@cloud-copilot/iam-policy 0.1.2 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +11 -0
- package/dist/cjs/index.d.ts +1 -0
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +9 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/validate/validate.d.ts +10 -1
- package/dist/cjs/validate/validate.d.ts.map +1 -1
- package/dist/cjs/validate/validate.js +102 -5
- package/dist/cjs/validate/validate.js.map +1 -1
- package/dist/cjs/validate/validateTypes.d.ts +51 -0
- package/dist/cjs/validate/validateTypes.d.ts.map +1 -0
- package/dist/cjs/validate/validateTypes.js +237 -0
- package/dist/cjs/validate/validateTypes.js.map +1 -0
- package/dist/esm/index.d.ts +1 -0
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +1 -0
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/validate/validate.d.ts +10 -1
- package/dist/esm/validate/validate.d.ts.map +1 -1
- package/dist/esm/validate/validate.js +102 -5
- package/dist/esm/validate/validate.js.map +1 -1
- package/dist/esm/validate/validateTypes.d.ts +51 -0
- package/dist/esm/validate/validateTypes.d.ts.map +1 -0
- package/dist/esm/validate/validateTypes.js +228 -0
- package/dist/esm/validate/validateTypes.js.map +1 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -73,6 +73,17 @@ validatePolicySyntax({
|
|
|
73
73
|
*/
|
|
74
74
|
```
|
|
75
75
|
|
|
76
|
+
### Validate Specific Policy Types
|
|
77
|
+
There are functions to validate specific policy types, these do all of the general policy validation and additional checks for the specific policy type. For instance Service Control Policies only allow the Condition element when the Effect is Deny.
|
|
78
|
+
|
|
79
|
+
* `validateIdentityPolicy(policy: any): ValidationError[]`
|
|
80
|
+
* `validateServiceControlPolicy(policy: any): ValidationError[]`
|
|
81
|
+
* `validateResourcePolicy(policy: any): ValidationError[]`
|
|
82
|
+
* `validateTrustPolicy(policy: any): ValidationError[]`
|
|
83
|
+
* `validateResourceControlPolicy(policy: any): ValidationError[]`
|
|
84
|
+
* `validateEndpointPolicy(policy: any): ValidationError[]`
|
|
85
|
+
* `validateSessionPolicy(policy: any): ValidationError[]`
|
|
86
|
+
|
|
76
87
|
## IAM Policy Parsing and Processing with `loadPolicy`
|
|
77
88
|
`loadPolicy` _**does not validate policies**_, if you want validation ahead of time use `validatePolicySyntax`.
|
|
78
89
|
|
package/dist/cjs/index.d.ts
CHANGED
|
@@ -7,4 +7,5 @@ export type { AccountPrincipal, AwsPrincipal, CanonicalUserPrincipal, FederatedP
|
|
|
7
7
|
export type { Resource } from './resources/resource.js';
|
|
8
8
|
export type { ActionStatement, NotActionStatement, NotPrincipalStatement, NotResourceStatement, PrincipalStatement, ResourceStatement, Statement } from './statements/statement.js';
|
|
9
9
|
export { validatePolicySyntax, type ValidationError } from './validate/validate.js';
|
|
10
|
+
export { validateEndpointPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy, validateSessionPolicy, validateTrustPolicy } from './validate/validateTypes.js';
|
|
10
11
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/cjs/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EAAE,gBAAgB,EAAE,YAAY,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,SAAS,EAAE,aAAa,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC1L,YAAY,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACvD,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACnL,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EAAE,gBAAgB,EAAE,YAAY,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,SAAS,EAAE,aAAa,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC1L,YAAY,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACvD,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACnL,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}
|
package/dist/cjs/index.js
CHANGED
|
@@ -1,8 +1,16 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.validatePolicySyntax = exports.loadPolicy = void 0;
|
|
3
|
+
exports.validateTrustPolicy = exports.validateSessionPolicy = exports.validateServiceControlPolicy = exports.validateResourcePolicy = exports.validateResourceControlPolicy = exports.validateIdentityPolicy = exports.validateEndpointPolicy = exports.validatePolicySyntax = exports.loadPolicy = void 0;
|
|
4
4
|
var parser_js_1 = require("./parser.js");
|
|
5
5
|
Object.defineProperty(exports, "loadPolicy", { enumerable: true, get: function () { return parser_js_1.loadPolicy; } });
|
|
6
6
|
var validate_js_1 = require("./validate/validate.js");
|
|
7
7
|
Object.defineProperty(exports, "validatePolicySyntax", { enumerable: true, get: function () { return validate_js_1.validatePolicySyntax; } });
|
|
8
|
+
var validateTypes_js_1 = require("./validate/validateTypes.js");
|
|
9
|
+
Object.defineProperty(exports, "validateEndpointPolicy", { enumerable: true, get: function () { return validateTypes_js_1.validateEndpointPolicy; } });
|
|
10
|
+
Object.defineProperty(exports, "validateIdentityPolicy", { enumerable: true, get: function () { return validateTypes_js_1.validateIdentityPolicy; } });
|
|
11
|
+
Object.defineProperty(exports, "validateResourceControlPolicy", { enumerable: true, get: function () { return validateTypes_js_1.validateResourceControlPolicy; } });
|
|
12
|
+
Object.defineProperty(exports, "validateResourcePolicy", { enumerable: true, get: function () { return validateTypes_js_1.validateResourcePolicy; } });
|
|
13
|
+
Object.defineProperty(exports, "validateServiceControlPolicy", { enumerable: true, get: function () { return validateTypes_js_1.validateServiceControlPolicy; } });
|
|
14
|
+
Object.defineProperty(exports, "validateSessionPolicy", { enumerable: true, get: function () { return validateTypes_js_1.validateSessionPolicy; } });
|
|
15
|
+
Object.defineProperty(exports, "validateTrustPolicy", { enumerable: true, get: function () { return validateTypes_js_1.validateTrustPolicy; } });
|
|
8
16
|
//# sourceMappingURL=index.js.map
|
package/dist/cjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAGA,yCAAwC;AAA/B,uGAAA,UAAU,OAAA;AAKnB,sDAAmF;AAA1E,mHAAA,oBAAoB,OAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AAGA,yCAAwC;AAA/B,uGAAA,UAAU,OAAA;AAKnB,sDAAmF;AAA1E,mHAAA,oBAAoB,OAAA;AAC7B,gEAQoC;AAPlC,0HAAA,sBAAsB,OAAA;AACtB,0HAAA,sBAAsB,OAAA;AACtB,iIAAA,6BAA6B,OAAA;AAC7B,0HAAA,sBAAsB,OAAA;AACtB,gIAAA,4BAA4B,OAAA;AAC5B,yHAAA,qBAAqB,OAAA;AACrB,uHAAA,mBAAmB,OAAA"}
|
|
@@ -2,5 +2,14 @@ export interface ValidationError {
|
|
|
2
2
|
message: string;
|
|
3
3
|
path: string;
|
|
4
4
|
}
|
|
5
|
-
export
|
|
5
|
+
export interface ValidationCallbacks {
|
|
6
|
+
validateStatement?: (statement: any, path: string) => ValidationError[];
|
|
7
|
+
validateAction?: (action: string, path: string) => ValidationError[];
|
|
8
|
+
validateNotAction?: (notAction: string, path: string) => ValidationError[];
|
|
9
|
+
validatePrincipal?: (principal: any, path: string) => ValidationError[];
|
|
10
|
+
validateNotPrincipal?: (notPrincipal: any, path: string) => ValidationError[];
|
|
11
|
+
validateResource?: (resource: string, path: string) => ValidationError[];
|
|
12
|
+
validateNotResource?: (notResource: string, path: string) => ValidationError[];
|
|
13
|
+
}
|
|
14
|
+
export declare function validatePolicySyntax(policyDocument: any, validationCallbacks?: ValidationCallbacks): ValidationError[];
|
|
6
15
|
//# sourceMappingURL=validate.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../../src/validate/validate.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../../src/validate/validate.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;CACb;AAYD,MAAM,WAAW,mBAAmB;IAClC,iBAAiB,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IACvE,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IACpE,iBAAiB,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IAC1E,iBAAiB,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IACvE,oBAAoB,CAAC,EAAE,CAAC,YAAY,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IAC7E,gBAAgB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IACxE,mBAAmB,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;CAC/E;AAED,wBAAgB,oBAAoB,CAAC,cAAc,EAAE,GAAG,EAAE,mBAAmB,GAAE,mBAAwB,GAAG,eAAe,EAAE,CA0C1H"}
|
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.validatePolicySyntax = validatePolicySyntax;
|
|
4
|
+
const serviceRegex = /^[a-zA-Z0-9-]+$/;
|
|
5
|
+
const actionRegex = /^[a-zA-Z0-9*\?]+$/;
|
|
4
6
|
const allowedPolicyKeys = new Set(['Version', 'Statement', 'Id']);
|
|
5
7
|
const allowedStatementKeys = new Set(['Sid', 'Effect', 'Action', 'NotAction', 'Resource', 'NotResource', 'Principal', 'NotPrincipal', 'Condition']);
|
|
6
8
|
const allowedPrincipalKeys = new Set(['AWS', 'Service', 'Federated', 'CanonicalUser']);
|
|
7
9
|
const validConditionOperatorPattern = /^[a-zA-Z0-9:]+$/;
|
|
8
10
|
const allowedSetOperators = new Set(["forallvalues", "foranyvalue"]);
|
|
9
|
-
function validatePolicySyntax(policyDocument) {
|
|
11
|
+
function validatePolicySyntax(policyDocument, validationCallbacks = {}) {
|
|
10
12
|
const allErrors = [];
|
|
11
13
|
if (typeof policyDocument !== 'object') {
|
|
12
14
|
return [{ path: '', message: `Policy must be an object, received type ${typeof policyDocument}` }];
|
|
@@ -15,7 +17,7 @@ function validatePolicySyntax(policyDocument) {
|
|
|
15
17
|
return [{ path: '', message: 'Policy must be an object, received an array' }];
|
|
16
18
|
}
|
|
17
19
|
allErrors.push(...validateKeys(policyDocument, allowedPolicyKeys, ''));
|
|
18
|
-
allErrors.push(...
|
|
20
|
+
allErrors.push(...validatePolicyVersion(policyDocument.Version));
|
|
19
21
|
allErrors.push(...validateDataTypeIfExists(policyDocument.Id, 'Id', 'string'));
|
|
20
22
|
if (!policyDocument.Statement) {
|
|
21
23
|
allErrors.push({
|
|
@@ -25,11 +27,11 @@ function validatePolicySyntax(policyDocument) {
|
|
|
25
27
|
}
|
|
26
28
|
allErrors.push(...validateTypeOrArrayOfTypeIfExists(policyDocument.Statement, 'Statement', ['object']));
|
|
27
29
|
if (typeof policyDocument.Statement === 'object' && !Array.isArray(policyDocument.Statement)) {
|
|
28
|
-
allErrors.push(...validateStatement(policyDocument.Statement, 'Statement'));
|
|
30
|
+
allErrors.push(...validateStatement(policyDocument.Statement, 'Statement', validationCallbacks));
|
|
29
31
|
}
|
|
30
32
|
else if (Array.isArray(policyDocument.Statement)) {
|
|
31
33
|
for (let i = 0; i < policyDocument.Statement.length; i++) {
|
|
32
|
-
allErrors.push(...validateStatement(policyDocument.Statement[i], `Statement[${i}]
|
|
34
|
+
allErrors.push(...validateStatement(policyDocument.Statement[i], `Statement[${i}]`, validationCallbacks));
|
|
33
35
|
}
|
|
34
36
|
const statementIdCounts = policyDocument.Statement.reduce((acc, statement) => {
|
|
35
37
|
if (statement.Sid) {
|
|
@@ -48,18 +50,45 @@ function validatePolicySyntax(policyDocument) {
|
|
|
48
50
|
}
|
|
49
51
|
return allErrors;
|
|
50
52
|
}
|
|
51
|
-
function
|
|
53
|
+
function validatePolicyVersion(version) {
|
|
54
|
+
if (version === undefined || version === null) {
|
|
55
|
+
return [];
|
|
56
|
+
}
|
|
57
|
+
if (typeof version !== 'string') {
|
|
58
|
+
return [
|
|
59
|
+
{
|
|
60
|
+
path: 'Version',
|
|
61
|
+
message: `Version must be a string if present`
|
|
62
|
+
}
|
|
63
|
+
];
|
|
64
|
+
}
|
|
65
|
+
if (version === '2012-10-17' || version === '2008-10-17') {
|
|
66
|
+
return [];
|
|
67
|
+
}
|
|
68
|
+
return [
|
|
69
|
+
{
|
|
70
|
+
path: 'Version',
|
|
71
|
+
message: `Version must be either "2012-10-17" or "2008-10-17"`
|
|
72
|
+
}
|
|
73
|
+
];
|
|
74
|
+
}
|
|
75
|
+
function validateStatement(statement, path, validationCallbacks) {
|
|
52
76
|
const statementErrors = [];
|
|
53
77
|
statementErrors.push(...validateKeys(statement, allowedStatementKeys, path));
|
|
54
78
|
statementErrors.push(...validateDataTypeIfExists(statement.Sid, `${path}.Sid`, 'string'));
|
|
55
79
|
if (statement.Effect !== 'Allow' && statement.Effect !== 'Deny') {
|
|
56
80
|
statementErrors.push({ path: `${path}.Effect`, message: `Effect must be present and exactly "Allow" or "Deny"` });
|
|
57
81
|
}
|
|
82
|
+
statementErrors.push(...validationCallbacks.validateStatement?.(statement, path) || []);
|
|
58
83
|
statementErrors.push(...validateOnlyOneOf(statement, path, 'Action', 'NotAction'));
|
|
59
84
|
statementErrors.push(...validateOnlyOneOf(statement, path, 'Resource', 'NotResource'));
|
|
60
85
|
statementErrors.push(...validateOnlyOneOf(statement, path, 'Principal', 'NotPrincipal'));
|
|
61
86
|
statementErrors.push(...validateTypeOrArrayOfTypeIfExists(statement.Action, `${path}.Action`, 'string'));
|
|
62
87
|
statementErrors.push(...validateTypeOrArrayOfTypeIfExists(statement.NotAction, `${path}.NotAction`, 'string'));
|
|
88
|
+
statementErrors.push(...validateActionIfPresent(statement.Action, `${path}.Action`));
|
|
89
|
+
statementErrors.push(...validateActionIfPresent(statement.NotAction, `${path}.NotAction`));
|
|
90
|
+
statementErrors.push(...validateStringOrArrayStringCallback(statement, 'Action', path, validationCallbacks.validateAction));
|
|
91
|
+
statementErrors.push(...validateStringOrArrayStringCallback(statement, 'NotAction', path, validationCallbacks.validateNotAction));
|
|
63
92
|
statementErrors.push(...validateResource(statement.Resource, `${path}.Resource`));
|
|
64
93
|
statementErrors.push(...validateResource(statement.NotResource, `${path}.NotResource`));
|
|
65
94
|
statementErrors.push(...validateDataTypeIfExists(statement.Principal, `${path}.Principal`, ['string', 'object']));
|
|
@@ -120,6 +149,55 @@ function validateResourceString(resourceString, path) {
|
|
|
120
149
|
}
|
|
121
150
|
return [];
|
|
122
151
|
}
|
|
152
|
+
function validateActionIfPresent(action, path) {
|
|
153
|
+
if (action === undefined || action === null) {
|
|
154
|
+
return [];
|
|
155
|
+
}
|
|
156
|
+
//Type errors are caught elsewhere
|
|
157
|
+
if (typeof action === 'string') {
|
|
158
|
+
return validateActionString(action, path);
|
|
159
|
+
}
|
|
160
|
+
else if (Array.isArray(action)) {
|
|
161
|
+
const actionErrors = [];
|
|
162
|
+
for (let i = 0; i < action.length; i++) {
|
|
163
|
+
const value = action[i];
|
|
164
|
+
if (typeof value === 'string') {
|
|
165
|
+
actionErrors.push(...validateActionString(action[i], `${path}[${i}]`));
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
return actionErrors;
|
|
169
|
+
}
|
|
170
|
+
return [];
|
|
171
|
+
}
|
|
172
|
+
function validateActionString(string, path) {
|
|
173
|
+
if (string === '*') {
|
|
174
|
+
return [];
|
|
175
|
+
}
|
|
176
|
+
const parts = string.split(':');
|
|
177
|
+
if (parts.length != 2) {
|
|
178
|
+
return [
|
|
179
|
+
{
|
|
180
|
+
path,
|
|
181
|
+
message: `Action must be a wildcard (*) or have 2 segments`
|
|
182
|
+
}
|
|
183
|
+
];
|
|
184
|
+
}
|
|
185
|
+
const [service, action] = parts;
|
|
186
|
+
const errors = [];
|
|
187
|
+
if (!serviceRegex.test(service)) {
|
|
188
|
+
errors.push({
|
|
189
|
+
path,
|
|
190
|
+
message: `Service can only contain letters, numbers, and hyphens`
|
|
191
|
+
});
|
|
192
|
+
}
|
|
193
|
+
if (!actionRegex.test(action)) {
|
|
194
|
+
errors.push({
|
|
195
|
+
path,
|
|
196
|
+
message: `Action can only contain letters, numbers, asterisks, and question marks`
|
|
197
|
+
});
|
|
198
|
+
}
|
|
199
|
+
return errors;
|
|
200
|
+
}
|
|
123
201
|
function validateCondition(condition, path) {
|
|
124
202
|
const conditionErrors = [];
|
|
125
203
|
if (condition === undefined || condition === null) {
|
|
@@ -241,4 +319,23 @@ function validateOnlyOneOf(value, path, firstKey, secondKey) {
|
|
|
241
319
|
}
|
|
242
320
|
return [];
|
|
243
321
|
}
|
|
322
|
+
function validateStringOrArrayStringCallback(statement, fieldName, path, callback) {
|
|
323
|
+
if (statement === undefined || !statement[fieldName] || !callback) {
|
|
324
|
+
return [];
|
|
325
|
+
}
|
|
326
|
+
const value = statement[fieldName];
|
|
327
|
+
path = `${path}.${fieldName}`;
|
|
328
|
+
if (typeof value === 'string') {
|
|
329
|
+
return callback(value, path);
|
|
330
|
+
}
|
|
331
|
+
else if (Array.isArray(value)) {
|
|
332
|
+
const errors = [];
|
|
333
|
+
for (let i = 0; i < value.length; i++) {
|
|
334
|
+
errors.push(...callback(value[i], `${path}[${i}]`));
|
|
335
|
+
}
|
|
336
|
+
return errors;
|
|
337
|
+
}
|
|
338
|
+
//If it's not a string or string array that is caught elsewhere
|
|
339
|
+
return [];
|
|
340
|
+
}
|
|
244
341
|
//# sourceMappingURL=validate.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../src/validate/validate.ts"],"names":[],"mappings":";;AAYA,oDA0CC;AAjDD,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAE,SAAS,EAAE,WAAW,EAAE,IAAI,CAAE,CAAC,CAAA;AACnE,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,WAAW,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC,CAAA;AACpJ,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,CAAC,CAAC,CAAA;AACvF,MAAM,6BAA6B,GAAG,iBAAiB,CAAA;AACvD,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC,CAAA;AAGpE,SAAgB,oBAAoB,CAAC,cAAmB;IACtD,MAAM,SAAS,GAAsB,EAAE,CAAA;IACvC,IAAG,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,CAAC,EAAC,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,2CAA2C,OAAO,cAAc,EAAE,EAAC,CAAC,CAAA;IAClG,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QACzC,OAAO,CAAC,EAAC,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAC,CAAC,CAAA;IAC7E,CAAC;IAED,SAAS,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,cAAc,EAAE,iBAAiB,EAAE,EAAE,CAAC,CAAC,CAAA;IAEtE,SAAS,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,cAAc,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAA;IACxF,SAAS,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC9E,IAAG,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;QAC7B,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAA;IACJ,CAAC;IACD,SAAS,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,cAAc,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAA;IACvG,IAAG,OAAO,cAAc,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5F,SAAS,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAA;IAC7E,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxD,SAAS,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAA;QACtF,CAAC;QACD,MAAM,iBAAiB,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,GAA2B,EAAE,SAAc,EAAE,EAAE;YACxG,IAAG,SAAS,CAAC,GAAG,EAAE,CAAC;gBACjB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACtE,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC,EAAE,EAA4B,CAAC,CAAA;QAChC,KAAI,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAS,iBAAiB,CAAC,EAAE,CAAC;YACpE,IAAG,KAAK,GAAG,CAAC,EAAE,CAAC;gBACb,SAAS,CAAC,IAAI,CAAC;oBACb,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,uCAAuC,GAAG,IAAI,KAAK,QAAQ;iBACrE,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY;IACrD,MAAM,eAAe,GAAsB,EAAE,CAAA;IAC7C,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,SAAS,EAAE,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAAA;IAC5E,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;IACzF,IAAG,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC/D,eAAe,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,GAAG,IAAI,SAAS,EAAE,OAAO,EAAE,sDAAsD,EAAC,CAAC,CAAA;IACjH,CAAC;IAED,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAA;IAClF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC,CAAA;IACtF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,CAAA;IAExF,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,IAAI,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAA;IACxG,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAA;IAE9G,eAAe,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,IAAI,WAAW,CAAC,CAAC,CAAA;IACjF,eAAe,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,IAAI,cAAc,CAAC,CAAC,CAAA;IAEvF,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAA;IACjH,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,YAAY,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAA;IACvH,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC,CAAA;IACpF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,YAAY,EAAE,GAAG,IAAI,eAAe,CAAC,CAAC,CAAA;IAE1F,yEAAyE;IACzE,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC,CAAA;IACpF,OAAO,eAAe,CAAA;AAExB,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY;IACrD,MAAM,eAAe,GAAsB,EAAE,CAAA;IAE7C,IAAG,SAAS,KAAK,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAG,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjC,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,SAAS,EAAE,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAAA;QAC5E,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;QAClG,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC1G,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC9G,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,aAAa,EAAE,GAAG,IAAI,gBAAgB,EAAE,QAAQ,CAAC,CAAC,CAAA;IACxH,CAAC;IAED,OAAO,eAAe,CAAA;AAExB,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAa,EAAE,IAAY;IACnD,IAAG,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChC,OAAO,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAC/C,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,MAAM,cAAc,GAAsB,EAAE,CAAA;QAC5C,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,cAAc,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QAC9E,CAAC;QACD,OAAO,cAAc,CAAA;IACvB,CAAC;IACD,OAAO;QACL;YACE,IAAI;YACJ,OAAO,EAAE,sCAAsC;SAChD;KACF,CAAA;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,cAAmB,EAAE,IAAY;IAC/D,IAAG,cAAc,KAAK,GAAG,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvC,IAAG,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;QAC5C,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,yDAAyD;aACnE;SACF,CAAA;IACH,CAAC;IAED,OAAO,EAAE,CAAA;AAEX,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY;IACrD,MAAM,eAAe,GAAsB,EAAE,CAAA;IAC7C,IAAG,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACjD,OAAO,EAAE,CAAA;IACX,CAAC;IACD,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC5E,IAAG,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,eAAe,CAAA;IACxB,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,eAAe,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,6CAA6C;YACtD,IAAI;SACL,CAAC,CAAA;QACF,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACjD,KAAI,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QACzC,sBAAsB;QACtB,IAAG,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,eAAe,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;gBAC3B,OAAO,EAAE,+BAA+B;aACzC,CAAC,CAAA;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACzC,IAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,eAAe,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;gBAC3B,OAAO,EAAE,+BAA+B;aACzC,CAAC,CAAA;QACJ,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAA;YAClD,IAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,IAAI,CAAC;oBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;oBAC3B,OAAO,EAAE,mEAAmE;iBAC7E,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;QACvG,IAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACtC,eAAe,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,sDAAsD;gBAC/D,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;aAC5B,CAAC,CAAA;QACJ,CAAC;QAED,IAAG,OAAO,SAAS,CAAC,QAAQ,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAClF,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAA;YACtD,KAAI,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;gBAC/B,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,IAAI,QAAQ,IAAI,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;YAC9H,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC;AAED,SAAS,YAAY,CAAC,MAAW,EAAE,WAAwB,EAAE,IAAY;IACvE,MAAM,SAAS,GAAsB,EAAE,CAAA;IACvC,IAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QACd,IAAI,GAAG,GAAG,IAAI,GAAG,CAAA;IACnB,CAAC;IAED,KAAI,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACrC,IAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,SAAS,CAAC,IAAI,CAAC;gBACb,OAAO,EAAE,eAAe,GAAG,EAAE;gBAC7B,IAAI,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE;aACtB,CAAC,CAAA;QACJ,CAAC;aAAM,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,SAAS,CAAC,IAAI,CAAC;gBACb,OAAO,EAAE,eAAe,GAAG,8BAA8B;gBACzD,IAAI,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE;aACtB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,iCAAiC,CAAC,KAAU,EAAE,IAAY,EAAE,YAA6C;IAChH,IAAG,KAAK,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAE,YAAY,CAAE,CAAA;IAC5E,MAAM,iBAAiB,GAAsB,EAAE,CAAA;IAC/C,IAAG,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,wBAAwB,CAAC,KAAK,EAAE,IAAI,EAAE,YAAY,CAAC,CAAA;IAC5D,CAAC;SAAM,CAAC;QACN,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,iBAAiB,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAA;QAC9F,CAAC;IACH,CAAC;IAED,OAAO,iBAAiB,CAAA;AAC1B,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAU,EAAE,IAAY,EAAE,gBAAiD;IAC3G,IAAG,KAAK,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,gBAAgB,CAAE,CAAA;IAC5F,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,MAAM,aAAa,GAAG,OAAO,KAAK,CAAA;IAClC,IAAG,CAAC,gBAAgB,CAAC,QAAQ,CAAC,aAA+B,CAAC,EAAE,CAAC;QAC/D,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,mBAAmB,aAAa,wBAAwB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC9F,IAAI;SACL,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAU,EAAE,IAAY,EAAE,QAAgB,EAAE,SAAiB;IACtF,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC/B,IAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACvD,OAAO;YACL;gBACE,OAAO,EAAE,eAAe,QAAQ,OAAO,SAAS,yBAAyB;gBACzE,IAAI;aACL;SACF,CAAA;IACH,CAAC;IAED,OAAO,EAAE,CAAA;AACX,CAAC"}
|
|
1
|
+
{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../src/validate/validate.ts"],"names":[],"mappings":";;AA0BA,oDA0CC;AA9DD,MAAM,YAAY,GAAG,iBAAiB,CAAA;AACtC,MAAM,WAAW,GAAG,mBAAmB,CAAA;AAEvC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAE,SAAS,EAAE,WAAW,EAAE,IAAI,CAAE,CAAC,CAAA;AACnE,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,WAAW,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC,CAAA;AACpJ,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,CAAC,CAAC,CAAA;AACvF,MAAM,6BAA6B,GAAG,iBAAiB,CAAA;AACvD,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC,CAAA;AAapE,SAAgB,oBAAoB,CAAC,cAAmB,EAAE,sBAA2C,EAAE;IACrG,MAAM,SAAS,GAAsB,EAAE,CAAA;IACvC,IAAG,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,CAAC,EAAC,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,2CAA2C,OAAO,cAAc,EAAE,EAAC,CAAC,CAAA;IAClG,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QACzC,OAAO,CAAC,EAAC,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAC,CAAC,CAAA;IAC7E,CAAC;IAED,SAAS,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,cAAc,EAAE,iBAAiB,EAAE,EAAE,CAAC,CAAC,CAAA;IACtE,SAAS,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAA;IAEhE,SAAS,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC9E,IAAG,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;QAC7B,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAA;IACJ,CAAC;IACD,SAAS,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,cAAc,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAA;IACvG,IAAG,OAAO,cAAc,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5F,SAAS,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,SAAS,EAAE,WAAW,EAAE,mBAAmB,CAAC,CAAC,CAAA;IAClG,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxD,SAAS,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,GAAG,EAAE,mBAAmB,CAAC,CAAC,CAAA;QAC3G,CAAC;QACD,MAAM,iBAAiB,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,GAA2B,EAAE,SAAc,EAAE,EAAE;YACxG,IAAG,SAAS,CAAC,GAAG,EAAE,CAAC;gBACjB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACtE,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC,EAAE,EAA4B,CAAC,CAAA;QAChC,KAAI,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAS,iBAAiB,CAAC,EAAE,CAAC;YACpE,IAAG,KAAK,GAAG,CAAC,EAAE,CAAC;gBACb,SAAS,CAAC,IAAI,CAAC;oBACb,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,uCAAuC,GAAG,IAAI,KAAK,QAAQ;iBACrE,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAY;IACzC,IAAG,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QAC7C,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAG,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO;YACL;gBACE,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,qCAAqC;aAC/C;SACF,CAAA;IACH,CAAC;IAED,IAAG,OAAO,KAAK,YAAY,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;QACxD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,OAAO;QACL;YACE,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,qDAAqD;SAC/D;KACF,CAAA;AAGH,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY,EAAE,mBAAwC;IAC/F,MAAM,eAAe,GAAsB,EAAE,CAAA;IAC7C,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,SAAS,EAAE,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAAA;IAC5E,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;IACzF,IAAG,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC/D,eAAe,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,GAAG,IAAI,SAAS,EAAE,OAAO,EAAE,sDAAsD,EAAC,CAAC,CAAA;IACjH,CAAC;IACD,eAAe,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;IAEvF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAA;IAClF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC,CAAA;IACtF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,CAAA;IAExF,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,IAAI,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAA;IACxG,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAA;IAE9G,eAAe,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,CAAC,CAAA;IACpF,eAAe,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC,CAAA;IAE1F,eAAe,CAAC,IAAI,CAAC,GAAG,mCAAmC,CAAC,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAA;IAC3H,eAAe,CAAC,IAAI,CAAC,GAAG,mCAAmC,CAAC,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,mBAAmB,CAAC,iBAAiB,CAAC,CAAC,CAAA;IAEjI,eAAe,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,IAAI,WAAW,CAAC,CAAC,CAAA;IACjF,eAAe,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,IAAI,cAAc,CAAC,CAAC,CAAA;IAEvF,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAA;IACjH,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,YAAY,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAA;IACvH,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC,CAAA;IACpF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,YAAY,EAAE,GAAG,IAAI,eAAe,CAAC,CAAC,CAAA;IAE1F,yEAAyE;IACzE,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC,CAAA;IACpF,OAAO,eAAe,CAAA;AAExB,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY;IACrD,MAAM,eAAe,GAAsB,EAAE,CAAA;IAE7C,IAAG,SAAS,KAAK,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAG,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjC,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,SAAS,EAAE,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAAA;QAC5E,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;QAClG,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC1G,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC9G,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,aAAa,EAAE,GAAG,IAAI,gBAAgB,EAAE,QAAQ,CAAC,CAAC,CAAA;IACxH,CAAC;IAED,OAAO,eAAe,CAAA;AAExB,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAa,EAAE,IAAY;IACnD,IAAG,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChC,OAAO,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAC/C,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,MAAM,cAAc,GAAsB,EAAE,CAAA;QAC5C,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,cAAc,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QAC9E,CAAC;QACD,OAAO,cAAc,CAAA;IACvB,CAAC;IACD,OAAO;QACL;YACE,IAAI;YACJ,OAAO,EAAE,sCAAsC;SAChD;KACF,CAAA;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,cAAmB,EAAE,IAAY;IAC/D,IAAG,cAAc,KAAK,GAAG,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvC,IAAG,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;QAC5C,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,yDAAyD;aACnE;SACF,CAAA;IACH,CAAC;IAED,OAAO,EAAE,CAAA;AAEX,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAW,EAAE,IAAY;IACxD,IAAG,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QAC3C,OAAO,EAAE,CAAA;IACX,CAAC;IACD,kCAAkC;IAClC,IAAG,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IAC3C,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,MAAM,YAAY,GAAsB,EAAE,CAAA;QAC1C,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;YACvB,IAAG,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC7B,YAAY,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;YACxE,CAAC;QAEH,CAAC;QACD,OAAO,YAAY,CAAA;IACrB,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc,EAAE,IAAY;IACxD,IAAG,MAAM,KAAK,GAAG,EAAE,CAAC;QAClB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAG,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,kDAAkD;aAC5D;SACF,CAAA;IACH,CAAC;IAED,MAAM,CAAE,OAAO,EAAE,MAAM,CAAE,GAAG,KAAK,CAAA;IACjC,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,IAAG,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI;YACJ,OAAO,EAAE,wDAAwD;SAClE,CAAC,CAAA;IACJ,CAAC;IACD,IAAG,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI;YACJ,OAAO,EAAE,yEAAyE;SACnF,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY;IACrD,MAAM,eAAe,GAAsB,EAAE,CAAA;IAC7C,IAAG,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACjD,OAAO,EAAE,CAAA;IACX,CAAC;IACD,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC5E,IAAG,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,eAAe,CAAA;IACxB,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,eAAe,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,6CAA6C;YACtD,IAAI;SACL,CAAC,CAAA;QACF,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACjD,KAAI,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QACzC,sBAAsB;QACtB,IAAG,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,eAAe,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;gBAC3B,OAAO,EAAE,+BAA+B;aACzC,CAAC,CAAA;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACzC,IAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,eAAe,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;gBAC3B,OAAO,EAAE,+BAA+B;aACzC,CAAC,CAAA;QACJ,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAA;YAClD,IAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,IAAI,CAAC;oBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;oBAC3B,OAAO,EAAE,mEAAmE;iBAC7E,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;QACvG,IAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACtC,eAAe,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,sDAAsD;gBAC/D,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;aAC5B,CAAC,CAAA;QACJ,CAAC;QAED,IAAG,OAAO,SAAS,CAAC,QAAQ,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAClF,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAA;YACtD,KAAI,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;gBAC/B,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,IAAI,QAAQ,IAAI,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;YAC9H,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC;AAED,SAAS,YAAY,CAAC,MAAW,EAAE,WAAwB,EAAE,IAAY;IACvE,MAAM,SAAS,GAAsB,EAAE,CAAA;IACvC,IAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QACd,IAAI,GAAG,GAAG,IAAI,GAAG,CAAA;IACnB,CAAC;IAED,KAAI,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACrC,IAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,SAAS,CAAC,IAAI,CAAC;gBACb,OAAO,EAAE,eAAe,GAAG,EAAE;gBAC7B,IAAI,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE;aACtB,CAAC,CAAA;QACJ,CAAC;aAAM,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,SAAS,CAAC,IAAI,CAAC;gBACb,OAAO,EAAE,eAAe,GAAG,8BAA8B;gBACzD,IAAI,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE;aACtB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,iCAAiC,CAAC,KAAU,EAAE,IAAY,EAAE,YAA6C;IAChH,IAAG,KAAK,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAE,YAAY,CAAE,CAAA;IAC5E,MAAM,iBAAiB,GAAsB,EAAE,CAAA;IAC/C,IAAG,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,wBAAwB,CAAC,KAAK,EAAE,IAAI,EAAE,YAAY,CAAC,CAAA;IAC5D,CAAC;SAAM,CAAC;QACN,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,iBAAiB,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAA;QAC9F,CAAC;IACH,CAAC;IAED,OAAO,iBAAiB,CAAA;AAC1B,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAU,EAAE,IAAY,EAAE,gBAAiD;IAC3G,IAAG,KAAK,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,gBAAgB,CAAE,CAAA;IAC5F,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,MAAM,aAAa,GAAG,OAAO,KAAK,CAAA;IAClC,IAAG,CAAC,gBAAgB,CAAC,QAAQ,CAAC,aAA+B,CAAC,EAAE,CAAC;QAC/D,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,mBAAmB,aAAa,wBAAwB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC9F,IAAI;SACL,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAU,EAAE,IAAY,EAAE,QAAgB,EAAE,SAAiB;IACtF,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC/B,IAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACvD,OAAO;YACL;gBACE,OAAO,EAAE,eAAe,QAAQ,OAAO,SAAS,yBAAyB;gBACzE,IAAI;aACL;SACF,CAAA;IACH,CAAC;IAED,OAAO,EAAE,CAAA;AACX,CAAC;AAED,SAAS,mCAAmC,CAAC,SAAc,EAAE,SAAiB,EAAE,IAAY,EAAE,QAA6D;IACzJ,IAAG,SAAS,KAAK,SAAS,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACjE,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,CAAA;IAClC,IAAI,GAAG,GAAG,IAAI,IAAI,SAAS,EAAE,CAAA;IAC7B,IAAG,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;IAC9B,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,MAAM,GAAsB,EAAE,CAAA;QACpC,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QACrD,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IACD,+DAA+D;IAC/D,OAAO,EAAE,CAAA;AACX,CAAC"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
import { ValidationError } from "./validate.js";
|
|
2
|
+
/**
|
|
3
|
+
* Validates an Identity Policy attached to an IAM role or user, or managed policy
|
|
4
|
+
*
|
|
5
|
+
* @param policy the policy to validate
|
|
6
|
+
* @returns an array of validation errors
|
|
7
|
+
*/
|
|
8
|
+
export declare function validateIdentityPolicy(policy: any): ValidationError[];
|
|
9
|
+
/**
|
|
10
|
+
* Validates a Service Control Policy (SCP)
|
|
11
|
+
*
|
|
12
|
+
* @param policy the policy to validate
|
|
13
|
+
* @returns an array of validation errors
|
|
14
|
+
*/
|
|
15
|
+
export declare function validateServiceControlPolicy(policy: any): ValidationError[];
|
|
16
|
+
/**
|
|
17
|
+
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource
|
|
18
|
+
*
|
|
19
|
+
* @param policy the policy to validate
|
|
20
|
+
* @returns an array of validation errors
|
|
21
|
+
*/
|
|
22
|
+
export declare function validateResourcePolicy(policy: any): ValidationError[];
|
|
23
|
+
/**
|
|
24
|
+
* Validates a Resource Control Policy (RCP)
|
|
25
|
+
*
|
|
26
|
+
* @param policy the policy to validate
|
|
27
|
+
* @returns an array of validation errors
|
|
28
|
+
*/
|
|
29
|
+
export declare function validateResourceControlPolicy(policy: any): ValidationError[];
|
|
30
|
+
/**
|
|
31
|
+
* Validates a Trust Policy attached to a role
|
|
32
|
+
*
|
|
33
|
+
* @param policy the policy to validate
|
|
34
|
+
* @returns an array of validation errors
|
|
35
|
+
*/
|
|
36
|
+
export declare function validateTrustPolicy(policy: any): ValidationError[];
|
|
37
|
+
/**
|
|
38
|
+
* Validates an VPC Endpoint Policy
|
|
39
|
+
*
|
|
40
|
+
* @param policy the policy to validate
|
|
41
|
+
* @returns an array of validation errors
|
|
42
|
+
*/
|
|
43
|
+
export declare function validateEndpointPolicy(policy: any): ValidationError[];
|
|
44
|
+
/**
|
|
45
|
+
* Validates a session policy
|
|
46
|
+
*
|
|
47
|
+
* @param policy the policy to validate
|
|
48
|
+
* @returns an array of validation errors
|
|
49
|
+
*/
|
|
50
|
+
export declare function validateSessionPolicy(policy: any): ValidationError[];
|
|
51
|
+
//# sourceMappingURL=validateTypes.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validateTypes.d.ts","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,eAAe,EAAE,MAAM,eAAe,CAAC;AAEtE;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAWrE;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAmD3E;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAWrE;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAsC5E;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAWlE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAWrE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAWpE"}
|
|
@@ -0,0 +1,237 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.validateIdentityPolicy = validateIdentityPolicy;
|
|
4
|
+
exports.validateServiceControlPolicy = validateServiceControlPolicy;
|
|
5
|
+
exports.validateResourcePolicy = validateResourcePolicy;
|
|
6
|
+
exports.validateResourceControlPolicy = validateResourceControlPolicy;
|
|
7
|
+
exports.validateTrustPolicy = validateTrustPolicy;
|
|
8
|
+
exports.validateEndpointPolicy = validateEndpointPolicy;
|
|
9
|
+
exports.validateSessionPolicy = validateSessionPolicy;
|
|
10
|
+
const validate_js_1 = require("./validate.js");
|
|
11
|
+
/**
|
|
12
|
+
* Validates an Identity Policy attached to an IAM role or user, or managed policy
|
|
13
|
+
*
|
|
14
|
+
* @param policy the policy to validate
|
|
15
|
+
* @returns an array of validation errors
|
|
16
|
+
*/
|
|
17
|
+
function validateIdentityPolicy(policy) {
|
|
18
|
+
return (0, validate_js_1.validatePolicySyntax)(policy, {
|
|
19
|
+
validateStatement: (statement, path) => {
|
|
20
|
+
const policyType = 'an identity policy';
|
|
21
|
+
const errors = [];
|
|
22
|
+
errors.push(...validateProhibitedFields(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
23
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
24
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
25
|
+
return errors;
|
|
26
|
+
}
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Validates a Service Control Policy (SCP)
|
|
31
|
+
*
|
|
32
|
+
* @param policy the policy to validate
|
|
33
|
+
* @returns an array of validation errors
|
|
34
|
+
*/
|
|
35
|
+
function validateServiceControlPolicy(policy) {
|
|
36
|
+
const policyType = 'a service control policy';
|
|
37
|
+
const validateAction = (action, path, type) => {
|
|
38
|
+
const firstWildcard = Math.max(action.indexOf('*'), action.indexOf('?'));
|
|
39
|
+
if (firstWildcard === -1) {
|
|
40
|
+
return [];
|
|
41
|
+
}
|
|
42
|
+
if (firstWildcard == action.length - 1) {
|
|
43
|
+
return [];
|
|
44
|
+
}
|
|
45
|
+
return [{
|
|
46
|
+
path,
|
|
47
|
+
message: `Wildcard characters are only allowed at the end of ${type} in ${policyType}`
|
|
48
|
+
}];
|
|
49
|
+
};
|
|
50
|
+
return (0, validate_js_1.validatePolicySyntax)(policy, {
|
|
51
|
+
validateStatement: (statement, path) => {
|
|
52
|
+
const errors = [];
|
|
53
|
+
errors.push(...validateProhibitedFields(statement, ['Principal', 'NotPrincipal', 'NotResource'], path, policyType));
|
|
54
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource'], path, policyType));
|
|
55
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
56
|
+
if (statement.Effect === "Allow") {
|
|
57
|
+
if (statement.Resource !== "*") {
|
|
58
|
+
errors.push({
|
|
59
|
+
path,
|
|
60
|
+
message: `Resource must be "*" when Effect is "Allow" in ${policyType}`
|
|
61
|
+
});
|
|
62
|
+
}
|
|
63
|
+
if (statement.NotAction) {
|
|
64
|
+
errors.push({
|
|
65
|
+
path,
|
|
66
|
+
message: `NotAction is not allowed when Effect is "Allow" in ${policyType}`
|
|
67
|
+
});
|
|
68
|
+
}
|
|
69
|
+
if (statement.Condition) {
|
|
70
|
+
errors.push({
|
|
71
|
+
path,
|
|
72
|
+
message: `Condition is not allowed when Effect is "Allow" in ${policyType}`
|
|
73
|
+
});
|
|
74
|
+
}
|
|
75
|
+
}
|
|
76
|
+
return errors;
|
|
77
|
+
},
|
|
78
|
+
validateAction: (action, path) => validateAction(action, path, 'Action'),
|
|
79
|
+
validateNotAction: (action, path) => validateAction(action, path, 'NotAction')
|
|
80
|
+
});
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource
|
|
84
|
+
*
|
|
85
|
+
* @param policy the policy to validate
|
|
86
|
+
* @returns an array of validation errors
|
|
87
|
+
*/
|
|
88
|
+
function validateResourcePolicy(policy) {
|
|
89
|
+
return (0, validate_js_1.validatePolicySyntax)(policy, {
|
|
90
|
+
validateStatement: (statement, path) => {
|
|
91
|
+
const policyType = 'a resource policy';
|
|
92
|
+
const errors = [];
|
|
93
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
94
|
+
errors.push(...validateAtLeastOneOf(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
95
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
96
|
+
return errors;
|
|
97
|
+
}
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Validates a Resource Control Policy (RCP)
|
|
102
|
+
*
|
|
103
|
+
* @param policy the policy to validate
|
|
104
|
+
* @returns an array of validation errors
|
|
105
|
+
*/
|
|
106
|
+
function validateResourceControlPolicy(policy) {
|
|
107
|
+
const policyType = 'a resource control policy';
|
|
108
|
+
return (0, validate_js_1.validatePolicySyntax)(policy, {
|
|
109
|
+
validateStatement: (statement, path) => {
|
|
110
|
+
const errors = [];
|
|
111
|
+
if (statement.Effect !== "Deny") {
|
|
112
|
+
errors.push({
|
|
113
|
+
path: `${path}.Effect`,
|
|
114
|
+
message: `Effect must be "Deny" in ${policyType}`
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
if (statement.Principal !== "*") {
|
|
118
|
+
errors.push({
|
|
119
|
+
path: `${path}.Principal`,
|
|
120
|
+
message: `Principal must be "*" in ${policyType}`
|
|
121
|
+
});
|
|
122
|
+
}
|
|
123
|
+
errors.push(...validateProhibitedFields(statement, ['NotPrincipal', 'NotAction'], path, policyType));
|
|
124
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action'], path, policyType));
|
|
125
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
126
|
+
return errors;
|
|
127
|
+
},
|
|
128
|
+
validateAction: (action, path) => {
|
|
129
|
+
if (action === "*") {
|
|
130
|
+
return [{
|
|
131
|
+
path,
|
|
132
|
+
message: `Action cannot be "*" in ${policyType}`
|
|
133
|
+
}];
|
|
134
|
+
}
|
|
135
|
+
return [];
|
|
136
|
+
}
|
|
137
|
+
});
|
|
138
|
+
}
|
|
139
|
+
/**
|
|
140
|
+
* Validates a Trust Policy attached to a role
|
|
141
|
+
*
|
|
142
|
+
* @param policy the policy to validate
|
|
143
|
+
* @returns an array of validation errors
|
|
144
|
+
*/
|
|
145
|
+
function validateTrustPolicy(policy) {
|
|
146
|
+
return (0, validate_js_1.validatePolicySyntax)(policy, {
|
|
147
|
+
validateStatement: (statement, path) => {
|
|
148
|
+
const policyType = 'a trust policy';
|
|
149
|
+
const errors = [];
|
|
150
|
+
errors.push(...validateProhibitedFields(statement, ['Resource', 'NotResource'], path, policyType));
|
|
151
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
152
|
+
errors.push(...validateAtLeastOneOf(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
153
|
+
return errors;
|
|
154
|
+
}
|
|
155
|
+
});
|
|
156
|
+
}
|
|
157
|
+
/**
|
|
158
|
+
* Validates an VPC Endpoint Policy
|
|
159
|
+
*
|
|
160
|
+
* @param policy the policy to validate
|
|
161
|
+
* @returns an array of validation errors
|
|
162
|
+
*/
|
|
163
|
+
function validateEndpointPolicy(policy) {
|
|
164
|
+
return (0, validate_js_1.validatePolicySyntax)(policy, {
|
|
165
|
+
validateStatement: (statement, path) => {
|
|
166
|
+
const policyType = 'an endpoint policy';
|
|
167
|
+
const errors = [];
|
|
168
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
169
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
170
|
+
errors.push(...validateAtLeastOneOf(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
171
|
+
return errors;
|
|
172
|
+
}
|
|
173
|
+
});
|
|
174
|
+
}
|
|
175
|
+
/**
|
|
176
|
+
* Validates a session policy
|
|
177
|
+
*
|
|
178
|
+
* @param policy the policy to validate
|
|
179
|
+
* @returns an array of validation errors
|
|
180
|
+
*/
|
|
181
|
+
function validateSessionPolicy(policy) {
|
|
182
|
+
return (0, validate_js_1.validatePolicySyntax)(policy, {
|
|
183
|
+
validateStatement: (statement, path) => {
|
|
184
|
+
const policyType = 'a session policy';
|
|
185
|
+
const errors = [];
|
|
186
|
+
errors.push(...validateProhibitedFields(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
187
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
188
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
189
|
+
return errors;
|
|
190
|
+
}
|
|
191
|
+
});
|
|
192
|
+
}
|
|
193
|
+
/**
|
|
194
|
+
* Validates that at least one of the specified fields is present in a statement
|
|
195
|
+
*
|
|
196
|
+
* @param statement the statement to validate
|
|
197
|
+
* @param requiredFields the list of fields, that at least one must be present
|
|
198
|
+
* @param path the path to the statement in the policy
|
|
199
|
+
* @param policyType the type of policy being validated
|
|
200
|
+
* @returns an array of validation errors
|
|
201
|
+
*/
|
|
202
|
+
function validateAtLeastOneOf(statement, requiredFields, path, policyType) {
|
|
203
|
+
const presentFields = requiredFields.filter(field => statement[field]);
|
|
204
|
+
let message = `One of ${requiredFields.join(' or ')} is required in ${policyType}`;
|
|
205
|
+
if (requiredFields.length === 1) {
|
|
206
|
+
message = `${requiredFields[0]} is required in ${policyType}`;
|
|
207
|
+
}
|
|
208
|
+
if (presentFields.length === 0) {
|
|
209
|
+
return [{
|
|
210
|
+
path,
|
|
211
|
+
message
|
|
212
|
+
}];
|
|
213
|
+
}
|
|
214
|
+
return [];
|
|
215
|
+
}
|
|
216
|
+
/**
|
|
217
|
+
* Validates prohibited fields do not exist in a statement
|
|
218
|
+
*
|
|
219
|
+
* @param statement the statement to validate
|
|
220
|
+
* @param prohibitedFields the list of fields that are not allowed
|
|
221
|
+
* @param path the path to the statement in the policy
|
|
222
|
+
* @param policyType the type of policy being validated
|
|
223
|
+
* @returns an array of validation errors
|
|
224
|
+
*/
|
|
225
|
+
function validateProhibitedFields(statement, prohibitedFields, path, policyType) {
|
|
226
|
+
const errors = [];
|
|
227
|
+
for (const field of prohibitedFields) {
|
|
228
|
+
if (statement[field]) {
|
|
229
|
+
errors.push({
|
|
230
|
+
path: `${path}.${field}`,
|
|
231
|
+
message: `${field} is not allowed in ${policyType}`
|
|
232
|
+
});
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
return errors;
|
|
236
|
+
}
|
|
237
|
+
//# sourceMappingURL=validateTypes.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validateTypes.js","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":";;AAQA,wDAWC;AAQD,oEAmDC;AAQD,wDAWC;AAQD,sEAsCC;AAQD,kDAWC;AAQD,wDAWC;AAQD,sDAWC;AAxMD,+CAAsE;AAEtE;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,MAAW;IAChD,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,oBAAoB,CAAA;YACvC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YACpG,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,SAAgB,4BAA4B,CAAC,MAAW;IACtD,MAAM,UAAU,GAAG,0BAA0B,CAAA;IAE7C,MAAM,cAAc,GAAG,CAAC,MAAc,EAAE,IAAY,EAAE,IAAY,EAAqB,EAAE;QACvF,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAA;QACxE,IAAG,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;YACxB,OAAO,EAAE,CAAA;QACX,CAAC;QACD,IAAG,aAAa,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,OAAO,EAAE,CAAA;QACX,CAAC;QACD,OAAO,CAAC;gBACN,IAAI;gBACJ,OAAO,EAAE,sDAAsD,IAAI,OAAO,UAAU,EAAE;aACvF,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YACnH,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC/E,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAE1F,IAAG,SAAS,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBAChC,IAAG,SAAS,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;oBAC9B,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI;wBACJ,OAAO,EAAE,kDAAkD,UAAU,EAAE;qBACxE,CAAC,CAAA;gBACJ,CAAC;gBACD,IAAG,SAAS,CAAC,SAAS,EAAE,CAAC;oBACvB,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI;wBACJ,OAAO,EAAE,sDAAsD,UAAU,EAAE;qBAC5E,CAAC,CAAA;gBACJ,CAAC;gBACD,IAAG,SAAS,CAAC,SAAS,EAAE,CAAC;oBACvB,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI;wBACJ,OAAO,EAAE,sDAAsD,UAAU,EAAE;qBAC5E,CAAC,CAAA;gBACJ,CAAC;YAGH,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC;QACD,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC;QACxE,iBAAiB,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,CAAC;KAC/E,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,MAAW;IAChD,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,mBAAmB,CAAA;YACtC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAChG,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,SAAgB,6BAA6B,CAAC,MAAW;IACvD,MAAM,UAAU,GAAG,2BAA2B,CAAA;IAE9C,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YAErC,MAAM,MAAM,GAAsB,EAAE,CAAA;YAEpC,IAAG,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC/B,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,GAAG,IAAI,SAAS;oBACtB,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,IAAG,SAAS,CAAC,SAAS,KAAK,GAAG,EAAE,CAAC;gBAC/B,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,GAAG,IAAI,YAAY;oBACzB,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YACpG,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC7E,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;QAED,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;YAC/B,IAAG,MAAM,KAAK,GAAG,EAAE,CAAC;gBAClB,OAAO,CAAC;wBACN,IAAI;wBACJ,OAAO,EAAE,2BAA2B,UAAU,EAAE;qBACjD,CAAC,CAAA;YACJ,CAAC;YACD,OAAO,EAAE,CAAA;QACX,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,MAAW;IAC7C,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,gBAAgB,CAAA;YACnC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAClG,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAChG,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,MAAW;IAChD,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,oBAAoB,CAAA;YACvC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAChG,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB,CAAC,MAAW;IAC/C,OAAO,IAAA,kCAAoB,EAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,kBAAkB,CAAA;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YACpG,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,oBAAoB,CAAC,SAAc,EAAE,cAAwB,EAAE,IAAY,EAAE,UAAkB;IACtG,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAA;IACtE,IAAI,OAAO,GAAG,UAAU,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAClF,IAAG,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,GAAG,GAAG,cAAc,CAAC,CAAC,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAC/D,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC;gBACN,IAAI;gBACJ,OAAO;aACR,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,wBAAwB,CAAC,SAAc,EAAE,gBAA0B,EAAE,IAAY,EAAE,UAAkB;IAC5G,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAI,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACpC,IAAG,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,GAAG,IAAI,IAAI,KAAK,EAAE;gBACxB,OAAO,EAAE,GAAG,KAAK,sBAAsB,UAAU,EAAE;aACpD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}
|
package/dist/esm/index.d.ts
CHANGED
|
@@ -7,4 +7,5 @@ export type { AccountPrincipal, AwsPrincipal, CanonicalUserPrincipal, FederatedP
|
|
|
7
7
|
export type { Resource } from './resources/resource.js';
|
|
8
8
|
export type { ActionStatement, NotActionStatement, NotPrincipalStatement, NotResourceStatement, PrincipalStatement, ResourceStatement, Statement } from './statements/statement.js';
|
|
9
9
|
export { validatePolicySyntax, type ValidationError } from './validate/validate.js';
|
|
10
|
+
export { validateEndpointPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy, validateSessionPolicy, validateTrustPolicy } from './validate/validateTypes.js';
|
|
10
11
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/esm/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EAAE,gBAAgB,EAAE,YAAY,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,SAAS,EAAE,aAAa,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC1L,YAAY,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACvD,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACnL,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAC5F,YAAY,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AAC1D,YAAY,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oCAAoC,CAAA;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAA;AAClD,YAAY,EAAE,gBAAgB,EAAE,YAAY,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,SAAS,EAAE,aAAa,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC1L,YAAY,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAA;AACvD,YAAY,EAAE,eAAe,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAA;AACnL,OAAO,EAAE,oBAAoB,EAAE,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}
|
package/dist/esm/index.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
1
|
export { loadPolicy } from './parser.js';
|
|
2
2
|
export { validatePolicySyntax } from './validate/validate.js';
|
|
3
|
+
export { validateEndpointPolicy, validateIdentityPolicy, validateResourceControlPolicy, validateResourcePolicy, validateServiceControlPolicy, validateSessionPolicy, validateTrustPolicy } from './validate/validateTypes.js';
|
|
3
4
|
//# sourceMappingURL=index.js.map
|
package/dist/esm/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAKxC,OAAO,EAAE,oBAAoB,EAAwB,MAAM,wBAAwB,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAKxC,OAAO,EAAE,oBAAoB,EAAwB,MAAM,wBAAwB,CAAA;AACnF,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,6BAA6B,EAC7B,sBAAsB,EACtB,4BAA4B,EAC5B,qBAAqB,EACrB,mBAAmB,EACpB,MAAM,6BAA6B,CAAA"}
|
|
@@ -2,5 +2,14 @@ export interface ValidationError {
|
|
|
2
2
|
message: string;
|
|
3
3
|
path: string;
|
|
4
4
|
}
|
|
5
|
-
export
|
|
5
|
+
export interface ValidationCallbacks {
|
|
6
|
+
validateStatement?: (statement: any, path: string) => ValidationError[];
|
|
7
|
+
validateAction?: (action: string, path: string) => ValidationError[];
|
|
8
|
+
validateNotAction?: (notAction: string, path: string) => ValidationError[];
|
|
9
|
+
validatePrincipal?: (principal: any, path: string) => ValidationError[];
|
|
10
|
+
validateNotPrincipal?: (notPrincipal: any, path: string) => ValidationError[];
|
|
11
|
+
validateResource?: (resource: string, path: string) => ValidationError[];
|
|
12
|
+
validateNotResource?: (notResource: string, path: string) => ValidationError[];
|
|
13
|
+
}
|
|
14
|
+
export declare function validatePolicySyntax(policyDocument: any, validationCallbacks?: ValidationCallbacks): ValidationError[];
|
|
6
15
|
//# sourceMappingURL=validate.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../../src/validate/validate.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../../src/validate/validate.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;CACb;AAYD,MAAM,WAAW,mBAAmB;IAClC,iBAAiB,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IACvE,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IACpE,iBAAiB,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IAC1E,iBAAiB,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IACvE,oBAAoB,CAAC,EAAE,CAAC,YAAY,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IAC7E,gBAAgB,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;IACxE,mBAAmB,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,KAAK,eAAe,EAAE,CAAA;CAC/E;AAED,wBAAgB,oBAAoB,CAAC,cAAc,EAAE,GAAG,EAAE,mBAAmB,GAAE,mBAAwB,GAAG,eAAe,EAAE,CA0C1H"}
|
|
@@ -1,9 +1,11 @@
|
|
|
1
|
+
const serviceRegex = /^[a-zA-Z0-9-]+$/;
|
|
2
|
+
const actionRegex = /^[a-zA-Z0-9*\?]+$/;
|
|
1
3
|
const allowedPolicyKeys = new Set(['Version', 'Statement', 'Id']);
|
|
2
4
|
const allowedStatementKeys = new Set(['Sid', 'Effect', 'Action', 'NotAction', 'Resource', 'NotResource', 'Principal', 'NotPrincipal', 'Condition']);
|
|
3
5
|
const allowedPrincipalKeys = new Set(['AWS', 'Service', 'Federated', 'CanonicalUser']);
|
|
4
6
|
const validConditionOperatorPattern = /^[a-zA-Z0-9:]+$/;
|
|
5
7
|
const allowedSetOperators = new Set(["forallvalues", "foranyvalue"]);
|
|
6
|
-
export function validatePolicySyntax(policyDocument) {
|
|
8
|
+
export function validatePolicySyntax(policyDocument, validationCallbacks = {}) {
|
|
7
9
|
const allErrors = [];
|
|
8
10
|
if (typeof policyDocument !== 'object') {
|
|
9
11
|
return [{ path: '', message: `Policy must be an object, received type ${typeof policyDocument}` }];
|
|
@@ -12,7 +14,7 @@ export function validatePolicySyntax(policyDocument) {
|
|
|
12
14
|
return [{ path: '', message: 'Policy must be an object, received an array' }];
|
|
13
15
|
}
|
|
14
16
|
allErrors.push(...validateKeys(policyDocument, allowedPolicyKeys, ''));
|
|
15
|
-
allErrors.push(...
|
|
17
|
+
allErrors.push(...validatePolicyVersion(policyDocument.Version));
|
|
16
18
|
allErrors.push(...validateDataTypeIfExists(policyDocument.Id, 'Id', 'string'));
|
|
17
19
|
if (!policyDocument.Statement) {
|
|
18
20
|
allErrors.push({
|
|
@@ -22,11 +24,11 @@ export function validatePolicySyntax(policyDocument) {
|
|
|
22
24
|
}
|
|
23
25
|
allErrors.push(...validateTypeOrArrayOfTypeIfExists(policyDocument.Statement, 'Statement', ['object']));
|
|
24
26
|
if (typeof policyDocument.Statement === 'object' && !Array.isArray(policyDocument.Statement)) {
|
|
25
|
-
allErrors.push(...validateStatement(policyDocument.Statement, 'Statement'));
|
|
27
|
+
allErrors.push(...validateStatement(policyDocument.Statement, 'Statement', validationCallbacks));
|
|
26
28
|
}
|
|
27
29
|
else if (Array.isArray(policyDocument.Statement)) {
|
|
28
30
|
for (let i = 0; i < policyDocument.Statement.length; i++) {
|
|
29
|
-
allErrors.push(...validateStatement(policyDocument.Statement[i], `Statement[${i}]
|
|
31
|
+
allErrors.push(...validateStatement(policyDocument.Statement[i], `Statement[${i}]`, validationCallbacks));
|
|
30
32
|
}
|
|
31
33
|
const statementIdCounts = policyDocument.Statement.reduce((acc, statement) => {
|
|
32
34
|
if (statement.Sid) {
|
|
@@ -45,18 +47,45 @@ export function validatePolicySyntax(policyDocument) {
|
|
|
45
47
|
}
|
|
46
48
|
return allErrors;
|
|
47
49
|
}
|
|
48
|
-
function
|
|
50
|
+
function validatePolicyVersion(version) {
|
|
51
|
+
if (version === undefined || version === null) {
|
|
52
|
+
return [];
|
|
53
|
+
}
|
|
54
|
+
if (typeof version !== 'string') {
|
|
55
|
+
return [
|
|
56
|
+
{
|
|
57
|
+
path: 'Version',
|
|
58
|
+
message: `Version must be a string if present`
|
|
59
|
+
}
|
|
60
|
+
];
|
|
61
|
+
}
|
|
62
|
+
if (version === '2012-10-17' || version === '2008-10-17') {
|
|
63
|
+
return [];
|
|
64
|
+
}
|
|
65
|
+
return [
|
|
66
|
+
{
|
|
67
|
+
path: 'Version',
|
|
68
|
+
message: `Version must be either "2012-10-17" or "2008-10-17"`
|
|
69
|
+
}
|
|
70
|
+
];
|
|
71
|
+
}
|
|
72
|
+
function validateStatement(statement, path, validationCallbacks) {
|
|
49
73
|
const statementErrors = [];
|
|
50
74
|
statementErrors.push(...validateKeys(statement, allowedStatementKeys, path));
|
|
51
75
|
statementErrors.push(...validateDataTypeIfExists(statement.Sid, `${path}.Sid`, 'string'));
|
|
52
76
|
if (statement.Effect !== 'Allow' && statement.Effect !== 'Deny') {
|
|
53
77
|
statementErrors.push({ path: `${path}.Effect`, message: `Effect must be present and exactly "Allow" or "Deny"` });
|
|
54
78
|
}
|
|
79
|
+
statementErrors.push(...validationCallbacks.validateStatement?.(statement, path) || []);
|
|
55
80
|
statementErrors.push(...validateOnlyOneOf(statement, path, 'Action', 'NotAction'));
|
|
56
81
|
statementErrors.push(...validateOnlyOneOf(statement, path, 'Resource', 'NotResource'));
|
|
57
82
|
statementErrors.push(...validateOnlyOneOf(statement, path, 'Principal', 'NotPrincipal'));
|
|
58
83
|
statementErrors.push(...validateTypeOrArrayOfTypeIfExists(statement.Action, `${path}.Action`, 'string'));
|
|
59
84
|
statementErrors.push(...validateTypeOrArrayOfTypeIfExists(statement.NotAction, `${path}.NotAction`, 'string'));
|
|
85
|
+
statementErrors.push(...validateActionIfPresent(statement.Action, `${path}.Action`));
|
|
86
|
+
statementErrors.push(...validateActionIfPresent(statement.NotAction, `${path}.NotAction`));
|
|
87
|
+
statementErrors.push(...validateStringOrArrayStringCallback(statement, 'Action', path, validationCallbacks.validateAction));
|
|
88
|
+
statementErrors.push(...validateStringOrArrayStringCallback(statement, 'NotAction', path, validationCallbacks.validateNotAction));
|
|
60
89
|
statementErrors.push(...validateResource(statement.Resource, `${path}.Resource`));
|
|
61
90
|
statementErrors.push(...validateResource(statement.NotResource, `${path}.NotResource`));
|
|
62
91
|
statementErrors.push(...validateDataTypeIfExists(statement.Principal, `${path}.Principal`, ['string', 'object']));
|
|
@@ -117,6 +146,55 @@ function validateResourceString(resourceString, path) {
|
|
|
117
146
|
}
|
|
118
147
|
return [];
|
|
119
148
|
}
|
|
149
|
+
function validateActionIfPresent(action, path) {
|
|
150
|
+
if (action === undefined || action === null) {
|
|
151
|
+
return [];
|
|
152
|
+
}
|
|
153
|
+
//Type errors are caught elsewhere
|
|
154
|
+
if (typeof action === 'string') {
|
|
155
|
+
return validateActionString(action, path);
|
|
156
|
+
}
|
|
157
|
+
else if (Array.isArray(action)) {
|
|
158
|
+
const actionErrors = [];
|
|
159
|
+
for (let i = 0; i < action.length; i++) {
|
|
160
|
+
const value = action[i];
|
|
161
|
+
if (typeof value === 'string') {
|
|
162
|
+
actionErrors.push(...validateActionString(action[i], `${path}[${i}]`));
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
return actionErrors;
|
|
166
|
+
}
|
|
167
|
+
return [];
|
|
168
|
+
}
|
|
169
|
+
function validateActionString(string, path) {
|
|
170
|
+
if (string === '*') {
|
|
171
|
+
return [];
|
|
172
|
+
}
|
|
173
|
+
const parts = string.split(':');
|
|
174
|
+
if (parts.length != 2) {
|
|
175
|
+
return [
|
|
176
|
+
{
|
|
177
|
+
path,
|
|
178
|
+
message: `Action must be a wildcard (*) or have 2 segments`
|
|
179
|
+
}
|
|
180
|
+
];
|
|
181
|
+
}
|
|
182
|
+
const [service, action] = parts;
|
|
183
|
+
const errors = [];
|
|
184
|
+
if (!serviceRegex.test(service)) {
|
|
185
|
+
errors.push({
|
|
186
|
+
path,
|
|
187
|
+
message: `Service can only contain letters, numbers, and hyphens`
|
|
188
|
+
});
|
|
189
|
+
}
|
|
190
|
+
if (!actionRegex.test(action)) {
|
|
191
|
+
errors.push({
|
|
192
|
+
path,
|
|
193
|
+
message: `Action can only contain letters, numbers, asterisks, and question marks`
|
|
194
|
+
});
|
|
195
|
+
}
|
|
196
|
+
return errors;
|
|
197
|
+
}
|
|
120
198
|
function validateCondition(condition, path) {
|
|
121
199
|
const conditionErrors = [];
|
|
122
200
|
if (condition === undefined || condition === null) {
|
|
@@ -238,4 +316,23 @@ function validateOnlyOneOf(value, path, firstKey, secondKey) {
|
|
|
238
316
|
}
|
|
239
317
|
return [];
|
|
240
318
|
}
|
|
319
|
+
function validateStringOrArrayStringCallback(statement, fieldName, path, callback) {
|
|
320
|
+
if (statement === undefined || !statement[fieldName] || !callback) {
|
|
321
|
+
return [];
|
|
322
|
+
}
|
|
323
|
+
const value = statement[fieldName];
|
|
324
|
+
path = `${path}.${fieldName}`;
|
|
325
|
+
if (typeof value === 'string') {
|
|
326
|
+
return callback(value, path);
|
|
327
|
+
}
|
|
328
|
+
else if (Array.isArray(value)) {
|
|
329
|
+
const errors = [];
|
|
330
|
+
for (let i = 0; i < value.length; i++) {
|
|
331
|
+
errors.push(...callback(value[i], `${path}[${i}]`));
|
|
332
|
+
}
|
|
333
|
+
return errors;
|
|
334
|
+
}
|
|
335
|
+
//If it's not a string or string array that is caught elsewhere
|
|
336
|
+
return [];
|
|
337
|
+
}
|
|
241
338
|
//# sourceMappingURL=validate.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../src/validate/validate.ts"],"names":[],"mappings":"AAKA,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAE,SAAS,EAAE,WAAW,EAAE,IAAI,CAAE,CAAC,CAAA;AACnE,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,WAAW,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC,CAAA;AACpJ,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,CAAC,CAAC,CAAA;AACvF,MAAM,6BAA6B,GAAG,iBAAiB,CAAA;AACvD,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC,CAAA;AAGpE,MAAM,UAAU,oBAAoB,CAAC,cAAmB;IACtD,MAAM,SAAS,GAAsB,EAAE,CAAA;IACvC,IAAG,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,CAAC,EAAC,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,2CAA2C,OAAO,cAAc,EAAE,EAAC,CAAC,CAAA;IAClG,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QACzC,OAAO,CAAC,EAAC,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAC,CAAC,CAAA;IAC7E,CAAC;IAED,SAAS,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,cAAc,EAAE,iBAAiB,EAAE,EAAE,CAAC,CAAC,CAAA;IAEtE,SAAS,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,cAAc,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAA;IACxF,SAAS,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC9E,IAAG,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;QAC7B,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAA;IACJ,CAAC;IACD,SAAS,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,cAAc,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAA;IACvG,IAAG,OAAO,cAAc,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5F,SAAS,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC,CAAA;IAC7E,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxD,SAAS,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAA;QACtF,CAAC;QACD,MAAM,iBAAiB,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,GAA2B,EAAE,SAAc,EAAE,EAAE;YACxG,IAAG,SAAS,CAAC,GAAG,EAAE,CAAC;gBACjB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACtE,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC,EAAE,EAA4B,CAAC,CAAA;QAChC,KAAI,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAS,iBAAiB,CAAC,EAAE,CAAC;YACpE,IAAG,KAAK,GAAG,CAAC,EAAE,CAAC;gBACb,SAAS,CAAC,IAAI,CAAC;oBACb,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,uCAAuC,GAAG,IAAI,KAAK,QAAQ;iBACrE,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY;IACrD,MAAM,eAAe,GAAsB,EAAE,CAAA;IAC7C,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,SAAS,EAAE,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAAA;IAC5E,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;IACzF,IAAG,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC/D,eAAe,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,GAAG,IAAI,SAAS,EAAE,OAAO,EAAE,sDAAsD,EAAC,CAAC,CAAA;IACjH,CAAC;IAED,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAA;IAClF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC,CAAA;IACtF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,CAAA;IAExF,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,IAAI,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAA;IACxG,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAA;IAE9G,eAAe,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,IAAI,WAAW,CAAC,CAAC,CAAA;IACjF,eAAe,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,IAAI,cAAc,CAAC,CAAC,CAAA;IAEvF,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAA;IACjH,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,YAAY,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAA;IACvH,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC,CAAA;IACpF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,YAAY,EAAE,GAAG,IAAI,eAAe,CAAC,CAAC,CAAA;IAE1F,yEAAyE;IACzE,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC,CAAA;IACpF,OAAO,eAAe,CAAA;AAExB,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY;IACrD,MAAM,eAAe,GAAsB,EAAE,CAAA;IAE7C,IAAG,SAAS,KAAK,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAG,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjC,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,SAAS,EAAE,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAAA;QAC5E,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;QAClG,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC1G,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC9G,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,aAAa,EAAE,GAAG,IAAI,gBAAgB,EAAE,QAAQ,CAAC,CAAC,CAAA;IACxH,CAAC;IAED,OAAO,eAAe,CAAA;AAExB,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAa,EAAE,IAAY;IACnD,IAAG,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChC,OAAO,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAC/C,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,MAAM,cAAc,GAAsB,EAAE,CAAA;QAC5C,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,cAAc,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QAC9E,CAAC;QACD,OAAO,cAAc,CAAA;IACvB,CAAC;IACD,OAAO;QACL;YACE,IAAI;YACJ,OAAO,EAAE,sCAAsC;SAChD;KACF,CAAA;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,cAAmB,EAAE,IAAY;IAC/D,IAAG,cAAc,KAAK,GAAG,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvC,IAAG,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;QAC5C,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,yDAAyD;aACnE;SACF,CAAA;IACH,CAAC;IAED,OAAO,EAAE,CAAA;AAEX,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY;IACrD,MAAM,eAAe,GAAsB,EAAE,CAAA;IAC7C,IAAG,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACjD,OAAO,EAAE,CAAA;IACX,CAAC;IACD,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC5E,IAAG,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,eAAe,CAAA;IACxB,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,eAAe,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,6CAA6C;YACtD,IAAI;SACL,CAAC,CAAA;QACF,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACjD,KAAI,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QACzC,sBAAsB;QACtB,IAAG,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,eAAe,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;gBAC3B,OAAO,EAAE,+BAA+B;aACzC,CAAC,CAAA;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACzC,IAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,eAAe,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;gBAC3B,OAAO,EAAE,+BAA+B;aACzC,CAAC,CAAA;QACJ,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAA;YAClD,IAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,IAAI,CAAC;oBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;oBAC3B,OAAO,EAAE,mEAAmE;iBAC7E,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;QACvG,IAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACtC,eAAe,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,sDAAsD;gBAC/D,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;aAC5B,CAAC,CAAA;QACJ,CAAC;QAED,IAAG,OAAO,SAAS,CAAC,QAAQ,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAClF,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAA;YACtD,KAAI,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;gBAC/B,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,IAAI,QAAQ,IAAI,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;YAC9H,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC;AAED,SAAS,YAAY,CAAC,MAAW,EAAE,WAAwB,EAAE,IAAY;IACvE,MAAM,SAAS,GAAsB,EAAE,CAAA;IACvC,IAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QACd,IAAI,GAAG,GAAG,IAAI,GAAG,CAAA;IACnB,CAAC;IAED,KAAI,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACrC,IAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,SAAS,CAAC,IAAI,CAAC;gBACb,OAAO,EAAE,eAAe,GAAG,EAAE;gBAC7B,IAAI,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE;aACtB,CAAC,CAAA;QACJ,CAAC;aAAM,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,SAAS,CAAC,IAAI,CAAC;gBACb,OAAO,EAAE,eAAe,GAAG,8BAA8B;gBACzD,IAAI,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE;aACtB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,iCAAiC,CAAC,KAAU,EAAE,IAAY,EAAE,YAA6C;IAChH,IAAG,KAAK,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAE,YAAY,CAAE,CAAA;IAC5E,MAAM,iBAAiB,GAAsB,EAAE,CAAA;IAC/C,IAAG,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,wBAAwB,CAAC,KAAK,EAAE,IAAI,EAAE,YAAY,CAAC,CAAA;IAC5D,CAAC;SAAM,CAAC;QACN,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,iBAAiB,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAA;QAC9F,CAAC;IACH,CAAC;IAED,OAAO,iBAAiB,CAAA;AAC1B,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAU,EAAE,IAAY,EAAE,gBAAiD;IAC3G,IAAG,KAAK,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,gBAAgB,CAAE,CAAA;IAC5F,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,MAAM,aAAa,GAAG,OAAO,KAAK,CAAA;IAClC,IAAG,CAAC,gBAAgB,CAAC,QAAQ,CAAC,aAA+B,CAAC,EAAE,CAAC;QAC/D,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,mBAAmB,aAAa,wBAAwB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC9F,IAAI;SACL,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAU,EAAE,IAAY,EAAE,QAAgB,EAAE,SAAiB;IACtF,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC/B,IAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACvD,OAAO;YACL;gBACE,OAAO,EAAE,eAAe,QAAQ,OAAO,SAAS,yBAAyB;gBACzE,IAAI;aACL;SACF,CAAA;IACH,CAAC;IAED,OAAO,EAAE,CAAA;AACX,CAAC"}
|
|
1
|
+
{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../src/validate/validate.ts"],"names":[],"mappings":"AAMA,MAAM,YAAY,GAAG,iBAAiB,CAAA;AACtC,MAAM,WAAW,GAAG,mBAAmB,CAAA;AAEvC,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAE,SAAS,EAAE,WAAW,EAAE,IAAI,CAAE,CAAC,CAAA;AACnE,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,aAAa,EAAE,WAAW,EAAE,cAAc,EAAE,WAAW,CAAC,CAAC,CAAA;AACpJ,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAE,KAAK,EAAE,SAAS,EAAE,WAAW,EAAE,eAAe,CAAC,CAAC,CAAA;AACvF,MAAM,6BAA6B,GAAG,iBAAiB,CAAA;AACvD,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC,CAAA;AAapE,MAAM,UAAU,oBAAoB,CAAC,cAAmB,EAAE,sBAA2C,EAAE;IACrG,MAAM,SAAS,GAAsB,EAAE,CAAA;IACvC,IAAG,OAAO,cAAc,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,CAAC,EAAC,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,2CAA2C,OAAO,cAAc,EAAE,EAAC,CAAC,CAAA;IAClG,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QACzC,OAAO,CAAC,EAAC,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,6CAA6C,EAAC,CAAC,CAAA;IAC7E,CAAC;IAED,SAAS,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,cAAc,EAAE,iBAAiB,EAAE,EAAE,CAAC,CAAC,CAAA;IACtE,SAAS,CAAC,IAAI,CAAC,GAAG,qBAAqB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAA;IAEhE,SAAS,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC9E,IAAG,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;QAC7B,SAAS,CAAC,IAAI,CAAC;YACb,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAA;IACJ,CAAC;IACD,SAAS,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,cAAc,CAAC,SAAS,EAAE,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAA;IACvG,IAAG,OAAO,cAAc,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5F,SAAS,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,SAAS,EAAE,WAAW,EAAE,mBAAmB,CAAC,CAAC,CAAA;IAClG,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,CAAC;QACnD,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxD,SAAS,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,GAAG,EAAE,mBAAmB,CAAC,CAAC,CAAA;QAC3G,CAAC;QACD,MAAM,iBAAiB,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,GAA2B,EAAE,SAAc,EAAE,EAAE;YACxG,IAAG,SAAS,CAAC,GAAG,EAAE,CAAC;gBACjB,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;YACtE,CAAC;YACD,OAAO,GAAG,CAAA;QACZ,CAAC,EAAE,EAA4B,CAAC,CAAA;QAChC,KAAI,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAS,iBAAiB,CAAC,EAAE,CAAC;YACpE,IAAG,KAAK,GAAG,CAAC,EAAE,CAAC;gBACb,SAAS,CAAC,IAAI,CAAC;oBACb,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,uCAAuC,GAAG,IAAI,KAAK,QAAQ;iBACrE,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAY;IACzC,IAAG,OAAO,KAAK,SAAS,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;QAC7C,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAG,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC/B,OAAO;YACL;gBACE,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,qCAAqC;aAC/C;SACF,CAAA;IACH,CAAC;IAED,IAAG,OAAO,KAAK,YAAY,IAAI,OAAO,KAAK,YAAY,EAAE,CAAC;QACxD,OAAO,EAAE,CAAA;IACX,CAAC;IAED,OAAO;QACL;YACE,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,qDAAqD;SAC/D;KACF,CAAA;AAGH,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY,EAAE,mBAAwC;IAC/F,MAAM,eAAe,GAAsB,EAAE,CAAA;IAC7C,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,SAAS,EAAE,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAAA;IAC5E,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;IACzF,IAAG,SAAS,CAAC,MAAM,KAAK,OAAO,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC/D,eAAe,CAAC,IAAI,CAAC,EAAC,IAAI,EAAE,GAAG,IAAI,SAAS,EAAE,OAAO,EAAE,sDAAsD,EAAC,CAAC,CAAA;IACjH,CAAC;IACD,eAAe,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;IAEvF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC,CAAA;IAClF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC,CAAA;IACtF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,CAAA;IAExF,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,IAAI,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAA;IACxG,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAA;IAE9G,eAAe,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,SAAS,CAAC,MAAM,EAAE,GAAG,IAAI,SAAS,CAAC,CAAC,CAAA;IACpF,eAAe,CAAC,IAAI,CAAC,GAAG,uBAAuB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC,CAAA;IAE1F,eAAe,CAAC,IAAI,CAAC,GAAG,mCAAmC,CAAC,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,mBAAmB,CAAC,cAAc,CAAC,CAAC,CAAA;IAC3H,eAAe,CAAC,IAAI,CAAC,GAAG,mCAAmC,CAAC,SAAS,EAAE,WAAW,EAAE,IAAI,EAAE,mBAAmB,CAAC,iBAAiB,CAAC,CAAC,CAAA;IAEjI,eAAe,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,IAAI,WAAW,CAAC,CAAC,CAAA;IACjF,eAAe,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,SAAS,CAAC,WAAW,EAAE,GAAG,IAAI,cAAc,CAAC,CAAC,CAAA;IAEvF,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAA;IACjH,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,YAAY,EAAE,GAAG,IAAI,eAAe,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAA;IACvH,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC,CAAA;IACpF,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,YAAY,EAAE,GAAG,IAAI,eAAe,CAAC,CAAC,CAAA;IAE1F,yEAAyE;IACzE,eAAe,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,CAAC,CAAC,CAAA;IACpF,OAAO,eAAe,CAAA;AAExB,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY;IACrD,MAAM,eAAe,GAAsB,EAAE,CAAA;IAE7C,IAAG,SAAS,KAAK,SAAS,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAG,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjC,eAAe,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,SAAS,EAAE,oBAAoB,EAAE,IAAI,CAAC,CAAC,CAAA;QAC5E,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,GAAG,EAAE,GAAG,IAAI,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAA;QAClG,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC1G,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,SAAS,EAAE,GAAG,IAAI,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAA;QAC9G,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,aAAa,EAAE,GAAG,IAAI,gBAAgB,EAAE,QAAQ,CAAC,CAAC,CAAA;IACxH,CAAC;IAED,OAAO,eAAe,CAAA;AAExB,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAa,EAAE,IAAY;IACnD,IAAG,QAAQ,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAA;IACX,CAAC;IACD,IAAG,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChC,OAAO,sBAAsB,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;IAC/C,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACnC,MAAM,cAAc,GAAsB,EAAE,CAAA;QAC5C,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACxC,cAAc,CAAC,IAAI,CAAC,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QAC9E,CAAC;QACD,OAAO,cAAc,CAAA;IACvB,CAAC;IACD,OAAO;QACL;YACE,IAAI;YACJ,OAAO,EAAE,sCAAsC;SAChD;KACF,CAAA;AACH,CAAC;AAED,SAAS,sBAAsB,CAAC,cAAmB,EAAE,IAAY;IAC/D,IAAG,cAAc,KAAK,GAAG,EAAE,CAAC;QAC1B,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,KAAK,GAAG,cAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACvC,IAAG,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;QAC5C,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,yDAAyD;aACnE;SACF,CAAA;IACH,CAAC;IAED,OAAO,EAAE,CAAA;AAEX,CAAC;AAED,SAAS,uBAAuB,CAAC,MAAW,EAAE,IAAY;IACxD,IAAG,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QAC3C,OAAO,EAAE,CAAA;IACX,CAAC;IACD,kCAAkC;IAClC,IAAG,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,oBAAoB,CAAC,MAAM,EAAE,IAAI,CAAC,CAAA;IAC3C,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,MAAM,YAAY,GAAsB,EAAE,CAAA;QAC1C,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;YACvB,IAAG,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC7B,YAAY,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;YACxE,CAAC;QAEH,CAAC;QACD,OAAO,YAAY,CAAA;IACrB,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAc,EAAE,IAAY;IACxD,IAAG,MAAM,KAAK,GAAG,EAAE,CAAC;QAClB,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAG,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO;YACL;gBACE,IAAI;gBACJ,OAAO,EAAE,kDAAkD;aAC5D;SACF,CAAA;IACH,CAAC;IAED,MAAM,CAAE,OAAO,EAAE,MAAM,CAAE,GAAG,KAAK,CAAA;IACjC,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,IAAG,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI;YACJ,OAAO,EAAE,wDAAwD;SAClE,CAAC,CAAA;IACJ,CAAC;IACD,IAAG,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC;YACV,IAAI;YACJ,OAAO,EAAE,yEAAyE;SACnF,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAc,EAAE,IAAY;IACrD,MAAM,eAAe,GAAsB,EAAE,CAAA;IAC7C,IAAG,SAAS,KAAK,SAAS,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;QACjD,OAAO,EAAE,CAAA;IACX,CAAC;IACD,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAA;IAC5E,IAAG,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,eAAe,CAAA;IACxB,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,eAAe,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,6CAA6C;YACtD,IAAI;SACL,CAAC,CAAA;QACF,OAAO,eAAe,CAAA;IACxB,CAAC;IAED,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACjD,KAAI,MAAM,QAAQ,IAAI,kBAAkB,EAAE,CAAC;QACzC,sBAAsB;QACtB,IAAG,CAAC,6BAA6B,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjD,eAAe,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;gBAC3B,OAAO,EAAE,+BAA+B;aACzC,CAAC,CAAA;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACzC,IAAG,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,eAAe,CAAC,IAAI,CAAC;gBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;gBAC3B,OAAO,EAAE,+BAA+B;aACzC,CAAC,CAAA;QACJ,CAAC;aAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtC,MAAM,WAAW,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAA;YAClD,IAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,IAAI,CAAC;oBACnB,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;oBAC3B,OAAO,EAAE,mEAAmE;iBAC7E,CAAC,CAAA;YACJ,CAAC;QACH,CAAC;QAED,eAAe,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;QACvG,IAAG,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YACtC,eAAe,CAAC,IAAI,CAAC;gBACnB,OAAO,EAAE,sDAAsD;gBAC/D,IAAI,EAAE,GAAG,IAAI,IAAI,QAAQ,EAAE;aAC5B,CAAC,CAAA;QACJ,CAAC;QAED,IAAG,OAAO,SAAS,CAAC,QAAQ,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC;YAClF,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAA;YACtD,KAAI,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;gBAC/B,eAAe,CAAC,IAAI,CAAC,GAAG,iCAAiC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,IAAI,QAAQ,IAAI,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;YAC9H,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,eAAe,CAAA;AACxB,CAAC;AAED,SAAS,YAAY,CAAC,MAAW,EAAE,WAAwB,EAAE,IAAY;IACvE,MAAM,SAAS,GAAsB,EAAE,CAAA;IACvC,IAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QACd,IAAI,GAAG,GAAG,IAAI,GAAG,CAAA;IACnB,CAAC;IAED,KAAI,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QACrC,IAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACzB,SAAS,CAAC,IAAI,CAAC;gBACb,OAAO,EAAE,eAAe,GAAG,EAAE;gBAC7B,IAAI,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE;aACtB,CAAC,CAAA;QACJ,CAAC;aAAM,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,SAAS,IAAI,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;YAC7D,SAAS,CAAC,IAAI,CAAC;gBACb,OAAO,EAAE,eAAe,GAAG,8BAA8B;gBACzD,IAAI,EAAE,GAAG,IAAI,GAAG,GAAG,EAAE;aACtB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC;AAED,SAAS,iCAAiC,CAAC,KAAU,EAAE,IAAY,EAAE,YAA6C;IAChH,IAAG,KAAK,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAE,YAAY,CAAE,CAAA;IAC5E,MAAM,iBAAiB,GAAsB,EAAE,CAAA;IAC/C,IAAG,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,wBAAwB,CAAC,KAAK,EAAE,IAAI,EAAE,YAAY,CAAC,CAAA;IAC5D,CAAC;SAAM,CAAC;QACN,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,iBAAiB,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAA;QAC9F,CAAC;IACH,CAAC;IAED,OAAO,iBAAiB,CAAA;AAC1B,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAU,EAAE,IAAY,EAAE,gBAAiD;IAC3G,IAAG,KAAK,KAAK,SAAS,EAAE,CAAC;QACvB,OAAO,EAAE,CAAA;IACX,CAAC;IAED,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAE,gBAAgB,CAAE,CAAA;IAC5F,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,MAAM,aAAa,GAAG,OAAO,KAAK,CAAA;IAClC,IAAG,CAAC,gBAAgB,CAAC,QAAQ,CAAC,aAA+B,CAAC,EAAE,CAAC;QAC/D,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,mBAAmB,aAAa,wBAAwB,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YAC9F,IAAI;SACL,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAU,EAAE,IAAY,EAAE,QAAgB,EAAE,SAAiB;IACtF,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAC/B,IAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACvD,OAAO;YACL;gBACE,OAAO,EAAE,eAAe,QAAQ,OAAO,SAAS,yBAAyB;gBACzE,IAAI;aACL;SACF,CAAA;IACH,CAAC;IAED,OAAO,EAAE,CAAA;AACX,CAAC;AAED,SAAS,mCAAmC,CAAC,SAAc,EAAE,SAAiB,EAAE,IAAY,EAAE,QAA6D;IACzJ,IAAG,SAAS,KAAK,SAAS,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACjE,OAAO,EAAE,CAAA;IACX,CAAC;IACD,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,CAAC,CAAA;IAClC,IAAI,GAAG,GAAG,IAAI,IAAI,SAAS,EAAE,CAAA;IAC7B,IAAG,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAA;IAC9B,CAAC;SAAM,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,MAAM,MAAM,GAAsB,EAAE,CAAA;QACpC,KAAI,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACrC,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;QACrD,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IACD,+DAA+D;IAC/D,OAAO,EAAE,CAAA;AACX,CAAC"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
import { ValidationError } from "./validate.js";
|
|
2
|
+
/**
|
|
3
|
+
* Validates an Identity Policy attached to an IAM role or user, or managed policy
|
|
4
|
+
*
|
|
5
|
+
* @param policy the policy to validate
|
|
6
|
+
* @returns an array of validation errors
|
|
7
|
+
*/
|
|
8
|
+
export declare function validateIdentityPolicy(policy: any): ValidationError[];
|
|
9
|
+
/**
|
|
10
|
+
* Validates a Service Control Policy (SCP)
|
|
11
|
+
*
|
|
12
|
+
* @param policy the policy to validate
|
|
13
|
+
* @returns an array of validation errors
|
|
14
|
+
*/
|
|
15
|
+
export declare function validateServiceControlPolicy(policy: any): ValidationError[];
|
|
16
|
+
/**
|
|
17
|
+
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource
|
|
18
|
+
*
|
|
19
|
+
* @param policy the policy to validate
|
|
20
|
+
* @returns an array of validation errors
|
|
21
|
+
*/
|
|
22
|
+
export declare function validateResourcePolicy(policy: any): ValidationError[];
|
|
23
|
+
/**
|
|
24
|
+
* Validates a Resource Control Policy (RCP)
|
|
25
|
+
*
|
|
26
|
+
* @param policy the policy to validate
|
|
27
|
+
* @returns an array of validation errors
|
|
28
|
+
*/
|
|
29
|
+
export declare function validateResourceControlPolicy(policy: any): ValidationError[];
|
|
30
|
+
/**
|
|
31
|
+
* Validates a Trust Policy attached to a role
|
|
32
|
+
*
|
|
33
|
+
* @param policy the policy to validate
|
|
34
|
+
* @returns an array of validation errors
|
|
35
|
+
*/
|
|
36
|
+
export declare function validateTrustPolicy(policy: any): ValidationError[];
|
|
37
|
+
/**
|
|
38
|
+
* Validates an VPC Endpoint Policy
|
|
39
|
+
*
|
|
40
|
+
* @param policy the policy to validate
|
|
41
|
+
* @returns an array of validation errors
|
|
42
|
+
*/
|
|
43
|
+
export declare function validateEndpointPolicy(policy: any): ValidationError[];
|
|
44
|
+
/**
|
|
45
|
+
* Validates a session policy
|
|
46
|
+
*
|
|
47
|
+
* @param policy the policy to validate
|
|
48
|
+
* @returns an array of validation errors
|
|
49
|
+
*/
|
|
50
|
+
export declare function validateSessionPolicy(policy: any): ValidationError[];
|
|
51
|
+
//# sourceMappingURL=validateTypes.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validateTypes.d.ts","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,eAAe,EAAE,MAAM,eAAe,CAAC;AAEtE;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAWrE;AAED;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAmD3E;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAWrE;AAED;;;;;GAKG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAsC5E;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAWlE;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAWrE;AAED;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,GAAG,GAAG,eAAe,EAAE,CAWpE"}
|
|
@@ -0,0 +1,228 @@
|
|
|
1
|
+
import { validatePolicySyntax } from "./validate.js";
|
|
2
|
+
/**
|
|
3
|
+
* Validates an Identity Policy attached to an IAM role or user, or managed policy
|
|
4
|
+
*
|
|
5
|
+
* @param policy the policy to validate
|
|
6
|
+
* @returns an array of validation errors
|
|
7
|
+
*/
|
|
8
|
+
export function validateIdentityPolicy(policy) {
|
|
9
|
+
return validatePolicySyntax(policy, {
|
|
10
|
+
validateStatement: (statement, path) => {
|
|
11
|
+
const policyType = 'an identity policy';
|
|
12
|
+
const errors = [];
|
|
13
|
+
errors.push(...validateProhibitedFields(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
14
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
15
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
16
|
+
return errors;
|
|
17
|
+
}
|
|
18
|
+
});
|
|
19
|
+
}
|
|
20
|
+
/**
|
|
21
|
+
* Validates a Service Control Policy (SCP)
|
|
22
|
+
*
|
|
23
|
+
* @param policy the policy to validate
|
|
24
|
+
* @returns an array of validation errors
|
|
25
|
+
*/
|
|
26
|
+
export function validateServiceControlPolicy(policy) {
|
|
27
|
+
const policyType = 'a service control policy';
|
|
28
|
+
const validateAction = (action, path, type) => {
|
|
29
|
+
const firstWildcard = Math.max(action.indexOf('*'), action.indexOf('?'));
|
|
30
|
+
if (firstWildcard === -1) {
|
|
31
|
+
return [];
|
|
32
|
+
}
|
|
33
|
+
if (firstWildcard == action.length - 1) {
|
|
34
|
+
return [];
|
|
35
|
+
}
|
|
36
|
+
return [{
|
|
37
|
+
path,
|
|
38
|
+
message: `Wildcard characters are only allowed at the end of ${type} in ${policyType}`
|
|
39
|
+
}];
|
|
40
|
+
};
|
|
41
|
+
return validatePolicySyntax(policy, {
|
|
42
|
+
validateStatement: (statement, path) => {
|
|
43
|
+
const errors = [];
|
|
44
|
+
errors.push(...validateProhibitedFields(statement, ['Principal', 'NotPrincipal', 'NotResource'], path, policyType));
|
|
45
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource'], path, policyType));
|
|
46
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
47
|
+
if (statement.Effect === "Allow") {
|
|
48
|
+
if (statement.Resource !== "*") {
|
|
49
|
+
errors.push({
|
|
50
|
+
path,
|
|
51
|
+
message: `Resource must be "*" when Effect is "Allow" in ${policyType}`
|
|
52
|
+
});
|
|
53
|
+
}
|
|
54
|
+
if (statement.NotAction) {
|
|
55
|
+
errors.push({
|
|
56
|
+
path,
|
|
57
|
+
message: `NotAction is not allowed when Effect is "Allow" in ${policyType}`
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
if (statement.Condition) {
|
|
61
|
+
errors.push({
|
|
62
|
+
path,
|
|
63
|
+
message: `Condition is not allowed when Effect is "Allow" in ${policyType}`
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
return errors;
|
|
68
|
+
},
|
|
69
|
+
validateAction: (action, path) => validateAction(action, path, 'Action'),
|
|
70
|
+
validateNotAction: (action, path) => validateAction(action, path, 'NotAction')
|
|
71
|
+
});
|
|
72
|
+
}
|
|
73
|
+
/**
|
|
74
|
+
* Validates a Resource Policy attached to an S3 bucket, SQS queue, or other resource
|
|
75
|
+
*
|
|
76
|
+
* @param policy the policy to validate
|
|
77
|
+
* @returns an array of validation errors
|
|
78
|
+
*/
|
|
79
|
+
export function validateResourcePolicy(policy) {
|
|
80
|
+
return validatePolicySyntax(policy, {
|
|
81
|
+
validateStatement: (statement, path) => {
|
|
82
|
+
const policyType = 'a resource policy';
|
|
83
|
+
const errors = [];
|
|
84
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
85
|
+
errors.push(...validateAtLeastOneOf(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
86
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
87
|
+
return errors;
|
|
88
|
+
}
|
|
89
|
+
});
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* Validates a Resource Control Policy (RCP)
|
|
93
|
+
*
|
|
94
|
+
* @param policy the policy to validate
|
|
95
|
+
* @returns an array of validation errors
|
|
96
|
+
*/
|
|
97
|
+
export function validateResourceControlPolicy(policy) {
|
|
98
|
+
const policyType = 'a resource control policy';
|
|
99
|
+
return validatePolicySyntax(policy, {
|
|
100
|
+
validateStatement: (statement, path) => {
|
|
101
|
+
const errors = [];
|
|
102
|
+
if (statement.Effect !== "Deny") {
|
|
103
|
+
errors.push({
|
|
104
|
+
path: `${path}.Effect`,
|
|
105
|
+
message: `Effect must be "Deny" in ${policyType}`
|
|
106
|
+
});
|
|
107
|
+
}
|
|
108
|
+
if (statement.Principal !== "*") {
|
|
109
|
+
errors.push({
|
|
110
|
+
path: `${path}.Principal`,
|
|
111
|
+
message: `Principal must be "*" in ${policyType}`
|
|
112
|
+
});
|
|
113
|
+
}
|
|
114
|
+
errors.push(...validateProhibitedFields(statement, ['NotPrincipal', 'NotAction'], path, policyType));
|
|
115
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action'], path, policyType));
|
|
116
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
117
|
+
return errors;
|
|
118
|
+
},
|
|
119
|
+
validateAction: (action, path) => {
|
|
120
|
+
if (action === "*") {
|
|
121
|
+
return [{
|
|
122
|
+
path,
|
|
123
|
+
message: `Action cannot be "*" in ${policyType}`
|
|
124
|
+
}];
|
|
125
|
+
}
|
|
126
|
+
return [];
|
|
127
|
+
}
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
/**
|
|
131
|
+
* Validates a Trust Policy attached to a role
|
|
132
|
+
*
|
|
133
|
+
* @param policy the policy to validate
|
|
134
|
+
* @returns an array of validation errors
|
|
135
|
+
*/
|
|
136
|
+
export function validateTrustPolicy(policy) {
|
|
137
|
+
return validatePolicySyntax(policy, {
|
|
138
|
+
validateStatement: (statement, path) => {
|
|
139
|
+
const policyType = 'a trust policy';
|
|
140
|
+
const errors = [];
|
|
141
|
+
errors.push(...validateProhibitedFields(statement, ['Resource', 'NotResource'], path, policyType));
|
|
142
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
143
|
+
errors.push(...validateAtLeastOneOf(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
144
|
+
return errors;
|
|
145
|
+
}
|
|
146
|
+
});
|
|
147
|
+
}
|
|
148
|
+
/**
|
|
149
|
+
* Validates an VPC Endpoint Policy
|
|
150
|
+
*
|
|
151
|
+
* @param policy the policy to validate
|
|
152
|
+
* @returns an array of validation errors
|
|
153
|
+
*/
|
|
154
|
+
export function validateEndpointPolicy(policy) {
|
|
155
|
+
return validatePolicySyntax(policy, {
|
|
156
|
+
validateStatement: (statement, path) => {
|
|
157
|
+
const policyType = 'an endpoint policy';
|
|
158
|
+
const errors = [];
|
|
159
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
160
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
161
|
+
errors.push(...validateAtLeastOneOf(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
162
|
+
return errors;
|
|
163
|
+
}
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
/**
|
|
167
|
+
* Validates a session policy
|
|
168
|
+
*
|
|
169
|
+
* @param policy the policy to validate
|
|
170
|
+
* @returns an array of validation errors
|
|
171
|
+
*/
|
|
172
|
+
export function validateSessionPolicy(policy) {
|
|
173
|
+
return validatePolicySyntax(policy, {
|
|
174
|
+
validateStatement: (statement, path) => {
|
|
175
|
+
const policyType = 'a session policy';
|
|
176
|
+
const errors = [];
|
|
177
|
+
errors.push(...validateProhibitedFields(statement, ['Principal', 'NotPrincipal'], path, policyType));
|
|
178
|
+
errors.push(...validateAtLeastOneOf(statement, ['Action', 'NotAction'], path, policyType));
|
|
179
|
+
errors.push(...validateAtLeastOneOf(statement, ['Resource', 'NotResource'], path, policyType));
|
|
180
|
+
return errors;
|
|
181
|
+
}
|
|
182
|
+
});
|
|
183
|
+
}
|
|
184
|
+
/**
|
|
185
|
+
* Validates that at least one of the specified fields is present in a statement
|
|
186
|
+
*
|
|
187
|
+
* @param statement the statement to validate
|
|
188
|
+
* @param requiredFields the list of fields, that at least one must be present
|
|
189
|
+
* @param path the path to the statement in the policy
|
|
190
|
+
* @param policyType the type of policy being validated
|
|
191
|
+
* @returns an array of validation errors
|
|
192
|
+
*/
|
|
193
|
+
function validateAtLeastOneOf(statement, requiredFields, path, policyType) {
|
|
194
|
+
const presentFields = requiredFields.filter(field => statement[field]);
|
|
195
|
+
let message = `One of ${requiredFields.join(' or ')} is required in ${policyType}`;
|
|
196
|
+
if (requiredFields.length === 1) {
|
|
197
|
+
message = `${requiredFields[0]} is required in ${policyType}`;
|
|
198
|
+
}
|
|
199
|
+
if (presentFields.length === 0) {
|
|
200
|
+
return [{
|
|
201
|
+
path,
|
|
202
|
+
message
|
|
203
|
+
}];
|
|
204
|
+
}
|
|
205
|
+
return [];
|
|
206
|
+
}
|
|
207
|
+
/**
|
|
208
|
+
* Validates prohibited fields do not exist in a statement
|
|
209
|
+
*
|
|
210
|
+
* @param statement the statement to validate
|
|
211
|
+
* @param prohibitedFields the list of fields that are not allowed
|
|
212
|
+
* @param path the path to the statement in the policy
|
|
213
|
+
* @param policyType the type of policy being validated
|
|
214
|
+
* @returns an array of validation errors
|
|
215
|
+
*/
|
|
216
|
+
function validateProhibitedFields(statement, prohibitedFields, path, policyType) {
|
|
217
|
+
const errors = [];
|
|
218
|
+
for (const field of prohibitedFields) {
|
|
219
|
+
if (statement[field]) {
|
|
220
|
+
errors.push({
|
|
221
|
+
path: `${path}.${field}`,
|
|
222
|
+
message: `${field} is not allowed in ${policyType}`
|
|
223
|
+
});
|
|
224
|
+
}
|
|
225
|
+
}
|
|
226
|
+
return errors;
|
|
227
|
+
}
|
|
228
|
+
//# sourceMappingURL=validateTypes.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"validateTypes.js","sourceRoot":"","sources":["../../../src/validate/validateTypes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAmB,MAAM,eAAe,CAAC;AAEtE;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,oBAAoB,CAAA;YACvC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YACpG,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,4BAA4B,CAAC,MAAW;IACtD,MAAM,UAAU,GAAG,0BAA0B,CAAA;IAE7C,MAAM,cAAc,GAAG,CAAC,MAAc,EAAE,IAAY,EAAE,IAAY,EAAqB,EAAE;QACvF,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAA;QACxE,IAAG,aAAa,KAAK,CAAC,CAAC,EAAE,CAAC;YACxB,OAAO,EAAE,CAAA;QACX,CAAC;QACD,IAAG,aAAa,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,OAAO,EAAE,CAAA;QACX,CAAC;QACD,OAAO,CAAC;gBACN,IAAI;gBACJ,OAAO,EAAE,sDAAsD,IAAI,OAAO,UAAU,EAAE;aACvF,CAAC,CAAA;IACJ,CAAC,CAAA;IAED,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YACnH,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC/E,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAE1F,IAAG,SAAS,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBAChC,IAAG,SAAS,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;oBAC9B,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI;wBACJ,OAAO,EAAE,kDAAkD,UAAU,EAAE;qBACxE,CAAC,CAAA;gBACJ,CAAC;gBACD,IAAG,SAAS,CAAC,SAAS,EAAE,CAAC;oBACvB,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI;wBACJ,OAAO,EAAE,sDAAsD,UAAU,EAAE;qBAC5E,CAAC,CAAA;gBACJ,CAAC;gBACD,IAAG,SAAS,CAAC,SAAS,EAAE,CAAC;oBACvB,MAAM,CAAC,IAAI,CAAC;wBACV,IAAI;wBACJ,OAAO,EAAE,sDAAsD,UAAU,EAAE;qBAC5E,CAAC,CAAA;gBACJ,CAAC;YAGH,CAAC;YACD,OAAO,MAAM,CAAA;QACf,CAAC;QACD,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC;QACxE,iBAAiB,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,CAAC;KAC/E,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,mBAAmB,CAAA;YACtC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAChG,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,6BAA6B,CAAC,MAAW;IACvD,MAAM,UAAU,GAAG,2BAA2B,CAAA;IAE9C,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YAErC,MAAM,MAAM,GAAsB,EAAE,CAAA;YAEpC,IAAG,SAAS,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;gBAC/B,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,GAAG,IAAI,SAAS;oBACtB,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,IAAG,SAAS,CAAC,SAAS,KAAK,GAAG,EAAE,CAAC;gBAC/B,MAAM,CAAC,IAAI,CAAC;oBACV,IAAI,EAAE,GAAG,IAAI,YAAY;oBACzB,OAAO,EAAE,4BAA4B,UAAU,EAAE;iBAClD,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YACpG,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC7E,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;QAED,cAAc,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE;YAC/B,IAAG,MAAM,KAAK,GAAG,EAAE,CAAC;gBAClB,OAAO,CAAC;wBACN,IAAI;wBACJ,OAAO,EAAE,2BAA2B,UAAU,EAAE;qBACjD,CAAC,CAAA;YACJ,CAAC;YACD,OAAO,EAAE,CAAA;QACX,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAW;IAC7C,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,gBAAgB,CAAA;YACnC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAClG,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAChG,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAW;IAChD,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,oBAAoB,CAAA;YACvC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAChG,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAW;IAC/C,OAAO,oBAAoB,CAAC,MAAM,EAAE;QAClC,iBAAiB,EAAE,CAAC,SAAS,EAAE,IAAI,EAAE,EAAE;YACrC,MAAM,UAAU,GAAG,kBAAkB,CAAA;YACrC,MAAM,MAAM,GAAsB,EAAE,CAAA;YACpC,MAAM,CAAC,IAAI,CAAC,GAAG,wBAAwB,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,cAAc,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YACpG,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC1F,MAAM,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,SAAS,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAA;YAC9F,OAAO,MAAM,CAAA;QACf,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,oBAAoB,CAAC,SAAc,EAAE,cAAwB,EAAE,IAAY,EAAE,UAAkB;IACtG,MAAM,aAAa,GAAG,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAA;IACtE,IAAI,OAAO,GAAG,UAAU,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAClF,IAAG,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,GAAG,GAAG,cAAc,CAAC,CAAC,CAAC,mBAAmB,UAAU,EAAE,CAAA;IAC/D,CAAC;IAED,IAAG,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC;gBACN,IAAI;gBACJ,OAAO;aACR,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;;;;;;;GAQG;AACH,SAAS,wBAAwB,CAAC,SAAc,EAAE,gBAA0B,EAAE,IAAY,EAAE,UAAkB;IAC5G,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,KAAI,MAAM,KAAK,IAAI,gBAAgB,EAAE,CAAC;QACpC,IAAG,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACpB,MAAM,CAAC,IAAI,CAAC;gBACV,IAAI,EAAE,GAAG,IAAI,IAAI,KAAK,EAAE;gBACxB,OAAO,EAAE,GAAG,KAAK,sBAAsB,UAAU,EAAE;aACpD,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC"}
|