@chain305/x-security 0.1.2 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/bin/xsecurity.mjs +1210 -633
- package/package.json +1 -1
package/bin/xsecurity.mjs
CHANGED
|
@@ -13,10 +13,10 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
|
|
|
13
13
|
if (typeof require !== "undefined") return require.apply(this, arguments);
|
|
14
14
|
throw Error('Dynamic require of "' + x + '" is not supported');
|
|
15
15
|
});
|
|
16
|
-
var __glob = (map3) => (
|
|
17
|
-
var fn = map3[
|
|
16
|
+
var __glob = (map3) => (path30) => {
|
|
17
|
+
var fn = map3[path30];
|
|
18
18
|
if (fn) return fn();
|
|
19
|
-
throw new Error("Module not found in bundle: " +
|
|
19
|
+
throw new Error("Module not found in bundle: " + path30);
|
|
20
20
|
};
|
|
21
21
|
var __esm = (fn, res) => function __init() {
|
|
22
22
|
return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
|
|
@@ -1098,8 +1098,8 @@ function buildRuleBasedAuthzPlugins(authz, ctx = {}) {
|
|
|
1098
1098
|
function luaHostSet(domains) {
|
|
1099
1099
|
return "{" + domains.map((d5) => `[${luaStr(d5.toLowerCase())}]=true`).join(", ") + "}";
|
|
1100
1100
|
}
|
|
1101
|
-
function buildSsrfPreFunctionPlugins(
|
|
1102
|
-
const schema =
|
|
1101
|
+
function buildSsrfPreFunctionPlugins(request9, ctx = {}) {
|
|
1102
|
+
const schema = request9?.schema;
|
|
1103
1103
|
if (!schema) return [];
|
|
1104
1104
|
const items = [];
|
|
1105
1105
|
for (const [field, ps] of Object.entries(schema)) {
|
|
@@ -1160,11 +1160,11 @@ function buildSsrfPreFunctionPlugins(request7, ctx = {}) {
|
|
|
1160
1160
|
tags: [SS_SSRF_TAG]
|
|
1161
1161
|
}];
|
|
1162
1162
|
}
|
|
1163
|
-
function buildMassAssignPreFunctionPlugins(
|
|
1164
|
-
if (!
|
|
1165
|
-
const explicitAllow = Array.isArray(
|
|
1166
|
-
const schemaKeys =
|
|
1167
|
-
const denyUnknown =
|
|
1163
|
+
function buildMassAssignPreFunctionPlugins(request9, ctx = {}) {
|
|
1164
|
+
if (!request9) return [];
|
|
1165
|
+
const explicitAllow = Array.isArray(request9.allowedFields) ? request9.allowedFields : void 0;
|
|
1166
|
+
const schemaKeys = request9.schema ? Object.keys(request9.schema) : [];
|
|
1167
|
+
const denyUnknown = request9.denyUnknownFields === true;
|
|
1168
1168
|
let allow;
|
|
1169
1169
|
if (explicitAllow && explicitAllow.length > 0) {
|
|
1170
1170
|
allow = explicitAllow;
|
|
@@ -1208,12 +1208,12 @@ function buildMassAssignPreFunctionPlugins(request7, ctx = {}) {
|
|
|
1208
1208
|
tags: [SS_MASS_ASSIGN_TAG]
|
|
1209
1209
|
}];
|
|
1210
1210
|
}
|
|
1211
|
-
function buildSqliPreFunctionPlugins(
|
|
1212
|
-
if (!
|
|
1213
|
-
const ct =
|
|
1211
|
+
function buildSqliPreFunctionPlugins(request9, ctx = {}) {
|
|
1212
|
+
if (!request9) return [];
|
|
1213
|
+
const ct = request9.contentType ?? [];
|
|
1214
1214
|
const acceptsJson = ct.some((t) => t.toLowerCase().includes("json"));
|
|
1215
1215
|
if (!acceptsJson) return [];
|
|
1216
|
-
if (!
|
|
1216
|
+
if (!request9.schema || Object.keys(request9.schema).length === 0) return [];
|
|
1217
1217
|
const checks = [];
|
|
1218
1218
|
for (let i5 = 0; i5 < SQLI_LUA_PATTERNS.length; i5++) {
|
|
1219
1219
|
checks.push(` if vl:match(${luaStr(SQLI_LUA_PATTERNS[i5])}) then return k, ${i5 + 1} end`);
|
|
@@ -2844,9 +2844,9 @@ var init_v07_rules = __esm({
|
|
|
2844
2844
|
});
|
|
2845
2845
|
|
|
2846
2846
|
// src/generators/coraza/rules.ts
|
|
2847
|
-
function endpointHash3(method,
|
|
2847
|
+
function endpointHash3(method, path30) {
|
|
2848
2848
|
let h5 = 2166136261 >>> 0;
|
|
2849
|
-
const s = `${method} ${
|
|
2849
|
+
const s = `${method} ${path30}`;
|
|
2850
2850
|
for (let i5 = 0; i5 < s.length; i5++) {
|
|
2851
2851
|
h5 ^= s.charCodeAt(i5);
|
|
2852
2852
|
h5 = Math.imul(h5, 16777619) >>> 0;
|
|
@@ -2880,8 +2880,8 @@ function parseDurationSec(v) {
|
|
|
2880
2880
|
const unit = (m3[2] ?? "s").toLowerCase();
|
|
2881
2881
|
return unit === "d" ? n2 * 86400 : unit === "h" ? n2 * 3600 : unit === "m" ? n2 * 60 : n2;
|
|
2882
2882
|
}
|
|
2883
|
-
function pathRegex(
|
|
2884
|
-
const escaped =
|
|
2883
|
+
function pathRegex(path30) {
|
|
2884
|
+
const escaped = path30.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
|
|
2885
2885
|
const withParams = escaped.replace(/\\\{[^/]+?\\\}/g, "[^/]+");
|
|
2886
2886
|
return `^${withParams}$`;
|
|
2887
2887
|
}
|
|
@@ -3795,16 +3795,16 @@ function durationToHaproxy(window2) {
|
|
|
3795
3795
|
if (!Number.isFinite(secs) || secs <= 0) return "1m";
|
|
3796
3796
|
return window2.trim();
|
|
3797
3797
|
}
|
|
3798
|
-
function slugify(method,
|
|
3799
|
-
const raw = `${method}_${
|
|
3798
|
+
function slugify(method, path30) {
|
|
3799
|
+
const raw = `${method}_${path30}`.toLowerCase();
|
|
3800
3800
|
return raw.replace(/[{}]/g, "").replace(/[^a-z0-9]+/g, "_").replace(/^_+|_+$/g, "").slice(0, 60);
|
|
3801
3801
|
}
|
|
3802
|
-
function aclPathPredicate(aclName,
|
|
3803
|
-
const firstBrace =
|
|
3802
|
+
function aclPathPredicate(aclName, path30) {
|
|
3803
|
+
const firstBrace = path30.indexOf("{");
|
|
3804
3804
|
if (firstBrace === -1) {
|
|
3805
|
-
return `acl ${aclName} path ${
|
|
3805
|
+
return `acl ${aclName} path ${path30}`;
|
|
3806
3806
|
}
|
|
3807
|
-
const prefix =
|
|
3807
|
+
const prefix = path30.slice(0, firstBrace);
|
|
3808
3808
|
return `acl ${aclName} path_beg ${prefix}`;
|
|
3809
3809
|
}
|
|
3810
3810
|
function flattenIdentifier(id) {
|
|
@@ -4063,8 +4063,8 @@ var init_haproxy_stick_tables = __esm({
|
|
|
4063
4063
|
});
|
|
4064
4064
|
|
|
4065
4065
|
// src/generators/coraza/templates/modsec-nginx-server.ts
|
|
4066
|
-
function pathToNginxLocation(
|
|
4067
|
-
const re =
|
|
4066
|
+
function pathToNginxLocation(path30) {
|
|
4067
|
+
const re = path30.replace(/[.+?^${}()|[\]\\]/g, "\\$&").replace(/\\\{([^/]+?)\\\}/g, "(?<$1>[^/]+)");
|
|
4068
4068
|
return `^${re}$`;
|
|
4069
4069
|
}
|
|
4070
4070
|
function buildEndpointBlock(ep) {
|
|
@@ -4388,10 +4388,10 @@ function createCorazaGenerator(opts = {}) {
|
|
|
4388
4388
|
if (profile.name !== "coraza-go") meta["engine"] = profile.name;
|
|
4389
4389
|
meta["source"] = { title: spec.info.title, version: spec.info.version };
|
|
4390
4390
|
meta["directives"] = directives;
|
|
4391
|
-
const
|
|
4391
|
+
const yaml18 = dump(meta, { lineWidth: -1, noRefs: true });
|
|
4392
4392
|
artifacts.push({
|
|
4393
4393
|
path: "coraza.yml",
|
|
4394
|
-
content:
|
|
4394
|
+
content: yaml18,
|
|
4395
4395
|
format: "yaml"
|
|
4396
4396
|
});
|
|
4397
4397
|
}
|
|
@@ -4893,9 +4893,9 @@ function pathRegex2(p2) {
|
|
|
4893
4893
|
}).join("/");
|
|
4894
4894
|
return `^/${rebuilt}$`;
|
|
4895
4895
|
}
|
|
4896
|
-
function slotIdFor(method,
|
|
4896
|
+
function slotIdFor(method, path30) {
|
|
4897
4897
|
let h5 = 0;
|
|
4898
|
-
const s = `${method} ${
|
|
4898
|
+
const s = `${method} ${path30}`;
|
|
4899
4899
|
for (let i5 = 0; i5 < s.length; i5++) h5 = (h5 << 5) - h5 + s.charCodeAt(i5) | 0;
|
|
4900
4900
|
return Math.abs(h5) % 100;
|
|
4901
4901
|
}
|
|
@@ -4938,9 +4938,9 @@ function pathRegex3(p2) {
|
|
|
4938
4938
|
}).join("/");
|
|
4939
4939
|
return `^/${rebuilt}$`;
|
|
4940
4940
|
}
|
|
4941
|
-
function slotIdFor2(method,
|
|
4941
|
+
function slotIdFor2(method, path30) {
|
|
4942
4942
|
let h5 = 0;
|
|
4943
|
-
const s = `${method} ${
|
|
4943
|
+
const s = `${method} ${path30}`;
|
|
4944
4944
|
for (let i5 = 0; i5 < s.length; i5++) h5 = (h5 << 5) - h5 + s.charCodeAt(i5) | 0;
|
|
4945
4945
|
return Math.abs(h5) % 50 * 2;
|
|
4946
4946
|
}
|
|
@@ -5007,9 +5007,9 @@ function pathRegex4(p2) {
|
|
|
5007
5007
|
}).join("/");
|
|
5008
5008
|
return `^/${rebuilt}$`;
|
|
5009
5009
|
}
|
|
5010
|
-
function stableHash(method,
|
|
5010
|
+
function stableHash(method, path30) {
|
|
5011
5011
|
let h5 = 0;
|
|
5012
|
-
const s = `${method} ${
|
|
5012
|
+
const s = `${method} ${path30}`;
|
|
5013
5013
|
for (let i5 = 0; i5 < s.length; i5++) h5 = (h5 << 5) - h5 + s.charCodeAt(i5) | 0;
|
|
5014
5014
|
return Math.abs(h5);
|
|
5015
5015
|
}
|
|
@@ -7051,19 +7051,19 @@ var init_firewall = __esm({
|
|
|
7051
7051
|
function yamlString(s) {
|
|
7052
7052
|
return '"' + s.replace(/\\/g, "\\\\").replace(/"/g, '\\"') + '"';
|
|
7053
7053
|
}
|
|
7054
|
-
function pathToSafeRegex(
|
|
7054
|
+
function pathToSafeRegex(path30) {
|
|
7055
7055
|
const parts = [];
|
|
7056
7056
|
let i5 = 0;
|
|
7057
|
-
while (i5 <
|
|
7058
|
-
const open =
|
|
7057
|
+
while (i5 < path30.length) {
|
|
7058
|
+
const open = path30.indexOf("{", i5);
|
|
7059
7059
|
if (open === -1) {
|
|
7060
|
-
parts.push(escapeRegex(
|
|
7060
|
+
parts.push(escapeRegex(path30.slice(i5)));
|
|
7061
7061
|
break;
|
|
7062
7062
|
}
|
|
7063
|
-
if (open > i5) parts.push(escapeRegex(
|
|
7064
|
-
const close =
|
|
7063
|
+
if (open > i5) parts.push(escapeRegex(path30.slice(i5, open)));
|
|
7064
|
+
const close = path30.indexOf("}", open + 1);
|
|
7065
7065
|
if (close === -1) {
|
|
7066
|
-
parts.push(escapeRegex(
|
|
7066
|
+
parts.push(escapeRegex(path30.slice(open)));
|
|
7067
7067
|
break;
|
|
7068
7068
|
}
|
|
7069
7069
|
parts.push("[^/]+");
|
|
@@ -7148,19 +7148,19 @@ var init_clusters = __esm({
|
|
|
7148
7148
|
function regoString(s) {
|
|
7149
7149
|
return '"' + s.replace(/\\/g, "\\\\").replace(/"/g, '\\"') + '"';
|
|
7150
7150
|
}
|
|
7151
|
-
function pathToRegoRegex(
|
|
7151
|
+
function pathToRegoRegex(path30) {
|
|
7152
7152
|
const parts = [];
|
|
7153
7153
|
let i5 = 0;
|
|
7154
|
-
while (i5 <
|
|
7155
|
-
const open =
|
|
7154
|
+
while (i5 < path30.length) {
|
|
7155
|
+
const open = path30.indexOf("{", i5);
|
|
7156
7156
|
if (open === -1) {
|
|
7157
|
-
parts.push(escapeRegex2(
|
|
7157
|
+
parts.push(escapeRegex2(path30.slice(i5)));
|
|
7158
7158
|
break;
|
|
7159
7159
|
}
|
|
7160
|
-
if (open > i5) parts.push(escapeRegex2(
|
|
7161
|
-
const close =
|
|
7160
|
+
if (open > i5) parts.push(escapeRegex2(path30.slice(i5, open)));
|
|
7161
|
+
const close = path30.indexOf("}", open + 1);
|
|
7162
7162
|
if (close === -1) {
|
|
7163
|
-
parts.push(escapeRegex2(
|
|
7163
|
+
parts.push(escapeRegex2(path30.slice(open)));
|
|
7164
7164
|
break;
|
|
7165
7165
|
}
|
|
7166
7166
|
parts.push("[^/]+");
|
|
@@ -7171,8 +7171,8 @@ function pathToRegoRegex(path28) {
|
|
|
7171
7171
|
function escapeRegex2(s) {
|
|
7172
7172
|
return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
|
|
7173
7173
|
}
|
|
7174
|
-
function paramSplitIndex(
|
|
7175
|
-
const parts =
|
|
7174
|
+
function paramSplitIndex(path30, paramName) {
|
|
7175
|
+
const parts = path30.split("/");
|
|
7176
7176
|
for (let i5 = 0; i5 < parts.length; i5++) {
|
|
7177
7177
|
if (parts[i5] === `{${paramName}}`) return i5;
|
|
7178
7178
|
}
|
|
@@ -7911,11 +7911,11 @@ function emitSinkTypedConfig(lines, indent, r5) {
|
|
|
7911
7911
|
lines.push(`${indent} transport_api_version: V3`);
|
|
7912
7912
|
return;
|
|
7913
7913
|
}
|
|
7914
|
-
const
|
|
7914
|
+
const path30 = r5.sink === "file" ? "/var/log/envoy/access.log" : "/dev/stdout";
|
|
7915
7915
|
lines.push(`${indent}- name: envoy.access_loggers.file`);
|
|
7916
7916
|
lines.push(`${indent} typed_config:`);
|
|
7917
7917
|
lines.push(`${indent} "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog`);
|
|
7918
|
-
lines.push(`${indent} path: ${
|
|
7918
|
+
lines.push(`${indent} path: ${path30}`);
|
|
7919
7919
|
lines.push(`${indent} log_format:`);
|
|
7920
7920
|
lines.push(`${indent} json_format:`);
|
|
7921
7921
|
for (const [k5, v] of fields) {
|
|
@@ -8670,19 +8670,19 @@ function endpointNeedsLua(ep) {
|
|
|
8670
8670
|
r5.contentType || r5.maxBodySize || r5.duplicateParamPolicy || r5.headerInjectionGuard || r5.signature
|
|
8671
8671
|
);
|
|
8672
8672
|
}
|
|
8673
|
-
function envoyPathPattern(
|
|
8673
|
+
function envoyPathPattern(path30) {
|
|
8674
8674
|
const parts = [];
|
|
8675
8675
|
let i5 = 0;
|
|
8676
|
-
while (i5 <
|
|
8677
|
-
const open =
|
|
8676
|
+
while (i5 < path30.length) {
|
|
8677
|
+
const open = path30.indexOf("{", i5);
|
|
8678
8678
|
if (open === -1) {
|
|
8679
|
-
parts.push(escapeLuaPattern(
|
|
8679
|
+
parts.push(escapeLuaPattern(path30.slice(i5)));
|
|
8680
8680
|
break;
|
|
8681
8681
|
}
|
|
8682
|
-
if (open > i5) parts.push(escapeLuaPattern(
|
|
8683
|
-
const close =
|
|
8682
|
+
if (open > i5) parts.push(escapeLuaPattern(path30.slice(i5, open)));
|
|
8683
|
+
const close = path30.indexOf("}", open + 1);
|
|
8684
8684
|
if (close === -1) {
|
|
8685
|
-
parts.push(escapeLuaPattern(
|
|
8685
|
+
parts.push(escapeLuaPattern(path30.slice(open)));
|
|
8686
8686
|
break;
|
|
8687
8687
|
}
|
|
8688
8688
|
parts.push("[^/]+");
|
|
@@ -8831,10 +8831,10 @@ function buildMethodAllowlist(endpoints) {
|
|
|
8831
8831
|
byPath.set(ep.path, set);
|
|
8832
8832
|
}
|
|
8833
8833
|
const out = [];
|
|
8834
|
-
for (const [
|
|
8834
|
+
for (const [path30, methods] of byPath.entries()) {
|
|
8835
8835
|
out.push({
|
|
8836
|
-
path:
|
|
8837
|
-
pattern: envoyPathPattern(
|
|
8836
|
+
path: path30,
|
|
8837
|
+
pattern: envoyPathPattern(path30),
|
|
8838
8838
|
methods: [...methods]
|
|
8839
8839
|
});
|
|
8840
8840
|
}
|
|
@@ -9123,9 +9123,9 @@ var require_util = __commonJS({
|
|
|
9123
9123
|
var parse = (u) => new URL(u);
|
|
9124
9124
|
exports.swaggerParamRegExp = /\{([^/}]+)}/g;
|
|
9125
9125
|
var operationsList = ["get", "post", "put", "delete", "patch", "options", "head", "trace"];
|
|
9126
|
-
function fixServers(server,
|
|
9126
|
+
function fixServers(server, path30) {
|
|
9127
9127
|
if (server.url && server.url.startsWith("/")) {
|
|
9128
|
-
const inUrl = parse(
|
|
9128
|
+
const inUrl = parse(path30);
|
|
9129
9129
|
const finalUrl = inUrl.protocol + "//" + inUrl.hostname + server.url;
|
|
9130
9130
|
server.url = finalUrl;
|
|
9131
9131
|
return server;
|
|
@@ -9137,8 +9137,8 @@ var require_util = __commonJS({
|
|
|
9137
9137
|
schema.servers.map((server) => fixServers(server, filePath));
|
|
9138
9138
|
}
|
|
9139
9139
|
["paths", "webhooks"].forEach((component) => {
|
|
9140
|
-
Object.keys(schema[component] || []).forEach((
|
|
9141
|
-
const pathItem = schema[component][
|
|
9140
|
+
Object.keys(schema[component] || []).forEach((path30) => {
|
|
9141
|
+
const pathItem = schema[component][path30];
|
|
9142
9142
|
Object.keys(pathItem).forEach((opItem) => {
|
|
9143
9143
|
if (opItem === "servers") {
|
|
9144
9144
|
pathItem[opItem].map((server) => fixServers(server, filePath));
|
|
@@ -12708,8 +12708,8 @@ var require_utils = __commonJS({
|
|
|
12708
12708
|
}
|
|
12709
12709
|
return ind;
|
|
12710
12710
|
}
|
|
12711
|
-
function removeDotSegments(
|
|
12712
|
-
let input =
|
|
12711
|
+
function removeDotSegments(path30) {
|
|
12712
|
+
let input = path30;
|
|
12713
12713
|
const output = [];
|
|
12714
12714
|
let nextSlash = -1;
|
|
12715
12715
|
let len = 0;
|
|
@@ -12961,8 +12961,8 @@ var require_schemes = __commonJS({
|
|
|
12961
12961
|
wsComponent.secure = void 0;
|
|
12962
12962
|
}
|
|
12963
12963
|
if (wsComponent.resourceName) {
|
|
12964
|
-
const [
|
|
12965
|
-
wsComponent.path =
|
|
12964
|
+
const [path30, query] = wsComponent.resourceName.split("?");
|
|
12965
|
+
wsComponent.path = path30 && path30 !== "/" ? path30 : void 0;
|
|
12966
12966
|
wsComponent.query = query;
|
|
12967
12967
|
wsComponent.resourceName = void 0;
|
|
12968
12968
|
}
|
|
@@ -21753,10 +21753,10 @@ var require_spec = __commonJS({
|
|
|
21753
21753
|
let paths = Object.keys(api.paths || {});
|
|
21754
21754
|
let operationIds = [];
|
|
21755
21755
|
for (let pathName of paths) {
|
|
21756
|
-
let
|
|
21756
|
+
let path30 = api.paths[pathName];
|
|
21757
21757
|
let pathId = "/paths" + pathName;
|
|
21758
|
-
if (
|
|
21759
|
-
validatePath(api,
|
|
21758
|
+
if (path30 && pathName.indexOf("/") === 0) {
|
|
21759
|
+
validatePath(api, path30, pathId, operationIds);
|
|
21760
21760
|
}
|
|
21761
21761
|
}
|
|
21762
21762
|
let definitions = Object.keys(api.definitions || {});
|
|
@@ -21766,9 +21766,9 @@ var require_spec = __commonJS({
|
|
|
21766
21766
|
validateRequiredPropertiesExist(definition, definitionId);
|
|
21767
21767
|
}
|
|
21768
21768
|
}
|
|
21769
|
-
function validatePath(api,
|
|
21769
|
+
function validatePath(api, path30, pathId, operationIds) {
|
|
21770
21770
|
for (let operationName of swaggerMethods) {
|
|
21771
|
-
let operation2 =
|
|
21771
|
+
let operation2 = path30[operationName];
|
|
21772
21772
|
let operationId = pathId + "/" + operationName;
|
|
21773
21773
|
if (operation2) {
|
|
21774
21774
|
let declaredOperationId = operation2.operationId;
|
|
@@ -21779,7 +21779,7 @@ var require_spec = __commonJS({
|
|
|
21779
21779
|
throw ono.syntax(`Validation failed. Duplicate operation id '${declaredOperationId}'`);
|
|
21780
21780
|
}
|
|
21781
21781
|
}
|
|
21782
|
-
validateParameters(api,
|
|
21782
|
+
validateParameters(api, path30, pathId, operation2, operationId);
|
|
21783
21783
|
let responses = Object.keys(operation2.responses || {});
|
|
21784
21784
|
for (let responseName of responses) {
|
|
21785
21785
|
let response = operation2.responses[responseName];
|
|
@@ -21789,8 +21789,8 @@ var require_spec = __commonJS({
|
|
|
21789
21789
|
}
|
|
21790
21790
|
}
|
|
21791
21791
|
}
|
|
21792
|
-
function validateParameters(api,
|
|
21793
|
-
let pathParams =
|
|
21792
|
+
function validateParameters(api, path30, pathId, operation2, operationId) {
|
|
21793
|
+
let pathParams = path30.parameters || [];
|
|
21794
21794
|
let operationParams = operation2.parameters || [];
|
|
21795
21795
|
try {
|
|
21796
21796
|
checkForDuplicates(pathParams);
|
|
@@ -22085,57 +22085,57 @@ var require_url = __commonJS({
|
|
|
22085
22085
|
if (typeof window !== "undefined") {
|
|
22086
22086
|
return location.href;
|
|
22087
22087
|
}
|
|
22088
|
-
const
|
|
22089
|
-
const lastChar =
|
|
22088
|
+
const path30 = process.cwd();
|
|
22089
|
+
const lastChar = path30.slice(-1);
|
|
22090
22090
|
if (lastChar === "/" || lastChar === "\\") {
|
|
22091
|
-
return
|
|
22091
|
+
return path30;
|
|
22092
22092
|
} else {
|
|
22093
|
-
return
|
|
22093
|
+
return path30 + "/";
|
|
22094
22094
|
}
|
|
22095
22095
|
}
|
|
22096
|
-
function getProtocol(
|
|
22097
|
-
const match = protocolPattern.exec(
|
|
22096
|
+
function getProtocol(path30) {
|
|
22097
|
+
const match = protocolPattern.exec(path30 || "");
|
|
22098
22098
|
if (match) {
|
|
22099
22099
|
return match[1].toLowerCase();
|
|
22100
22100
|
}
|
|
22101
22101
|
return void 0;
|
|
22102
22102
|
}
|
|
22103
|
-
function getExtension(
|
|
22104
|
-
const lastDot =
|
|
22103
|
+
function getExtension(path30) {
|
|
22104
|
+
const lastDot = path30.lastIndexOf(".");
|
|
22105
22105
|
if (lastDot >= 0) {
|
|
22106
|
-
return stripQuery(
|
|
22106
|
+
return stripQuery(path30.substr(lastDot).toLowerCase());
|
|
22107
22107
|
}
|
|
22108
22108
|
return "";
|
|
22109
22109
|
}
|
|
22110
|
-
function stripQuery(
|
|
22111
|
-
const queryIndex =
|
|
22110
|
+
function stripQuery(path30) {
|
|
22111
|
+
const queryIndex = path30.indexOf("?");
|
|
22112
22112
|
if (queryIndex >= 0) {
|
|
22113
|
-
|
|
22113
|
+
path30 = path30.substr(0, queryIndex);
|
|
22114
22114
|
}
|
|
22115
|
-
return
|
|
22115
|
+
return path30;
|
|
22116
22116
|
}
|
|
22117
|
-
function getHash(
|
|
22118
|
-
if (!
|
|
22117
|
+
function getHash(path30) {
|
|
22118
|
+
if (!path30) {
|
|
22119
22119
|
return "#";
|
|
22120
22120
|
}
|
|
22121
|
-
const hashIndex =
|
|
22121
|
+
const hashIndex = path30.indexOf("#");
|
|
22122
22122
|
if (hashIndex >= 0) {
|
|
22123
|
-
return
|
|
22123
|
+
return path30.substring(hashIndex);
|
|
22124
22124
|
}
|
|
22125
22125
|
return "#";
|
|
22126
22126
|
}
|
|
22127
|
-
function stripHash(
|
|
22128
|
-
if (!
|
|
22127
|
+
function stripHash(path30) {
|
|
22128
|
+
if (!path30) {
|
|
22129
22129
|
return "";
|
|
22130
22130
|
}
|
|
22131
|
-
const hashIndex =
|
|
22131
|
+
const hashIndex = path30.indexOf("#");
|
|
22132
22132
|
if (hashIndex >= 0) {
|
|
22133
|
-
|
|
22133
|
+
path30 = path30.substring(0, hashIndex);
|
|
22134
22134
|
}
|
|
22135
|
-
return
|
|
22135
|
+
return path30;
|
|
22136
22136
|
}
|
|
22137
|
-
function isHttp(
|
|
22138
|
-
const protocol = getProtocol(
|
|
22137
|
+
function isHttp(path30) {
|
|
22138
|
+
const protocol = getProtocol(path30);
|
|
22139
22139
|
if (protocol === "http" || protocol === "https") {
|
|
22140
22140
|
return true;
|
|
22141
22141
|
} else if (protocol === void 0) {
|
|
@@ -22144,58 +22144,58 @@ var require_url = __commonJS({
|
|
|
22144
22144
|
return false;
|
|
22145
22145
|
}
|
|
22146
22146
|
}
|
|
22147
|
-
function isFileSystemPath(
|
|
22147
|
+
function isFileSystemPath(path30) {
|
|
22148
22148
|
if (typeof window !== "undefined" || typeof process !== "undefined" && process.browser) {
|
|
22149
22149
|
return false;
|
|
22150
22150
|
}
|
|
22151
|
-
const protocol = getProtocol(
|
|
22151
|
+
const protocol = getProtocol(path30);
|
|
22152
22152
|
return protocol === void 0 || protocol === "file";
|
|
22153
22153
|
}
|
|
22154
|
-
function fromFileSystemPath(
|
|
22154
|
+
function fromFileSystemPath(path30) {
|
|
22155
22155
|
if ((0, is_windows_1.isWindows)()) {
|
|
22156
22156
|
const projectDir = cwd();
|
|
22157
|
-
const upperPath =
|
|
22157
|
+
const upperPath = path30.toUpperCase();
|
|
22158
22158
|
const projectDirPosixPath = (0, convert_path_to_posix_1.default)(projectDir);
|
|
22159
22159
|
const posixUpper = projectDirPosixPath.toUpperCase();
|
|
22160
22160
|
const hasProjectDir = upperPath.includes(posixUpper);
|
|
22161
22161
|
const hasProjectUri = upperPath.includes(posixUpper);
|
|
22162
|
-
const isAbsolutePath = path_1.win32?.isAbsolute(
|
|
22162
|
+
const isAbsolutePath = path_1.win32?.isAbsolute(path30) || path30.startsWith("http://") || path30.startsWith("https://") || path30.startsWith("file://");
|
|
22163
22163
|
if (!(hasProjectDir || hasProjectUri || isAbsolutePath) && !projectDir.startsWith("http")) {
|
|
22164
|
-
|
|
22164
|
+
path30 = (0, path_2.join)(projectDir, path30);
|
|
22165
22165
|
}
|
|
22166
|
-
|
|
22166
|
+
path30 = (0, convert_path_to_posix_1.default)(path30);
|
|
22167
22167
|
}
|
|
22168
|
-
|
|
22168
|
+
path30 = encodeURI(path30);
|
|
22169
22169
|
for (const pattern of urlEncodePatterns) {
|
|
22170
|
-
|
|
22170
|
+
path30 = path30.replace(pattern[0], pattern[1]);
|
|
22171
22171
|
}
|
|
22172
|
-
return
|
|
22172
|
+
return path30;
|
|
22173
22173
|
}
|
|
22174
|
-
function toFileSystemPath(
|
|
22175
|
-
|
|
22174
|
+
function toFileSystemPath(path30, keepFileProtocol) {
|
|
22175
|
+
path30 = decodeURI(path30);
|
|
22176
22176
|
for (let i5 = 0; i5 < urlDecodePatterns.length; i5 += 2) {
|
|
22177
|
-
|
|
22177
|
+
path30 = path30.replace(urlDecodePatterns[i5], urlDecodePatterns[i5 + 1]);
|
|
22178
22178
|
}
|
|
22179
|
-
let isFileUrl =
|
|
22179
|
+
let isFileUrl = path30.substr(0, 7).toLowerCase() === "file://";
|
|
22180
22180
|
if (isFileUrl) {
|
|
22181
|
-
|
|
22182
|
-
if ((0, is_windows_1.isWindows)() &&
|
|
22183
|
-
|
|
22181
|
+
path30 = path30[7] === "/" ? path30.substr(8) : path30.substr(7);
|
|
22182
|
+
if ((0, is_windows_1.isWindows)() && path30[1] === "/") {
|
|
22183
|
+
path30 = path30[0] + ":" + path30.substr(1);
|
|
22184
22184
|
}
|
|
22185
22185
|
if (keepFileProtocol) {
|
|
22186
|
-
|
|
22186
|
+
path30 = "file:///" + path30;
|
|
22187
22187
|
} else {
|
|
22188
22188
|
isFileUrl = false;
|
|
22189
|
-
|
|
22189
|
+
path30 = (0, is_windows_1.isWindows)() ? path30 : "/" + path30;
|
|
22190
22190
|
}
|
|
22191
22191
|
}
|
|
22192
22192
|
if ((0, is_windows_1.isWindows)() && !isFileUrl) {
|
|
22193
|
-
|
|
22194
|
-
if (
|
|
22195
|
-
|
|
22193
|
+
path30 = path30.replace(forwardSlashPattern, "\\");
|
|
22194
|
+
if (path30.substr(1, 2) === ":\\") {
|
|
22195
|
+
path30 = path30[0].toUpperCase() + path30.substr(1);
|
|
22196
22196
|
}
|
|
22197
22197
|
}
|
|
22198
|
-
return
|
|
22198
|
+
return path30;
|
|
22199
22199
|
}
|
|
22200
22200
|
function safePointerToPath(pointer) {
|
|
22201
22201
|
if (pointer.length <= 1 || pointer[0] !== "#" || pointer[1] !== "/") {
|
|
@@ -22300,8 +22300,8 @@ var require_errors2 = __commonJS({
|
|
|
22300
22300
|
};
|
|
22301
22301
|
exports.UnmatchedResolverError = UnmatchedResolverError;
|
|
22302
22302
|
var MissingPointerError = class extends JSONParserError {
|
|
22303
|
-
constructor(token,
|
|
22304
|
-
super(`Token "${token}" does not exist.`, (0, url_js_1.stripHash)(
|
|
22303
|
+
constructor(token, path30) {
|
|
22304
|
+
super(`Token "${token}" does not exist.`, (0, url_js_1.stripHash)(path30));
|
|
22305
22305
|
this.code = "EUNMATCHEDRESOLVER";
|
|
22306
22306
|
this.name = "MissingPointerError";
|
|
22307
22307
|
}
|
|
@@ -22316,8 +22316,8 @@ var require_errors2 = __commonJS({
|
|
|
22316
22316
|
};
|
|
22317
22317
|
exports.TimeoutError = TimeoutError;
|
|
22318
22318
|
var InvalidPointerError = class extends JSONParserError {
|
|
22319
|
-
constructor(pointer,
|
|
22320
|
-
super(`Invalid $ref pointer "${pointer}". Pointers must begin with "#/"`, (0, url_js_1.stripHash)(
|
|
22319
|
+
constructor(pointer, path30) {
|
|
22320
|
+
super(`Invalid $ref pointer "${pointer}". Pointers must begin with "#/"`, (0, url_js_1.stripHash)(path30));
|
|
22321
22321
|
this.code = "EUNMATCHEDRESOLVER";
|
|
22322
22322
|
this.name = "InvalidPointerError";
|
|
22323
22323
|
}
|
|
@@ -22385,10 +22385,10 @@ var require_pointer = __commonJS({
|
|
|
22385
22385
|
}
|
|
22386
22386
|
};
|
|
22387
22387
|
var Pointer = class _Pointer {
|
|
22388
|
-
constructor($ref,
|
|
22388
|
+
constructor($ref, path30, friendlyPath) {
|
|
22389
22389
|
this.$ref = $ref;
|
|
22390
|
-
this.path =
|
|
22391
|
-
this.originalPath = friendlyPath ||
|
|
22390
|
+
this.path = path30;
|
|
22391
|
+
this.originalPath = friendlyPath || path30;
|
|
22392
22392
|
this.value = void 0;
|
|
22393
22393
|
this.circular = false;
|
|
22394
22394
|
this.indirections = 0;
|
|
@@ -22486,8 +22486,8 @@ var require_pointer = __commonJS({
|
|
|
22486
22486
|
* @param [originalPath]
|
|
22487
22487
|
* @returns
|
|
22488
22488
|
*/
|
|
22489
|
-
static parse(
|
|
22490
|
-
const pointer = url.getHash(
|
|
22489
|
+
static parse(path30, originalPath) {
|
|
22490
|
+
const pointer = url.getHash(path30).substring(1);
|
|
22491
22491
|
if (!pointer) {
|
|
22492
22492
|
return [];
|
|
22493
22493
|
}
|
|
@@ -22496,7 +22496,7 @@ var require_pointer = __commonJS({
|
|
|
22496
22496
|
split2[i5] = safeDecodeURIComponent(split2[i5].replace(escapedSlash, "/").replace(escapedTilde, "~"));
|
|
22497
22497
|
}
|
|
22498
22498
|
if (split2[0] !== "") {
|
|
22499
|
-
throw new errors_js_1.InvalidPointerError(split2, originalPath === void 0 ?
|
|
22499
|
+
throw new errors_js_1.InvalidPointerError(split2, originalPath === void 0 ? path30 : originalPath);
|
|
22500
22500
|
}
|
|
22501
22501
|
return split2.slice(1);
|
|
22502
22502
|
}
|
|
@@ -22609,9 +22609,9 @@ var require_ref2 = __commonJS({
|
|
|
22609
22609
|
* @param options
|
|
22610
22610
|
* @returns
|
|
22611
22611
|
*/
|
|
22612
|
-
exists(
|
|
22612
|
+
exists(path30, options) {
|
|
22613
22613
|
try {
|
|
22614
|
-
this.resolve(
|
|
22614
|
+
this.resolve(path30, options);
|
|
22615
22615
|
return true;
|
|
22616
22616
|
} catch {
|
|
22617
22617
|
return false;
|
|
@@ -22624,8 +22624,8 @@ var require_ref2 = __commonJS({
|
|
|
22624
22624
|
* @param options
|
|
22625
22625
|
* @returns - Returns the resolved value
|
|
22626
22626
|
*/
|
|
22627
|
-
get(
|
|
22628
|
-
return this.resolve(
|
|
22627
|
+
get(path30, options) {
|
|
22628
|
+
return this.resolve(path30, options)?.value;
|
|
22629
22629
|
}
|
|
22630
22630
|
/**
|
|
22631
22631
|
* Resolves the given JSON reference within this {@link $Ref#value}.
|
|
@@ -22636,8 +22636,8 @@ var require_ref2 = __commonJS({
|
|
|
22636
22636
|
* @param pathFromRoot - The path of `obj` from the schema root
|
|
22637
22637
|
* @returns
|
|
22638
22638
|
*/
|
|
22639
|
-
resolve(
|
|
22640
|
-
const pointer = new pointer_js_1.default(this,
|
|
22639
|
+
resolve(path30, options, friendlyPath, pathFromRoot) {
|
|
22640
|
+
const pointer = new pointer_js_1.default(this, path30, friendlyPath);
|
|
22641
22641
|
try {
|
|
22642
22642
|
return pointer.resolve(this.value, options, pathFromRoot);
|
|
22643
22643
|
} catch (err2) {
|
|
@@ -22661,8 +22661,8 @@ var require_ref2 = __commonJS({
|
|
|
22661
22661
|
* @param path - The full path of the property to set, optionally with a JSON pointer in the hash
|
|
22662
22662
|
* @param value - The value to assign
|
|
22663
22663
|
*/
|
|
22664
|
-
set(
|
|
22665
|
-
const pointer = new pointer_js_1.default(this,
|
|
22664
|
+
set(path30, value) {
|
|
22665
|
+
const pointer = new pointer_js_1.default(this, path30);
|
|
22666
22666
|
this.value = pointer.set(this.value, value);
|
|
22667
22667
|
}
|
|
22668
22668
|
/**
|
|
@@ -22841,8 +22841,8 @@ var require_refs = __commonJS({
|
|
|
22841
22841
|
*/
|
|
22842
22842
|
paths(...types) {
|
|
22843
22843
|
const paths = getPaths(this._$refs, types.flat());
|
|
22844
|
-
return paths.map((
|
|
22845
|
-
return (0, convert_path_to_posix_1.default)(
|
|
22844
|
+
return paths.map((path30) => {
|
|
22845
|
+
return (0, convert_path_to_posix_1.default)(path30.decoded);
|
|
22846
22846
|
});
|
|
22847
22847
|
}
|
|
22848
22848
|
/**
|
|
@@ -22855,8 +22855,8 @@ var require_refs = __commonJS({
|
|
|
22855
22855
|
values(...types) {
|
|
22856
22856
|
const $refs = this._$refs;
|
|
22857
22857
|
const paths = getPaths($refs, types.flat());
|
|
22858
|
-
return paths.reduce((obj,
|
|
22859
|
-
obj[(0, convert_path_to_posix_1.default)(
|
|
22858
|
+
return paths.reduce((obj, path30) => {
|
|
22859
|
+
obj[(0, convert_path_to_posix_1.default)(path30.decoded)] = $refs[path30.encoded].value;
|
|
22860
22860
|
return obj;
|
|
22861
22861
|
}, {});
|
|
22862
22862
|
}
|
|
@@ -22874,9 +22874,9 @@ var require_refs = __commonJS({
|
|
|
22874
22874
|
* @param [options]
|
|
22875
22875
|
* @returns
|
|
22876
22876
|
*/
|
|
22877
|
-
exists(
|
|
22877
|
+
exists(path30, options) {
|
|
22878
22878
|
try {
|
|
22879
|
-
this._resolve(
|
|
22879
|
+
this._resolve(path30, "", options);
|
|
22880
22880
|
return true;
|
|
22881
22881
|
} catch {
|
|
22882
22882
|
return false;
|
|
@@ -22889,8 +22889,8 @@ var require_refs = __commonJS({
|
|
|
22889
22889
|
* @param [options]
|
|
22890
22890
|
* @returns - Returns the resolved value
|
|
22891
22891
|
*/
|
|
22892
|
-
get(
|
|
22893
|
-
return this._resolve(
|
|
22892
|
+
get(path30, options) {
|
|
22893
|
+
return this._resolve(path30, "", options).value;
|
|
22894
22894
|
}
|
|
22895
22895
|
/**
|
|
22896
22896
|
* Sets the value at the given path in the schema. If the property, or any of its parents, don't exist, they will be created.
|
|
@@ -22898,12 +22898,12 @@ var require_refs = __commonJS({
|
|
|
22898
22898
|
* @param path The JSON Reference path, optionally with a JSON Pointer in the hash
|
|
22899
22899
|
* @param value The value to assign. Can be anything (object, string, number, etc.)
|
|
22900
22900
|
*/
|
|
22901
|
-
set(
|
|
22902
|
-
const absPath = url.resolve(this._root$Ref.path,
|
|
22901
|
+
set(path30, value) {
|
|
22902
|
+
const absPath = url.resolve(this._root$Ref.path, path30);
|
|
22903
22903
|
const withoutHash = url.stripHash(absPath);
|
|
22904
22904
|
const $ref = this._$refs[withoutHash];
|
|
22905
22905
|
if (!$ref) {
|
|
22906
|
-
throw (0, ono_1.ono)(`Error resolving $ref pointer "${
|
|
22906
|
+
throw (0, ono_1.ono)(`Error resolving $ref pointer "${path30}".
|
|
22907
22907
|
"${withoutHash}" not found.`);
|
|
22908
22908
|
}
|
|
22909
22909
|
$ref.set(absPath, value);
|
|
@@ -22915,9 +22915,9 @@ var require_refs = __commonJS({
|
|
|
22915
22915
|
* @returns
|
|
22916
22916
|
* @protected
|
|
22917
22917
|
*/
|
|
22918
|
-
_get$Ref(
|
|
22919
|
-
|
|
22920
|
-
const withoutHash = url.stripHash(
|
|
22918
|
+
_get$Ref(path30) {
|
|
22919
|
+
path30 = url.resolve(this._root$Ref.path, path30);
|
|
22920
|
+
const withoutHash = url.stripHash(path30);
|
|
22921
22921
|
return this._$refs[withoutHash];
|
|
22922
22922
|
}
|
|
22923
22923
|
/**
|
|
@@ -22925,8 +22925,8 @@ var require_refs = __commonJS({
|
|
|
22925
22925
|
*
|
|
22926
22926
|
* @param path - The file path or URL of the referenced file
|
|
22927
22927
|
*/
|
|
22928
|
-
_add(
|
|
22929
|
-
const withoutHash = url.stripHash(
|
|
22928
|
+
_add(path30) {
|
|
22929
|
+
const withoutHash = url.stripHash(path30);
|
|
22930
22930
|
const $ref = new ref_js_1.default(this);
|
|
22931
22931
|
$ref.path = withoutHash;
|
|
22932
22932
|
this._$refs[withoutHash] = $ref;
|
|
@@ -22942,15 +22942,15 @@ var require_refs = __commonJS({
|
|
|
22942
22942
|
* @returns
|
|
22943
22943
|
* @protected
|
|
22944
22944
|
*/
|
|
22945
|
-
_resolve(
|
|
22946
|
-
const absPath = url.resolve(this._root$Ref.path,
|
|
22945
|
+
_resolve(path30, pathFromRoot, options) {
|
|
22946
|
+
const absPath = url.resolve(this._root$Ref.path, path30);
|
|
22947
22947
|
const withoutHash = url.stripHash(absPath);
|
|
22948
22948
|
const $ref = this._$refs[withoutHash];
|
|
22949
22949
|
if (!$ref) {
|
|
22950
|
-
throw (0, ono_1.ono)(`Error resolving $ref pointer "${
|
|
22950
|
+
throw (0, ono_1.ono)(`Error resolving $ref pointer "${path30}".
|
|
22951
22951
|
"${withoutHash}" not found.`);
|
|
22952
22952
|
}
|
|
22953
|
-
return $ref.resolve(absPath, options,
|
|
22953
|
+
return $ref.resolve(absPath, options, path30, pathFromRoot);
|
|
22954
22954
|
}
|
|
22955
22955
|
constructor() {
|
|
22956
22956
|
this._$refs = {};
|
|
@@ -22969,10 +22969,10 @@ var require_refs = __commonJS({
|
|
|
22969
22969
|
return types.includes($refs[key].pathType);
|
|
22970
22970
|
});
|
|
22971
22971
|
}
|
|
22972
|
-
return paths.map((
|
|
22972
|
+
return paths.map((path30) => {
|
|
22973
22973
|
return {
|
|
22974
|
-
encoded:
|
|
22975
|
-
decoded: $refs[
|
|
22974
|
+
encoded: path30,
|
|
22975
|
+
decoded: $refs[path30].pathType === "file" ? url.toFileSystemPath(path30, true) : path30
|
|
22976
22976
|
};
|
|
22977
22977
|
});
|
|
22978
22978
|
}
|
|
@@ -23110,18 +23110,18 @@ var require_parse = __commonJS({
|
|
|
23110
23110
|
var url = __importStar2(require_url());
|
|
23111
23111
|
var plugins = __importStar2(require_plugins());
|
|
23112
23112
|
var errors_js_1 = require_errors2();
|
|
23113
|
-
async function parse(
|
|
23114
|
-
const hashIndex =
|
|
23113
|
+
async function parse(path30, $refs, options) {
|
|
23114
|
+
const hashIndex = path30.indexOf("#");
|
|
23115
23115
|
let hash = "";
|
|
23116
23116
|
if (hashIndex >= 0) {
|
|
23117
|
-
hash =
|
|
23118
|
-
|
|
23117
|
+
hash = path30.substring(hashIndex);
|
|
23118
|
+
path30 = path30.substring(0, hashIndex);
|
|
23119
23119
|
}
|
|
23120
|
-
const $ref = $refs._add(
|
|
23120
|
+
const $ref = $refs._add(path30);
|
|
23121
23121
|
const file = {
|
|
23122
|
-
url:
|
|
23122
|
+
url: path30,
|
|
23123
23123
|
hash,
|
|
23124
|
-
extension: url.getExtension(
|
|
23124
|
+
extension: url.getExtension(path30)
|
|
23125
23125
|
};
|
|
23126
23126
|
try {
|
|
23127
23127
|
const resolver = await readFile17(file, options, $refs);
|
|
@@ -23446,16 +23446,16 @@ var require_file = __commonJS({
|
|
|
23446
23446
|
* Reads the given file and returns its raw contents as a Buffer.
|
|
23447
23447
|
*/
|
|
23448
23448
|
async read(file) {
|
|
23449
|
-
let
|
|
23449
|
+
let path30;
|
|
23450
23450
|
try {
|
|
23451
|
-
|
|
23451
|
+
path30 = url.toFileSystemPath(file.url);
|
|
23452
23452
|
} catch (err2) {
|
|
23453
23453
|
throw new errors_js_1.ResolverError(ono_1.ono.uri(err2, `Malformed URI: ${file.url}`), file.url);
|
|
23454
23454
|
}
|
|
23455
23455
|
try {
|
|
23456
|
-
return await fs_1.default.promises.readFile(
|
|
23456
|
+
return await fs_1.default.promises.readFile(path30);
|
|
23457
23457
|
} catch (err2) {
|
|
23458
|
-
throw new errors_js_1.ResolverError((0, ono_1.ono)(err2, `Error opening file "${
|
|
23458
|
+
throw new errors_js_1.ResolverError((0, ono_1.ono)(err2, `Error opening file "${path30}"`), path30);
|
|
23459
23459
|
}
|
|
23460
23460
|
}
|
|
23461
23461
|
};
|
|
@@ -23715,7 +23715,7 @@ var require_normalize_args = __commonJS({
|
|
|
23715
23715
|
exports.normalizeArgs = normalizeArgs;
|
|
23716
23716
|
var options_js_1 = require_options();
|
|
23717
23717
|
function normalizeArgs(_args) {
|
|
23718
|
-
let
|
|
23718
|
+
let path30;
|
|
23719
23719
|
let schema;
|
|
23720
23720
|
let options;
|
|
23721
23721
|
let callback;
|
|
@@ -23724,7 +23724,7 @@ var require_normalize_args = __commonJS({
|
|
|
23724
23724
|
callback = args.pop();
|
|
23725
23725
|
}
|
|
23726
23726
|
if (typeof args[0] === "string") {
|
|
23727
|
-
|
|
23727
|
+
path30 = args[0];
|
|
23728
23728
|
if (typeof args[2] === "object") {
|
|
23729
23729
|
schema = args[1];
|
|
23730
23730
|
options = args[2];
|
|
@@ -23733,7 +23733,7 @@ var require_normalize_args = __commonJS({
|
|
|
23733
23733
|
options = args[1];
|
|
23734
23734
|
}
|
|
23735
23735
|
} else {
|
|
23736
|
-
|
|
23736
|
+
path30 = "";
|
|
23737
23737
|
schema = args[0];
|
|
23738
23738
|
options = args[1];
|
|
23739
23739
|
}
|
|
@@ -23746,7 +23746,7 @@ var require_normalize_args = __commonJS({
|
|
|
23746
23746
|
schema = JSON.parse(JSON.stringify(schema));
|
|
23747
23747
|
}
|
|
23748
23748
|
return {
|
|
23749
|
-
path:
|
|
23749
|
+
path: path30,
|
|
23750
23750
|
schema,
|
|
23751
23751
|
options,
|
|
23752
23752
|
callback
|
|
@@ -23807,26 +23807,26 @@ var require_resolve_external = __commonJS({
|
|
|
23807
23807
|
return Promise.reject(e5);
|
|
23808
23808
|
}
|
|
23809
23809
|
}
|
|
23810
|
-
function crawl(obj,
|
|
23810
|
+
function crawl(obj, path30, $refs, options, seen, external) {
|
|
23811
23811
|
seen || (seen = /* @__PURE__ */ new Set());
|
|
23812
23812
|
let promises = [];
|
|
23813
23813
|
if (obj && typeof obj === "object" && !ArrayBuffer.isView(obj) && !seen.has(obj)) {
|
|
23814
23814
|
seen.add(obj);
|
|
23815
23815
|
if (ref_js_1.default.isExternal$Ref(obj)) {
|
|
23816
|
-
promises.push(resolve$Ref(obj,
|
|
23816
|
+
promises.push(resolve$Ref(obj, path30, $refs, options));
|
|
23817
23817
|
}
|
|
23818
23818
|
const keys = Object.keys(obj);
|
|
23819
23819
|
for (const key of keys) {
|
|
23820
|
-
const keyPath = pointer_js_1.default.join(
|
|
23820
|
+
const keyPath = pointer_js_1.default.join(path30, key);
|
|
23821
23821
|
const value = obj[key];
|
|
23822
23822
|
promises = promises.concat(crawl(value, keyPath, $refs, options, seen, external));
|
|
23823
23823
|
}
|
|
23824
23824
|
}
|
|
23825
23825
|
return promises;
|
|
23826
23826
|
}
|
|
23827
|
-
async function resolve$Ref($ref,
|
|
23827
|
+
async function resolve$Ref($ref, path30, $refs, options) {
|
|
23828
23828
|
const shouldResolveOnCwd = options.dereference?.externalReferenceResolution === "root";
|
|
23829
|
-
const resolvedPath2 = url.resolve(shouldResolveOnCwd ? url.cwd() :
|
|
23829
|
+
const resolvedPath2 = url.resolve(shouldResolveOnCwd ? url.cwd() : path30, $ref.$ref);
|
|
23830
23830
|
const withoutHash = url.stripHash(resolvedPath2);
|
|
23831
23831
|
const ref = $refs._$refs[withoutHash];
|
|
23832
23832
|
if (ref) {
|
|
@@ -23841,8 +23841,8 @@ var require_resolve_external = __commonJS({
|
|
|
23841
23841
|
throw err2;
|
|
23842
23842
|
}
|
|
23843
23843
|
if ($refs._$refs[withoutHash]) {
|
|
23844
|
-
err2.source = decodeURI(url.stripHash(
|
|
23845
|
-
err2.path = url.safePointerToPath(url.getHash(
|
|
23844
|
+
err2.source = decodeURI(url.stripHash(path30));
|
|
23845
|
+
err2.path = url.safePointerToPath(url.getHash(path30));
|
|
23846
23846
|
}
|
|
23847
23847
|
return [];
|
|
23848
23848
|
}
|
|
@@ -23894,11 +23894,11 @@ var require_bundle = __commonJS({
|
|
|
23894
23894
|
crawl(parser, "schema", parser.$refs._root$Ref.path + "#", "#", 0, inventory, parser.$refs, options);
|
|
23895
23895
|
remap(inventory);
|
|
23896
23896
|
}
|
|
23897
|
-
function crawl(parent, key,
|
|
23897
|
+
function crawl(parent, key, path30, pathFromRoot, indirections, inventory, $refs, options) {
|
|
23898
23898
|
const obj = key === null ? parent : parent[key];
|
|
23899
23899
|
if (obj && typeof obj === "object" && !ArrayBuffer.isView(obj)) {
|
|
23900
23900
|
if (ref_js_1.default.isAllowed$Ref(obj)) {
|
|
23901
|
-
inventory$Ref(parent, key,
|
|
23901
|
+
inventory$Ref(parent, key, path30, pathFromRoot, indirections, inventory, $refs, options);
|
|
23902
23902
|
} else {
|
|
23903
23903
|
const keys = Object.keys(obj).sort((a5, b5) => {
|
|
23904
23904
|
if (a5 === "definitions") {
|
|
@@ -23910,11 +23910,11 @@ var require_bundle = __commonJS({
|
|
|
23910
23910
|
}
|
|
23911
23911
|
});
|
|
23912
23912
|
for (const key2 of keys) {
|
|
23913
|
-
const keyPath = pointer_js_1.default.join(
|
|
23913
|
+
const keyPath = pointer_js_1.default.join(path30, key2);
|
|
23914
23914
|
const keyPathFromRoot = pointer_js_1.default.join(pathFromRoot, key2);
|
|
23915
23915
|
const value = obj[key2];
|
|
23916
23916
|
if (ref_js_1.default.isAllowed$Ref(value)) {
|
|
23917
|
-
inventory$Ref(obj, key2,
|
|
23917
|
+
inventory$Ref(obj, key2, path30, keyPathFromRoot, indirections, inventory, $refs, options);
|
|
23918
23918
|
} else {
|
|
23919
23919
|
crawl(obj, key2, keyPath, keyPathFromRoot, indirections, inventory, $refs, options);
|
|
23920
23920
|
}
|
|
@@ -23922,9 +23922,9 @@ var require_bundle = __commonJS({
|
|
|
23922
23922
|
}
|
|
23923
23923
|
}
|
|
23924
23924
|
}
|
|
23925
|
-
function inventory$Ref($refParent, $refKey,
|
|
23925
|
+
function inventory$Ref($refParent, $refKey, path30, pathFromRoot, indirections, inventory, $refs, options) {
|
|
23926
23926
|
const $ref = $refKey === null ? $refParent : $refParent[$refKey];
|
|
23927
|
-
const $refPath = url.resolve(
|
|
23927
|
+
const $refPath = url.resolve(path30, $ref.$ref);
|
|
23928
23928
|
const pointer = $refs._resolve($refPath, pathFromRoot, options);
|
|
23929
23929
|
if (pointer === null) {
|
|
23930
23930
|
return;
|
|
@@ -24080,7 +24080,7 @@ var require_dereference = __commonJS({
|
|
|
24080
24080
|
parser.$refs.circular = dereferenced.circular;
|
|
24081
24081
|
parser.schema = dereferenced.value;
|
|
24082
24082
|
}
|
|
24083
|
-
function crawl(obj,
|
|
24083
|
+
function crawl(obj, path30, pathFromRoot, parents, processedObjects, dereferencedCache, $refs, options, startTime) {
|
|
24084
24084
|
let dereferenced;
|
|
24085
24085
|
const result2 = {
|
|
24086
24086
|
value: obj,
|
|
@@ -24098,12 +24098,12 @@ var require_dereference = __commonJS({
|
|
|
24098
24098
|
parents.add(obj);
|
|
24099
24099
|
processedObjects.add(obj);
|
|
24100
24100
|
if (ref_js_1.default.isAllowed$Ref(obj, options)) {
|
|
24101
|
-
dereferenced = dereference$Ref(obj,
|
|
24101
|
+
dereferenced = dereference$Ref(obj, path30, pathFromRoot, parents, processedObjects, dereferencedCache, $refs, options, startTime);
|
|
24102
24102
|
result2.circular = dereferenced.circular;
|
|
24103
24103
|
result2.value = dereferenced.value;
|
|
24104
24104
|
} else {
|
|
24105
24105
|
for (const key of Object.keys(obj)) {
|
|
24106
|
-
const keyPath = pointer_js_1.default.join(
|
|
24106
|
+
const keyPath = pointer_js_1.default.join(path30, key);
|
|
24107
24107
|
const keyPathFromRoot = pointer_js_1.default.join(pathFromRoot, key);
|
|
24108
24108
|
if (isExcludedPath(keyPathFromRoot)) {
|
|
24109
24109
|
continue;
|
|
@@ -24136,10 +24136,10 @@ var require_dereference = __commonJS({
|
|
|
24136
24136
|
}
|
|
24137
24137
|
return result2;
|
|
24138
24138
|
}
|
|
24139
|
-
function dereference$Ref($ref,
|
|
24139
|
+
function dereference$Ref($ref, path30, pathFromRoot, parents, processedObjects, dereferencedCache, $refs, options, startTime) {
|
|
24140
24140
|
const isExternalRef = ref_js_1.default.isExternal$Ref($ref);
|
|
24141
24141
|
const shouldResolveOnCwd = isExternalRef && options?.dereference?.externalReferenceResolution === "root";
|
|
24142
|
-
const $refPath = url.resolve(shouldResolveOnCwd ? url.cwd() :
|
|
24142
|
+
const $refPath = url.resolve(shouldResolveOnCwd ? url.cwd() : path30, $ref.$ref);
|
|
24143
24143
|
const cache6 = dereferencedCache.get($refPath);
|
|
24144
24144
|
if (cache6 && !cache6.circular) {
|
|
24145
24145
|
const refKeys = Object.keys($ref);
|
|
@@ -24157,7 +24157,7 @@ var require_dereference = __commonJS({
|
|
|
24157
24157
|
}
|
|
24158
24158
|
return cache6;
|
|
24159
24159
|
}
|
|
24160
|
-
const pointer = $refs._resolve($refPath,
|
|
24160
|
+
const pointer = $refs._resolve($refPath, path30, options);
|
|
24161
24161
|
if (pointer === null) {
|
|
24162
24162
|
return {
|
|
24163
24163
|
circular: false,
|
|
@@ -24167,7 +24167,7 @@ var require_dereference = __commonJS({
|
|
|
24167
24167
|
const directCircular = pointer.circular;
|
|
24168
24168
|
let circular = directCircular || parents.has(pointer.value);
|
|
24169
24169
|
if (circular) {
|
|
24170
|
-
foundCircularReference(
|
|
24170
|
+
foundCircularReference(path30, $refs, options);
|
|
24171
24171
|
}
|
|
24172
24172
|
let dereferencedValue = ref_js_1.default.dereference($ref, pointer.value);
|
|
24173
24173
|
if (!circular) {
|
|
@@ -24564,7 +24564,7 @@ var require_lib4 = __commonJS({
|
|
|
24564
24564
|
* @param {Function} [callback] - An error-first callback. The second parameter is the parsed API object.
|
|
24565
24565
|
* @returns {Promise} - The returned promise resolves with the parsed API object.
|
|
24566
24566
|
*/
|
|
24567
|
-
async parse(
|
|
24567
|
+
async parse(path30, api, options, callback) {
|
|
24568
24568
|
let args = normalizeArgs(arguments);
|
|
24569
24569
|
args.options = new Options(args.options);
|
|
24570
24570
|
try {
|
|
@@ -24616,7 +24616,7 @@ var require_lib4 = __commonJS({
|
|
|
24616
24616
|
* @param {Function} [callback] - An error-first callback. The second parameter is the parsed API object.
|
|
24617
24617
|
* @returns {Promise} - The returned promise resolves with the parsed API object.
|
|
24618
24618
|
*/
|
|
24619
|
-
async validate(
|
|
24619
|
+
async validate(path30, api, options, callback) {
|
|
24620
24620
|
let me = this;
|
|
24621
24621
|
let args = normalizeArgs(arguments);
|
|
24622
24622
|
args.options = new Options(args.options);
|
|
@@ -25231,12 +25231,12 @@ var require_dist2 = __commonJS({
|
|
|
25231
25231
|
throw new Error(`Unknown format "${name}"`);
|
|
25232
25232
|
return f5;
|
|
25233
25233
|
};
|
|
25234
|
-
function addFormats2(ajv, list2,
|
|
25234
|
+
function addFormats2(ajv, list2, fs23, exportName) {
|
|
25235
25235
|
var _a2;
|
|
25236
25236
|
var _b;
|
|
25237
25237
|
(_a2 = (_b = ajv.opts.code).formats) !== null && _a2 !== void 0 ? _a2 : _b.formats = (0, codegen_1._)`require("ajv-formats/dist/formats").${exportName}`;
|
|
25238
25238
|
for (const f5 of list2)
|
|
25239
|
-
ajv.addFormat(f5,
|
|
25239
|
+
ajv.addFormat(f5, fs23[f5]);
|
|
25240
25240
|
}
|
|
25241
25241
|
module.exports = exports = formatsPlugin;
|
|
25242
25242
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
@@ -26757,8 +26757,8 @@ var init_parseUtil = __esm({
|
|
|
26757
26757
|
init_errors();
|
|
26758
26758
|
init_en();
|
|
26759
26759
|
makeIssue = (params) => {
|
|
26760
|
-
const { data: data2, path:
|
|
26761
|
-
const fullPath = [...
|
|
26760
|
+
const { data: data2, path: path30, errorMaps, issueData } = params;
|
|
26761
|
+
const fullPath = [...path30, ...issueData.path || []];
|
|
26762
26762
|
const fullIssue = {
|
|
26763
26763
|
...issueData,
|
|
26764
26764
|
path: fullPath
|
|
@@ -27066,11 +27066,11 @@ var init_types = __esm({
|
|
|
27066
27066
|
init_parseUtil();
|
|
27067
27067
|
init_util();
|
|
27068
27068
|
ParseInputLazyPath = class {
|
|
27069
|
-
constructor(parent, value,
|
|
27069
|
+
constructor(parent, value, path30, key) {
|
|
27070
27070
|
this._cachedPath = [];
|
|
27071
27071
|
this.parent = parent;
|
|
27072
27072
|
this.data = value;
|
|
27073
|
-
this._path =
|
|
27073
|
+
this._path = path30;
|
|
27074
27074
|
this._key = key;
|
|
27075
27075
|
}
|
|
27076
27076
|
get path() {
|
|
@@ -30987,10 +30987,10 @@ function detectDialect(version) {
|
|
|
30987
30987
|
return "3.0";
|
|
30988
30988
|
throw new UnsupportedDialectError(version);
|
|
30989
30989
|
}
|
|
30990
|
-
function deriveOperationId(method,
|
|
30990
|
+
function deriveOperationId(method, path30, explicit) {
|
|
30991
30991
|
if (explicit)
|
|
30992
30992
|
return explicit;
|
|
30993
|
-
return `${method.toLowerCase()}_${
|
|
30993
|
+
return `${method.toLowerCase()}_${path30.replace(/[^A-Za-z0-9]+/g, "_").replace(/^_|_$/g, "")}`;
|
|
30994
30994
|
}
|
|
30995
30995
|
function collectParameters(op2, pathItem) {
|
|
30996
30996
|
const all = [...pathItem.parameters ?? [], ...op2.parameters ?? []];
|
|
@@ -31023,7 +31023,7 @@ async function loadSpec(specPath, opts = {}) {
|
|
|
31023
31023
|
const endpoints = [];
|
|
31024
31024
|
const unprotected = [];
|
|
31025
31025
|
const unresolvedAgg = /* @__PURE__ */ new Map();
|
|
31026
|
-
for (const [
|
|
31026
|
+
for (const [path30, pathItem] of Object.entries(doc.paths ?? {})) {
|
|
31027
31027
|
if (!pathItem)
|
|
31028
31028
|
continue;
|
|
31029
31029
|
for (const method of METHODS) {
|
|
@@ -31032,13 +31032,13 @@ async function loadSpec(specPath, opts = {}) {
|
|
|
31032
31032
|
continue;
|
|
31033
31033
|
const rawXSecurity = op2["x-security"];
|
|
31034
31034
|
if (!rawXSecurity) {
|
|
31035
|
-
unprotected.push({ method: method.toUpperCase(), path:
|
|
31035
|
+
unprotected.push({ method: method.toUpperCase(), path: path30 });
|
|
31036
31036
|
continue;
|
|
31037
31037
|
}
|
|
31038
31038
|
if (validate) {
|
|
31039
31039
|
const result2 = validateXSecurity(rawXSecurity, dialect === "3.1" ? "2020-12" : "draft-04");
|
|
31040
31040
|
if (!result2.valid) {
|
|
31041
|
-
throw new SchemaValidationError(`Invalid x-security at ${method.toUpperCase()} ${
|
|
31041
|
+
throw new SchemaValidationError(`Invalid x-security at ${method.toUpperCase()} ${path30}: ${result2.errors.map((e5) => `${e5.instancePath} ${e5.message}`).join("; ")}`, result2.errors);
|
|
31042
31042
|
}
|
|
31043
31043
|
}
|
|
31044
31044
|
const { value: policy, resolved, unresolved } = await resolveVariables(rawXSecurity, {
|
|
@@ -31046,7 +31046,7 @@ async function loadSpec(specPath, opts = {}) {
|
|
|
31046
31046
|
strict: false
|
|
31047
31047
|
});
|
|
31048
31048
|
if (unresolved.length > 0) {
|
|
31049
|
-
const opRef = `${method.toUpperCase()} ${
|
|
31049
|
+
const opRef = `${method.toUpperCase()} ${path30}`;
|
|
31050
31050
|
for (const v of unresolved) {
|
|
31051
31051
|
const list2 = unresolvedAgg.get(v) ?? [];
|
|
31052
31052
|
list2.push(opRef);
|
|
@@ -31055,8 +31055,8 @@ async function loadSpec(specPath, opts = {}) {
|
|
|
31055
31055
|
}
|
|
31056
31056
|
endpoints.push({
|
|
31057
31057
|
method: method.toUpperCase(),
|
|
31058
|
-
path:
|
|
31059
|
-
operationId: deriveOperationId(method,
|
|
31058
|
+
path: path30,
|
|
31059
|
+
operationId: deriveOperationId(method, path30, op2.operationId),
|
|
31060
31060
|
policy,
|
|
31061
31061
|
parameters: collectParameters(op2, pathItem),
|
|
31062
31062
|
raw: op2,
|
|
@@ -31136,8 +31136,8 @@ function assertNoPlaceholders(spec) {
|
|
|
31136
31136
|
lines.push("Hint: set real values for these variables, or re-run with --no-strict to allow placeholders.");
|
|
31137
31137
|
throw new StrictnessViolation("S1", lines.join("\n"), { hits });
|
|
31138
31138
|
}
|
|
31139
|
-
function normalizePathForMatch(
|
|
31140
|
-
return
|
|
31139
|
+
function normalizePathForMatch(path30) {
|
|
31140
|
+
return path30.replace(/\{[^}]+\}/g, "").replace(/\/+$/, "/");
|
|
31141
31141
|
}
|
|
31142
31142
|
function detectEmissionGaps(spec, artifacts) {
|
|
31143
31143
|
if (artifacts.length === 0) {
|
|
@@ -32867,14 +32867,14 @@ var init_readFile = __esm({
|
|
|
32867
32867
|
"../../node_modules/.pnpm/@smithy+core@3.24.2/node_modules/@smithy/core/dist-es/submodules/config/shared-ini-file-loader/readFile.js"() {
|
|
32868
32868
|
filePromises = {};
|
|
32869
32869
|
fileIntercept = {};
|
|
32870
|
-
readFile2 = (
|
|
32871
|
-
if (fileIntercept[
|
|
32872
|
-
return fileIntercept[
|
|
32870
|
+
readFile2 = (path30, options) => {
|
|
32871
|
+
if (fileIntercept[path30] !== void 0) {
|
|
32872
|
+
return fileIntercept[path30];
|
|
32873
32873
|
}
|
|
32874
|
-
if (!filePromises[
|
|
32875
|
-
filePromises[
|
|
32874
|
+
if (!filePromises[path30] || options?.ignoreCache) {
|
|
32875
|
+
filePromises[path30] = fsReadFile(path30, "utf8");
|
|
32876
32876
|
}
|
|
32877
|
-
return filePromises[
|
|
32877
|
+
return filePromises[path30];
|
|
32878
32878
|
};
|
|
32879
32879
|
}
|
|
32880
32880
|
});
|
|
@@ -32986,8 +32986,8 @@ var init_externalDataInterceptor = __esm({
|
|
|
32986
32986
|
getFileRecord() {
|
|
32987
32987
|
return fileIntercept;
|
|
32988
32988
|
},
|
|
32989
|
-
interceptFile(
|
|
32990
|
-
fileIntercept[
|
|
32989
|
+
interceptFile(path30, contents) {
|
|
32990
|
+
fileIntercept[path30] = Promise.resolve(contents);
|
|
32991
32991
|
},
|
|
32992
32992
|
getTokenRecord() {
|
|
32993
32993
|
return tokenIntercept;
|
|
@@ -33839,14 +33839,14 @@ var init_schemaSerializationMiddleware = __esm({
|
|
|
33839
33839
|
const { operationSchema } = getSmithyContext(context);
|
|
33840
33840
|
const [, ns, n2, t, i5, o2] = operationSchema ?? [];
|
|
33841
33841
|
const endpoint = context.endpointV2 ? async () => toEndpointV1(context.endpointV2) : config.endpoint;
|
|
33842
|
-
const
|
|
33842
|
+
const request9 = await config.protocol.serializeRequest(operation(ns, n2, t, i5, o2), args.input, {
|
|
33843
33843
|
...config,
|
|
33844
33844
|
...context,
|
|
33845
33845
|
endpoint
|
|
33846
33846
|
});
|
|
33847
33847
|
return next({
|
|
33848
33848
|
...args,
|
|
33849
|
-
request:
|
|
33849
|
+
request: request9
|
|
33850
33850
|
});
|
|
33851
33851
|
};
|
|
33852
33852
|
}
|
|
@@ -34629,7 +34629,7 @@ var init_command = __esm({
|
|
|
34629
34629
|
...requestOptions
|
|
34630
34630
|
};
|
|
34631
34631
|
}
|
|
34632
|
-
return stack.resolve((
|
|
34632
|
+
return stack.resolve((request9) => requestHandler.handle(request9.request, requestOptions), handlerExecutionContext);
|
|
34633
34633
|
}
|
|
34634
34634
|
};
|
|
34635
34635
|
ClassBuilder = class {
|
|
@@ -35595,13 +35595,13 @@ var init_resolveDefaultsModeConfig = __esm({
|
|
|
35595
35595
|
}
|
|
35596
35596
|
return { hostname: "169.254.169.254", path: "/" };
|
|
35597
35597
|
};
|
|
35598
|
-
imdsHttpGet = async ({ hostname, path:
|
|
35599
|
-
const { request:
|
|
35598
|
+
imdsHttpGet = async ({ hostname, path: path30 }) => {
|
|
35599
|
+
const { request: request9 } = await import("node:http");
|
|
35600
35600
|
return new Promise((resolve2, reject) => {
|
|
35601
|
-
const req =
|
|
35601
|
+
const req = request9({
|
|
35602
35602
|
method: "GET",
|
|
35603
35603
|
hostname: hostname.replace(/^\[(.+)]$/, "$1"),
|
|
35604
|
-
path:
|
|
35604
|
+
path: path30,
|
|
35605
35605
|
timeout: 1e3,
|
|
35606
35606
|
signal: AbortSignal.timeout(1e3)
|
|
35607
35607
|
});
|
|
@@ -35850,8 +35850,8 @@ var init_createConfigValueProvider = __esm({
|
|
|
35850
35850
|
return endpoint.url.href;
|
|
35851
35851
|
}
|
|
35852
35852
|
if ("hostname" in endpoint) {
|
|
35853
|
-
const { protocol, hostname, port, path:
|
|
35854
|
-
return `${protocol}//${hostname}${port ? ":" + port : ""}${
|
|
35853
|
+
const { protocol, hostname, port, path: path30 } = endpoint;
|
|
35854
|
+
return `${protocol}//${hostname}${port ? ":" + port : ""}${path30}`;
|
|
35855
35855
|
}
|
|
35856
35856
|
}
|
|
35857
35857
|
return endpoint;
|
|
@@ -36290,18 +36290,18 @@ var getAttrPathList;
|
|
|
36290
36290
|
var init_getAttrPathList = __esm({
|
|
36291
36291
|
"../../node_modules/.pnpm/@smithy+core@3.24.2/node_modules/@smithy/core/dist-es/submodules/endpoints/util-endpoints/lib/getAttrPathList.js"() {
|
|
36292
36292
|
init_types3();
|
|
36293
|
-
getAttrPathList = (
|
|
36294
|
-
const parts =
|
|
36293
|
+
getAttrPathList = (path30) => {
|
|
36294
|
+
const parts = path30.split(".");
|
|
36295
36295
|
const pathList = [];
|
|
36296
36296
|
for (const part of parts) {
|
|
36297
36297
|
const squareBracketIndex = part.indexOf("[");
|
|
36298
36298
|
if (squareBracketIndex !== -1) {
|
|
36299
36299
|
if (part.indexOf("]") !== part.length - 1) {
|
|
36300
|
-
throw new EndpointError(`Path: '${
|
|
36300
|
+
throw new EndpointError(`Path: '${path30}' does not end with ']'`);
|
|
36301
36301
|
}
|
|
36302
36302
|
const arrayIndex = part.slice(squareBracketIndex + 1, -1);
|
|
36303
36303
|
if (Number.isNaN(parseInt(arrayIndex))) {
|
|
36304
|
-
throw new EndpointError(`Invalid array index: '${arrayIndex}' in path: '${
|
|
36304
|
+
throw new EndpointError(`Invalid array index: '${arrayIndex}' in path: '${path30}'`);
|
|
36305
36305
|
}
|
|
36306
36306
|
if (squareBracketIndex !== 0) {
|
|
36307
36307
|
pathList.push(part.slice(0, squareBracketIndex));
|
|
@@ -36322,9 +36322,9 @@ var init_getAttr = __esm({
|
|
|
36322
36322
|
"../../node_modules/.pnpm/@smithy+core@3.24.2/node_modules/@smithy/core/dist-es/submodules/endpoints/util-endpoints/lib/getAttr.js"() {
|
|
36323
36323
|
init_types3();
|
|
36324
36324
|
init_getAttrPathList();
|
|
36325
|
-
getAttr = (value,
|
|
36325
|
+
getAttr = (value, path30) => getAttrPathList(path30).reduce((acc, index) => {
|
|
36326
36326
|
if (typeof acc !== "object") {
|
|
36327
|
-
throw new EndpointError(`Index '${index}' in '${
|
|
36327
|
+
throw new EndpointError(`Index '${index}' in '${path30}' not found in '${JSON.stringify(value)}'`);
|
|
36328
36328
|
} else if (Array.isArray(acc)) {
|
|
36329
36329
|
const i5 = parseInt(index);
|
|
36330
36330
|
return acc[i5 < 0 ? acc.length + i5 : i5];
|
|
@@ -36405,8 +36405,8 @@ var init_parseURL = __esm({
|
|
|
36405
36405
|
return value;
|
|
36406
36406
|
}
|
|
36407
36407
|
if (typeof value === "object" && "hostname" in value) {
|
|
36408
|
-
const { hostname: hostname2, port, protocol: protocol2 = "", path:
|
|
36409
|
-
const url = new URL(`${protocol2}//${hostname2}${port ? `:${port}` : ""}${
|
|
36408
|
+
const { hostname: hostname2, port, protocol: protocol2 = "", path: path30 = "", query = {} } = value;
|
|
36409
|
+
const url = new URL(`${protocol2}//${hostname2}${port ? `:${port}` : ""}${path30}`);
|
|
36410
36410
|
url.search = Object.entries(query).map(([k5, v]) => `${k5}=${v}`).join("&");
|
|
36411
36411
|
return url;
|
|
36412
36412
|
}
|
|
@@ -37031,10 +37031,10 @@ var init_serializerMiddleware = __esm({
|
|
|
37031
37031
|
if (!endpoint) {
|
|
37032
37032
|
throw new Error("No valid endpoint provider available.");
|
|
37033
37033
|
}
|
|
37034
|
-
const
|
|
37034
|
+
const request9 = await serializer(args.input, { ...options, endpoint });
|
|
37035
37035
|
return next({
|
|
37036
37036
|
...args,
|
|
37037
|
-
request:
|
|
37037
|
+
request: request9
|
|
37038
37038
|
});
|
|
37039
37039
|
};
|
|
37040
37040
|
}
|
|
@@ -38194,21 +38194,21 @@ var init_httpRequest = __esm({
|
|
|
38194
38194
|
this.password = options.password;
|
|
38195
38195
|
this.fragment = options.fragment;
|
|
38196
38196
|
}
|
|
38197
|
-
static clone(
|
|
38197
|
+
static clone(request9) {
|
|
38198
38198
|
const cloned = new _HttpRequest({
|
|
38199
|
-
...
|
|
38200
|
-
headers: { ...
|
|
38199
|
+
...request9,
|
|
38200
|
+
headers: { ...request9.headers }
|
|
38201
38201
|
});
|
|
38202
38202
|
if (cloned.query) {
|
|
38203
38203
|
cloned.query = cloneQuery(cloned.query);
|
|
38204
38204
|
}
|
|
38205
38205
|
return cloned;
|
|
38206
38206
|
}
|
|
38207
|
-
static isInstance(
|
|
38208
|
-
if (!
|
|
38207
|
+
static isInstance(request9) {
|
|
38208
|
+
if (!request9) {
|
|
38209
38209
|
return false;
|
|
38210
38210
|
}
|
|
38211
|
-
const req =
|
|
38211
|
+
const req = request9;
|
|
38212
38212
|
return "method" in req && "protocol" in req && "hostname" in req && "path" in req && typeof req["query"] === "object" && typeof req["headers"] === "object";
|
|
38213
38213
|
}
|
|
38214
38214
|
clone() {
|
|
@@ -38672,13 +38672,13 @@ function __disposeResources(env) {
|
|
|
38672
38672
|
}
|
|
38673
38673
|
return next();
|
|
38674
38674
|
}
|
|
38675
|
-
function __rewriteRelativeImportExtension(
|
|
38676
|
-
if (typeof
|
|
38677
|
-
return
|
|
38675
|
+
function __rewriteRelativeImportExtension(path30, preserveJsx) {
|
|
38676
|
+
if (typeof path30 === "string" && /^\.\.?\//.test(path30)) {
|
|
38677
|
+
return path30.replace(/\.(tsx)$|((?:\.d)?)((?:\.[^./]+?)?)\.([cm]?)ts$/i, function(m3, tsx, d5, ext, cm) {
|
|
38678
38678
|
return tsx ? preserveJsx ? ".jsx" : ".js" : d5 && (!ext || !cm) ? m3 : d5 + ext + "." + cm.toLowerCase() + "js";
|
|
38679
38679
|
});
|
|
38680
38680
|
}
|
|
38681
|
-
return
|
|
38681
|
+
return path30;
|
|
38682
38682
|
}
|
|
38683
38683
|
var extendStatics, __assign, __createBinding, __setModuleDefault, ownKeys, _SuppressedError, tslib_es6_default;
|
|
38684
38684
|
var init_tslib_es6 = __esm({
|
|
@@ -40368,44 +40368,44 @@ var init_HttpProtocol = __esm({
|
|
|
40368
40368
|
this.getPayloadCodec().setSerdeContext(serdeContext);
|
|
40369
40369
|
}
|
|
40370
40370
|
}
|
|
40371
|
-
updateServiceEndpoint(
|
|
40371
|
+
updateServiceEndpoint(request9, endpoint) {
|
|
40372
40372
|
if ("url" in endpoint) {
|
|
40373
|
-
|
|
40374
|
-
|
|
40375
|
-
|
|
40376
|
-
|
|
40377
|
-
|
|
40378
|
-
|
|
40379
|
-
|
|
40380
|
-
if (!
|
|
40381
|
-
|
|
40373
|
+
request9.protocol = endpoint.url.protocol;
|
|
40374
|
+
request9.hostname = endpoint.url.hostname;
|
|
40375
|
+
request9.port = endpoint.url.port ? Number(endpoint.url.port) : void 0;
|
|
40376
|
+
request9.path = endpoint.url.pathname;
|
|
40377
|
+
request9.fragment = endpoint.url.hash || void 0;
|
|
40378
|
+
request9.username = endpoint.url.username || void 0;
|
|
40379
|
+
request9.password = endpoint.url.password || void 0;
|
|
40380
|
+
if (!request9.query) {
|
|
40381
|
+
request9.query = {};
|
|
40382
40382
|
}
|
|
40383
40383
|
for (const [k5, v] of endpoint.url.searchParams.entries()) {
|
|
40384
|
-
|
|
40384
|
+
request9.query[k5] = v;
|
|
40385
40385
|
}
|
|
40386
40386
|
if (endpoint.headers) {
|
|
40387
40387
|
for (const name in endpoint.headers) {
|
|
40388
|
-
|
|
40388
|
+
request9.headers[name] = endpoint.headers[name].join(", ");
|
|
40389
40389
|
}
|
|
40390
40390
|
}
|
|
40391
|
-
return
|
|
40391
|
+
return request9;
|
|
40392
40392
|
} else {
|
|
40393
|
-
|
|
40394
|
-
|
|
40395
|
-
|
|
40396
|
-
|
|
40397
|
-
|
|
40393
|
+
request9.protocol = endpoint.protocol;
|
|
40394
|
+
request9.hostname = endpoint.hostname;
|
|
40395
|
+
request9.port = endpoint.port ? Number(endpoint.port) : void 0;
|
|
40396
|
+
request9.path = endpoint.path;
|
|
40397
|
+
request9.query = {
|
|
40398
40398
|
...endpoint.query
|
|
40399
40399
|
};
|
|
40400
40400
|
if (endpoint.headers) {
|
|
40401
40401
|
for (const name in endpoint.headers) {
|
|
40402
|
-
|
|
40402
|
+
request9.headers[name] = endpoint.headers[name];
|
|
40403
40403
|
}
|
|
40404
40404
|
}
|
|
40405
|
-
return
|
|
40405
|
+
return request9;
|
|
40406
40406
|
}
|
|
40407
40407
|
}
|
|
40408
|
-
setHostPrefix(
|
|
40408
|
+
setHostPrefix(request9, operationSchema, input) {
|
|
40409
40409
|
if (this.serdeContext?.disableHostPrefix) {
|
|
40410
40410
|
return;
|
|
40411
40411
|
}
|
|
@@ -40424,7 +40424,7 @@ var init_HttpProtocol = __esm({
|
|
|
40424
40424
|
}
|
|
40425
40425
|
hostPrefix = hostPrefix.replace(`{${name}}`, replacement);
|
|
40426
40426
|
}
|
|
40427
|
-
|
|
40427
|
+
request9.hostname = hostPrefix + request9.hostname;
|
|
40428
40428
|
}
|
|
40429
40429
|
}
|
|
40430
40430
|
}
|
|
@@ -40501,7 +40501,7 @@ var init_HttpBindingProtocol = __esm({
|
|
|
40501
40501
|
const payloadMemberSchemas = [];
|
|
40502
40502
|
let hasNonHttpBindingMember = false;
|
|
40503
40503
|
let payload2;
|
|
40504
|
-
const
|
|
40504
|
+
const request9 = new HttpRequest({
|
|
40505
40505
|
protocol: "",
|
|
40506
40506
|
hostname: "",
|
|
40507
40507
|
port: void 0,
|
|
@@ -40512,16 +40512,16 @@ var init_HttpBindingProtocol = __esm({
|
|
|
40512
40512
|
body: void 0
|
|
40513
40513
|
});
|
|
40514
40514
|
if (endpoint) {
|
|
40515
|
-
this.updateServiceEndpoint(
|
|
40516
|
-
this.setHostPrefix(
|
|
40515
|
+
this.updateServiceEndpoint(request9, endpoint);
|
|
40516
|
+
this.setHostPrefix(request9, operationSchema, input);
|
|
40517
40517
|
const opTraits = translateTraits(operationSchema.traits);
|
|
40518
40518
|
if (opTraits.http) {
|
|
40519
|
-
|
|
40520
|
-
const [
|
|
40521
|
-
if (
|
|
40522
|
-
|
|
40519
|
+
request9.method = opTraits.http[0];
|
|
40520
|
+
const [path30, search] = opTraits.http[1].split("?");
|
|
40521
|
+
if (request9.path == "/") {
|
|
40522
|
+
request9.path = path30;
|
|
40523
40523
|
} else {
|
|
40524
|
-
|
|
40524
|
+
request9.path += path30;
|
|
40525
40525
|
}
|
|
40526
40526
|
const traitSearchParams = new URLSearchParams(search ?? "");
|
|
40527
40527
|
for (const [key, value] of traitSearchParams) {
|
|
@@ -40534,7 +40534,7 @@ var init_HttpBindingProtocol = __esm({
|
|
|
40534
40534
|
const inputMemberValue = input[memberName];
|
|
40535
40535
|
if (inputMemberValue == null && !memberNs.isIdempotencyToken()) {
|
|
40536
40536
|
if (memberTraits.httpLabel) {
|
|
40537
|
-
if (
|
|
40537
|
+
if (request9.path.includes(`{${memberName}+}`) || request9.path.includes(`{${memberName}}`)) {
|
|
40538
40538
|
throw new Error(`No value provided for input HTTP label: ${memberName}.`);
|
|
40539
40539
|
}
|
|
40540
40540
|
}
|
|
@@ -40561,10 +40561,10 @@ var init_HttpBindingProtocol = __esm({
|
|
|
40561
40561
|
} else if (memberTraits.httpLabel) {
|
|
40562
40562
|
serializer.write(memberNs, inputMemberValue);
|
|
40563
40563
|
const replacement = serializer.flush();
|
|
40564
|
-
if (
|
|
40565
|
-
|
|
40566
|
-
} else if (
|
|
40567
|
-
|
|
40564
|
+
if (request9.path.includes(`{${memberName}+}`)) {
|
|
40565
|
+
request9.path = request9.path.replace(`{${memberName}+}`, replacement.split("/").map(extendedEncodeURIComponent).join("/"));
|
|
40566
|
+
} else if (request9.path.includes(`{${memberName}}`)) {
|
|
40567
|
+
request9.path = request9.path.replace(`{${memberName}}`, extendedEncodeURIComponent(replacement));
|
|
40568
40568
|
}
|
|
40569
40569
|
} else if (memberTraits.httpHeader) {
|
|
40570
40570
|
serializer.write(memberNs, inputMemberValue);
|
|
@@ -40604,10 +40604,10 @@ var init_HttpBindingProtocol = __esm({
|
|
|
40604
40604
|
serializer.write(payloadSchema, input);
|
|
40605
40605
|
payload2 = serializer.flush();
|
|
40606
40606
|
}
|
|
40607
|
-
|
|
40608
|
-
|
|
40609
|
-
|
|
40610
|
-
return
|
|
40607
|
+
request9.headers = headers;
|
|
40608
|
+
request9.query = query;
|
|
40609
|
+
request9.body = payload2;
|
|
40610
|
+
return request9;
|
|
40611
40611
|
}
|
|
40612
40612
|
serializeQuery(ns, data2, query) {
|
|
40613
40613
|
const serializer = this.serializer;
|
|
@@ -40772,7 +40772,7 @@ var init_RpcProtocol = __esm({
|
|
|
40772
40772
|
const schema = ns.getSchema();
|
|
40773
40773
|
let payload2;
|
|
40774
40774
|
const input = _input && typeof _input === "object" ? _input : {};
|
|
40775
|
-
const
|
|
40775
|
+
const request9 = new HttpRequest({
|
|
40776
40776
|
protocol: "",
|
|
40777
40777
|
hostname: "",
|
|
40778
40778
|
port: void 0,
|
|
@@ -40783,8 +40783,8 @@ var init_RpcProtocol = __esm({
|
|
|
40783
40783
|
body: void 0
|
|
40784
40784
|
});
|
|
40785
40785
|
if (endpoint) {
|
|
40786
|
-
this.updateServiceEndpoint(
|
|
40787
|
-
this.setHostPrefix(
|
|
40786
|
+
this.updateServiceEndpoint(request9, endpoint);
|
|
40787
|
+
this.setHostPrefix(request9, operationSchema, input);
|
|
40788
40788
|
}
|
|
40789
40789
|
if (input) {
|
|
40790
40790
|
const eventStreamMember = ns.getEventStreamMember();
|
|
@@ -40808,11 +40808,11 @@ var init_RpcProtocol = __esm({
|
|
|
40808
40808
|
payload2 = serializer.flush();
|
|
40809
40809
|
}
|
|
40810
40810
|
}
|
|
40811
|
-
|
|
40812
|
-
|
|
40813
|
-
|
|
40814
|
-
|
|
40815
|
-
return
|
|
40811
|
+
request9.headers = Object.assign(request9.headers, headers);
|
|
40812
|
+
request9.query = query;
|
|
40813
|
+
request9.body = payload2;
|
|
40814
|
+
request9.method = "POST";
|
|
40815
|
+
return request9;
|
|
40816
40816
|
}
|
|
40817
40817
|
async deserializeResponse(operationSchema, context, response) {
|
|
40818
40818
|
const deserializer = this.deserializer;
|
|
@@ -40922,8 +40922,8 @@ var init_requestBuilder = __esm({
|
|
|
40922
40922
|
return this;
|
|
40923
40923
|
}
|
|
40924
40924
|
p(memberName, labelValueProvider, uriLabel, isGreedyLabel) {
|
|
40925
|
-
this.resolvePathStack.push((
|
|
40926
|
-
this.path = resolvedPath(
|
|
40925
|
+
this.resolvePathStack.push((path30) => {
|
|
40926
|
+
this.path = resolvedPath(path30, this.input, memberName, labelValueProvider, uriLabel, isGreedyLabel);
|
|
40927
40927
|
});
|
|
40928
40928
|
return this;
|
|
40929
40929
|
}
|
|
@@ -41319,14 +41319,14 @@ var init_httpExtensionConfiguration = __esm({
|
|
|
41319
41319
|
// ../../node_modules/.pnpm/@smithy+core@3.24.2/node_modules/@smithy/core/dist-es/submodules/protocols/middleware-content-length/contentLengthMiddleware.js
|
|
41320
41320
|
function contentLengthMiddleware(bodyLengthChecker) {
|
|
41321
41321
|
return (next) => async (args) => {
|
|
41322
|
-
const
|
|
41323
|
-
if (HttpRequest.isInstance(
|
|
41324
|
-
const { body, headers } =
|
|
41322
|
+
const request9 = args.request;
|
|
41323
|
+
if (HttpRequest.isInstance(request9)) {
|
|
41324
|
+
const { body, headers } = request9;
|
|
41325
41325
|
if (body && Object.keys(headers).map((str) => str.toLowerCase()).indexOf(CONTENT_LENGTH_HEADER) === -1) {
|
|
41326
41326
|
try {
|
|
41327
41327
|
const length = bodyLengthChecker(body);
|
|
41328
|
-
|
|
41329
|
-
...
|
|
41328
|
+
request9.headers = {
|
|
41329
|
+
...request9.headers,
|
|
41330
41330
|
[CONTENT_LENGTH_HEADER]: String(length)
|
|
41331
41331
|
};
|
|
41332
41332
|
} catch (error2) {
|
|
@@ -41335,7 +41335,7 @@ function contentLengthMiddleware(bodyLengthChecker) {
|
|
|
41335
41335
|
}
|
|
41336
41336
|
return next({
|
|
41337
41337
|
...args,
|
|
41338
|
-
request:
|
|
41338
|
+
request: request9
|
|
41339
41339
|
});
|
|
41340
41340
|
};
|
|
41341
41341
|
}
|
|
@@ -41528,16 +41528,16 @@ var require_dist_cjs5 = __commonJS({
|
|
|
41528
41528
|
var hostHeaderMiddleware = (options) => (next) => async (args) => {
|
|
41529
41529
|
if (!protocols.HttpRequest.isInstance(args.request))
|
|
41530
41530
|
return next(args);
|
|
41531
|
-
const { request:
|
|
41531
|
+
const { request: request9 } = args;
|
|
41532
41532
|
const { handlerProtocol = "" } = options.requestHandler.metadata || {};
|
|
41533
|
-
if (handlerProtocol.indexOf("h2") >= 0 && !
|
|
41534
|
-
delete
|
|
41535
|
-
|
|
41536
|
-
} else if (!
|
|
41537
|
-
let host =
|
|
41538
|
-
if (
|
|
41539
|
-
host += `:${
|
|
41540
|
-
|
|
41533
|
+
if (handlerProtocol.indexOf("h2") >= 0 && !request9.headers[":authority"]) {
|
|
41534
|
+
delete request9.headers["host"];
|
|
41535
|
+
request9.headers[":authority"] = request9.hostname + (request9.port ? ":" + request9.port : "");
|
|
41536
|
+
} else if (!request9.headers["host"]) {
|
|
41537
|
+
let host = request9.hostname;
|
|
41538
|
+
if (request9.port != null)
|
|
41539
|
+
host += `:${request9.port}`;
|
|
41540
|
+
request9.headers["host"] = host;
|
|
41541
41541
|
}
|
|
41542
41542
|
return next(args);
|
|
41543
41543
|
};
|
|
@@ -41743,12 +41743,12 @@ var require_recursionDetectionMiddleware = __commonJS({
|
|
|
41743
41743
|
var ENV_LAMBDA_FUNCTION_NAME = "AWS_LAMBDA_FUNCTION_NAME";
|
|
41744
41744
|
var ENV_TRACE_ID = "_X_AMZN_TRACE_ID";
|
|
41745
41745
|
var recursionDetectionMiddleware = () => (next) => async (args) => {
|
|
41746
|
-
const { request:
|
|
41747
|
-
if (!protocols_1.HttpRequest.isInstance(
|
|
41746
|
+
const { request: request9 } = args;
|
|
41747
|
+
if (!protocols_1.HttpRequest.isInstance(request9)) {
|
|
41748
41748
|
return next(args);
|
|
41749
41749
|
}
|
|
41750
|
-
const traceIdHeader = Object.keys(
|
|
41751
|
-
if (
|
|
41750
|
+
const traceIdHeader = Object.keys(request9.headers ?? {}).find((h5) => h5.toLowerCase() === TRACE_ID_HEADER_NAME.toLowerCase()) ?? TRACE_ID_HEADER_NAME;
|
|
41751
|
+
if (request9.headers.hasOwnProperty(traceIdHeader)) {
|
|
41752
41752
|
return next(args);
|
|
41753
41753
|
}
|
|
41754
41754
|
const functionName = process.env[ENV_LAMBDA_FUNCTION_NAME];
|
|
@@ -41758,11 +41758,11 @@ var require_recursionDetectionMiddleware = __commonJS({
|
|
|
41758
41758
|
const traceId = traceIdFromInvokeStore ?? traceIdFromEnv;
|
|
41759
41759
|
const nonEmptyString = (str) => typeof str === "string" && str.length > 0;
|
|
41760
41760
|
if (nonEmptyString(functionName) && nonEmptyString(traceId)) {
|
|
41761
|
-
|
|
41761
|
+
request9.headers[TRACE_ID_HEADER_NAME] = traceId;
|
|
41762
41762
|
}
|
|
41763
41763
|
return next({
|
|
41764
41764
|
...args,
|
|
41765
|
-
request:
|
|
41765
|
+
request: request9
|
|
41766
41766
|
});
|
|
41767
41767
|
};
|
|
41768
41768
|
exports.recursionDetectionMiddleware = recursionDetectionMiddleware;
|
|
@@ -42046,9 +42046,9 @@ var init_createPaginator = __esm({
|
|
|
42046
42046
|
command = withCommand(command) ?? command;
|
|
42047
42047
|
return await client.send(command, ...args);
|
|
42048
42048
|
};
|
|
42049
|
-
get = (fromObject,
|
|
42049
|
+
get = (fromObject, path30) => {
|
|
42050
42050
|
let cursor2 = fromObject;
|
|
42051
|
-
const pathComponents =
|
|
42051
|
+
const pathComponents = path30.split(".");
|
|
42052
42052
|
for (const step of pathComponents) {
|
|
42053
42053
|
if (!cursor2 || typeof cursor2 !== "object") {
|
|
42054
42054
|
return void 0;
|
|
@@ -42758,7 +42758,7 @@ import { Readable as Readable5 } from "node:stream";
|
|
|
42758
42758
|
var isStreamingPayload;
|
|
42759
42759
|
var init_isStreamingPayload = __esm({
|
|
42760
42760
|
"../../node_modules/.pnpm/@smithy+core@3.24.2/node_modules/@smithy/core/dist-es/submodules/retry/middleware-retry/isStreamingPayload/isStreamingPayload.js"() {
|
|
42761
|
-
isStreamingPayload = (
|
|
42761
|
+
isStreamingPayload = (request9) => request9?.body instanceof Readable5 || typeof ReadableStream !== "undefined" && request9?.body instanceof ReadableStream;
|
|
42762
42762
|
}
|
|
42763
42763
|
});
|
|
42764
42764
|
|
|
@@ -42930,15 +42930,15 @@ function bindRetryMiddleware(isStreamingPayload2) {
|
|
|
42930
42930
|
let lastError = new Error();
|
|
42931
42931
|
let attempts = 0;
|
|
42932
42932
|
let totalRetryDelay = 0;
|
|
42933
|
-
const { request:
|
|
42934
|
-
const isRequest = HttpRequest.isInstance(
|
|
42933
|
+
const { request: request9 } = args;
|
|
42934
|
+
const isRequest = HttpRequest.isInstance(request9);
|
|
42935
42935
|
if (isRequest) {
|
|
42936
|
-
|
|
42936
|
+
request9.headers[INVOCATION_ID_HEADER] = v4();
|
|
42937
42937
|
}
|
|
42938
42938
|
while (true) {
|
|
42939
42939
|
try {
|
|
42940
42940
|
if (isRequest) {
|
|
42941
|
-
|
|
42941
|
+
request9.headers[REQUEST_HEADER] = `attempt=${attempts + 1}; max=${maxAttempts}`;
|
|
42942
42942
|
}
|
|
42943
42943
|
const { response, output } = await next(args);
|
|
42944
42944
|
retryStrategy.recordSuccess(retryToken);
|
|
@@ -42948,7 +42948,7 @@ function bindRetryMiddleware(isStreamingPayload2) {
|
|
|
42948
42948
|
} catch (e5) {
|
|
42949
42949
|
const retryErrorInfo = getRetryErrorInfo(e5, options.logger);
|
|
42950
42950
|
lastError = asSdkError(e5);
|
|
42951
|
-
if (isRequest && isStreamingPayload2(
|
|
42951
|
+
if (isRequest && isStreamingPayload2(request9)) {
|
|
42952
42952
|
(context.logger instanceof NoOpLogger ? console : context.logger)?.warn("An error was encountered in a non-retryable streaming request.");
|
|
42953
42953
|
throw lastError;
|
|
42954
42954
|
}
|
|
@@ -43499,14 +43499,14 @@ var init_StandardRetryStrategy2 = __esm({
|
|
|
43499
43499
|
let attempts = 0;
|
|
43500
43500
|
let totalDelay = 0;
|
|
43501
43501
|
const maxAttempts = await this.getMaxAttempts();
|
|
43502
|
-
const { request:
|
|
43503
|
-
if (HttpRequest.isInstance(
|
|
43504
|
-
|
|
43502
|
+
const { request: request9 } = args;
|
|
43503
|
+
if (HttpRequest.isInstance(request9)) {
|
|
43504
|
+
request9.headers[INVOCATION_ID_HEADER] = v4();
|
|
43505
43505
|
}
|
|
43506
43506
|
while (true) {
|
|
43507
43507
|
try {
|
|
43508
|
-
if (HttpRequest.isInstance(
|
|
43509
|
-
|
|
43508
|
+
if (HttpRequest.isInstance(request9)) {
|
|
43509
|
+
request9.headers[REQUEST_HEADER] = `attempt=${attempts + 1}; max=${maxAttempts}`;
|
|
43510
43510
|
}
|
|
43511
43511
|
if (options?.beforeRequest) {
|
|
43512
43512
|
await options.beforeRequest();
|
|
@@ -43646,10 +43646,10 @@ var init_omitRetryHeadersMiddleware = __esm({
|
|
|
43646
43646
|
init_protocols();
|
|
43647
43647
|
init_constants5();
|
|
43648
43648
|
omitRetryHeadersMiddleware = () => (next) => async (args) => {
|
|
43649
|
-
const { request:
|
|
43650
|
-
if (HttpRequest.isInstance(
|
|
43651
|
-
delete
|
|
43652
|
-
delete
|
|
43649
|
+
const { request: request9 } = args;
|
|
43650
|
+
if (HttpRequest.isInstance(request9)) {
|
|
43651
|
+
delete request9.headers[INVOCATION_ID_HEADER];
|
|
43652
|
+
delete request9.headers[REQUEST_HEADER];
|
|
43653
43653
|
}
|
|
43654
43654
|
return next(args);
|
|
43655
43655
|
};
|
|
@@ -43829,8 +43829,8 @@ var require_dist_cjs9 = __commonJS({
|
|
|
43829
43829
|
}
|
|
43830
43830
|
var ACCOUNT_ID_ENDPOINT_REGEX = /\d{12}\.ddb/;
|
|
43831
43831
|
async function checkFeatures(context, config, args) {
|
|
43832
|
-
const
|
|
43833
|
-
if (
|
|
43832
|
+
const request9 = args.request;
|
|
43833
|
+
if (request9?.headers?.["smithy-protocol"] === "rpc-v2-cbor") {
|
|
43834
43834
|
client.setFeature(context, "PROTOCOL_RPC_V2_CBOR", "M");
|
|
43835
43835
|
}
|
|
43836
43836
|
if (typeof config.retryStrategy === "function") {
|
|
@@ -43899,11 +43899,11 @@ var require_dist_cjs9 = __commonJS({
|
|
|
43899
43899
|
return buffer;
|
|
43900
43900
|
}
|
|
43901
43901
|
var userAgentMiddleware = (options) => (next, context) => async (args) => {
|
|
43902
|
-
const { request:
|
|
43903
|
-
if (!protocols.HttpRequest.isInstance(
|
|
43902
|
+
const { request: request9 } = args;
|
|
43903
|
+
if (!protocols.HttpRequest.isInstance(request9)) {
|
|
43904
43904
|
return next(args);
|
|
43905
43905
|
}
|
|
43906
|
-
const { headers } =
|
|
43906
|
+
const { headers } = request9;
|
|
43907
43907
|
const userAgent = context?.userAgent?.map(escapeUserAgent) || [];
|
|
43908
43908
|
const defaultUserAgent = (await options.defaultUserAgentProvider()).map(escapeUserAgent);
|
|
43909
43909
|
await checkFeatures(context, options, args);
|
|
@@ -43930,7 +43930,7 @@ var require_dist_cjs9 = __commonJS({
|
|
|
43930
43930
|
}
|
|
43931
43931
|
return next({
|
|
43932
43932
|
...args,
|
|
43933
|
-
request:
|
|
43933
|
+
request: request9
|
|
43934
43934
|
});
|
|
43935
43935
|
};
|
|
43936
43936
|
var escapeUserAgent = (userAgentPair) => {
|
|
@@ -44425,11 +44425,11 @@ var require_dist_cjs10 = __commonJS({
|
|
|
44425
44425
|
this.regionProvider = client.normalizeProvider(region);
|
|
44426
44426
|
this.credentialProvider = client.normalizeProvider(credentials);
|
|
44427
44427
|
}
|
|
44428
|
-
createCanonicalRequest(
|
|
44428
|
+
createCanonicalRequest(request9, canonicalHeaders, payloadHash) {
|
|
44429
44429
|
const sortedHeaders = Object.keys(canonicalHeaders).sort();
|
|
44430
|
-
return `${
|
|
44431
|
-
${this.getCanonicalPath(
|
|
44432
|
-
${getCanonicalQuery(
|
|
44430
|
+
return `${request9.method}
|
|
44431
|
+
${this.getCanonicalPath(request9)}
|
|
44432
|
+
${getCanonicalQuery(request9)}
|
|
44433
44433
|
${sortedHeaders.map((name) => `${name}:${canonicalHeaders[name]}`).join("\n")}
|
|
44434
44434
|
|
|
44435
44435
|
${sortedHeaders.join(";")}
|
|
@@ -44444,10 +44444,10 @@ ${longDate}
|
|
|
44444
44444
|
${credentialScope}
|
|
44445
44445
|
${serde.toHex(hashedRequest)}`;
|
|
44446
44446
|
}
|
|
44447
|
-
getCanonicalPath({ path:
|
|
44447
|
+
getCanonicalPath({ path: path30 }) {
|
|
44448
44448
|
if (this.uriEscapePath) {
|
|
44449
44449
|
const normalizedPathSegments = [];
|
|
44450
|
-
for (const pathSegment of
|
|
44450
|
+
for (const pathSegment of path30.split("/")) {
|
|
44451
44451
|
if (pathSegment?.length === 0)
|
|
44452
44452
|
continue;
|
|
44453
44453
|
if (pathSegment === ".")
|
|
@@ -44458,11 +44458,11 @@ ${serde.toHex(hashedRequest)}`;
|
|
|
44458
44458
|
normalizedPathSegments.push(pathSegment);
|
|
44459
44459
|
}
|
|
44460
44460
|
}
|
|
44461
|
-
const normalizedPath = `${
|
|
44461
|
+
const normalizedPath = `${path30?.startsWith("/") ? "/" : ""}${normalizedPathSegments.join("/")}${normalizedPathSegments.length > 0 && path30?.endsWith("/") ? "/" : ""}`;
|
|
44462
44462
|
const doubleEncoded = protocols.escapeUri(normalizedPath);
|
|
44463
44463
|
return doubleEncoded.replace(/%2F/g, "/");
|
|
44464
44464
|
}
|
|
44465
|
-
return
|
|
44465
|
+
return path30;
|
|
44466
44466
|
}
|
|
44467
44467
|
validateResolvedCredentials(credentials) {
|
|
44468
44468
|
if (typeof credentials !== "object" || typeof credentials.accessKeyId !== "string" || typeof credentials.secretAccessKey !== "string") {
|
|
@@ -44550,8 +44550,8 @@ ${serde.toHex(hashedRequest)}`;
|
|
|
44550
44550
|
}
|
|
44551
44551
|
return false;
|
|
44552
44552
|
};
|
|
44553
|
-
var moveHeadersToQuery = (
|
|
44554
|
-
const { headers, query = {} } = protocols.HttpRequest.clone(
|
|
44553
|
+
var moveHeadersToQuery = (request9, options = {}) => {
|
|
44554
|
+
const { headers, query = {} } = protocols.HttpRequest.clone(request9);
|
|
44555
44555
|
for (const name of Object.keys(headers)) {
|
|
44556
44556
|
const lname = name.toLowerCase();
|
|
44557
44557
|
if (lname.slice(0, 6) === "x-amz-" && !options.unhoistableHeaders?.has(lname) || options.hoistableHeaders?.has(lname)) {
|
|
@@ -44560,19 +44560,19 @@ ${serde.toHex(hashedRequest)}`;
|
|
|
44560
44560
|
}
|
|
44561
44561
|
}
|
|
44562
44562
|
return {
|
|
44563
|
-
...
|
|
44563
|
+
...request9,
|
|
44564
44564
|
headers,
|
|
44565
44565
|
query
|
|
44566
44566
|
};
|
|
44567
44567
|
};
|
|
44568
|
-
var prepareRequest = (
|
|
44569
|
-
|
|
44570
|
-
for (const headerName of Object.keys(
|
|
44568
|
+
var prepareRequest = (request9) => {
|
|
44569
|
+
request9 = protocols.HttpRequest.clone(request9);
|
|
44570
|
+
for (const headerName of Object.keys(request9.headers)) {
|
|
44571
44571
|
if (GENERATED_HEADERS.indexOf(headerName.toLowerCase()) > -1) {
|
|
44572
|
-
delete
|
|
44572
|
+
delete request9.headers[headerName];
|
|
44573
44573
|
}
|
|
44574
44574
|
}
|
|
44575
|
-
return
|
|
44575
|
+
return request9;
|
|
44576
44576
|
};
|
|
44577
44577
|
var SignatureV42 = class extends SignatureV4Base {
|
|
44578
44578
|
headerFormatter = new HeaderFormatter();
|
|
@@ -44596,18 +44596,18 @@ ${serde.toHex(hashedRequest)}`;
|
|
|
44596
44596
|
return Promise.reject("Signature version 4 presigned URLs must have an expiration date less than one week in the future");
|
|
44597
44597
|
}
|
|
44598
44598
|
const scope = createScope(shortDate, region, signingService ?? this.service);
|
|
44599
|
-
const
|
|
44599
|
+
const request9 = moveHeadersToQuery(prepareRequest(originalRequest), { unhoistableHeaders, hoistableHeaders });
|
|
44600
44600
|
if (credentials.sessionToken) {
|
|
44601
|
-
|
|
44601
|
+
request9.query[TOKEN_QUERY_PARAM] = credentials.sessionToken;
|
|
44602
44602
|
}
|
|
44603
|
-
|
|
44604
|
-
|
|
44605
|
-
|
|
44606
|
-
|
|
44607
|
-
const canonicalHeaders = getCanonicalHeaders(
|
|
44608
|
-
|
|
44609
|
-
|
|
44610
|
-
return
|
|
44603
|
+
request9.query[ALGORITHM_QUERY_PARAM] = ALGORITHM_IDENTIFIER;
|
|
44604
|
+
request9.query[CREDENTIAL_QUERY_PARAM] = `${credentials.accessKeyId}/${scope}`;
|
|
44605
|
+
request9.query[AMZ_DATE_QUERY_PARAM] = longDate;
|
|
44606
|
+
request9.query[EXPIRES_QUERY_PARAM] = expiresIn.toString(10);
|
|
44607
|
+
const canonicalHeaders = getCanonicalHeaders(request9, unsignableHeaders, signableHeaders);
|
|
44608
|
+
request9.query[SIGNED_HEADERS_QUERY_PARAM] = this.getCanonicalHeaderList(canonicalHeaders);
|
|
44609
|
+
request9.query[SIGNATURE_QUERY_PARAM] = await this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request9, canonicalHeaders, await getPayloadHash(originalRequest, this.sha256)));
|
|
44610
|
+
return request9;
|
|
44611
44611
|
}
|
|
44612
44612
|
async sign(toSign, options) {
|
|
44613
44613
|
if (typeof toSign === "string") {
|
|
@@ -44671,21 +44671,21 @@ ${serde.toHex(hashedRequest)}`;
|
|
|
44671
44671
|
const credentials = await this.credentialProvider();
|
|
44672
44672
|
this.validateResolvedCredentials(credentials);
|
|
44673
44673
|
const region = signingRegion ?? await this.regionProvider();
|
|
44674
|
-
const
|
|
44674
|
+
const request9 = prepareRequest(requestToSign);
|
|
44675
44675
|
const { longDate, shortDate } = this.formatDate(signingDate);
|
|
44676
44676
|
const scope = createScope(shortDate, region, signingService ?? this.service);
|
|
44677
|
-
|
|
44677
|
+
request9.headers[AMZ_DATE_HEADER] = longDate;
|
|
44678
44678
|
if (credentials.sessionToken) {
|
|
44679
|
-
|
|
44679
|
+
request9.headers[TOKEN_HEADER] = credentials.sessionToken;
|
|
44680
44680
|
}
|
|
44681
|
-
const payloadHash = await getPayloadHash(
|
|
44682
|
-
if (!hasHeader2(SHA256_HEADER,
|
|
44683
|
-
|
|
44681
|
+
const payloadHash = await getPayloadHash(request9, this.sha256);
|
|
44682
|
+
if (!hasHeader2(SHA256_HEADER, request9.headers) && this.applyChecksum) {
|
|
44683
|
+
request9.headers[SHA256_HEADER] = payloadHash;
|
|
44684
44684
|
}
|
|
44685
|
-
const canonicalHeaders = getCanonicalHeaders(
|
|
44686
|
-
const signature = await this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(
|
|
44687
|
-
|
|
44688
|
-
return
|
|
44685
|
+
const canonicalHeaders = getCanonicalHeaders(request9, unsignableHeaders, signableHeaders);
|
|
44686
|
+
const signature = await this.getSignature(longDate, scope, this.getSigningKey(credentials, region, shortDate, signingService), this.createCanonicalRequest(request9, canonicalHeaders, payloadHash));
|
|
44687
|
+
request9.headers[AUTH_HEADER] = `${ALGORITHM_IDENTIFIER} Credential=${credentials.accessKeyId}/${scope}, SignedHeaders=${this.getCanonicalHeaderList(canonicalHeaders)}, Signature=${signature}`;
|
|
44688
|
+
return request9;
|
|
44689
44689
|
}
|
|
44690
44690
|
async getSignature(longDate, credentialScope, keyPromise, canonicalRequest) {
|
|
44691
44691
|
const stringToSign = await this.createStringToSign(longDate, credentialScope, canonicalRequest, ALGORITHM_IDENTIFIER);
|
|
@@ -45482,13 +45482,13 @@ var require_dist_cjs13 = __commonJS({
|
|
|
45482
45482
|
clearTimeout: (timeoutId) => clearTimeout(timeoutId)
|
|
45483
45483
|
};
|
|
45484
45484
|
var DEFER_EVENT_LISTENER_TIME$2 = 1e3;
|
|
45485
|
-
var setConnectionTimeout = (
|
|
45485
|
+
var setConnectionTimeout = (request9, reject, timeoutInMs = 0) => {
|
|
45486
45486
|
if (!timeoutInMs) {
|
|
45487
45487
|
return -1;
|
|
45488
45488
|
}
|
|
45489
45489
|
const registerTimeout = (offset) => {
|
|
45490
45490
|
const timeoutId = timing.setTimeout(() => {
|
|
45491
|
-
|
|
45491
|
+
request9.destroy();
|
|
45492
45492
|
reject(Object.assign(new Error(`@smithy/node-http-handler - the request socket did not establish a connection with the server within the configured timeout of ${timeoutInMs} ms.`), {
|
|
45493
45493
|
name: "TimeoutError"
|
|
45494
45494
|
}));
|
|
@@ -45502,10 +45502,10 @@ var require_dist_cjs13 = __commonJS({
|
|
|
45502
45502
|
timing.clearTimeout(timeoutId);
|
|
45503
45503
|
}
|
|
45504
45504
|
};
|
|
45505
|
-
if (
|
|
45506
|
-
doWithSocket(
|
|
45505
|
+
if (request9.socket) {
|
|
45506
|
+
doWithSocket(request9.socket);
|
|
45507
45507
|
} else {
|
|
45508
|
-
|
|
45508
|
+
request9.on("socket", doWithSocket);
|
|
45509
45509
|
}
|
|
45510
45510
|
};
|
|
45511
45511
|
if (timeoutInMs < 2e3) {
|
|
@@ -45534,15 +45534,15 @@ var require_dist_cjs13 = __commonJS({
|
|
|
45534
45534
|
return -1;
|
|
45535
45535
|
};
|
|
45536
45536
|
var DEFER_EVENT_LISTENER_TIME$1 = 3e3;
|
|
45537
|
-
var setSocketKeepAlive = (
|
|
45537
|
+
var setSocketKeepAlive = (request9, { keepAlive, keepAliveMsecs }, deferTimeMs = DEFER_EVENT_LISTENER_TIME$1) => {
|
|
45538
45538
|
if (keepAlive !== true) {
|
|
45539
45539
|
return -1;
|
|
45540
45540
|
}
|
|
45541
45541
|
const registerListener = () => {
|
|
45542
|
-
if (
|
|
45543
|
-
|
|
45542
|
+
if (request9.socket) {
|
|
45543
|
+
request9.socket.setKeepAlive(keepAlive, keepAliveMsecs || 0);
|
|
45544
45544
|
} else {
|
|
45545
|
-
|
|
45545
|
+
request9.on("socket", (socket) => {
|
|
45546
45546
|
socket.setKeepAlive(keepAlive, keepAliveMsecs || 0);
|
|
45547
45547
|
});
|
|
45548
45548
|
}
|
|
@@ -45554,18 +45554,18 @@ var require_dist_cjs13 = __commonJS({
|
|
|
45554
45554
|
return timing.setTimeout(registerListener, deferTimeMs);
|
|
45555
45555
|
};
|
|
45556
45556
|
var DEFER_EVENT_LISTENER_TIME = 3e3;
|
|
45557
|
-
var setSocketTimeout = (
|
|
45557
|
+
var setSocketTimeout = (request9, reject, timeoutInMs = 0) => {
|
|
45558
45558
|
const registerTimeout = (offset) => {
|
|
45559
45559
|
const timeout = timeoutInMs - offset;
|
|
45560
45560
|
const onTimeout = () => {
|
|
45561
|
-
|
|
45561
|
+
request9.destroy();
|
|
45562
45562
|
reject(Object.assign(new Error(`@smithy/node-http-handler - the request socket timed out after ${timeoutInMs} ms of inactivity (configured by client requestHandler).`), { name: "TimeoutError" }));
|
|
45563
45563
|
};
|
|
45564
|
-
if (
|
|
45565
|
-
|
|
45566
|
-
|
|
45564
|
+
if (request9.socket) {
|
|
45565
|
+
request9.socket.setTimeout(timeout, onTimeout);
|
|
45566
|
+
request9.on("close", () => request9.socket?.removeListener("timeout", onTimeout));
|
|
45567
45567
|
} else {
|
|
45568
|
-
|
|
45568
|
+
request9.setTimeout(timeout, onTimeout);
|
|
45569
45569
|
}
|
|
45570
45570
|
};
|
|
45571
45571
|
if (0 < timeoutInMs && timeoutInMs < 6e3) {
|
|
@@ -45575,8 +45575,8 @@ var require_dist_cjs13 = __commonJS({
|
|
|
45575
45575
|
return timing.setTimeout(registerTimeout.bind(null, timeoutInMs === 0 ? 0 : DEFER_EVENT_LISTENER_TIME), DEFER_EVENT_LISTENER_TIME);
|
|
45576
45576
|
};
|
|
45577
45577
|
var MIN_WAIT_TIME = 6e3;
|
|
45578
|
-
async function writeRequestBody(httpRequest,
|
|
45579
|
-
const headers =
|
|
45578
|
+
async function writeRequestBody(httpRequest, request9, maxContinueTimeoutMs = MIN_WAIT_TIME, externalAgent = false) {
|
|
45579
|
+
const headers = request9.headers;
|
|
45580
45580
|
const expect = headers ? headers.Expect || headers.expect : void 0;
|
|
45581
45581
|
let timeoutId = -1;
|
|
45582
45582
|
let sendBody = true;
|
|
@@ -45602,7 +45602,7 @@ var require_dist_cjs13 = __commonJS({
|
|
|
45602
45602
|
]);
|
|
45603
45603
|
}
|
|
45604
45604
|
if (sendBody) {
|
|
45605
|
-
writeBody(httpRequest,
|
|
45605
|
+
writeBody(httpRequest, request9.body);
|
|
45606
45606
|
}
|
|
45607
45607
|
}
|
|
45608
45608
|
function writeBody(httpRequest, body) {
|
|
@@ -45684,12 +45684,12 @@ or increase socketAcquisitionWarningTimeout=(millis) in the NodeHttpHandler conf
|
|
|
45684
45684
|
this.config?.httpAgent?.destroy();
|
|
45685
45685
|
this.config?.httpsAgent?.destroy();
|
|
45686
45686
|
}
|
|
45687
|
-
async handle(
|
|
45687
|
+
async handle(request9, { abortSignal, requestTimeout } = {}) {
|
|
45688
45688
|
if (!this.config) {
|
|
45689
45689
|
this.config = await this.configProvider;
|
|
45690
45690
|
}
|
|
45691
45691
|
const config = this.config;
|
|
45692
|
-
const isSSL =
|
|
45692
|
+
const isSSL = request9.protocol === "https:";
|
|
45693
45693
|
if (!isSSL && !this.config.httpAgent) {
|
|
45694
45694
|
this.config.httpAgent = await this.config.httpAgentProvider();
|
|
45695
45695
|
}
|
|
@@ -45722,7 +45722,7 @@ or increase socketAcquisitionWarningTimeout=(millis) in the NodeHttpHandler conf
|
|
|
45722
45722
|
reject(abortError);
|
|
45723
45723
|
return;
|
|
45724
45724
|
}
|
|
45725
|
-
const headers =
|
|
45725
|
+
const headers = request9.headers;
|
|
45726
45726
|
const expectContinue = headers ? (headers.Expect ?? headers.expect) === "100-continue" : false;
|
|
45727
45727
|
let agent = isSSL ? config.httpsAgent : config.httpAgent;
|
|
45728
45728
|
if (expectContinue && !this.externalAgent) {
|
|
@@ -45734,32 +45734,32 @@ or increase socketAcquisitionWarningTimeout=(millis) in the NodeHttpHandler conf
|
|
|
45734
45734
|
socketWarningTimeoutId = timing.setTimeout(() => {
|
|
45735
45735
|
this.socketWarningTimestamp = _NodeHttpHandler.checkSocketUsage(agent, this.socketWarningTimestamp, config.logger);
|
|
45736
45736
|
}, config.socketAcquisitionWarningTimeout ?? (config.requestTimeout ?? 2e3) + (config.connectionTimeout ?? 1e3));
|
|
45737
|
-
const queryString =
|
|
45737
|
+
const queryString = request9.query ? protocols.buildQueryString(request9.query) : "";
|
|
45738
45738
|
let auth = void 0;
|
|
45739
|
-
if (
|
|
45740
|
-
const username =
|
|
45741
|
-
const password =
|
|
45739
|
+
if (request9.username != null || request9.password != null) {
|
|
45740
|
+
const username = request9.username ?? "";
|
|
45741
|
+
const password = request9.password ?? "";
|
|
45742
45742
|
auth = `${username}:${password}`;
|
|
45743
45743
|
}
|
|
45744
|
-
let
|
|
45744
|
+
let path30 = request9.path;
|
|
45745
45745
|
if (queryString) {
|
|
45746
|
-
|
|
45746
|
+
path30 += `?${queryString}`;
|
|
45747
45747
|
}
|
|
45748
|
-
if (
|
|
45749
|
-
|
|
45748
|
+
if (request9.fragment) {
|
|
45749
|
+
path30 += `#${request9.fragment}`;
|
|
45750
45750
|
}
|
|
45751
|
-
let hostname =
|
|
45751
|
+
let hostname = request9.hostname ?? "";
|
|
45752
45752
|
if (hostname[0] === "[" && hostname.endsWith("]")) {
|
|
45753
|
-
hostname =
|
|
45753
|
+
hostname = request9.hostname.slice(1, -1);
|
|
45754
45754
|
} else {
|
|
45755
|
-
hostname =
|
|
45755
|
+
hostname = request9.hostname;
|
|
45756
45756
|
}
|
|
45757
45757
|
const nodeHttpsOptions = {
|
|
45758
|
-
headers:
|
|
45758
|
+
headers: request9.headers,
|
|
45759
45759
|
host: hostname,
|
|
45760
|
-
method:
|
|
45761
|
-
path:
|
|
45762
|
-
port:
|
|
45760
|
+
method: request9.method,
|
|
45761
|
+
path: path30,
|
|
45762
|
+
port: request9.port,
|
|
45763
45763
|
agent,
|
|
45764
45764
|
auth
|
|
45765
45765
|
};
|
|
@@ -45805,7 +45805,7 @@ or increase socketAcquisitionWarningTimeout=(millis) in the NodeHttpHandler conf
|
|
|
45805
45805
|
keepAliveMsecs: httpAgent.keepAliveMsecs
|
|
45806
45806
|
});
|
|
45807
45807
|
}
|
|
45808
|
-
writeRequestBodyPromise = writeRequestBody(req,
|
|
45808
|
+
writeRequestBodyPromise = writeRequestBody(req, request9, effectiveRequestTimeout, this.externalAgent).catch((e5) => {
|
|
45809
45809
|
clearTimeouts();
|
|
45810
45810
|
return _reject(e5);
|
|
45811
45811
|
});
|
|
@@ -45834,8 +45834,8 @@ or increase socketAcquisitionWarningTimeout=(millis) in the NodeHttpHandler conf
|
|
|
45834
45834
|
socketAcquisitionWarningTimeout,
|
|
45835
45835
|
throwOnRequestTimeout,
|
|
45836
45836
|
httpAgentProvider: async () => {
|
|
45837
|
-
const { Agent, request:
|
|
45838
|
-
hRequest =
|
|
45837
|
+
const { Agent, request: request9 } = await import("node:http");
|
|
45838
|
+
hRequest = request9;
|
|
45839
45839
|
hAgent = Agent;
|
|
45840
45840
|
if (httpAgent instanceof hAgent || typeof httpAgent?.destroy === "function") {
|
|
45841
45841
|
this.externalAgent = true;
|
|
@@ -46072,8 +46072,8 @@ or increase socketAcquisitionWarningTimeout=(millis) in the NodeHttpHandler conf
|
|
|
46072
46072
|
}
|
|
46073
46073
|
return this.connectionPools.get(url);
|
|
46074
46074
|
}
|
|
46075
|
-
getUrlString(
|
|
46076
|
-
return
|
|
46075
|
+
getUrlString(request9) {
|
|
46076
|
+
return request9.destination.toString();
|
|
46077
46077
|
}
|
|
46078
46078
|
connect(url) {
|
|
46079
46079
|
return this.connectOptions === void 0 ? http2.connect(url) : http2.connect(url, this.connectOptions);
|
|
@@ -46104,7 +46104,7 @@ or increase socketAcquisitionWarningTimeout=(millis) in the NodeHttpHandler conf
|
|
|
46104
46104
|
destroy() {
|
|
46105
46105
|
this.connectionManager.destroy();
|
|
46106
46106
|
}
|
|
46107
|
-
async handle(
|
|
46107
|
+
async handle(request9, { abortSignal, requestTimeout, isEventStream } = {}) {
|
|
46108
46108
|
if (!this.config) {
|
|
46109
46109
|
this.config = await this.configProvider;
|
|
46110
46110
|
const { disableConcurrentStreams: disableConcurrentStreams2, maxConcurrentStreams, nodeHttp2ConnectOptions } = this.config;
|
|
@@ -46136,11 +46136,11 @@ or increase socketAcquisitionWarningTimeout=(millis) in the NodeHttpHandler conf
|
|
|
46136
46136
|
reject(abortError);
|
|
46137
46137
|
return;
|
|
46138
46138
|
}
|
|
46139
|
-
const { hostname, method, port, protocol, query } =
|
|
46139
|
+
const { hostname, method, port, protocol, query } = request9;
|
|
46140
46140
|
let auth = "";
|
|
46141
|
-
if (
|
|
46142
|
-
const username =
|
|
46143
|
-
const password =
|
|
46141
|
+
if (request9.username != null || request9.password != null) {
|
|
46142
|
+
const username = request9.username ?? "";
|
|
46143
|
+
const password = request9.password ?? "";
|
|
46144
46144
|
auth = `${username}:${password}@`;
|
|
46145
46145
|
}
|
|
46146
46146
|
const authority = `${protocol}//${auth}${hostname}${port ? `:${port}` : ""}`;
|
|
@@ -46159,16 +46159,16 @@ or increase socketAcquisitionWarningTimeout=(millis) in the NodeHttpHandler conf
|
|
|
46159
46159
|
reject(err2);
|
|
46160
46160
|
};
|
|
46161
46161
|
const queryString = query ? protocols.buildQueryString(query) : "";
|
|
46162
|
-
let
|
|
46162
|
+
let path30 = request9.path;
|
|
46163
46163
|
if (queryString) {
|
|
46164
|
-
|
|
46164
|
+
path30 += `?${queryString}`;
|
|
46165
46165
|
}
|
|
46166
|
-
if (
|
|
46167
|
-
|
|
46166
|
+
if (request9.fragment) {
|
|
46167
|
+
path30 += `#${request9.fragment}`;
|
|
46168
46168
|
}
|
|
46169
46169
|
const clientHttp2Stream = session.request({
|
|
46170
|
-
...
|
|
46171
|
-
[http2.constants.HTTP2_HEADER_PATH]:
|
|
46170
|
+
...request9.headers,
|
|
46171
|
+
[http2.constants.HTTP2_HEADER_PATH]: path30,
|
|
46172
46172
|
[http2.constants.HTTP2_HEADER_METHOD]: method
|
|
46173
46173
|
});
|
|
46174
46174
|
if (effectiveRequestTimeout) {
|
|
@@ -46222,7 +46222,7 @@ or increase socketAcquisitionWarningTimeout=(millis) in the NodeHttpHandler conf
|
|
|
46222
46222
|
rejectWithDestroy(new Error("Unexpected error: http2 request did not get a response"));
|
|
46223
46223
|
}
|
|
46224
46224
|
});
|
|
46225
|
-
writeRequestBodyPromise = writeRequestBody(clientHttp2Stream,
|
|
46225
|
+
writeRequestBodyPromise = writeRequestBody(clientHttp2Stream, request9, effectiveRequestTimeout);
|
|
46226
46226
|
});
|
|
46227
46227
|
}
|
|
46228
46228
|
updateHttpClientConfig(key, value) {
|
|
@@ -46462,14 +46462,14 @@ Set AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
|
|
|
46462
46462
|
connectionTimeout: options.timeout ?? 1e3
|
|
46463
46463
|
});
|
|
46464
46464
|
return (0, retry_wrapper_1.retryWrapper)(async () => {
|
|
46465
|
-
const
|
|
46465
|
+
const request9 = (0, requestHelpers_1.createGetRequest)(url);
|
|
46466
46466
|
if (token) {
|
|
46467
|
-
|
|
46467
|
+
request9.headers.Authorization = token;
|
|
46468
46468
|
} else if (tokenFile) {
|
|
46469
|
-
|
|
46469
|
+
request9.headers.Authorization = (await promises_1.default.readFile(tokenFile)).toString();
|
|
46470
46470
|
}
|
|
46471
46471
|
try {
|
|
46472
|
-
const result2 = await requestHandler.handle(
|
|
46472
|
+
const result2 = await requestHandler.handle(request9);
|
|
46473
46473
|
return (0, requestHelpers_1.getCredentials)(result2.response).then((creds) => (0, client_1.setCredentialFeature)(creds, "CREDENTIALS_HTTP", "z"));
|
|
46474
46474
|
} catch (e5) {
|
|
46475
46475
|
throw new config_1.CredentialsProviderError(String(e5), { logger: options.logger });
|
|
@@ -46718,12 +46718,12 @@ var require_dist_cjs15 = __commonJS({
|
|
|
46718
46718
|
}
|
|
46719
46719
|
return ["md/nodejs", node_process.versions.node];
|
|
46720
46720
|
};
|
|
46721
|
-
var getNodeModulesParentDirs = (
|
|
46721
|
+
var getNodeModulesParentDirs = (dirname6) => {
|
|
46722
46722
|
const cwd = process.cwd();
|
|
46723
|
-
if (!
|
|
46723
|
+
if (!dirname6) {
|
|
46724
46724
|
return [cwd];
|
|
46725
46725
|
}
|
|
46726
|
-
const normalizedPath = node_path.normalize(
|
|
46726
|
+
const normalizedPath = node_path.normalize(dirname6);
|
|
46727
46727
|
const parts = normalizedPath.split(node_path.sep);
|
|
46728
46728
|
const nodeModulesIndex = parts.indexOf("node_modules");
|
|
46729
46729
|
const parentDir = nodeModulesIndex !== -1 ? parts.slice(0, nodeModulesIndex).join(node_path.sep) : normalizedPath;
|
|
@@ -46771,8 +46771,8 @@ var require_dist_cjs15 = __commonJS({
|
|
|
46771
46771
|
tscVersion = null;
|
|
46772
46772
|
return void 0;
|
|
46773
46773
|
}
|
|
46774
|
-
const
|
|
46775
|
-
const nodeModulesParentDirs = getNodeModulesParentDirs(
|
|
46774
|
+
const dirname6 = typeof __dirname !== "undefined" ? __dirname : void 0;
|
|
46775
|
+
const nodeModulesParentDirs = getNodeModulesParentDirs(dirname6);
|
|
46776
46776
|
let versionFromApp;
|
|
46777
46777
|
for (const nodeModulesParentDir of nodeModulesParentDirs) {
|
|
46778
46778
|
try {
|
|
@@ -47822,33 +47822,33 @@ var init_SmithyRpcV2CborProtocol = __esm({
|
|
|
47822
47822
|
return this.codec;
|
|
47823
47823
|
}
|
|
47824
47824
|
async serializeRequest(operationSchema, input, context) {
|
|
47825
|
-
const
|
|
47826
|
-
Object.assign(
|
|
47825
|
+
const request9 = await super.serializeRequest(operationSchema, input, context);
|
|
47826
|
+
Object.assign(request9.headers, {
|
|
47827
47827
|
"content-type": this.getDefaultContentType(),
|
|
47828
47828
|
"smithy-protocol": "rpc-v2-cbor",
|
|
47829
47829
|
accept: this.getDefaultContentType()
|
|
47830
47830
|
});
|
|
47831
47831
|
if (deref(operationSchema.input) === "unit") {
|
|
47832
|
-
delete
|
|
47833
|
-
delete
|
|
47832
|
+
delete request9.body;
|
|
47833
|
+
delete request9.headers["content-type"];
|
|
47834
47834
|
} else {
|
|
47835
|
-
if (!
|
|
47835
|
+
if (!request9.body) {
|
|
47836
47836
|
this.serializer.write(15, {});
|
|
47837
|
-
|
|
47837
|
+
request9.body = this.serializer.flush();
|
|
47838
47838
|
}
|
|
47839
47839
|
try {
|
|
47840
|
-
|
|
47840
|
+
request9.headers["content-length"] = String(request9.body.byteLength);
|
|
47841
47841
|
} catch (e5) {
|
|
47842
47842
|
}
|
|
47843
47843
|
}
|
|
47844
47844
|
const { service, operation: operation2 } = getSmithyContext(context);
|
|
47845
|
-
const
|
|
47846
|
-
if (
|
|
47847
|
-
|
|
47845
|
+
const path30 = `/service/${service}/operation/${operation2}`;
|
|
47846
|
+
if (request9.path.endsWith("/")) {
|
|
47847
|
+
request9.path += path30.slice(1);
|
|
47848
47848
|
} else {
|
|
47849
|
-
|
|
47849
|
+
request9.path += path30;
|
|
47850
47850
|
}
|
|
47851
|
-
return
|
|
47851
|
+
return request9;
|
|
47852
47852
|
}
|
|
47853
47853
|
async deserializeResponse(operationSchema, context, response) {
|
|
47854
47854
|
return super.deserializeResponse(operationSchema, context, response);
|
|
@@ -48068,11 +48068,11 @@ var init_AwsSmithyRpcV2CborProtocol = __esm({
|
|
|
48068
48068
|
this.mixin = new ProtocolLib(this.awsQueryCompatible);
|
|
48069
48069
|
}
|
|
48070
48070
|
async serializeRequest(operationSchema, input, context) {
|
|
48071
|
-
const
|
|
48071
|
+
const request9 = await super.serializeRequest(operationSchema, input, context);
|
|
48072
48072
|
if (this.awsQueryCompatible) {
|
|
48073
|
-
|
|
48073
|
+
request9.headers["x-amzn-query-mode"] = "true";
|
|
48074
48074
|
}
|
|
48075
|
-
return
|
|
48075
|
+
return request9;
|
|
48076
48076
|
}
|
|
48077
48077
|
async handleError(operationSchema, context, response, dataObject, metadata) {
|
|
48078
48078
|
if (this.awsQueryCompatible) {
|
|
@@ -48777,19 +48777,19 @@ var init_AwsJsonRpcProtocol = __esm({
|
|
|
48777
48777
|
this.mixin = new ProtocolLib(this.awsQueryCompatible);
|
|
48778
48778
|
}
|
|
48779
48779
|
async serializeRequest(operationSchema, input, context) {
|
|
48780
|
-
const
|
|
48781
|
-
if (!
|
|
48782
|
-
|
|
48780
|
+
const request9 = await super.serializeRequest(operationSchema, input, context);
|
|
48781
|
+
if (!request9.path.endsWith("/")) {
|
|
48782
|
+
request9.path += "/";
|
|
48783
48783
|
}
|
|
48784
|
-
|
|
48785
|
-
|
|
48784
|
+
request9.headers["content-type"] = `application/x-amz-json-${this.getJsonRpcVersion()}`;
|
|
48785
|
+
request9.headers["x-amz-target"] = `${this.serviceTarget}.${operationSchema.name}`;
|
|
48786
48786
|
if (this.awsQueryCompatible) {
|
|
48787
|
-
|
|
48787
|
+
request9.headers["x-amzn-query-mode"] = "true";
|
|
48788
48788
|
}
|
|
48789
|
-
if (deref(operationSchema.input) === "unit" || !
|
|
48790
|
-
|
|
48789
|
+
if (deref(operationSchema.input) === "unit" || !request9.body) {
|
|
48790
|
+
request9.body = "{}";
|
|
48791
48791
|
}
|
|
48792
|
-
return
|
|
48792
|
+
return request9;
|
|
48793
48793
|
}
|
|
48794
48794
|
getPayloadCodec() {
|
|
48795
48795
|
return this.codec;
|
|
@@ -48923,18 +48923,18 @@ var init_AwsRestJsonProtocol = __esm({
|
|
|
48923
48923
|
super.setSerdeContext(serdeContext);
|
|
48924
48924
|
}
|
|
48925
48925
|
async serializeRequest(operationSchema, input, context) {
|
|
48926
|
-
const
|
|
48926
|
+
const request9 = await super.serializeRequest(operationSchema, input, context);
|
|
48927
48927
|
const inputSchema4 = NormalizedSchema.of(operationSchema.input);
|
|
48928
|
-
if (!
|
|
48928
|
+
if (!request9.headers["content-type"]) {
|
|
48929
48929
|
const contentType = this.mixin.resolveRestContentType(this.getDefaultContentType(), inputSchema4);
|
|
48930
48930
|
if (contentType) {
|
|
48931
|
-
|
|
48931
|
+
request9.headers["content-type"] = contentType;
|
|
48932
48932
|
}
|
|
48933
48933
|
}
|
|
48934
|
-
if (
|
|
48935
|
-
|
|
48934
|
+
if (request9.body == null && request9.headers["content-type"] === this.getDefaultContentType()) {
|
|
48935
|
+
request9.body = "{}";
|
|
48936
48936
|
}
|
|
48937
|
-
return
|
|
48937
|
+
return request9;
|
|
48938
48938
|
}
|
|
48939
48939
|
async deserializeResponse(operationSchema, context, response) {
|
|
48940
48940
|
const output = await super.deserializeResponse(operationSchema, context, response);
|
|
@@ -51401,20 +51401,20 @@ var init_AwsQueryProtocol = __esm({
|
|
|
51401
51401
|
throw new Error("AWSQuery protocol has no payload codec.");
|
|
51402
51402
|
}
|
|
51403
51403
|
async serializeRequest(operationSchema, input, context) {
|
|
51404
|
-
const
|
|
51405
|
-
if (!
|
|
51406
|
-
|
|
51404
|
+
const request9 = await super.serializeRequest(operationSchema, input, context);
|
|
51405
|
+
if (!request9.path.endsWith("/")) {
|
|
51406
|
+
request9.path += "/";
|
|
51407
51407
|
}
|
|
51408
|
-
|
|
51409
|
-
if (deref(operationSchema.input) === "unit" || !
|
|
51410
|
-
|
|
51408
|
+
request9.headers["content-type"] = "application/x-www-form-urlencoded";
|
|
51409
|
+
if (deref(operationSchema.input) === "unit" || !request9.body) {
|
|
51410
|
+
request9.body = "";
|
|
51411
51411
|
}
|
|
51412
51412
|
const action = operationSchema.name.split("#")[1] ?? operationSchema.name;
|
|
51413
|
-
|
|
51414
|
-
if (
|
|
51415
|
-
|
|
51413
|
+
request9.body = `Action=${action}&Version=${this.options.version}` + request9.body;
|
|
51414
|
+
if (request9.body.endsWith("&")) {
|
|
51415
|
+
request9.body = request9.body.slice(-1);
|
|
51416
51416
|
}
|
|
51417
|
-
return
|
|
51417
|
+
return request9;
|
|
51418
51418
|
}
|
|
51419
51419
|
async deserializeResponse(operationSchema, context, response) {
|
|
51420
51420
|
const deserializer = this.deserializer;
|
|
@@ -51924,18 +51924,18 @@ var init_AwsRestXmlProtocol = __esm({
|
|
|
51924
51924
|
return "aws.protocols#restXml";
|
|
51925
51925
|
}
|
|
51926
51926
|
async serializeRequest(operationSchema, input, context) {
|
|
51927
|
-
const
|
|
51927
|
+
const request9 = await super.serializeRequest(operationSchema, input, context);
|
|
51928
51928
|
const inputSchema4 = NormalizedSchema.of(operationSchema.input);
|
|
51929
|
-
if (!
|
|
51929
|
+
if (!request9.headers["content-type"]) {
|
|
51930
51930
|
const contentType = this.mixin.resolveRestContentType(this.getDefaultContentType(), inputSchema4);
|
|
51931
51931
|
if (contentType) {
|
|
51932
|
-
|
|
51932
|
+
request9.headers["content-type"] = contentType;
|
|
51933
51933
|
}
|
|
51934
51934
|
}
|
|
51935
|
-
if (typeof
|
|
51936
|
-
|
|
51935
|
+
if (typeof request9.body === "string" && request9.headers["content-type"] === this.getDefaultContentType() && !request9.body.startsWith("<?xml ") && !this.hasUnstructuredPayloadBinding(inputSchema4)) {
|
|
51936
|
+
request9.body = '<?xml version="1.0" encoding="UTF-8"?>' + request9.body;
|
|
51937
51937
|
}
|
|
51938
|
-
return
|
|
51938
|
+
return request9;
|
|
51939
51939
|
}
|
|
51940
51940
|
async deserializeResponse(operationSchema, context, response) {
|
|
51941
51941
|
return super.deserializeResponse(operationSchema, context, response);
|
|
@@ -54797,11 +54797,11 @@ var require_dist_cjs20 = __commonJS({
|
|
|
54797
54797
|
createDPoPInterceptor(middlewareStack) {
|
|
54798
54798
|
middlewareStack.add((next) => async (args) => {
|
|
54799
54799
|
if (protocols.HttpRequest.isInstance(args.request)) {
|
|
54800
|
-
const
|
|
54801
|
-
const actualEndpoint = `${
|
|
54802
|
-
const dpop = await this.generateDpop(
|
|
54803
|
-
|
|
54804
|
-
...
|
|
54800
|
+
const request9 = args.request;
|
|
54801
|
+
const actualEndpoint = `${request9.protocol}//${request9.hostname}${request9.port ? `:${request9.port}` : ""}${request9.path}`;
|
|
54802
|
+
const dpop = await this.generateDpop(request9.method, actualEndpoint);
|
|
54803
|
+
request9.headers = {
|
|
54804
|
+
...request9.headers,
|
|
54805
54805
|
DPoP: dpop
|
|
54806
54806
|
};
|
|
54807
54807
|
}
|
|
@@ -58840,11 +58840,22 @@ var init_kong_shared = __esm({
|
|
|
58840
58840
|
|
|
58841
58841
|
// src/drift/kong-admin.ts
|
|
58842
58842
|
import { request as request2 } from "undici";
|
|
58843
|
-
async function fetchAll(baseUrl, resource) {
|
|
58843
|
+
async function fetchAll(baseUrl, resource, timeoutMs) {
|
|
58844
58844
|
const out = [];
|
|
58845
58845
|
let url = `${baseUrl.replace(/\/$/, "")}/${resource}`;
|
|
58846
58846
|
while (url) {
|
|
58847
|
-
|
|
58847
|
+
let res;
|
|
58848
|
+
try {
|
|
58849
|
+
res = await request2(url, {
|
|
58850
|
+
method: "GET",
|
|
58851
|
+
...timeoutMs !== void 0 ? { signal: AbortSignal.timeout(timeoutMs) } : {}
|
|
58852
|
+
});
|
|
58853
|
+
} catch (e5) {
|
|
58854
|
+
if (e5.name === "TimeoutError" || e5.name === "AbortError") {
|
|
58855
|
+
throw new Error(`Kong admin GET ${url} timed out after ${timeoutMs}ms`);
|
|
58856
|
+
}
|
|
58857
|
+
throw e5;
|
|
58858
|
+
}
|
|
58848
58859
|
if (res.statusCode >= 400) {
|
|
58849
58860
|
throw new Error(`Kong admin GET ${url} \u2192 ${res.statusCode}`);
|
|
58850
58861
|
}
|
|
@@ -58854,10 +58865,10 @@ async function fetchAll(baseUrl, resource) {
|
|
|
58854
58865
|
}
|
|
58855
58866
|
return out;
|
|
58856
58867
|
}
|
|
58857
|
-
function createHttpClient(baseUrl) {
|
|
58868
|
+
function createHttpClient(baseUrl, timeoutMs) {
|
|
58858
58869
|
return {
|
|
58859
|
-
routes: () => fetchAll(baseUrl, "routes"),
|
|
58860
|
-
plugins: () => fetchAll(baseUrl, "plugins")
|
|
58870
|
+
routes: () => fetchAll(baseUrl, "routes", timeoutMs),
|
|
58871
|
+
plugins: () => fetchAll(baseUrl, "plugins", timeoutMs)
|
|
58861
58872
|
};
|
|
58862
58873
|
}
|
|
58863
58874
|
function indexActualFromAdmin(routes, plugins, spec) {
|
|
@@ -58884,7 +58895,7 @@ function indexActualFromAdmin(routes, plugins, spec) {
|
|
|
58884
58895
|
return out;
|
|
58885
58896
|
}
|
|
58886
58897
|
async function detectAdminDrift(spec, opts) {
|
|
58887
|
-
const client = opts.client ?? createHttpClient(opts.gatewayUrl);
|
|
58898
|
+
const client = opts.client ?? createHttpClient(opts.gatewayUrl, opts.timeoutMs);
|
|
58888
58899
|
const [routes, plugins] = await Promise.all([client.routes(), client.plugins()]);
|
|
58889
58900
|
const actual = indexActualFromAdmin(routes, plugins, spec);
|
|
58890
58901
|
const expected = buildExpected(spec);
|
|
@@ -60366,7 +60377,7 @@ async function runValidate(specPath, opts) {
|
|
|
60366
60377
|
let report;
|
|
60367
60378
|
switch (opts.target) {
|
|
60368
60379
|
case "kong":
|
|
60369
|
-
report = isHttp ? await detectAdminDrift(spec, { gatewayUrl: opts.gateway }) : await detectFileDrift(spec, { filePath: opts.gateway });
|
|
60380
|
+
report = isHttp ? await detectAdminDrift(spec, { gatewayUrl: opts.gateway, ...opts.timeoutMs !== void 0 ? { timeoutMs: opts.timeoutMs } : {} }) : await detectFileDrift(spec, { filePath: opts.gateway });
|
|
60370
60381
|
break;
|
|
60371
60382
|
case "coraza":
|
|
60372
60383
|
if (isHttp) throw new Error("coraza drift is file-mode only \u2014 pass a path to the deployed YAML.");
|
|
@@ -60571,8 +60582,8 @@ async function bringUp(plan, opts = {}) {
|
|
|
60571
60582
|
);
|
|
60572
60583
|
}
|
|
60573
60584
|
const DockerMod = await import("dockerode");
|
|
60574
|
-
const
|
|
60575
|
-
const docker = new
|
|
60585
|
+
const Docker2 = DockerMod.default;
|
|
60586
|
+
const docker = new Docker2();
|
|
60576
60587
|
await docker.ping().catch(() => {
|
|
60577
60588
|
throw new Error("Docker daemon not reachable (set DOCKER_HOST or start Docker Desktop).");
|
|
60578
60589
|
});
|
|
@@ -60693,7 +60704,7 @@ var init_docker_compose = __esm({
|
|
|
60693
60704
|
|
|
60694
60705
|
// src/test-harness/traffic.ts
|
|
60695
60706
|
import { request as undiciRequest2 } from "undici";
|
|
60696
|
-
async function sendOnce(baseUrl, req) {
|
|
60707
|
+
async function sendOnce(baseUrl, req, timeoutMs) {
|
|
60697
60708
|
const start = Date.now();
|
|
60698
60709
|
const url = baseUrl.replace(/\/$/, "") + req.path;
|
|
60699
60710
|
const opts = {
|
|
@@ -60702,19 +60713,28 @@ async function sendOnce(baseUrl, req) {
|
|
|
60702
60713
|
};
|
|
60703
60714
|
if (req.body !== void 0) opts.body = req.body;
|
|
60704
60715
|
if (req.timeout) opts.headersTimeout = req.timeout;
|
|
60705
|
-
|
|
60706
|
-
|
|
60707
|
-
|
|
60708
|
-
|
|
60709
|
-
|
|
60710
|
-
|
|
60711
|
-
|
|
60712
|
-
|
|
60716
|
+
if (timeoutMs !== void 0) opts.signal = AbortSignal.timeout(timeoutMs);
|
|
60717
|
+
try {
|
|
60718
|
+
const res = await undiciRequest2(url, opts);
|
|
60719
|
+
const buf = await res.body.arrayBuffer();
|
|
60720
|
+
return {
|
|
60721
|
+
status: res.statusCode,
|
|
60722
|
+
headers: res.headers,
|
|
60723
|
+
body: Buffer.from(buf).toString("utf8"),
|
|
60724
|
+
durationMs: Date.now() - start
|
|
60725
|
+
};
|
|
60726
|
+
} catch (e5) {
|
|
60727
|
+
const name = e5.name;
|
|
60728
|
+
if (name === "TimeoutError" || name === "AbortError") {
|
|
60729
|
+
throw new Error(`${req.method} ${url} timed out after ${timeoutMs}ms`);
|
|
60730
|
+
}
|
|
60731
|
+
throw e5;
|
|
60732
|
+
}
|
|
60713
60733
|
}
|
|
60714
|
-
async function sendN(baseUrl, req, count) {
|
|
60734
|
+
async function sendN(baseUrl, req, count, timeoutMs) {
|
|
60715
60735
|
const out = [];
|
|
60716
60736
|
for (let i5 = 0; i5 < count; i5++) {
|
|
60717
|
-
out.push(await sendOnce(baseUrl, req));
|
|
60737
|
+
out.push(await sendOnce(baseUrl, req, timeoutMs));
|
|
60718
60738
|
}
|
|
60719
60739
|
return out;
|
|
60720
60740
|
}
|
|
@@ -60749,7 +60769,7 @@ function result(endpoint, rule, verdict, message, startMs) {
|
|
|
60749
60769
|
durationMs: Date.now() - startMs
|
|
60750
60770
|
};
|
|
60751
60771
|
}
|
|
60752
|
-
async function assertRateLimit(baseUrl, endpoint) {
|
|
60772
|
+
async function assertRateLimit(baseUrl, endpoint, timeoutMs) {
|
|
60753
60773
|
const rls = endpoint.policy.rateLimit;
|
|
60754
60774
|
if (!rls) return [];
|
|
60755
60775
|
const list2 = Array.isArray(rls) ? rls : [rls];
|
|
@@ -60758,7 +60778,7 @@ async function assertRateLimit(baseUrl, endpoint) {
|
|
|
60758
60778
|
const start = Date.now();
|
|
60759
60779
|
const total = rl.requests + 1;
|
|
60760
60780
|
try {
|
|
60761
|
-
const responses = await sendN(baseUrl, baseRequest(endpoint), total);
|
|
60781
|
+
const responses = await sendN(baseUrl, baseRequest(endpoint), total, timeoutMs);
|
|
60762
60782
|
const last = responses[responses.length - 1];
|
|
60763
60783
|
if (last.status === 429) {
|
|
60764
60784
|
out.push(result(endpoint, "rateLimit", "PASS", `429 after ${rl.requests} requests`, start));
|
|
@@ -60779,12 +60799,12 @@ async function assertRateLimit(baseUrl, endpoint) {
|
|
|
60779
60799
|
}
|
|
60780
60800
|
return out;
|
|
60781
60801
|
}
|
|
60782
|
-
async function assertAuth(baseUrl, endpoint) {
|
|
60802
|
+
async function assertAuth(baseUrl, endpoint, timeoutMs) {
|
|
60783
60803
|
const auth = endpoint.policy.authentication;
|
|
60784
60804
|
if (!auth || auth.type === "none") return null;
|
|
60785
60805
|
const start = Date.now();
|
|
60786
60806
|
try {
|
|
60787
|
-
const res = await sendOnce(baseUrl, baseRequest(endpoint));
|
|
60807
|
+
const res = await sendOnce(baseUrl, baseRequest(endpoint), timeoutMs);
|
|
60788
60808
|
if (res.status === 401 || res.status === 403) {
|
|
60789
60809
|
return result(endpoint, "authentication", "PASS", `Unauth \u2192 ${res.status}`, start);
|
|
60790
60810
|
}
|
|
@@ -60799,7 +60819,7 @@ async function assertAuth(baseUrl, endpoint) {
|
|
|
60799
60819
|
return result(endpoint, "authentication", "SKIP", `traffic error: ${e5.message}`, start);
|
|
60800
60820
|
}
|
|
60801
60821
|
}
|
|
60802
|
-
async function assertCors(baseUrl, endpoint) {
|
|
60822
|
+
async function assertCors(baseUrl, endpoint, timeoutMs) {
|
|
60803
60823
|
const cors = endpoint.policy.cors;
|
|
60804
60824
|
if (!cors || !cors.allowedOrigins?.length) return null;
|
|
60805
60825
|
const start = Date.now();
|
|
@@ -60812,7 +60832,7 @@ async function assertCors(baseUrl, endpoint) {
|
|
|
60812
60832
|
Origin: origin,
|
|
60813
60833
|
"Access-Control-Request-Method": endpoint.method
|
|
60814
60834
|
}
|
|
60815
|
-
});
|
|
60835
|
+
}, timeoutMs);
|
|
60816
60836
|
const allowed = res.headers["access-control-allow-origin"];
|
|
60817
60837
|
if (allowed && (allowed === origin || allowed === "*")) {
|
|
60818
60838
|
return result(endpoint, "cors", "PASS", `CORS preflight echoed ${allowed}`, start);
|
|
@@ -60822,7 +60842,7 @@ async function assertCors(baseUrl, endpoint) {
|
|
|
60822
60842
|
return result(endpoint, "cors", "SKIP", `traffic error: ${e5.message}`, start);
|
|
60823
60843
|
}
|
|
60824
60844
|
}
|
|
60825
|
-
async function assertMaxBodySize(baseUrl, endpoint) {
|
|
60845
|
+
async function assertMaxBodySize(baseUrl, endpoint, timeoutMs) {
|
|
60826
60846
|
const maxBody = endpoint.policy.request?.maxBodySize;
|
|
60827
60847
|
if (!maxBody) return null;
|
|
60828
60848
|
const start = Date.now();
|
|
@@ -60835,7 +60855,7 @@ async function assertMaxBodySize(baseUrl, endpoint) {
|
|
|
60835
60855
|
const res = await sendOnce(baseUrl, {
|
|
60836
60856
|
...baseRequest(endpoint, { "Content-Type": "application/octet-stream" }),
|
|
60837
60857
|
body: big
|
|
60838
|
-
});
|
|
60858
|
+
}, timeoutMs);
|
|
60839
60859
|
if (res.status === 413) {
|
|
60840
60860
|
return result(endpoint, "maxBodySize", "PASS", `413 on ${bytes}B payload`, start);
|
|
60841
60861
|
}
|
|
@@ -60844,7 +60864,7 @@ async function assertMaxBodySize(baseUrl, endpoint) {
|
|
|
60844
60864
|
return result(endpoint, "maxBodySize", "SKIP", `traffic error: ${e5.message}`, start);
|
|
60845
60865
|
}
|
|
60846
60866
|
}
|
|
60847
|
-
async function assertContentType(baseUrl, endpoint) {
|
|
60867
|
+
async function assertContentType(baseUrl, endpoint, timeoutMs) {
|
|
60848
60868
|
const allowed = endpoint.policy.request?.contentType;
|
|
60849
60869
|
if (!allowed?.length) return null;
|
|
60850
60870
|
if (endpoint.method === "GET" || endpoint.method === "HEAD") return null;
|
|
@@ -60853,7 +60873,7 @@ async function assertContentType(baseUrl, endpoint) {
|
|
|
60853
60873
|
const res = await sendOnce(baseUrl, {
|
|
60854
60874
|
...baseRequest(endpoint, { "Content-Type": "application/x-disallowed-type" }),
|
|
60855
60875
|
body: "x"
|
|
60856
|
-
});
|
|
60876
|
+
}, timeoutMs);
|
|
60857
60877
|
if (res.status === 415 || res.status === 400) {
|
|
60858
60878
|
return result(endpoint, "contentType", "PASS", `${res.status} on bad content-type`, start);
|
|
60859
60879
|
}
|
|
@@ -60862,7 +60882,7 @@ async function assertContentType(baseUrl, endpoint) {
|
|
|
60862
60882
|
return result(endpoint, "contentType", "SKIP", `traffic error: ${e5.message}`, start);
|
|
60863
60883
|
}
|
|
60864
60884
|
}
|
|
60865
|
-
async function assertSchema(baseUrl, endpoint) {
|
|
60885
|
+
async function assertSchema(baseUrl, endpoint, timeoutMs) {
|
|
60866
60886
|
const schema = endpoint.policy.request?.schema;
|
|
60867
60887
|
if (!schema || Object.keys(schema).length === 0) return null;
|
|
60868
60888
|
const start = Date.now();
|
|
@@ -60870,7 +60890,7 @@ async function assertSchema(baseUrl, endpoint) {
|
|
|
60870
60890
|
const res = await sendOnce(baseUrl, {
|
|
60871
60891
|
...baseRequest(endpoint, { "Content-Type": "application/json" }),
|
|
60872
60892
|
body: "{}"
|
|
60873
|
-
});
|
|
60893
|
+
}, timeoutMs);
|
|
60874
60894
|
if (res.status === 400 || res.status === 422) {
|
|
60875
60895
|
return result(endpoint, "requestSchema", "PASS", `${res.status} on empty body`, start);
|
|
60876
60896
|
}
|
|
@@ -60879,19 +60899,19 @@ async function assertSchema(baseUrl, endpoint) {
|
|
|
60879
60899
|
return result(endpoint, "requestSchema", "SKIP", `traffic error: ${e5.message}`, start);
|
|
60880
60900
|
}
|
|
60881
60901
|
}
|
|
60882
|
-
async function runAllAssertions(baseUrl, endpoint) {
|
|
60902
|
+
async function runAllAssertions(baseUrl, endpoint, timeoutMs) {
|
|
60883
60903
|
const cases = [];
|
|
60884
|
-
const auth = await assertAuth(baseUrl, endpoint);
|
|
60904
|
+
const auth = await assertAuth(baseUrl, endpoint, timeoutMs);
|
|
60885
60905
|
if (auth) cases.push(auth);
|
|
60886
|
-
const cors = await assertCors(baseUrl, endpoint);
|
|
60906
|
+
const cors = await assertCors(baseUrl, endpoint, timeoutMs);
|
|
60887
60907
|
if (cors) cases.push(cors);
|
|
60888
|
-
const ct = await assertContentType(baseUrl, endpoint);
|
|
60908
|
+
const ct = await assertContentType(baseUrl, endpoint, timeoutMs);
|
|
60889
60909
|
if (ct) cases.push(ct);
|
|
60890
|
-
const sz = await assertMaxBodySize(baseUrl, endpoint);
|
|
60910
|
+
const sz = await assertMaxBodySize(baseUrl, endpoint, timeoutMs);
|
|
60891
60911
|
if (sz) cases.push(sz);
|
|
60892
|
-
const sch = await assertSchema(baseUrl, endpoint);
|
|
60912
|
+
const sch = await assertSchema(baseUrl, endpoint, timeoutMs);
|
|
60893
60913
|
if (sch) cases.push(sch);
|
|
60894
|
-
cases.push(...await assertRateLimit(baseUrl, endpoint));
|
|
60914
|
+
cases.push(...await assertRateLimit(baseUrl, endpoint, timeoutMs));
|
|
60895
60915
|
return cases;
|
|
60896
60916
|
}
|
|
60897
60917
|
var init_assertions = __esm({
|
|
@@ -60903,16 +60923,23 @@ var init_assertions = __esm({
|
|
|
60903
60923
|
|
|
60904
60924
|
// src/verify/readers/kong.ts
|
|
60905
60925
|
import { request as request3 } from "undici";
|
|
60906
|
-
async function getJson(base, p2) {
|
|
60926
|
+
async function getJson(base, p2, timeoutMs) {
|
|
60907
60927
|
const url = base.replace(/\/$/, "") + p2;
|
|
60908
60928
|
try {
|
|
60909
|
-
const res = await request3(url, {
|
|
60929
|
+
const res = await request3(url, {
|
|
60930
|
+
method: "GET",
|
|
60931
|
+
...timeoutMs !== void 0 ? { signal: AbortSignal.timeout(timeoutMs) } : {}
|
|
60932
|
+
});
|
|
60910
60933
|
if (res.statusCode >= 400) {
|
|
60911
60934
|
throw new Error(`${url} \u2192 HTTP ${res.statusCode}`);
|
|
60912
60935
|
}
|
|
60913
60936
|
const body = await res.body.json();
|
|
60914
60937
|
return body;
|
|
60915
60938
|
} catch (e5) {
|
|
60939
|
+
const name = e5.name;
|
|
60940
|
+
if (name === "TimeoutError" || name === "AbortError") {
|
|
60941
|
+
throw new Error(`${url} timed out after ${timeoutMs}ms`);
|
|
60942
|
+
}
|
|
60916
60943
|
const msg = e5.message;
|
|
60917
60944
|
if (/ECONNREFUSED|ENOTFOUND|EAI_AGAIN/.test(msg)) {
|
|
60918
60945
|
throw new Error(`gateway-unreachable: ${msg}`);
|
|
@@ -60920,11 +60947,11 @@ async function getJson(base, p2) {
|
|
|
60920
60947
|
throw e5;
|
|
60921
60948
|
}
|
|
60922
60949
|
}
|
|
60923
|
-
async function listAll(base, p2) {
|
|
60950
|
+
async function listAll(base, p2, timeoutMs) {
|
|
60924
60951
|
let url = p2;
|
|
60925
60952
|
const out = [];
|
|
60926
60953
|
while (url) {
|
|
60927
|
-
const page = await getJson(base, url);
|
|
60954
|
+
const page = await getJson(base, url, timeoutMs);
|
|
60928
60955
|
out.push(...page.data);
|
|
60929
60956
|
if (page.next) {
|
|
60930
60957
|
const u = new URL(page.next, base + "/");
|
|
@@ -60978,11 +61005,11 @@ var init_kong = __esm({
|
|
|
60978
61005
|
const decl = load7(kongYml.content);
|
|
60979
61006
|
return scanEmittedFromDeclarative(decl);
|
|
60980
61007
|
},
|
|
60981
|
-
async readLoadedArtifacts(gateway) {
|
|
61008
|
+
async readLoadedArtifacts(gateway, timeoutMs) {
|
|
60982
61009
|
const [services, routes, plugins] = await Promise.all([
|
|
60983
|
-
listAll(gateway, "/services"),
|
|
60984
|
-
listAll(gateway, "/routes"),
|
|
60985
|
-
listAll(gateway, "/plugins")
|
|
61010
|
+
listAll(gateway, "/services", timeoutMs),
|
|
61011
|
+
listAll(gateway, "/routes", timeoutMs),
|
|
61012
|
+
listAll(gateway, "/plugins", timeoutMs)
|
|
60986
61013
|
]);
|
|
60987
61014
|
const routeIdToName = /* @__PURE__ */ new Map();
|
|
60988
61015
|
for (const r5 of routes) if (r5.id && r5.name) routeIdToName.set(r5.id, r5.name);
|
|
@@ -61050,13 +61077,13 @@ async function readNginxConfigDump(gateway) {
|
|
|
61050
61077
|
if (m3 && m3[1]) modsecFiles.add(m3[1]);
|
|
61051
61078
|
}
|
|
61052
61079
|
const extra = [];
|
|
61053
|
-
for (const
|
|
61054
|
-
const cat = spawnSync("docker", ["exec", name, "cat",
|
|
61080
|
+
for (const path30 of modsecFiles) {
|
|
61081
|
+
const cat = spawnSync("docker", ["exec", name, "cat", path30], {
|
|
61055
61082
|
encoding: "utf8",
|
|
61056
61083
|
maxBuffer: 4 * 1024 * 1024
|
|
61057
61084
|
});
|
|
61058
61085
|
if (cat.error || cat.status !== 0) continue;
|
|
61059
|
-
extra.push(`# configuration file ${
|
|
61086
|
+
extra.push(`# configuration file ${path30}:`);
|
|
61060
61087
|
extra.push(cat.stdout || "");
|
|
61061
61088
|
}
|
|
61062
61089
|
return dump4 + "\n" + extra.join("\n");
|
|
@@ -61069,8 +61096,8 @@ function listGlobInContainer(container, glob) {
|
|
|
61069
61096
|
if (r5.error || r5.status !== 0) return [];
|
|
61070
61097
|
return (r5.stdout || "").split("\n").map((s) => s.trim()).filter(Boolean);
|
|
61071
61098
|
}
|
|
61072
|
-
function fileHasWritHeader(container,
|
|
61073
|
-
const r5 = spawnSync("docker", ["exec", container, "sh", "-c", `head -5 ${JSON.stringify(
|
|
61099
|
+
function fileHasWritHeader(container, path30) {
|
|
61100
|
+
const r5 = spawnSync("docker", ["exec", container, "sh", "-c", `head -5 ${JSON.stringify(path30)} 2>/dev/null`], {
|
|
61074
61101
|
encoding: "utf8",
|
|
61075
61102
|
maxBuffer: 64 * 1024
|
|
61076
61103
|
});
|
|
@@ -61122,8 +61149,8 @@ async function readGatewaySource(gateway) {
|
|
|
61122
61149
|
throw new Error(msg);
|
|
61123
61150
|
}
|
|
61124
61151
|
}
|
|
61125
|
-
function extractDirectives(
|
|
61126
|
-
const m3 =
|
|
61152
|
+
function extractDirectives(yaml18) {
|
|
61153
|
+
const m3 = yaml18.match(/^directives:\s*\|\s*\n([\s\S]*)$/m);
|
|
61127
61154
|
const body = m3?.[1];
|
|
61128
61155
|
if (!body) return "";
|
|
61129
61156
|
return body.split("\n").map((l3) => l3.replace(/^ {2}/, "")).join("\n");
|
|
@@ -61184,7 +61211,7 @@ var init_modsec_nginx = __esm({
|
|
|
61184
61211
|
const directives = extractDirectives(yml.content);
|
|
61185
61212
|
return scanEmittedRules(directives);
|
|
61186
61213
|
},
|
|
61187
|
-
async readLoadedArtifacts(gateway) {
|
|
61214
|
+
async readLoadedArtifacts(gateway, _timeoutMs) {
|
|
61188
61215
|
const raw = await readGatewaySource(gateway);
|
|
61189
61216
|
const out = [];
|
|
61190
61217
|
const nginxDump = await readNginxConfigDump(gateway);
|
|
@@ -61284,8 +61311,8 @@ var init_modsec_nginx = __esm({
|
|
|
61284
61311
|
import { readFile as readFile10 } from "node:fs/promises";
|
|
61285
61312
|
import { spawnSync as spawnSync2 } from "node:child_process";
|
|
61286
61313
|
import { request as request4 } from "undici";
|
|
61287
|
-
function extractDirectives2(
|
|
61288
|
-
const m3 =
|
|
61314
|
+
function extractDirectives2(yaml18) {
|
|
61315
|
+
const m3 = yaml18.match(/^directives:\s*\|\s*\n([\s\S]*)$/m);
|
|
61289
61316
|
const body = m3?.[1];
|
|
61290
61317
|
if (!body) return "";
|
|
61291
61318
|
return body.split("\n").map((l3) => l3.replace(/^ {2}/, "")).join("\n");
|
|
@@ -61351,11 +61378,14 @@ var init_coraza_go = __esm({
|
|
|
61351
61378
|
if (!yml) throw new Error("coraza generator did not emit a YAML artifact");
|
|
61352
61379
|
return scanEmittedRules2(extractDirectives2(yml.content));
|
|
61353
61380
|
},
|
|
61354
|
-
async readLoadedArtifacts(gateway) {
|
|
61381
|
+
async readLoadedArtifacts(gateway, timeoutMs) {
|
|
61355
61382
|
if (gateway.startsWith("http://") || gateway.startsWith("https://")) {
|
|
61356
61383
|
const url = gateway.replace(/\/$/, "") + "/debug/rules";
|
|
61357
61384
|
try {
|
|
61358
|
-
const res = await request4(url, {
|
|
61385
|
+
const res = await request4(url, {
|
|
61386
|
+
method: "GET",
|
|
61387
|
+
...timeoutMs !== void 0 ? { signal: AbortSignal.timeout(timeoutMs) } : {}
|
|
61388
|
+
});
|
|
61359
61389
|
if (res.statusCode >= 400) {
|
|
61360
61390
|
throw new Error(`debug-rules endpoint returned HTTP ${res.statusCode}`);
|
|
61361
61391
|
}
|
|
@@ -61363,6 +61393,10 @@ var init_coraza_go = __esm({
|
|
|
61363
61393
|
const ids = body.rules ?? [];
|
|
61364
61394
|
return ids.map((r5) => ({ id: String(r5.id), kind: "coraza-rule" }));
|
|
61365
61395
|
} catch (e5) {
|
|
61396
|
+
const name = e5.name;
|
|
61397
|
+
if (name === "TimeoutError" || name === "AbortError") {
|
|
61398
|
+
throw new Error(`${url} timed out after ${timeoutMs}ms`);
|
|
61399
|
+
}
|
|
61366
61400
|
const msg = e5.message;
|
|
61367
61401
|
if (/ECONNREFUSED|ENOTFOUND|EAI_AGAIN/.test(msg)) throw new Error(`gateway-unreachable: ${msg}`);
|
|
61368
61402
|
throw e5;
|
|
@@ -61667,7 +61701,7 @@ var init_coraza_spoa = __esm({
|
|
|
61667
61701
|
if (!yml) throw new Error("coraza generator did not emit a YAML artifact");
|
|
61668
61702
|
return scanEmittedRules3(extractDirectives3(yml.content));
|
|
61669
61703
|
},
|
|
61670
|
-
async readLoadedArtifacts(gateway) {
|
|
61704
|
+
async readLoadedArtifacts(gateway, _timeoutMs) {
|
|
61671
61705
|
const split2 = parseSpoaGateway(gateway);
|
|
61672
61706
|
const haproxyLog = split2.haproxy ? dockerLogs(split2.haproxy) : "";
|
|
61673
61707
|
const spoaLog = split2.spoa ? dockerLogs(split2.spoa) : "";
|
|
@@ -61823,15 +61857,22 @@ var init_coraza_spoa = __esm({
|
|
|
61823
61857
|
// src/verify/readers/envoy.ts
|
|
61824
61858
|
import { request as request5 } from "undici";
|
|
61825
61859
|
import * as yaml7 from "js-yaml";
|
|
61826
|
-
async function getJson2(base, p2) {
|
|
61860
|
+
async function getJson2(base, p2, timeoutMs) {
|
|
61827
61861
|
const url = base.replace(/\/$/, "") + p2;
|
|
61828
61862
|
try {
|
|
61829
|
-
const res = await request5(url, {
|
|
61863
|
+
const res = await request5(url, {
|
|
61864
|
+
method: "GET",
|
|
61865
|
+
...timeoutMs !== void 0 ? { signal: AbortSignal.timeout(timeoutMs) } : {}
|
|
61866
|
+
});
|
|
61830
61867
|
if (res.statusCode >= 400) {
|
|
61831
61868
|
throw new Error(`${url} \u2192 HTTP ${res.statusCode}`);
|
|
61832
61869
|
}
|
|
61833
61870
|
return await res.body.json();
|
|
61834
61871
|
} catch (e5) {
|
|
61872
|
+
const name = e5.name;
|
|
61873
|
+
if (name === "TimeoutError" || name === "AbortError") {
|
|
61874
|
+
throw new Error(`${url} timed out after ${timeoutMs}ms`);
|
|
61875
|
+
}
|
|
61835
61876
|
const msg = e5.message;
|
|
61836
61877
|
if (/ECONNREFUSED|ENOTFOUND|EAI_AGAIN/.test(msg)) {
|
|
61837
61878
|
throw new Error(`gateway-unreachable: ${msg}`);
|
|
@@ -61999,7 +62040,7 @@ function routeLabel(route) {
|
|
|
61999
62040
|
const match = route.match;
|
|
62000
62041
|
if (!match) return null;
|
|
62001
62042
|
const sr = match.safe_regex;
|
|
62002
|
-
const
|
|
62043
|
+
const path30 = sr?.regex ?? match.prefix ?? null;
|
|
62003
62044
|
const headers = match.headers;
|
|
62004
62045
|
let method = "";
|
|
62005
62046
|
if (headers) {
|
|
@@ -62011,7 +62052,7 @@ function routeLabel(route) {
|
|
|
62011
62052
|
}
|
|
62012
62053
|
}
|
|
62013
62054
|
}
|
|
62014
|
-
return
|
|
62055
|
+
return path30 ? `${method} ${path30}`.trim() : null;
|
|
62015
62056
|
}
|
|
62016
62057
|
function emittedToArtifacts(parsed) {
|
|
62017
62058
|
const out = [];
|
|
@@ -62063,8 +62104,8 @@ function emittedToArtifacts(parsed) {
|
|
|
62063
62104
|
});
|
|
62064
62105
|
}
|
|
62065
62106
|
for (const key of parsed.endpointPolicies) {
|
|
62066
|
-
const [method,
|
|
62067
|
-
const endpoint = method &&
|
|
62107
|
+
const [method, path30] = key.split(":", 2);
|
|
62108
|
+
const endpoint = method && path30 ? `${method} ${path30}` : key;
|
|
62068
62109
|
push({
|
|
62069
62110
|
id: key,
|
|
62070
62111
|
kind: "envoy-endpoint-policy",
|
|
@@ -62107,11 +62148,11 @@ var init_envoy3 = __esm({
|
|
|
62107
62148
|
const parsed = parseEmittedSnippet(envoyYaml.content);
|
|
62108
62149
|
return emittedToArtifacts(parsed);
|
|
62109
62150
|
},
|
|
62110
|
-
async readLoadedArtifacts(gateway) {
|
|
62151
|
+
async readLoadedArtifacts(gateway, timeoutMs) {
|
|
62111
62152
|
const [listeners, clusters, configDump] = await Promise.all([
|
|
62112
|
-
getJson2(gateway, "/listeners?format=json").catch(() => ({})),
|
|
62113
|
-
getJson2(gateway, "/clusters?format=json").catch(() => ({})),
|
|
62114
|
-
getJson2(gateway, "/config_dump?include_eds=false")
|
|
62153
|
+
getJson2(gateway, "/listeners?format=json", timeoutMs).catch(() => ({})),
|
|
62154
|
+
getJson2(gateway, "/clusters?format=json", timeoutMs).catch(() => ({})),
|
|
62155
|
+
getJson2(gateway, "/config_dump?include_eds=false", timeoutMs)
|
|
62115
62156
|
]);
|
|
62116
62157
|
const out = [];
|
|
62117
62158
|
const filterNames = /* @__PURE__ */ new Set();
|
|
@@ -62287,7 +62328,7 @@ var init_bunkerweb3 = __esm({
|
|
|
62287
62328
|
line: r5.line
|
|
62288
62329
|
}));
|
|
62289
62330
|
},
|
|
62290
|
-
async readLoadedArtifacts(gateway) {
|
|
62331
|
+
async readLoadedArtifacts(gateway, _timeoutMs) {
|
|
62291
62332
|
const split2 = parseBunkerwebGateway(gateway);
|
|
62292
62333
|
const dump4 = dumpNginxConfig(split2.bunkerweb);
|
|
62293
62334
|
const ids = /* @__PURE__ */ new Set();
|
|
@@ -62419,8 +62460,8 @@ function parseOpenappsecPolicy(policyYaml) {
|
|
|
62419
62460
|
const name = typeof obj.name === "string" ? obj.name : void 0;
|
|
62420
62461
|
const binding = obj.binding;
|
|
62421
62462
|
const method = binding && typeof binding.method === "string" ? binding.method : "";
|
|
62422
|
-
const
|
|
62423
|
-
if (name && method &&
|
|
62463
|
+
const path30 = binding && typeof binding.path === "string" ? binding.path : "";
|
|
62464
|
+
if (name && method && path30) schemaEntries.push({ name, endpoint: `${method} ${path30}` });
|
|
62424
62465
|
}
|
|
62425
62466
|
}
|
|
62426
62467
|
return { practices, assets, triggers, customResponses, schemaEntries };
|
|
@@ -62496,7 +62537,7 @@ var init_openappsec3 = __esm({
|
|
|
62496
62537
|
if (!policy) throw new Error("openappsec generator did not emit policy.yaml");
|
|
62497
62538
|
return policyToArtifacts(parseOpenappsecPolicy(policy.content));
|
|
62498
62539
|
},
|
|
62499
|
-
async readLoadedArtifacts(gateway) {
|
|
62540
|
+
async readLoadedArtifacts(gateway, _timeoutMs) {
|
|
62500
62541
|
if (!gateway.startsWith("docker:")) {
|
|
62501
62542
|
throw new Error(`openappsec gateway must be docker:<container> (got "${gateway}")`);
|
|
62502
62543
|
}
|
|
@@ -62694,7 +62735,7 @@ async function runVerify(specPath, opts) {
|
|
|
62694
62735
|
}
|
|
62695
62736
|
let unreachable = false;
|
|
62696
62737
|
try {
|
|
62697
|
-
loaded = await reader.readLoadedArtifacts(opts.gateway);
|
|
62738
|
+
loaded = await reader.readLoadedArtifacts(opts.gateway, opts.timeoutMs);
|
|
62698
62739
|
} catch (e5) {
|
|
62699
62740
|
const msg = e5.message;
|
|
62700
62741
|
diagnostics.push(`gateway read error: ${msg}`);
|
|
@@ -62856,7 +62897,7 @@ ${plan.yaml}`,
|
|
|
62856
62897
|
const cases = [];
|
|
62857
62898
|
try {
|
|
62858
62899
|
await handle.ready();
|
|
62859
|
-
const coverageOk = await verifyCoverageOrSkip(specPath, target, handle);
|
|
62900
|
+
const coverageOk = await verifyCoverageOrSkip(specPath, target, handle, opts.timeoutMs);
|
|
62860
62901
|
if (coverageOk === false) {
|
|
62861
62902
|
cases.push({
|
|
62862
62903
|
endpoint: "(gateway)",
|
|
@@ -62867,7 +62908,7 @@ ${plan.yaml}`,
|
|
|
62867
62908
|
});
|
|
62868
62909
|
} else {
|
|
62869
62910
|
for (const e5 of spec.endpoints) {
|
|
62870
|
-
cases.push(...await runAllAssertions(handle.gatewayUrl, e5));
|
|
62911
|
+
cases.push(...await runAllAssertions(handle.gatewayUrl, e5, opts.timeoutMs));
|
|
62871
62912
|
}
|
|
62872
62913
|
}
|
|
62873
62914
|
} finally {
|
|
@@ -62893,32 +62934,36 @@ ${plan.yaml}`,
|
|
|
62893
62934
|
const failures = cases.filter((c5) => c5.verdict === "FAIL").length;
|
|
62894
62935
|
return { report, rendered, composeYaml: plan.yaml, exitCode: failures > 0 ? 1 : 0 };
|
|
62895
62936
|
}
|
|
62896
|
-
async function verifyCoverageOrSkip(specPath, target, handle) {
|
|
62937
|
+
async function verifyCoverageOrSkip(specPath, target, handle, timeoutMs) {
|
|
62938
|
+
const timeoutOpt = timeoutMs !== void 0 ? { timeoutMs } : {};
|
|
62897
62939
|
try {
|
|
62898
62940
|
if (target === "kong") {
|
|
62899
62941
|
const adminUrl = handle.gatewayUrl.replace(/:(\d+)$/, (_, p2) => `:${Number(p2) + 1}`);
|
|
62900
|
-
const r5 = await runVerify(specPath, { target: "kong", gateway: adminUrl });
|
|
62942
|
+
const r5 = await runVerify(specPath, { target: "kong", gateway: adminUrl, ...timeoutOpt });
|
|
62901
62943
|
return r5.exitCode === 0;
|
|
62902
62944
|
}
|
|
62903
62945
|
if (target === "coraza") {
|
|
62904
62946
|
const r5 = await runVerify(specPath, {
|
|
62905
62947
|
target: "coraza",
|
|
62906
62948
|
engine: "modsec-nginx",
|
|
62907
|
-
gateway: `docker:${handle.gatewayContainerName}
|
|
62949
|
+
gateway: `docker:${handle.gatewayContainerName}`,
|
|
62950
|
+
...timeoutOpt
|
|
62908
62951
|
});
|
|
62909
62952
|
return r5.exitCode === 0;
|
|
62910
62953
|
}
|
|
62911
62954
|
if (target === "bunkerweb") {
|
|
62912
62955
|
const r5 = await runVerify(specPath, {
|
|
62913
62956
|
target: "bunkerweb",
|
|
62914
|
-
gateway: `docker:${handle.gatewayContainerName}
|
|
62957
|
+
gateway: `docker:${handle.gatewayContainerName}`,
|
|
62958
|
+
...timeoutOpt
|
|
62915
62959
|
});
|
|
62916
62960
|
return r5.exitCode === 0;
|
|
62917
62961
|
}
|
|
62918
62962
|
if (target === "openappsec") {
|
|
62919
62963
|
const r5 = await runVerify(specPath, {
|
|
62920
62964
|
target: "openappsec",
|
|
62921
|
-
gateway: `docker:${handle.gatewayContainerName}
|
|
62965
|
+
gateway: `docker:${handle.gatewayContainerName}`,
|
|
62966
|
+
...timeoutOpt
|
|
62922
62967
|
});
|
|
62923
62968
|
return r5.exitCode === 0;
|
|
62924
62969
|
}
|
|
@@ -63768,9 +63813,9 @@ var init_init = __esm({
|
|
|
63768
63813
|
// ../cursor-mcp/dist/tools/propose-annotation.js
|
|
63769
63814
|
function propose(input) {
|
|
63770
63815
|
const method = (input.method ?? "GET").toUpperCase();
|
|
63771
|
-
const
|
|
63816
|
+
const path30 = input.path ?? "/";
|
|
63772
63817
|
const desc = (input.description ?? "").toLowerCase();
|
|
63773
|
-
const lower =
|
|
63818
|
+
const lower = path30.toLowerCase();
|
|
63774
63819
|
const rationale = [];
|
|
63775
63820
|
const isAuthEndpoint = /\/(login|signin|signup|register|auth|token|password[-_/]?reset|forgot[-_/]?password)\b/.test(lower) || desc.includes("login") || desc.includes("sign in") || desc.includes("signup");
|
|
63776
63821
|
const isAdmin = /\/admin(\/|$)/.test(lower) || desc.includes("admin");
|
|
@@ -63808,7 +63853,7 @@ function propose(input) {
|
|
|
63808
63853
|
const maxBody = isUpload ? "10MB" : "32KB";
|
|
63809
63854
|
if (isUpload)
|
|
63810
63855
|
rationale.push("upload endpoint \u2014 10MB body cap");
|
|
63811
|
-
const hasIdParam = /\{[^}]+\}/.test(
|
|
63856
|
+
const hasIdParam = /\{[^}]+\}/.test(path30) || /:[A-Za-z_][\w]*/.test(path30);
|
|
63812
63857
|
if (hasIdParam) {
|
|
63813
63858
|
rationale.push("path has a resource identifier \u2014 add authorization rules to prevent IDOR (API1:2023)");
|
|
63814
63859
|
}
|
|
@@ -63865,12 +63910,12 @@ var init_propose_annotation = __esm({
|
|
|
63865
63910
|
if (!input.method || !input.path) {
|
|
63866
63911
|
throw new Error("method and path are required");
|
|
63867
63912
|
}
|
|
63868
|
-
const { yaml:
|
|
63913
|
+
const { yaml: yaml18, rationale } = propose(input);
|
|
63869
63914
|
return `# Proposed x-security for ${input.method.toUpperCase()} ${input.path}
|
|
63870
63915
|
# Rationale:
|
|
63871
63916
|
` + rationale.map((r5) => `# - ${r5}`).join("\n") + `
|
|
63872
63917
|
|
|
63873
|
-
${
|
|
63918
|
+
${yaml18}`;
|
|
63874
63919
|
}
|
|
63875
63920
|
};
|
|
63876
63921
|
}
|
|
@@ -64288,11 +64333,11 @@ async function runVerifyBundle(tarballPath, opts = {}) {
|
|
|
64288
64333
|
} else {
|
|
64289
64334
|
pubKeyPem = BUNDLE_VERIFY_PUBLIC_KEY;
|
|
64290
64335
|
}
|
|
64291
|
-
const
|
|
64336
|
+
const tmpdir5 = fs.mkdtempSync(path6.join(os2.tmpdir(), "writ-verify-"));
|
|
64292
64337
|
try {
|
|
64293
|
-
await extractTarball(tarballPath,
|
|
64294
|
-
const manifestPath = path6.join(
|
|
64295
|
-
const sigPath = path6.join(
|
|
64338
|
+
await extractTarball(tarballPath, tmpdir5);
|
|
64339
|
+
const manifestPath = path6.join(tmpdir5, MANIFEST);
|
|
64340
|
+
const sigPath = path6.join(tmpdir5, SIG);
|
|
64296
64341
|
if (!fs.existsSync(manifestPath)) {
|
|
64297
64342
|
return { exitCode: 1, message: `verify-bundle: ${MANIFEST} missing from bundle` };
|
|
64298
64343
|
}
|
|
@@ -64321,7 +64366,7 @@ async function runVerifyBundle(tarballPath, opts = {}) {
|
|
|
64321
64366
|
};
|
|
64322
64367
|
}
|
|
64323
64368
|
const expectedHex = expected.slice("sha256:".length).toLowerCase();
|
|
64324
|
-
const filePath = path6.join(
|
|
64369
|
+
const filePath = path6.join(tmpdir5, relPath);
|
|
64325
64370
|
if (!fs.existsSync(filePath)) {
|
|
64326
64371
|
process.stderr.write(`hash mismatch: ${relPath} (missing from bundle)
|
|
64327
64372
|
`);
|
|
@@ -64360,7 +64405,7 @@ pubkey fingerprint: ${fingerprint}`,
|
|
|
64360
64405
|
};
|
|
64361
64406
|
} finally {
|
|
64362
64407
|
try {
|
|
64363
|
-
fs.rmSync(
|
|
64408
|
+
fs.rmSync(tmpdir5, { recursive: true, force: true });
|
|
64364
64409
|
} catch {
|
|
64365
64410
|
}
|
|
64366
64411
|
}
|
|
@@ -64424,6 +64469,7 @@ async function runVerifyCli(specPath, opts) {
|
|
|
64424
64469
|
};
|
|
64425
64470
|
if (engine) runOpts.engine = engine;
|
|
64426
64471
|
if (opts.threshold !== void 0) runOpts.thresholdPct = opts.threshold;
|
|
64472
|
+
if (opts.timeoutMs !== void 0) runOpts.timeoutMs = opts.timeoutMs;
|
|
64427
64473
|
const r5 = await runVerify(specPath, runOpts);
|
|
64428
64474
|
return { rendered: r5.rendered, exitCode: r5.exitCode, passed: r5.report.passed };
|
|
64429
64475
|
}
|
|
@@ -67102,8 +67148,8 @@ function isSelfMutationBodyOwnership(route, policy) {
|
|
|
67102
67148
|
const hasBodyOwnership = fields.some((f5) => f5.loc === "body");
|
|
67103
67149
|
if (!hasBodyOwnership)
|
|
67104
67150
|
return false;
|
|
67105
|
-
const
|
|
67106
|
-
if (SELF_MUTATION_PATH_TOKENS.some((t) =>
|
|
67151
|
+
const path30 = route.path.toLowerCase();
|
|
67152
|
+
if (SELF_MUTATION_PATH_TOKENS.some((t) => path30.includes(t)))
|
|
67107
67153
|
return true;
|
|
67108
67154
|
const pinsRequestVisibleId = fields.some((f5) => f5.loc === "path" || f5.loc === "params" || f5.loc === "query");
|
|
67109
67155
|
return !pinsRequestVisibleId;
|
|
@@ -67406,8 +67452,8 @@ function normPath(p2) {
|
|
|
67406
67452
|
}
|
|
67407
67453
|
return out;
|
|
67408
67454
|
}
|
|
67409
|
-
function routeKey(method,
|
|
67410
|
-
return `${method}\0${normPath(
|
|
67455
|
+
function routeKey(method, path30) {
|
|
67456
|
+
return `${method}\0${normPath(path30)}`;
|
|
67411
67457
|
}
|
|
67412
67458
|
function dedupeRoutes(routes) {
|
|
67413
67459
|
const seen = /* @__PURE__ */ new Map();
|
|
@@ -67437,8 +67483,8 @@ function dedupeRoutes(routes) {
|
|
|
67437
67483
|
}
|
|
67438
67484
|
return out;
|
|
67439
67485
|
}
|
|
67440
|
-
function underMount(prefix,
|
|
67441
|
-
const p2 = "/" +
|
|
67486
|
+
function underMount(prefix, path30) {
|
|
67487
|
+
const p2 = "/" + path30.replace(/^\/+/, "");
|
|
67442
67488
|
const full = prefix ? prefix.replace(/\/+$/, "") + p2 : p2;
|
|
67443
67489
|
return full.replace(/\/\/+/g, "/");
|
|
67444
67490
|
}
|
|
@@ -70057,8 +70103,8 @@ function compileAssumptionsToPolicy(emission) {
|
|
|
70057
70103
|
return { emission, applied: [] };
|
|
70058
70104
|
const applied = [];
|
|
70059
70105
|
const policy = emission.policy ? structuredClone(emission.policy) : {};
|
|
70060
|
-
const
|
|
70061
|
-
const schema =
|
|
70106
|
+
const request9 = policy["request"] ??= {};
|
|
70107
|
+
const schema = request9["schema"] ??= {};
|
|
70062
70108
|
for (const a5 of emission.assumptions) {
|
|
70063
70109
|
if (a5.confidence !== "high" && a5.confidence !== "medium")
|
|
70064
70110
|
continue;
|
|
@@ -70121,8 +70167,8 @@ function compileAssumptionsToPolicy(emission) {
|
|
|
70121
70167
|
continue;
|
|
70122
70168
|
}
|
|
70123
70169
|
if (hint.kind === "denyUnknownFields") {
|
|
70124
|
-
if (
|
|
70125
|
-
|
|
70170
|
+
if (request9["denyUnknownFields"] !== true) {
|
|
70171
|
+
request9["denyUnknownFields"] = true;
|
|
70126
70172
|
applied.push("request.denyUnknownFields:true");
|
|
70127
70173
|
}
|
|
70128
70174
|
continue;
|
|
@@ -70155,10 +70201,10 @@ function compileAssumptionsToPolicy(emission) {
|
|
|
70155
70201
|
continue;
|
|
70156
70202
|
}
|
|
70157
70203
|
if (hint.kind === "contentType") {
|
|
70158
|
-
if (
|
|
70204
|
+
if (request9["contentType"] !== void 0)
|
|
70159
70205
|
continue;
|
|
70160
70206
|
const allowed = hint.allowed && hint.allowed.length > 0 ? hint.allowed : ["application/json"];
|
|
70161
|
-
|
|
70207
|
+
request9["contentType"] = allowed;
|
|
70162
70208
|
applied.push(`request.contentType:[${allowed.join(",")}]`);
|
|
70163
70209
|
continue;
|
|
70164
70210
|
}
|
|
@@ -72039,12 +72085,12 @@ function dismissalProvesOwnership(cites, surface) {
|
|
|
72039
72085
|
return PRINCIPAL_TOKEN_RE2.test(q2) && COMPARE_OR_BIND_RE.test(q2);
|
|
72040
72086
|
});
|
|
72041
72087
|
}
|
|
72042
|
-
function isSensitivePath(
|
|
72043
|
-
const p2 =
|
|
72088
|
+
function isSensitivePath(path30) {
|
|
72089
|
+
const p2 = path30.toLowerCase();
|
|
72044
72090
|
return SENSITIVE_PATH_TOKENS.some((t) => p2.includes(t));
|
|
72045
72091
|
}
|
|
72046
|
-
function isAuthEndpointPath(
|
|
72047
|
-
const p2 =
|
|
72092
|
+
function isAuthEndpointPath(path30) {
|
|
72093
|
+
const p2 = path30.toLowerCase();
|
|
72048
72094
|
return AUTH_ENDPOINT_PATH_TOKENS.some((t) => p2.includes(t));
|
|
72049
72095
|
}
|
|
72050
72096
|
function findCredentialCheck(pack) {
|
|
@@ -72175,7 +72221,7 @@ function citedDismissalCovers(cites, surface) {
|
|
|
72175
72221
|
function assessRouteDepth(args) {
|
|
72176
72222
|
const { policy, pack } = args;
|
|
72177
72223
|
const method = args.method.toUpperCase();
|
|
72178
|
-
const
|
|
72224
|
+
const path30 = args.path ?? "";
|
|
72179
72225
|
const auth = args.auth;
|
|
72180
72226
|
const dismissalCites = args.dismissalCites;
|
|
72181
72227
|
const gaps = [];
|
|
@@ -72252,7 +72298,7 @@ function assessRouteDepth(args) {
|
|
|
72252
72298
|
}
|
|
72253
72299
|
}
|
|
72254
72300
|
{
|
|
72255
|
-
const sensitive = isSensitivePath(
|
|
72301
|
+
const sensitive = isSensitivePath(path30) || emitsPrincipalScopedOutput(pack);
|
|
72256
72302
|
const hasAuthBlock = Boolean(policy.authentication && policy.authentication.type && policy.authentication.type !== "none");
|
|
72257
72303
|
const c1 = sensitive && authChainResolvedEmpty && !hasAuthBlock;
|
|
72258
72304
|
const c22 = sensitive && !authChainResolvedEmpty && !hasAuthBlock;
|
|
@@ -72263,7 +72309,7 @@ function assessRouteDepth(args) {
|
|
|
72263
72309
|
const why = c1 ? `the resolved auth chain is EMPTY (no middleware, no inline auth call)` : `app middleware exists but the emitted policy carries no authentication block (the gateway is the enforcement point, not app middleware)`;
|
|
72264
72310
|
const gap = {
|
|
72265
72311
|
kind: "sensitive-route-no-auth",
|
|
72266
|
-
detail: `${method} ${
|
|
72312
|
+
detail: `${method} ${path30 || "(route)"} is sensitive (path token or principal-scoped output) and ${why}. Emit an authentication block, or cite a public-routes allowlist line proving it is intentionally public.`,
|
|
72267
72313
|
surface: surfaceCite
|
|
72268
72314
|
};
|
|
72269
72315
|
gaps.push(gap);
|
|
@@ -72272,7 +72318,7 @@ function assessRouteDepth(args) {
|
|
|
72272
72318
|
}
|
|
72273
72319
|
{
|
|
72274
72320
|
const credCheck = findCredentialCheck(pack);
|
|
72275
|
-
const isAuthEndpoint = isAuthEndpointPath(
|
|
72321
|
+
const isAuthEndpoint = isAuthEndpointPath(path30) || credCheck !== null;
|
|
72276
72322
|
if (isAuthEndpoint && !rateLimitPresent(policy.rateLimit)) {
|
|
72277
72323
|
const surfaceCite = credCheck ?? (pack.handlerSnippet ? {
|
|
72278
72324
|
file: pack.handlerSnippet.file,
|
|
@@ -72282,7 +72328,7 @@ function assessRouteDepth(args) {
|
|
|
72282
72328
|
if (surfaceCite && !citedDismissalCovers(dismissalCites, surfaceCite)) {
|
|
72283
72329
|
gaps.push({
|
|
72284
72330
|
kind: "auth-endpoint-no-rate-limit",
|
|
72285
|
-
detail: `${method} ${
|
|
72331
|
+
detail: `${method} ${path30 || "(route)"} is an authentication/credential endpoint with no rateLimit \u2014 a brute-force surface. Emit a rateLimit (e.g. { requests: 5, window: '1m', identifier: 'ip' }) or cite why it is intentionally unthrottled.`,
|
|
72286
72332
|
surface: surfaceCite
|
|
72287
72333
|
});
|
|
72288
72334
|
}
|
|
@@ -73100,8 +73146,8 @@ var init_push = __esm({
|
|
|
73100
73146
|
PushError = class extends Error {
|
|
73101
73147
|
};
|
|
73102
73148
|
defaultPoster = async (url, init) => {
|
|
73103
|
-
const { request:
|
|
73104
|
-
const res = await
|
|
73149
|
+
const { request: request9 } = await import("undici");
|
|
73150
|
+
const res = await request9(url, { method: "POST", headers: init.headers, body: init.body });
|
|
73105
73151
|
const text = await res.body.text();
|
|
73106
73152
|
let body = text;
|
|
73107
73153
|
try {
|
|
@@ -74419,17 +74465,511 @@ var init_byo_commands = __esm({
|
|
|
74419
74465
|
}
|
|
74420
74466
|
});
|
|
74421
74467
|
|
|
74422
|
-
// src/
|
|
74423
|
-
|
|
74468
|
+
// src/commands/doctor.ts
|
|
74469
|
+
import Docker from "dockerode";
|
|
74470
|
+
import { request as request7 } from "undici";
|
|
74471
|
+
async function runDoctor(opts = {}) {
|
|
74472
|
+
const checks = [checkNode(), await checkDocker()];
|
|
74473
|
+
if (opts.gateway) {
|
|
74474
|
+
checks.push(await checkGateway(opts.gateway, opts.timeoutMs ?? DEFAULT_GATEWAY_TIMEOUT_MS));
|
|
74475
|
+
}
|
|
74476
|
+
const exitCode = checks.some((c5) => c5.status === "fail") ? 1 : 0;
|
|
74477
|
+
const rendered = opts.format === "json" ? renderJson2(checks, exitCode) : renderTable3(checks);
|
|
74478
|
+
return { exitCode, rendered, checks };
|
|
74479
|
+
}
|
|
74480
|
+
function checkNode() {
|
|
74481
|
+
const version = process.versions.node;
|
|
74482
|
+
const major = Number(version.split(".")[0]);
|
|
74483
|
+
const ok2 = major >= MIN_NODE_MAJOR;
|
|
74484
|
+
return {
|
|
74485
|
+
name: "node",
|
|
74486
|
+
status: ok2 ? "ok" : "fail",
|
|
74487
|
+
detail: `v${version} (requires >=${MIN_NODE_MAJOR})`
|
|
74488
|
+
};
|
|
74489
|
+
}
|
|
74490
|
+
async function checkDocker() {
|
|
74491
|
+
try {
|
|
74492
|
+
const docker = new Docker();
|
|
74493
|
+
await withTimeout(docker.ping(), DOCKER_PING_TIMEOUT_MS);
|
|
74494
|
+
return { name: "docker", status: "ok", detail: "daemon reachable" };
|
|
74495
|
+
} catch (e5) {
|
|
74496
|
+
return {
|
|
74497
|
+
name: "docker",
|
|
74498
|
+
status: "warn",
|
|
74499
|
+
detail: `Docker not reachable \u2014 only needed for \`test\` (${e5.message})`
|
|
74500
|
+
};
|
|
74501
|
+
}
|
|
74502
|
+
}
|
|
74503
|
+
function withTimeout(p2, ms) {
|
|
74504
|
+
return new Promise((resolve2, reject) => {
|
|
74505
|
+
const timer = setTimeout(() => reject(new Error(`timed out after ${ms}ms`)), ms);
|
|
74506
|
+
p2.then(
|
|
74507
|
+
(v) => {
|
|
74508
|
+
clearTimeout(timer);
|
|
74509
|
+
resolve2(v);
|
|
74510
|
+
},
|
|
74511
|
+
(e5) => {
|
|
74512
|
+
clearTimeout(timer);
|
|
74513
|
+
reject(e5);
|
|
74514
|
+
}
|
|
74515
|
+
);
|
|
74516
|
+
});
|
|
74517
|
+
}
|
|
74518
|
+
function isHttpUrl(value) {
|
|
74519
|
+
try {
|
|
74520
|
+
const u = new URL(value);
|
|
74521
|
+
return u.protocol === "http:" || u.protocol === "https:";
|
|
74522
|
+
} catch {
|
|
74523
|
+
return false;
|
|
74524
|
+
}
|
|
74525
|
+
}
|
|
74526
|
+
async function checkGateway(gateway, timeoutMs) {
|
|
74527
|
+
if (!isHttpUrl(gateway)) {
|
|
74528
|
+
return {
|
|
74529
|
+
name: "gateway",
|
|
74530
|
+
status: "ok",
|
|
74531
|
+
detail: `skipped: non-HTTP gateway (${gateway})`
|
|
74532
|
+
};
|
|
74533
|
+
}
|
|
74534
|
+
try {
|
|
74535
|
+
await request7(gateway, { signal: AbortSignal.timeout(timeoutMs) });
|
|
74536
|
+
return { name: "gateway", status: "ok", detail: `reachable at ${gateway}` };
|
|
74537
|
+
} catch (e5) {
|
|
74538
|
+
return {
|
|
74539
|
+
name: "gateway",
|
|
74540
|
+
status: "fail",
|
|
74541
|
+
detail: `unreachable: ${gateway} (${e5.message})`
|
|
74542
|
+
};
|
|
74543
|
+
}
|
|
74544
|
+
}
|
|
74545
|
+
function renderJson2(checks, exitCode) {
|
|
74546
|
+
return JSON.stringify({ checks, ok: exitCode === 0 }, null, 2) + "\n";
|
|
74547
|
+
}
|
|
74548
|
+
function renderTable3(checks) {
|
|
74549
|
+
const nameWidth = Math.max(...checks.map((c5) => c5.name.length));
|
|
74550
|
+
const lines = checks.map(
|
|
74551
|
+
(c5) => `[${c5.status}]${" ".repeat(Math.max(1, 6 - c5.status.length))}${c5.name.padEnd(nameWidth)} ${c5.detail}`
|
|
74552
|
+
);
|
|
74553
|
+
return lines.join("\n") + "\n";
|
|
74554
|
+
}
|
|
74555
|
+
function registerDoctor(program2) {
|
|
74556
|
+
program2.command("doctor").description("Preflight: check Node, Docker, and (optionally) a gateway URL are usable.").option("--format <fmt>", "table|json (default table)", "table").option("--gateway <url>", "Also check this gateway admin URL is reachable").option("--timeout <ms>", "Gateway reachability timeout (default 3000)", (v) => Number(v)).action(async (opts) => {
|
|
74557
|
+
try {
|
|
74558
|
+
const doctorOpts = { format: opts.format };
|
|
74559
|
+
if (opts.gateway !== void 0) doctorOpts.gateway = opts.gateway;
|
|
74560
|
+
if (opts.timeout !== void 0) doctorOpts.timeoutMs = opts.timeout;
|
|
74561
|
+
const r5 = await runDoctor(doctorOpts);
|
|
74562
|
+
process.stdout.write(r5.rendered);
|
|
74563
|
+
process.exit(r5.exitCode);
|
|
74564
|
+
} catch (e5) {
|
|
74565
|
+
process.stderr.write(`doctor failed: ${e5.message}
|
|
74566
|
+
`);
|
|
74567
|
+
process.exit(1);
|
|
74568
|
+
}
|
|
74569
|
+
});
|
|
74570
|
+
}
|
|
74571
|
+
var MIN_NODE_MAJOR, DEFAULT_GATEWAY_TIMEOUT_MS, DOCKER_PING_TIMEOUT_MS;
|
|
74572
|
+
var init_doctor = __esm({
|
|
74573
|
+
"src/commands/doctor.ts"() {
|
|
74574
|
+
"use strict";
|
|
74575
|
+
MIN_NODE_MAJOR = 20;
|
|
74576
|
+
DEFAULT_GATEWAY_TIMEOUT_MS = 3e3;
|
|
74577
|
+
DOCKER_PING_TIMEOUT_MS = 2e3;
|
|
74578
|
+
}
|
|
74579
|
+
});
|
|
74580
|
+
|
|
74581
|
+
// src/bin/completion.ts
|
|
74582
|
+
function sanitizeIdentifier(binName) {
|
|
74583
|
+
return binName.replace(/[^A-Za-z0-9_]/g, "_");
|
|
74584
|
+
}
|
|
74585
|
+
function generateBash(binName, subcommands) {
|
|
74586
|
+
const fnName = `_${sanitizeIdentifier(binName)}_completions`;
|
|
74587
|
+
const words = subcommands.join(" ");
|
|
74588
|
+
return `# bash completion for ${binName}
|
|
74589
|
+
${fnName}() {
|
|
74590
|
+
local cur
|
|
74591
|
+
cur="\${COMP_WORDS[1]}"
|
|
74592
|
+
COMPREPLY=( $(compgen -W "${words}" -- "$cur") )
|
|
74593
|
+
}
|
|
74594
|
+
complete -F ${fnName} ${binName}
|
|
74595
|
+
`;
|
|
74596
|
+
}
|
|
74597
|
+
function generateZsh(binName, subcommands) {
|
|
74598
|
+
const words = subcommands.join(" ");
|
|
74599
|
+
return `#compdef ${binName}
|
|
74600
|
+
# zsh completion for ${binName}
|
|
74601
|
+
_${sanitizeIdentifier(binName)}() {
|
|
74602
|
+
local -a subcommands
|
|
74603
|
+
subcommands=(${words})
|
|
74604
|
+
_describe 'command' subcommands
|
|
74605
|
+
}
|
|
74606
|
+
compdef _${sanitizeIdentifier(binName)} ${binName}
|
|
74607
|
+
`;
|
|
74608
|
+
}
|
|
74609
|
+
function generateFish(binName, subcommands) {
|
|
74610
|
+
const words = subcommands.join(" ");
|
|
74611
|
+
return `# fish completion for ${binName}
|
|
74612
|
+
complete -c ${binName} -f -n '__fish_use_subcommand' -a '${words}'
|
|
74613
|
+
`;
|
|
74614
|
+
}
|
|
74615
|
+
function generateCompletion(shell, binName, subcommands) {
|
|
74616
|
+
switch (shell) {
|
|
74617
|
+
case "bash":
|
|
74618
|
+
return generateBash(binName, subcommands);
|
|
74619
|
+
case "zsh":
|
|
74620
|
+
return generateZsh(binName, subcommands);
|
|
74621
|
+
case "fish":
|
|
74622
|
+
return generateFish(binName, subcommands);
|
|
74623
|
+
}
|
|
74624
|
+
}
|
|
74625
|
+
function isSupportedShell(shell) {
|
|
74626
|
+
return SUPPORTED_SHELLS.includes(shell);
|
|
74627
|
+
}
|
|
74628
|
+
function registerCompletion(program2) {
|
|
74629
|
+
program2.command("completion [shell]").description(
|
|
74630
|
+
'Print a shell completion script. Usage: eval "$(<bin> completion zsh)" or add to your rc file.'
|
|
74631
|
+
).addHelpText(
|
|
74632
|
+
"after",
|
|
74633
|
+
`
|
|
74634
|
+
Examples:
|
|
74635
|
+
# bash: add to ~/.bashrc
|
|
74636
|
+
eval "$(${program2.name()} completion bash)"
|
|
74637
|
+
|
|
74638
|
+
# zsh: add to ~/.zshrc
|
|
74639
|
+
eval "$(${program2.name()} completion zsh)"
|
|
74640
|
+
|
|
74641
|
+
# fish: write to a completions file
|
|
74642
|
+
${program2.name()} completion fish > ~/.config/fish/completions/${program2.name()}.fish
|
|
74643
|
+
`
|
|
74644
|
+
).action((shell) => {
|
|
74645
|
+
const binName = program2.name();
|
|
74646
|
+
const subcommands = program2.commands.map((c5) => c5.name()).filter((name) => name !== "completion" && name !== "help");
|
|
74647
|
+
const resolvedShell = shell ?? "bash";
|
|
74648
|
+
if (!isSupportedShell(resolvedShell)) {
|
|
74649
|
+
process.stderr.write(`unsupported shell "${resolvedShell}" (use bash|zsh|fish)
|
|
74650
|
+
`);
|
|
74651
|
+
process.exit(1);
|
|
74652
|
+
return;
|
|
74653
|
+
}
|
|
74654
|
+
process.stdout.write(generateCompletion(resolvedShell, binName, subcommands));
|
|
74655
|
+
});
|
|
74656
|
+
}
|
|
74657
|
+
var SUPPORTED_SHELLS;
|
|
74658
|
+
var init_completion = __esm({
|
|
74659
|
+
"src/bin/completion.ts"() {
|
|
74660
|
+
"use strict";
|
|
74661
|
+
SUPPORTED_SHELLS = ["bash", "zsh", "fish"];
|
|
74662
|
+
}
|
|
74663
|
+
});
|
|
74664
|
+
|
|
74665
|
+
// src/bin/update-check.ts
|
|
74424
74666
|
import { readFileSync as readFileSync4 } from "node:fs";
|
|
74425
|
-
import {
|
|
74667
|
+
import { dirname as dirname4, join as join12 } from "node:path";
|
|
74426
74668
|
import { fileURLToPath as fileURLToPath2 } from "node:url";
|
|
74669
|
+
import { request as request8 } from "undici";
|
|
74670
|
+
function resolvePackageMeta() {
|
|
74671
|
+
const here = dirname4(fileURLToPath2(import.meta.url));
|
|
74672
|
+
for (const rel of ["../package.json", "../../package.json"]) {
|
|
74673
|
+
try {
|
|
74674
|
+
const pkg = JSON.parse(readFileSync4(join12(here, rel), "utf8"));
|
|
74675
|
+
if (typeof pkg.name === "string" && typeof pkg.version === "string") {
|
|
74676
|
+
return { name: pkg.name, version: pkg.version };
|
|
74677
|
+
}
|
|
74678
|
+
} catch {
|
|
74679
|
+
}
|
|
74680
|
+
}
|
|
74681
|
+
return { name: "x-security", version: "0.0.0" };
|
|
74682
|
+
}
|
|
74683
|
+
async function fetchLatestVersion(name, timeoutMs = 2e3) {
|
|
74684
|
+
try {
|
|
74685
|
+
const { body } = await request8(`https://registry.npmjs.org/${encodeURIComponent(name)}/latest`, {
|
|
74686
|
+
signal: AbortSignal.timeout(timeoutMs)
|
|
74687
|
+
});
|
|
74688
|
+
const json = await body.json();
|
|
74689
|
+
return typeof json.version === "string" ? json.version : null;
|
|
74690
|
+
} catch {
|
|
74691
|
+
return null;
|
|
74692
|
+
}
|
|
74693
|
+
}
|
|
74694
|
+
function toSegments(v) {
|
|
74695
|
+
const [major, minor, patch] = v.split(".").map((n2) => parseInt(n2, 10));
|
|
74696
|
+
return [major || 0, minor || 0, patch || 0];
|
|
74697
|
+
}
|
|
74698
|
+
function isNewer(latest, current) {
|
|
74699
|
+
const [aMajor, aMinor, aPatch] = toSegments(latest);
|
|
74700
|
+
const [bMajor, bMinor, bPatch] = toSegments(current);
|
|
74701
|
+
if (aMajor !== bMajor) return aMajor > bMajor;
|
|
74702
|
+
if (aMinor !== bMinor) return aMinor > bMinor;
|
|
74703
|
+
return aPatch > bPatch;
|
|
74704
|
+
}
|
|
74705
|
+
function truthyEnv(v) {
|
|
74706
|
+
return !!v && v !== "0" && v.toLowerCase() !== "false";
|
|
74707
|
+
}
|
|
74708
|
+
function registerUpdateCheck(program2) {
|
|
74709
|
+
program2.command("update-check").description("Check npm for a newer release (explicit; makes one network call).").option("--timeout <ms>", "Registry request timeout in ms", (v) => Number(v)).action(async (opts) => {
|
|
74710
|
+
const { name, version } = resolvePackageMeta();
|
|
74711
|
+
const latest = await fetchLatestVersion(name, opts.timeout);
|
|
74712
|
+
if (latest === null) {
|
|
74713
|
+
process.stderr.write("update-check failed: could not reach npm registry\n");
|
|
74714
|
+
process.exit(1);
|
|
74715
|
+
return;
|
|
74716
|
+
}
|
|
74717
|
+
if (isNewer(latest, version)) {
|
|
74718
|
+
process.stdout.write(`update available: ${version} \u2192 ${latest} (npm i -g ${name}@latest)
|
|
74719
|
+
`);
|
|
74720
|
+
} else {
|
|
74721
|
+
process.stdout.write(`up to date (v${version})
|
|
74722
|
+
`);
|
|
74723
|
+
}
|
|
74724
|
+
});
|
|
74725
|
+
program2.hook("postAction", async () => {
|
|
74726
|
+
if (!truthyEnv(process.env.XSECURITY_UPDATE_CHECK)) return;
|
|
74727
|
+
if (truthyEnv(process.env.NO_UPDATE_NOTIFIER) || truthyEnv(process.env.XSECURITY_NO_UPDATE_CHECK)) return;
|
|
74728
|
+
try {
|
|
74729
|
+
const { name, version } = resolvePackageMeta();
|
|
74730
|
+
const latest = await fetchLatestVersion(name);
|
|
74731
|
+
if (latest !== null && isNewer(latest, version)) {
|
|
74732
|
+
process.stderr.write(`\u21E1 x-security ${latest} available (you have ${version}) \u2014 run: ${name} update-check
|
|
74733
|
+
`);
|
|
74734
|
+
}
|
|
74735
|
+
} catch {
|
|
74736
|
+
}
|
|
74737
|
+
});
|
|
74738
|
+
}
|
|
74739
|
+
var init_update_check = __esm({
|
|
74740
|
+
"src/bin/update-check.ts"() {
|
|
74741
|
+
"use strict";
|
|
74742
|
+
}
|
|
74743
|
+
});
|
|
74744
|
+
|
|
74745
|
+
// src/config/defaults.ts
|
|
74746
|
+
import { existsSync as existsSync4, readFileSync as readFileSync5 } from "node:fs";
|
|
74747
|
+
import os3 from "node:os";
|
|
74748
|
+
import path28 from "node:path";
|
|
74749
|
+
import yaml17 from "js-yaml";
|
|
74750
|
+
function readConfigFile(file) {
|
|
74751
|
+
try {
|
|
74752
|
+
if (!existsSync4(file)) return {};
|
|
74753
|
+
const raw = readFileSync5(file, "utf8");
|
|
74754
|
+
const doc = yaml17.load(raw);
|
|
74755
|
+
return pickKnown(doc);
|
|
74756
|
+
} catch {
|
|
74757
|
+
return {};
|
|
74758
|
+
}
|
|
74759
|
+
}
|
|
74760
|
+
function pickKnown(doc) {
|
|
74761
|
+
if (doc === null || typeof doc !== "object") return {};
|
|
74762
|
+
const src = doc;
|
|
74763
|
+
const out = {};
|
|
74764
|
+
if (typeof src.format === "string") out.format = src.format;
|
|
74765
|
+
if (typeof src.out === "string") out.out = src.out;
|
|
74766
|
+
if (src.timeout !== void 0) {
|
|
74767
|
+
const n2 = Number(src.timeout);
|
|
74768
|
+
if (!Number.isNaN(n2)) out.timeout = n2;
|
|
74769
|
+
}
|
|
74770
|
+
return out;
|
|
74771
|
+
}
|
|
74772
|
+
function firstExisting(candidates) {
|
|
74773
|
+
return candidates.find((c5) => existsSync4(c5));
|
|
74774
|
+
}
|
|
74775
|
+
function loadConfig2(cwd = process.cwd(), home = os3.homedir()) {
|
|
74776
|
+
const homeFile = firstExisting([
|
|
74777
|
+
path28.join(home, ".config", "xsecurity", "config.yaml"),
|
|
74778
|
+
path28.join(home, ".config", "xsecurity", "config.yml"),
|
|
74779
|
+
path28.join(home, ".config", "xsecurity", "config.json")
|
|
74780
|
+
]);
|
|
74781
|
+
const projectFile = firstExisting([
|
|
74782
|
+
path28.join(cwd, ".xsecurityrc.yaml"),
|
|
74783
|
+
path28.join(cwd, ".xsecurityrc.yml"),
|
|
74784
|
+
path28.join(cwd, ".xsecurityrc.json"),
|
|
74785
|
+
path28.join(cwd, ".xsecurityrc")
|
|
74786
|
+
]);
|
|
74787
|
+
let merged = {};
|
|
74788
|
+
if (homeFile) merged = { ...merged, ...readConfigFile(homeFile) };
|
|
74789
|
+
if (projectFile) merged = { ...merged, ...readConfigFile(projectFile) };
|
|
74790
|
+
const envPath = process.env.XSECURITY_CONFIG;
|
|
74791
|
+
if (envPath) merged = { ...merged, ...readConfigFile(envPath) };
|
|
74792
|
+
return merged;
|
|
74793
|
+
}
|
|
74794
|
+
function applyConfigDefaults(program2) {
|
|
74795
|
+
const config = loadConfig2();
|
|
74796
|
+
if (Object.keys(config).length === 0) return;
|
|
74797
|
+
program2.hook("preAction", (_thisCommand, actionCommand) => {
|
|
74798
|
+
for (const key of KNOWN_KEYS) {
|
|
74799
|
+
const value = config[key];
|
|
74800
|
+
if (value === void 0) continue;
|
|
74801
|
+
const longFlag = LONG_FLAGS[key];
|
|
74802
|
+
const hasOption = actionCommand.options.some((o2) => o2.long === longFlag);
|
|
74803
|
+
if (!hasOption) continue;
|
|
74804
|
+
const attr = OPTION_ATTRS[key];
|
|
74805
|
+
const source = actionCommand.getOptionValueSource(attr);
|
|
74806
|
+
if (source !== "default" && source !== void 0) continue;
|
|
74807
|
+
actionCommand.setOptionValue(attr, value);
|
|
74808
|
+
const withSource = actionCommand;
|
|
74809
|
+
withSource.setOptionValueWithSource?.(attr, value, "config");
|
|
74810
|
+
}
|
|
74811
|
+
});
|
|
74812
|
+
}
|
|
74813
|
+
var KNOWN_KEYS, OPTION_ATTRS, LONG_FLAGS;
|
|
74814
|
+
var init_defaults = __esm({
|
|
74815
|
+
"src/config/defaults.ts"() {
|
|
74816
|
+
"use strict";
|
|
74817
|
+
KNOWN_KEYS = ["format", "timeout", "out"];
|
|
74818
|
+
OPTION_ATTRS = {
|
|
74819
|
+
format: "format",
|
|
74820
|
+
timeout: "timeout",
|
|
74821
|
+
out: "out"
|
|
74822
|
+
};
|
|
74823
|
+
LONG_FLAGS = {
|
|
74824
|
+
format: "--format",
|
|
74825
|
+
timeout: "--timeout",
|
|
74826
|
+
out: "--out"
|
|
74827
|
+
};
|
|
74828
|
+
}
|
|
74829
|
+
});
|
|
74830
|
+
|
|
74831
|
+
// src/bin/register-extras.ts
|
|
74832
|
+
function registerExtras(program2) {
|
|
74833
|
+
registerByoCommands(program2);
|
|
74834
|
+
registerDoctor(program2);
|
|
74835
|
+
registerCompletion(program2);
|
|
74836
|
+
registerUpdateCheck(program2);
|
|
74837
|
+
applyConfigDefaults(program2);
|
|
74838
|
+
}
|
|
74839
|
+
var init_register_extras = __esm({
|
|
74840
|
+
"src/bin/register-extras.ts"() {
|
|
74841
|
+
"use strict";
|
|
74842
|
+
init_byo_commands();
|
|
74843
|
+
init_doctor();
|
|
74844
|
+
init_completion();
|
|
74845
|
+
init_update_check();
|
|
74846
|
+
init_defaults();
|
|
74847
|
+
}
|
|
74848
|
+
});
|
|
74849
|
+
|
|
74850
|
+
// src/bin/cli-io.ts
|
|
74851
|
+
import * as fs22 from "node:fs";
|
|
74852
|
+
import * as path29 from "node:path";
|
|
74853
|
+
import * as os4 from "node:os";
|
|
74854
|
+
function _cleanupTempSpecs() {
|
|
74855
|
+
for (const dir of tempSpecDirs) {
|
|
74856
|
+
try {
|
|
74857
|
+
fs22.rmSync(dir, { recursive: true, force: true });
|
|
74858
|
+
} catch {
|
|
74859
|
+
}
|
|
74860
|
+
}
|
|
74861
|
+
}
|
|
74862
|
+
async function resolveSpecArg(arg, stdin = process.stdin) {
|
|
74863
|
+
if (arg !== "-") return arg;
|
|
74864
|
+
const chunks = [];
|
|
74865
|
+
for await (const chunk of stdin) {
|
|
74866
|
+
chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
|
|
74867
|
+
}
|
|
74868
|
+
const content = Buffer.concat(chunks).toString("utf8").trim();
|
|
74869
|
+
if (!content) {
|
|
74870
|
+
throw new Error("expected a spec document on stdin, got empty input");
|
|
74871
|
+
}
|
|
74872
|
+
const dir = fs22.mkdtempSync(path29.join(os4.tmpdir(), "writ-stdin-"));
|
|
74873
|
+
tempSpecDirs.add(dir);
|
|
74874
|
+
if (!exitHandlerRegistered) {
|
|
74875
|
+
exitHandlerRegistered = true;
|
|
74876
|
+
process.once("exit", _cleanupTempSpecs);
|
|
74877
|
+
}
|
|
74878
|
+
const specPath = path29.join(dir, "spec.yaml");
|
|
74879
|
+
fs22.writeFileSync(specPath, content, "utf8");
|
|
74880
|
+
return specPath;
|
|
74881
|
+
}
|
|
74882
|
+
function makeDiagnostics(v) {
|
|
74883
|
+
return {
|
|
74884
|
+
warn(line) {
|
|
74885
|
+
if (v === "quiet") return;
|
|
74886
|
+
process.stderr.write(`${line}
|
|
74887
|
+
`);
|
|
74888
|
+
},
|
|
74889
|
+
info(line) {
|
|
74890
|
+
if (v !== "verbose") return;
|
|
74891
|
+
process.stderr.write(`${line}
|
|
74892
|
+
`);
|
|
74893
|
+
}
|
|
74894
|
+
};
|
|
74895
|
+
}
|
|
74896
|
+
var tempSpecDirs, exitHandlerRegistered;
|
|
74897
|
+
var init_cli_io = __esm({
|
|
74898
|
+
"src/bin/cli-io.ts"() {
|
|
74899
|
+
"use strict";
|
|
74900
|
+
tempSpecDirs = /* @__PURE__ */ new Set();
|
|
74901
|
+
exitHandlerRegistered = false;
|
|
74902
|
+
}
|
|
74903
|
+
});
|
|
74904
|
+
|
|
74905
|
+
// src/bin/help-text.ts
|
|
74906
|
+
var generateExamples, validateExamples, verifyExamples, reportExamples, diffExamples;
|
|
74907
|
+
var init_help_text = __esm({
|
|
74908
|
+
"src/bin/help-text.ts"() {
|
|
74909
|
+
"use strict";
|
|
74910
|
+
generateExamples = `
|
|
74911
|
+
Examples:
|
|
74912
|
+
# Compile a spec on disk into Kong config
|
|
74913
|
+
$ lazy generate --target kong spec.yaml
|
|
74914
|
+
|
|
74915
|
+
# Read the spec from stdin (- means stdin)
|
|
74916
|
+
$ cat spec.yaml | lazy generate --target kong -
|
|
74917
|
+
`;
|
|
74918
|
+
validateExamples = `
|
|
74919
|
+
Examples:
|
|
74920
|
+
# Check a running Kong gateway against the spec
|
|
74921
|
+
$ lazy validate --target kong --gateway http://localhost:8001 spec.yaml
|
|
74922
|
+
|
|
74923
|
+
# Pipe the spec in and diff against an exported kong.yml
|
|
74924
|
+
$ cat spec.yaml | lazy validate --target kong --gateway ./kong.yml -
|
|
74925
|
+
`;
|
|
74926
|
+
verifyExamples = `
|
|
74927
|
+
Examples:
|
|
74928
|
+
# Confirm the gateway actually loaded what we emitted
|
|
74929
|
+
$ lazy verify --target kong --gateway http://localhost:8001 spec.yaml
|
|
74930
|
+
|
|
74931
|
+
# Read the spec from stdin
|
|
74932
|
+
$ cat spec.yaml | lazy verify --target kong --gateway http://localhost:8001 -
|
|
74933
|
+
`;
|
|
74934
|
+
reportExamples = `
|
|
74935
|
+
Examples:
|
|
74936
|
+
# OWASP API Top 10 coverage report
|
|
74937
|
+
$ lazy report --owasp spec.yaml
|
|
74938
|
+
|
|
74939
|
+
# Read the spec from stdin
|
|
74940
|
+
$ cat spec.yaml | lazy report --owasp -
|
|
74941
|
+
`;
|
|
74942
|
+
diffExamples = `
|
|
74943
|
+
Examples:
|
|
74944
|
+
# Diff generated Kong config across two spec versions
|
|
74945
|
+
$ lazy diff --target kong old.yaml new.yaml
|
|
74946
|
+
|
|
74947
|
+
# Read the new spec from stdin (only one side may be -)
|
|
74948
|
+
$ cat new.yaml | lazy diff --target kong old.yaml -
|
|
74949
|
+
|
|
74950
|
+
Exit code: 0 when the two specs produce identical config, 1 when they differ
|
|
74951
|
+
(git diff --exit-code style).
|
|
74952
|
+
`;
|
|
74953
|
+
}
|
|
74954
|
+
});
|
|
74955
|
+
|
|
74956
|
+
// src/bin/lazy.ts
|
|
74957
|
+
var lazy_exports = {};
|
|
74958
|
+
import { readFileSync as readFileSync6 } from "node:fs";
|
|
74959
|
+
import { basename as basename2, dirname as dirname5, join as join14 } from "node:path";
|
|
74960
|
+
import { fileURLToPath as fileURLToPath3 } from "node:url";
|
|
74427
74961
|
import { Command as Command2 } from "commander";
|
|
74962
|
+
function verbosity() {
|
|
74963
|
+
const opts = program.opts();
|
|
74964
|
+
if (opts.quiet) return "quiet";
|
|
74965
|
+
if (opts.verbose) return "verbose";
|
|
74966
|
+
return "normal";
|
|
74967
|
+
}
|
|
74428
74968
|
function resolveVersion() {
|
|
74429
|
-
const here =
|
|
74969
|
+
const here = dirname5(fileURLToPath3(import.meta.url));
|
|
74430
74970
|
for (const rel of ["../package.json", "../../package.json"]) {
|
|
74431
74971
|
try {
|
|
74432
|
-
const v = JSON.parse(
|
|
74972
|
+
const v = JSON.parse(readFileSync6(join14(here, rel), "utf8")).version;
|
|
74433
74973
|
if (typeof v === "string") return v;
|
|
74434
74974
|
} catch {
|
|
74435
74975
|
}
|
|
@@ -74451,12 +74991,18 @@ var init_lazy = __esm({
|
|
|
74451
74991
|
init_verify2();
|
|
74452
74992
|
init_migrate();
|
|
74453
74993
|
init_push();
|
|
74454
|
-
|
|
74994
|
+
init_register_extras();
|
|
74995
|
+
init_cli_io();
|
|
74996
|
+
init_help_text();
|
|
74455
74997
|
init_dist4();
|
|
74456
74998
|
program = new Command2();
|
|
74457
|
-
program.name(basename2(process.argv[1] ?? "lazy").replace(/\.(mjs|cjs|js)$/, "")).description("Compile, validate, test, and report on x-security policies in OpenAPI specs.").version(resolveVersion());
|
|
74458
|
-
program.command("generate <spec>").description("Compile an annotated OpenAPI spec into target-specific gateway config.").requiredOption("--target <name>", "Target: kong|coraza|bunkerweb|openappsec|firewall").option("--out <dir>", "Output directory (default: ./writ-out/<target>)").option("--dry-run", "Print planned artifacts without writing to disk").option("--no-strict", "Allow unresolved variables (default: strict)").option("--vault", "Resolve $vault.* refs via HashiCorp Vault (uses VAULT_ADDR + VAULT_TOKEN or AppRole)").option("--aws-secrets", "Resolve $aws.* refs via AWS Secrets Manager (uses default credential chain + AWS_REGION)").option("--vault-kv-version <v>", "Vault KV engine version: 1 or 2 (default 2)", (v) => v === "1" ? 1 : 2).option("--no-with-consumers", "Kong only: emit spec-only output (omit consumers + per-plugin credentials). Consumers are emitted by default so OSS Kong gateways actually authenticate; pass this for the spec-only baseline.").option("--kong-deployment <mode>", "Kong only: standalone|behind-proxy|with-coraza|with-istio. with-coraza rewrites all service URLs to http://coraza:8080.", "standalone").option("--kong-edition <edition>", "Kong only: oss|enterprise. enterprise emits openid-connect (real JWKS+RS256) instead of HS256 jwt_secrets downgrade.", "oss").option("--kong-dbless", "Kong only: deployment runs in DB-less mode (KONG_DATABASE=off). Per-identity rate-limits fall back to policy=local with a structured warning instead of policy=cluster.", false).option("--kong-policy <mode>", "Kong only: rate-limit policy. local|cluster. Default local (safe for OSS DB-less). Pass cluster only when Kong is running in database mode (postgres/cassandra); cluster is a boot error in DB-less Kong.", "local").option("--coraza-engine <name>", "Coraza only: modsec-nginx|modsec-apache|coraza-go|coraza-spoa (default modsec-nginx).", "modsec-nginx").option("--coraza-peers <list>", 'Coraza only (coraza-spoa|coraza-go): HAProxy peer-replication for stick-tables. Format: "name1:host1:port1,name2:host2:port2". When set, emitted haproxy-stick-tables.cfg includes a `peers writ` section so counters replicate across instances.').option("--strict-fidelity", "Exit 4 (S3) if any spec field cannot be enforced by the chosen target+engine. Independent of --strict.").action(async (spec, opts) => {
|
|
74999
|
+
program.name(basename2(process.argv[1] ?? "lazy").replace(/\.(mjs|cjs|js)$/, "")).description("Compile, validate, test, and report on x-security policies in OpenAPI specs.").option("--quiet", "Suppress warnings/advisories on stderr (results still print)").option("--verbose", "Print extra progress detail to stderr").version(resolveVersion()).showHelpAfterError("(add --help for usage)");
|
|
75000
|
+
program.command("generate <spec>").description("Compile an annotated OpenAPI spec into target-specific gateway config. <spec> may be - to read from stdin.").requiredOption("--target <name>", "Target: kong|coraza|bunkerweb|openappsec|firewall").option("--out <dir>", "Output directory (default: ./writ-out/<target>)").option("--dry-run", "Print planned artifacts without writing to disk").option("--no-strict", "Allow unresolved variables (default: strict)").option("--vault", "Resolve $vault.* refs via HashiCorp Vault (uses VAULT_ADDR + VAULT_TOKEN or AppRole)").option("--aws-secrets", "Resolve $aws.* refs via AWS Secrets Manager (uses default credential chain + AWS_REGION)").option("--vault-kv-version <v>", "Vault KV engine version: 1 or 2 (default 2)", (v) => v === "1" ? 1 : 2).option("--no-with-consumers", "Kong only: emit spec-only output (omit consumers + per-plugin credentials). Consumers are emitted by default so OSS Kong gateways actually authenticate; pass this for the spec-only baseline.").option("--kong-deployment <mode>", "Kong only: standalone|behind-proxy|with-coraza|with-istio. with-coraza rewrites all service URLs to http://coraza:8080.", "standalone").option("--kong-edition <edition>", "Kong only: oss|enterprise. enterprise emits openid-connect (real JWKS+RS256) instead of HS256 jwt_secrets downgrade.", "oss").option("--kong-dbless", "Kong only: deployment runs in DB-less mode (KONG_DATABASE=off). Per-identity rate-limits fall back to policy=local with a structured warning instead of policy=cluster.", false).option("--kong-policy <mode>", "Kong only: rate-limit policy. local|cluster. Default local (safe for OSS DB-less). Pass cluster only when Kong is running in database mode (postgres/cassandra); cluster is a boot error in DB-less Kong.", "local").option("--coraza-engine <name>", "Coraza only: modsec-nginx|modsec-apache|coraza-go|coraza-spoa (default modsec-nginx).", "modsec-nginx").option("--coraza-peers <list>", 'Coraza only (coraza-spoa|coraza-go): HAProxy peer-replication for stick-tables. Format: "name1:host1:port1,name2:host2:port2". When set, emitted haproxy-stick-tables.cfg includes a `peers writ` section so counters replicate across instances.').option("--strict-fidelity", "Exit 4 (S3) if any spec field cannot be enforced by the chosen target+engine. Independent of --strict.").addHelpText("after", generateExamples).action(async (spec, opts) => {
|
|
74459
75001
|
try {
|
|
75002
|
+
const diag = makeDiagnostics(verbosity());
|
|
75003
|
+
const fromStdin = spec === "-";
|
|
75004
|
+
spec = await resolveSpecArg(spec);
|
|
75005
|
+
if (fromStdin) diag.info("reading spec from stdin");
|
|
74460
75006
|
if (opts.target === "kong") {
|
|
74461
75007
|
const dep = opts.kongDeployment;
|
|
74462
75008
|
if (dep && !["standalone", "behind-proxy", "with-coraza", "with-istio"].includes(dep)) {
|
|
@@ -74509,9 +75055,9 @@ var init_lazy = __esm({
|
|
|
74509
75055
|
}
|
|
74510
75056
|
if (opts.strictFidelity) generateOpts.strictFidelity = true;
|
|
74511
75057
|
const r5 = await runGenerate(spec, generateOpts);
|
|
74512
|
-
for (const w of r5.warnings)
|
|
74513
|
-
`);
|
|
75058
|
+
for (const w of r5.warnings) diag.warn(`warning: ${w}`);
|
|
74514
75059
|
if (opts.dryRun) {
|
|
75060
|
+
diag.info(`generated ${r5.artifacts.length} artifact(s) for target ${opts.target} (dry-run)`);
|
|
74515
75061
|
process.stdout.write(`# Dry-run \u2014 ${r5.artifacts.length} artifact(s) would be written:
|
|
74516
75062
|
`);
|
|
74517
75063
|
for (const a5 of r5.artifacts) {
|
|
@@ -74521,6 +75067,7 @@ ${a5.content}
|
|
|
74521
75067
|
`);
|
|
74522
75068
|
}
|
|
74523
75069
|
} else {
|
|
75070
|
+
diag.info(`generated ${r5.artifactPaths.length} artifact(s) for target ${opts.target}`);
|
|
74524
75071
|
for (const p2 of r5.artifactPaths) process.stdout.write(`${p2}
|
|
74525
75072
|
`);
|
|
74526
75073
|
}
|
|
@@ -74535,16 +75082,22 @@ ${a5.content}
|
|
|
74535
75082
|
process.exit(1);
|
|
74536
75083
|
}
|
|
74537
75084
|
});
|
|
74538
|
-
program.command("validate <spec>").description("Detect drift between the spec and a running/exported gateway config.").requiredOption("--target <name>", "Currently: kong").requiredOption("--gateway <urlOrPath>", "Kong admin URL (http://...) or path to exported kong.yml").option("--format <fmt>", "table|json|sarif|csv (default: table)", "table").option("--vault", "Resolve $vault.* refs via HashiCorp Vault").option("--aws-secrets", "Resolve $aws.* refs via AWS Secrets Manager").option("--vault-kv-version <v>", "Vault KV engine version: 1 or 2 (default 2)", (v) => v === "1" ? 1 : 2).action(async (spec, opts) => {
|
|
75085
|
+
program.command("validate <spec>").description("Detect drift between the spec and a running/exported gateway config. <spec> may be - to read from stdin.").requiredOption("--target <name>", "Currently: kong").requiredOption("--gateway <urlOrPath>", "Kong admin URL (http://...) or path to exported kong.yml").option("--format <fmt>", "table|json|sarif|csv (default: table)", "table").option("--timeout <ms>", "Abort network calls after <ms> milliseconds (gateway admin URL / probes)", (v) => Number(v)).option("--vault", "Resolve $vault.* refs via HashiCorp Vault").option("--aws-secrets", "Resolve $aws.* refs via AWS Secrets Manager").option("--vault-kv-version <v>", "Vault KV engine version: 1 or 2 (default 2)", (v) => v === "1" ? 1 : 2).addHelpText("after", validateExamples).action(async (spec, opts) => {
|
|
74539
75086
|
try {
|
|
75087
|
+
const diag = makeDiagnostics(verbosity());
|
|
75088
|
+
const fromStdin = spec === "-";
|
|
75089
|
+
spec = await resolveSpecArg(spec);
|
|
75090
|
+
if (fromStdin) diag.info("reading spec from stdin");
|
|
74540
75091
|
const validateOpts = {
|
|
74541
75092
|
target: opts.target,
|
|
74542
75093
|
gateway: opts.gateway,
|
|
74543
75094
|
format: opts.format
|
|
74544
75095
|
};
|
|
75096
|
+
if (opts.timeout !== void 0) validateOpts.timeoutMs = opts.timeout;
|
|
74545
75097
|
if (opts.vault) validateOpts.vault = true;
|
|
74546
75098
|
if (opts.awsSecrets) validateOpts.awsSecrets = true;
|
|
74547
75099
|
if (opts.vaultKvVersion) validateOpts.vaultKvVersion = opts.vaultKvVersion;
|
|
75100
|
+
diag.info(`querying gateway ${opts.gateway}${opts.timeout ? ` (timeout ${opts.timeout}ms)` : ""}`);
|
|
74548
75101
|
const r5 = await runValidate(spec, validateOpts);
|
|
74549
75102
|
process.stdout.write(r5.rendered);
|
|
74550
75103
|
process.exit(r5.exitCode);
|
|
@@ -74554,7 +75107,7 @@ ${a5.content}
|
|
|
74554
75107
|
process.exit(1);
|
|
74555
75108
|
}
|
|
74556
75109
|
});
|
|
74557
|
-
program.command("test <spec>").description("Closed-loop test: generate config, spin up Docker, send traffic, assert.").requiredOption("--target <name>", "kong|coraza|bunkerweb|openappsec").option("--upstream-port <port>", "Local port for mock upstream (ignored with --upstream-url)", (v) => Number(v)).option("--gateway-port <port>", "Local port for gateway", (v) => Number(v)).option("--upstream-url <url>", "Test against a real upstream (e.g. http://host.docker.internal:8000) instead of the mock-upstream container").option("--dry-run", "Print the docker-compose plan without running it").option("--keep", "Leave containers running on success (debug aid)").option("--format <fmt>", "table|junit|json (default: table)", "table").option("--vault", "Resolve $vault.* refs via HashiCorp Vault").option("--aws-secrets", "Resolve $aws.* refs via AWS Secrets Manager").option("--vault-kv-version <v>", "Vault KV engine version: 1 or 2 (default 2)", (v) => v === "1" ? 1 : 2).addHelpText("after", `
|
|
75110
|
+
program.command("test <spec>").description("Closed-loop test: generate config, spin up Docker, send traffic, assert. <spec> may be - to read from stdin.").requiredOption("--target <name>", "kong|coraza|bunkerweb|openappsec").option("--upstream-port <port>", "Local port for mock upstream (ignored with --upstream-url)", (v) => Number(v)).option("--gateway-port <port>", "Local port for gateway", (v) => Number(v)).option("--upstream-url <url>", "Test against a real upstream (e.g. http://host.docker.internal:8000) instead of the mock-upstream container").option("--dry-run", "Print the docker-compose plan without running it").option("--keep", "Leave containers running on success (debug aid)").option("--format <fmt>", "table|junit|json (default: table)", "table").option("--timeout <ms>", "Abort network calls after <ms> milliseconds (gateway admin URL / probes)", (v) => Number(v)).option("--vault", "Resolve $vault.* refs via HashiCorp Vault").option("--aws-secrets", "Resolve $aws.* refs via AWS Secrets Manager").option("--vault-kv-version <v>", "Vault KV engine version: 1 or 2 (default 2)", (v) => v === "1" ? 1 : 2).addHelpText("after", `
|
|
74558
75111
|
Examples:
|
|
74559
75112
|
# Mock upstream (default): brings up mendhak/http-https-echo as the backend
|
|
74560
75113
|
$ lazy test --target kong spec.yaml
|
|
@@ -74566,10 +75119,15 @@ Examples:
|
|
|
74566
75119
|
$ lazy test --target kong --upstream-url https://staging.example.com spec.yaml
|
|
74567
75120
|
`).action(async (spec, opts) => {
|
|
74568
75121
|
try {
|
|
75122
|
+
const diag = makeDiagnostics(verbosity());
|
|
75123
|
+
const fromStdin = spec === "-";
|
|
75124
|
+
spec = await resolveSpecArg(spec);
|
|
75125
|
+
if (fromStdin) diag.info("reading spec from stdin");
|
|
74569
75126
|
const testOpts = {
|
|
74570
75127
|
target: opts.target,
|
|
74571
75128
|
format: opts.format
|
|
74572
75129
|
};
|
|
75130
|
+
if (opts.timeout !== void 0) testOpts.timeoutMs = opts.timeout;
|
|
74573
75131
|
if (opts.upstreamPort !== void 0) testOpts.upstreamPort = opts.upstreamPort;
|
|
74574
75132
|
if (opts.gatewayPort !== void 0) testOpts.gatewayPort = opts.gatewayPort;
|
|
74575
75133
|
if (opts.upstreamUrl !== void 0) testOpts.upstreamUrl = opts.upstreamUrl;
|
|
@@ -74578,6 +75136,7 @@ Examples:
|
|
|
74578
75136
|
if (opts.vault) testOpts.vault = true;
|
|
74579
75137
|
if (opts.awsSecrets) testOpts.awsSecrets = true;
|
|
74580
75138
|
if (opts.vaultKvVersion) testOpts.vaultKvVersion = opts.vaultKvVersion;
|
|
75139
|
+
diag.info(`bringing up ${opts.target} gateway (upstream: ${opts.upstreamUrl ?? "mock"})`);
|
|
74581
75140
|
const r5 = await runTest(spec, testOpts);
|
|
74582
75141
|
process.stdout.write(r5.rendered);
|
|
74583
75142
|
process.exit(r5.exitCode);
|
|
@@ -74587,8 +75146,12 @@ Examples:
|
|
|
74587
75146
|
process.exit(1);
|
|
74588
75147
|
}
|
|
74589
75148
|
});
|
|
74590
|
-
program.command("report <spec>").description("OWASP coverage and annotation reports.").option("--owasp", "OWASP API Top 10 coverage report (default if neither flag given)").option("--coverage", "Annotation coverage report").option("--format <fmt>", "table|json|sarif|csv|html (default: table)", "table").option("--feasible <targets>", "Comma-separated targets (e.g. kong,coraza). Downgrade Y\u2192Y*/~ for declared mitigations no listed target can enforce.").option("--strict-fidelity", "Exit 4 if --feasible would downgrade any Y to Y*/~. Requires --owasp --feasible.").option("--vault", "Resolve $vault.* refs via HashiCorp Vault").option("--aws-secrets", "Resolve $aws.* refs via AWS Secrets Manager").option("--vault-kv-version <v>", "Vault KV engine version: 1 or 2 (default 2)", (v) => v === "1" ? 1 : 2).action(async (spec, opts) => {
|
|
75149
|
+
program.command("report <spec>").description("OWASP coverage and annotation reports. <spec> may be - to read from stdin.").option("--owasp", "OWASP API Top 10 coverage report (default if neither flag given)").option("--coverage", "Annotation coverage report").option("--format <fmt>", "table|json|sarif|csv|html (default: table)", "table").option("--feasible <targets>", "Comma-separated targets (e.g. kong,coraza). Downgrade Y\u2192Y*/~ for declared mitigations no listed target can enforce.").option("--strict-fidelity", "Exit 4 if --feasible would downgrade any Y to Y*/~. Requires --owasp --feasible.").option("--vault", "Resolve $vault.* refs via HashiCorp Vault").option("--aws-secrets", "Resolve $aws.* refs via AWS Secrets Manager").option("--vault-kv-version <v>", "Vault KV engine version: 1 or 2 (default 2)", (v) => v === "1" ? 1 : 2).addHelpText("after", reportExamples).action(async (spec, opts) => {
|
|
74591
75150
|
try {
|
|
75151
|
+
const diag = makeDiagnostics(verbosity());
|
|
75152
|
+
const fromStdin = spec === "-";
|
|
75153
|
+
spec = await resolveSpecArg(spec);
|
|
75154
|
+
if (fromStdin) diag.info("reading spec from stdin");
|
|
74592
75155
|
const mode = opts.coverage ? "coverage" : "owasp";
|
|
74593
75156
|
const reportOpts = {
|
|
74594
75157
|
mode,
|
|
@@ -74612,8 +75175,12 @@ Examples:
|
|
|
74612
75175
|
process.exit(1);
|
|
74613
75176
|
}
|
|
74614
75177
|
});
|
|
74615
|
-
program.command("verify <spec>").description("Read-only post-deploy check: did the gateway actually load the artifacts we emitted?").requiredOption("--target <name>", "kong|coraza|envoy|bunkerweb|openappsec").requiredOption("--gateway <addr>", "Kong admin URL, Envoy admin URL, OR (for coraza) path to nginx error log / docker:<container> / coraza-go /debug/rules URL, OR (for bunkerweb) docker:<scheduler>+docker:<bunkerweb>, OR (for openappsec) docker:<agent>").option("--engine <name>", "Coraza engine: modsec-nginx|coraza-go|coraza-spoa (default modsec-nginx)").option("--format <fmt>", "table|json|sarif (default table)", "table").option("--threshold <pct>", "Minimum load-coverage % to consider PASS (default 90)", (v) => Number(v)).action(async (spec, opts) => {
|
|
75178
|
+
program.command("verify <spec>").description("Read-only post-deploy check: did the gateway actually load the artifacts we emitted? <spec> may be - to read from stdin.").requiredOption("--target <name>", "kong|coraza|envoy|bunkerweb|openappsec").requiredOption("--gateway <addr>", "Kong admin URL, Envoy admin URL, OR (for coraza) path to nginx error log / docker:<container> / coraza-go /debug/rules URL, OR (for bunkerweb) docker:<scheduler>+docker:<bunkerweb>, OR (for openappsec) docker:<agent>").option("--engine <name>", "Coraza engine: modsec-nginx|coraza-go|coraza-spoa (default modsec-nginx)").option("--format <fmt>", "table|json|sarif (default table)", "table").option("--threshold <pct>", "Minimum load-coverage % to consider PASS (default 90)", (v) => Number(v)).option("--timeout <ms>", "Abort network calls after <ms> milliseconds (gateway admin URL / probes)", (v) => Number(v)).addHelpText("after", verifyExamples).action(async (spec, opts) => {
|
|
74616
75179
|
try {
|
|
75180
|
+
const diag = makeDiagnostics(verbosity());
|
|
75181
|
+
const fromStdin = spec === "-";
|
|
75182
|
+
spec = await resolveSpecArg(spec);
|
|
75183
|
+
if (fromStdin) diag.info("reading spec from stdin");
|
|
74617
75184
|
const verifyOpts = {
|
|
74618
75185
|
target: opts.target,
|
|
74619
75186
|
gateway: opts.gateway,
|
|
@@ -74621,6 +75188,8 @@ Examples:
|
|
|
74621
75188
|
};
|
|
74622
75189
|
if (opts.engine !== void 0) verifyOpts.engine = opts.engine;
|
|
74623
75190
|
if (opts.threshold !== void 0) verifyOpts.threshold = opts.threshold;
|
|
75191
|
+
if (opts.timeout !== void 0) verifyOpts.timeoutMs = opts.timeout;
|
|
75192
|
+
diag.info(`querying gateway ${opts.gateway} (threshold ${opts.threshold ?? 90}%)`);
|
|
74624
75193
|
const r5 = await runVerifyCli(spec, verifyOpts);
|
|
74625
75194
|
process.stdout.write(r5.rendered);
|
|
74626
75195
|
process.exit(r5.exitCode);
|
|
@@ -74630,8 +75199,16 @@ Examples:
|
|
|
74630
75199
|
process.exit(1);
|
|
74631
75200
|
}
|
|
74632
75201
|
});
|
|
74633
|
-
program.command("diff <old> <new>").description("Diff the generated target config for two spec versions.").requiredOption("--target <name>", "Target generator to use for both specs").option("--format <fmt>", "human|json (default: human)", "human").option("--vault", "Resolve $vault.* refs via HashiCorp Vault").option("--aws-secrets", "Resolve $aws.* refs via AWS Secrets Manager").option("--vault-kv-version <v>", "Vault KV engine version: 1 or 2 (default 2)", (v) => v === "1" ? 1 : 2).action(async (oldSpec, newSpec, opts) => {
|
|
75202
|
+
program.command("diff <old> <new>").description("Diff the generated target config for two spec versions. Either <old> or <new> may be - to read from stdin (not both). Exits 1 when configs differ, 0 when identical (git diff --exit-code style).").requiredOption("--target <name>", "Target generator to use for both specs").option("--format <fmt>", "human|json (default: human)", "human").option("--vault", "Resolve $vault.* refs via HashiCorp Vault").option("--aws-secrets", "Resolve $aws.* refs via AWS Secrets Manager").option("--vault-kv-version <v>", "Vault KV engine version: 1 or 2 (default 2)", (v) => v === "1" ? 1 : 2).addHelpText("after", diffExamples).action(async (oldSpec, newSpec, opts) => {
|
|
74634
75203
|
try {
|
|
75204
|
+
const diag = makeDiagnostics(verbosity());
|
|
75205
|
+
if (oldSpec === "-" && newSpec === "-") {
|
|
75206
|
+
process.stderr.write("diff failed: only one of <old>/<new> can be - (a single stdin stream)\n");
|
|
75207
|
+
process.exit(1);
|
|
75208
|
+
}
|
|
75209
|
+
if (oldSpec === "-" || newSpec === "-") diag.info("reading spec from stdin");
|
|
75210
|
+
oldSpec = await resolveSpecArg(oldSpec);
|
|
75211
|
+
newSpec = await resolveSpecArg(newSpec);
|
|
74635
75212
|
const diffOpts = {
|
|
74636
75213
|
target: opts.target,
|
|
74637
75214
|
format: opts.format
|
|
@@ -74641,7 +75218,7 @@ Examples:
|
|
|
74641
75218
|
if (opts.vaultKvVersion) diffOpts.vaultKvVersion = opts.vaultKvVersion;
|
|
74642
75219
|
const r5 = await runDiff(oldSpec, newSpec, diffOpts);
|
|
74643
75220
|
process.stdout.write(r5.rendered);
|
|
74644
|
-
process.exit(r5.modified.length + r5.added.length + r5.removed.length > 0 ?
|
|
75221
|
+
process.exit(r5.modified.length + r5.added.length + r5.removed.length > 0 ? 1 : 0);
|
|
74645
75222
|
} catch (e5) {
|
|
74646
75223
|
process.stderr.write(`diff failed: ${e5.message}
|
|
74647
75224
|
`);
|
|
@@ -74735,7 +75312,7 @@ Examples:
|
|
|
74735
75312
|
process.exit(1);
|
|
74736
75313
|
}
|
|
74737
75314
|
});
|
|
74738
|
-
|
|
75315
|
+
registerExtras(program);
|
|
74739
75316
|
program.command("push <repoDir>").description(
|
|
74740
75317
|
"Upload the verified .writ/ policies to the Writ SaaS. Aborts if the local audit is not 100% cite-backed. Token from WRIT_API_TOKEN env only."
|
|
74741
75318
|
).option("--dry-run", "Assemble + validate the payload and print a summary WITHOUT sending.").action(async (repoDir, opts) => {
|
|
@@ -75392,8 +75969,8 @@ function buildForbidArrayRootPlugins(resp, ctx = {}) {
|
|
|
75392
75969
|
var SS_IDEMPOTENCY_TAG = "writ-idempotency-replay-409";
|
|
75393
75970
|
var SS_IDEMPOTENCY_CACHE_DICT = "writ_idempotency_cache";
|
|
75394
75971
|
var SS_IDEMPOTENCY_CACHE_DICT_SIZE = "10m";
|
|
75395
|
-
function buildIdempotencyKeyPlugins(
|
|
75396
|
-
const idem =
|
|
75972
|
+
function buildIdempotencyKeyPlugins(request9, ctx = {}) {
|
|
75973
|
+
const idem = request9?.idempotencyKey;
|
|
75397
75974
|
if (!idem) return [];
|
|
75398
75975
|
const ttl = durationSeconds(idem.ttl);
|
|
75399
75976
|
if (ctx.warn) {
|