ export default class DocTypeReader{
         i = skipWhitespace(xmlData, i);
         let contentModel = "";
         // Expect '(' to start content model
-        if(xmlData[i] === "E" && hasSeq(xmlData, "MPTY",i)) i+=4;
-        else if(xmlData[i] === "A" && hasSeq(xmlData, "NY",i)) i+=2;
+        if (xmlData[i] === "E" && hasSeq(xmlData, "MPTY", i)) i += 4;
+        else if (xmlData[i] === "A" && hasSeq(xmlData, "NY", i)) i += 2;
         else if (xmlData[i] === "(") {
             i++; // Move past '('
 
@@ -225,10 +237,10 @@ export default class DocTypeReader{
                 throw new Error("Unterminated content model");
             }
 
-        }else if(!this.suppressValidationErr){
+        } else if (!this.suppressValidationErr) {
             throw new Error(`Invalid Element Expression, found "${xmlData[i]}"`);
         }
-        
+
         return {
             elementName,
             contentModel: contentModel.trim(),
@@ -364,16 +376,16 @@ const skipWhitespace = (data, index) => {
 
 
 
-function hasSeq(data, seq,i){
-    for(let j=0;j<seq.length;j++){
-        if(seq[j]!==data[i+j+1]) return false;
+function hasSeq(data, seq, i) {
+    for (let j = 0; j < seq.length; j++) {
+        if (seq[j] !== data[i + j + 1]) return false;
     }
     return true;
 }
 
-function validateEntityName(name){
+function validateEntityName(name) {
     if (isName(name))
-	    return name;
+        return name;
     else
         throw new Error(`Invalid entity name ${name}`);
-}
+}

package/node_modules/@aws-sdk/xml-builder/node_modules/fast-xml-parser/src/xmlparser/OptionsBuilder.js

@@ -1,46 +1,86 @@
-
 export const defaultOptions = {
-    preserveOrder: false,
-    attributeNamePrefix: '@_',
-    attributesGroupName: false,
-    textNodeName: '#text',
-    ignoreAttributes: true,
-    removeNSPrefix: false, // remove NS from tag name or attribute name if true
-    allowBooleanAttributes: false, //a tag can have attributes without any value
-    //ignoreRootElement : false,
-    parseTagValue: true,
-    parseAttributeValue: false,
-    trimValues: true, //Trim string values of tag and attributes
-    cdataPropName: false,
-    numberParseOptions: {
-      hex: true,
-      leadingZeros: true,
-      eNotation: true
-    },
-    tagValueProcessor: function(tagName, val) {
-      return val;
-    },
-    attributeValueProcessor: function(attrName, val) {
-      return val;
-    },
-    stopNodes: [], //nested tags will not be parsed even for errors
-    alwaysCreateTextNode: false,
-    isArray: () => false,
-    commentPropName: false,
-    unpairedTags: [],
-    processEntities: true,
-    htmlEntities: false,
-    ignoreDeclaration: false,
-    ignorePiTags: false,
-    transformTagName: false,
-    transformAttributeName: false,
-    updateTag: function(tagName, jPath, attrs){
-      return tagName
-    },
-    // skipEmptyListItem: false
-    captureMetaData: false,
-};
-   
-export const buildOptions = function(options) {
-    return Object.assign({}, defaultOptions, options);
+  preserveOrder: false,
+  attributeNamePrefix: '@_',
+  attributesGroupName: false,
+  textNodeName: '#text',
+  ignoreAttributes: true,
+  removeNSPrefix: false, // remove NS from tag name or attribute name if true
+  allowBooleanAttributes: false, //a tag can have attributes without any value
+  //ignoreRootElement : false,
+  parseTagValue: true,
+  parseAttributeValue: false,
+  trimValues: true, //Trim string values of tag and attributes
+  cdataPropName: false,
+  numberParseOptions: {
+    hex: true,
+    leadingZeros: true,
+    eNotation: true
+  },
+  tagValueProcessor: function (tagName, val) {
+    return val;
+  },
+  attributeValueProcessor: function (attrName, val) {
+    return val;
+  },
+  stopNodes: [], //nested tags will not be parsed even for errors
+  alwaysCreateTextNode: false,
+  isArray: () => false,
+  commentPropName: false,
+  unpairedTags: [],
+  processEntities: true,
+  htmlEntities: false,
+  ignoreDeclaration: false,
+  ignorePiTags: false,
+  transformTagName: false,
+  transformAttributeName: false,
+  updateTag: function (tagName, jPath, attrs) {
+    return tagName
+  },
+  // skipEmptyListItem: false
+  captureMetaData: false,
 };
+
+/**
+ * Normalizes processEntities option for backward compatibility
+ * @param {boolean|object} value 
+ * @returns {object} Always returns normalized object
+ */
+function normalizeProcessEntities(value) {
+  // Boolean backward compatibility
+  if (typeof value === 'boolean') {
+    return {
+      enabled: value, // true or false
+      maxEntitySize: 10000,
+      maxExpansionDepth: 10,
+      maxTotalExpansions: 1000,
+      maxExpandedLength: 100000,
+      allowedTags: null,
+      tagFilter: null
+    };
+  }
+
+  // Object config - merge with defaults
+  if (typeof value === 'object' && value !== null) {
+    return {
+      enabled: value.enabled !== false, // default true if not specified
+      maxEntitySize: value.maxEntitySize ?? 10000,
+      maxExpansionDepth: value.maxExpansionDepth ?? 10,
+      maxTotalExpansions: value.maxTotalExpansions ?? 1000,
+      maxExpandedLength: value.maxExpandedLength ?? 100000,
+      allowedTags: value.allowedTags ?? null,
+      tagFilter: value.tagFilter ?? null
+    };
+  }
+
+  // Default to enabled with limits
+  return normalizeProcessEntities(true);
+}
+
+export const buildOptions = function (options) {
+  const built = Object.assign({}, defaultOptions, options);
+
+  // Always normalize processEntities for backward compatibility and validation
+  built.processEntities = normalizeProcessEntities(built.processEntities);
+  //console.debug(built.processEntities)
+  return built;
+};