@danielsimonjr/memory-mcp 9.8.0 → 9.8.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/EntityManager.d.ts.map +1 -1
- package/dist/core/EntityManager.js +5 -5
- package/dist/core/GraphStorage.d.ts.map +1 -1
- package/dist/core/GraphStorage.js +3 -2
- package/dist/core/ManagerContext.d.ts.map +1 -1
- package/dist/core/ManagerContext.js +6 -2
- package/dist/core/SQLiteStorage.d.ts.map +1 -1
- package/dist/core/SQLiteStorage.js +3 -2
- package/dist/core/TransactionManager.d.ts.map +1 -1
- package/dist/core/TransactionManager.js +5 -3
- package/dist/features/IOManager.d.ts.map +1 -1
- package/dist/features/IOManager.js +58 -7
- package/dist/features/StreamingExporter.d.ts +6 -1
- package/dist/features/StreamingExporter.d.ts.map +1 -1
- package/dist/features/StreamingExporter.js +11 -3
- package/dist/search/SavedSearchManager.d.ts.map +1 -1
- package/dist/search/SavedSearchManager.js +3 -2
- package/dist/server/toolHandlers.d.ts.map +1 -1
- package/dist/server/toolHandlers.js +4 -2
- package/dist/utils/entityUtils.d.ts +33 -0
- package/dist/utils/entityUtils.d.ts.map +1 -1
- package/dist/utils/entityUtils.js +77 -0
- package/dist/utils/index.d.ts +1 -1
- package/dist/utils/index.d.ts.map +1 -1
- package/dist/utils/index.js +3 -1
- package/dist/utils/logger.d.ts +7 -0
- package/dist/utils/logger.d.ts.map +1 -1
- package/dist/utils/logger.js +9 -2
- package/dist/utils/parallelUtils.d.ts +4 -0
- package/dist/utils/parallelUtils.d.ts.map +1 -1
- package/dist/utils/parallelUtils.js +22 -0
- package/dist/utils/schemas.d.ts +16 -16
- package/dist/utils/schemas.d.ts.map +1 -1
- package/dist/utils/schemas.js +12 -12
- package/dist/utils/taskScheduler.d.ts +4 -0
- package/dist/utils/taskScheduler.d.ts.map +1 -1
- package/dist/utils/taskScheduler.js +20 -0
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"EntityManager.d.ts","sourceRoot":"","sources":["../../src/core/EntityManager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,MAAM,mBAAmB,CAAC;AAC7E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"EntityManager.d.ts","sourceRoot":"","sources":["../../src/core/EntityManager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,2BAA2B,EAAE,MAAM,mBAAmB,CAAC;AAC7E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAyBtD;;GAEG;AACH,qBAAa,aAAa;IACZ,OAAO,CAAC,OAAO;gBAAP,OAAO,EAAE,YAAY;IAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2CG;IACG,cAAc,CAClB,QAAQ,EAAE,MAAM,EAAE,EAClB,OAAO,CAAC,EAAE,2BAA2B,GACpC,OAAO,CAAC,MAAM,EAAE,CAAC;IA+EpB;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACG,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAoB1D;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACG,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKrD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAoCG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;IAuB3E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACG,WAAW,CACf,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;KAAE,CAAC,GACzD,OAAO,CAAC,MAAM,EAAE,CAAC;IAuCpB;;;;;;;;;OASG;IACG,OAAO,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAsBvG;;;;;;;OAOG;IACG,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAoC5G;;;;;;;;OAQG;IACG,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAkBhH;;;;;;OAMG;IACG,yBAAyB,CAAC,WAAW,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,EAAE,CAAA;KAAE,EAAE,CAAC;IAiC9H;;;;;;OAMG;IACG,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAuBxG;;;;;;;;;;OAUG;IACG,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,gBAAgB,EAAE,MAAM,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CAmCvH"}
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
* @module core/EntityManager
|
|
8
8
|
*/
|
|
9
9
|
import { EntityNotFoundError, InvalidImportanceError, ValidationError } from '../utils/errors.js';
|
|
10
|
-
import { BatchCreateEntitiesSchema, UpdateEntitySchema, EntityNamesSchema, checkCancellation, createProgressReporter, createProgress, } from '../utils/index.js';
|
|
10
|
+
import { BatchCreateEntitiesSchema, UpdateEntitySchema, EntityNamesSchema, checkCancellation, createProgressReporter, createProgress, sanitizeObject, } from '../utils/index.js';
|
|
11
11
|
import { GRAPH_LIMITS } from '../utils/constants.js';
|
|
12
12
|
/**
|
|
13
13
|
* Minimum importance value (least important).
|
|
@@ -250,8 +250,8 @@ export class EntityManager {
|
|
|
250
250
|
if (!entity) {
|
|
251
251
|
throw new EntityNotFoundError(name);
|
|
252
252
|
}
|
|
253
|
-
// Apply updates
|
|
254
|
-
Object.assign(entity, updates);
|
|
253
|
+
// Apply updates (sanitized to prevent prototype pollution)
|
|
254
|
+
Object.assign(entity, sanitizeObject(updates));
|
|
255
255
|
entity.lastModified = new Date().toISOString();
|
|
256
256
|
await this.storage.saveGraph(graph);
|
|
257
257
|
return entity;
|
|
@@ -310,8 +310,8 @@ export class EntityManager {
|
|
|
310
310
|
throw new EntityNotFoundError(name);
|
|
311
311
|
}
|
|
312
312
|
const entity = graph.entities[idx];
|
|
313
|
-
// Apply updates
|
|
314
|
-
Object.assign(entity, updateData);
|
|
313
|
+
// Apply updates (sanitized to prevent prototype pollution)
|
|
314
|
+
Object.assign(entity, sanitizeObject(updateData));
|
|
315
315
|
entity.lastModified = timestamp;
|
|
316
316
|
updatedEntities.push(entity);
|
|
317
317
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"GraphStorage.d.ts","sourceRoot":"","sources":["../../src/core/GraphStorage.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,sBAAsB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"GraphStorage.d.ts","sourceRoot":"","sources":["../../src/core/GraphStorage.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,sBAAsB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAIhI,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAE3D;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,YAAa,YAAW,aAAa;IAqEpC,OAAO,CAAC,cAAc;IApElC;;;OAGG;IACH,OAAO,CAAC,KAAK,CAAe;IAE5B;;;OAGG;IACH,OAAO,CAAC,KAAK,CAA+B;IAE5C;;;OAGG;IACH,OAAO,CAAC,cAAc,CAAa;IAEnC;;;;;;;;OAQG;IACH,OAAO,KAAK,mBAAmB,GAE9B;IAED;;OAEG;IACH,OAAO,CAAC,SAAS,CAA8B;IAE/C;;OAEG;IACH,OAAO,CAAC,SAAS,CAA8B;IAE/C;;OAEG;IACH,OAAO,CAAC,cAAc,CAAwC;IAE9D;;OAEG;IACH,OAAO,CAAC,aAAa,CAAsC;IAE3D;;;OAGG;IACH,OAAO,CAAC,gBAAgB,CAA4C;IAEpE;;;OAGG;IACH,OAAO,CAAC,YAAY,CAA8C;IAElE;;;;OAIG;gBACiB,cAAc,EAAE,MAAM;IAI1C;;;;;;;;;;;;;;;;;;;OAmBG;IACH,IAAI,MAAM,IAAI,iBAAiB,CAE9B;IAID;;;;OAIG;YACW,gBAAgB;IAU9B;;;;;OAKG;YACW,iBAAiB;IAW/B;;;;;;;;;OASG;IACG,SAAS,IAAI,OAAO,CAAC,sBAAsB,CAAC;IAWlD;;;;;;;OAOG;IACG,mBAAmB,IAAI,OAAO,CAAC,cAAc,CAAC;IAYpD;;;;OAIG;IACG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAMnC;;OAEG;YACW,YAAY;IAgE1B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAY1B;;OAEG;IACH,OAAO,CAAC,kBAAkB;IAI1B;;OAEG;IACH,OAAO,CAAC,YAAY;IAQpB;;;;;;;;;;;OAWG;IACG,SAAS,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IAMrD;;;;;;;;;OASG;IACG,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAyDjD;;;;;;;;;OASG;IACG,cAAc,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IA+CvD;;;;;;;;OAQG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAM9B;;;;OAIG;YACW,eAAe;IAU7B;;;;;OAKG;YACW,iBAAiB;IAkD/B;;;;;;OAMG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;;;;;;;;;OAUG;IACG,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAwFlF;;;;;;OAMG;IACH,UAAU,IAAI,IAAI;IAKlB;;;;OAIG;IACH,WAAW,IAAI,MAAM;IAMrB;;;;;;;OAOG;IACH,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIjD;;;;;OAKG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIhC;;;;;;;;OAQG;IACH,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE;IAY/C;;;;;;;OAOG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAI5D;;;;OAIG;IACH,cAAc,IAAI,MAAM,EAAE;IAM1B;;;;;;;OAOG;IACH,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,EAAE;IAIhD;;;;;;;OAOG;IACH,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,EAAE;IAI9C;;;;;;;OAOG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,EAAE;IAI/C;;;;;OAKG;IACH,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAMzC;;;;;;;;;OASG;IACH,4BAA4B,CAAC,IAAI,EAAE,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;IAIvD;;;;;;;;OAQG;IACH,+BAA+B,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAI7D;;;;;;;;OAQG;IACH,gCAAgC,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;IAI9D;;;;OAIG;IACH,wBAAwB,IAAI;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAMtE;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,WAAW,IAAI,gBAAgB;CAGhC"}
|
|
@@ -10,6 +10,7 @@ import { promises as fs } from 'fs';
|
|
|
10
10
|
import { Mutex } from 'async-mutex';
|
|
11
11
|
import { clearAllSearchCaches } from '../utils/searchCache.js';
|
|
12
12
|
import { NameIndex, TypeIndex, LowercaseCache, RelationIndex, ObservationIndex } from '../utils/indexes.js';
|
|
13
|
+
import { sanitizeObject } from '../utils/index.js';
|
|
13
14
|
import { BatchTransaction } from './TransactionManager.js';
|
|
14
15
|
import { GraphEventEmitter } from './GraphEventEmitter.js';
|
|
15
16
|
/**
|
|
@@ -562,8 +563,8 @@ export class GraphStorage {
|
|
|
562
563
|
throw error;
|
|
563
564
|
}
|
|
564
565
|
}
|
|
565
|
-
// File write succeeded - NOW update cache in-place
|
|
566
|
-
Object.assign(entity, updates);
|
|
566
|
+
// File write succeeded - NOW update cache in-place (sanitized to prevent prototype pollution)
|
|
567
|
+
Object.assign(entity, sanitizeObject(updates));
|
|
567
568
|
entity.lastModified = timestamp;
|
|
568
569
|
// Update indexes
|
|
569
570
|
this.nameIndex.add(entity); // Update reference
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ManagerContext.d.ts","sourceRoot":"","sources":["../../src/core/ManagerContext.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"ManagerContext.d.ts","sourceRoot":"","sources":["../../src/core/ManagerContext.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,OAAO,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,cAAc,EAA6C,MAAM,oBAAoB,CAAC;AAC/F,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAG/D;;;GAGG;AACH,qBAAa,cAAc;IAGzB,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAC/B,OAAO,CAAC,QAAQ,CAAC,qBAAqB,CAAS;IAC/C,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAS;IAG5C,OAAO,CAAC,cAAc,CAAC,CAAgB;IACvC,OAAO,CAAC,gBAAgB,CAAC,CAAkB;IAC3C,OAAO,CAAC,mBAAmB,CAAC,CAAqB;IACjD,OAAO,CAAC,iBAAiB,CAAC,CAAmB;IAC7C,OAAO,CAAC,eAAe,CAAC,CAAiB;IACzC,OAAO,CAAC,cAAc,CAAC,CAAgB;IACvC,OAAO,CAAC,eAAe,CAAC,CAAwB;IAChD,OAAO,CAAC,UAAU,CAAC,CAAY;IAC/B,OAAO,CAAC,WAAW,CAAC,CAAa;IACjC,OAAO,CAAC,iBAAiB,CAAC,CAAmB;IAC7C,OAAO,CAAC,mBAAmB,CAAC,CAAqB;IACjD,OAAO,CAAC,eAAe,CAAC,CAAiB;gBAE7B,cAAc,EAAE,MAAM;IAclC,qDAAqD;IACrD,IAAI,aAAa,IAAI,aAAa,CAEjC;IAED,sCAAsC;IACtC,IAAI,eAAe,IAAI,eAAe,CAErC;IAED,4CAA4C;IAC5C,IAAI,kBAAkB,IAAI,kBAAkB,CAE3C;IAED,qDAAqD;IACrD,IAAI,gBAAgB,IAAI,gBAAgB,CAEvC;IAED,sEAAsE;IACtE,IAAI,cAAc,IAAI,cAAc,CAEnC;IAED,4CAA4C;IAC5C,IAAI,aAAa,IAAI,aAAa,CAEjC;IAED;;;OAGG;IACH,IAAI,cAAc,IAAI,cAAc,GAAG,IAAI,CAa1C;IAED,wDAAwD;IACxD,IAAI,SAAS,IAAI,SAAS,CAEzB;IAED,wCAAwC;IACxC,IAAI,UAAU,IAAI,UAAU,CAE3B;IAED,yDAAyD;IACzD,IAAI,gBAAgB,IAAI,gBAAgB,CAEvC;IAED,kEAAkE;IAClE,IAAI,kBAAkB,IAAI,kBAAkB,CAE3C;IAED,kDAAkD;IAClD,IAAI,cAAc,IAAI,cAAc,CAEnC;CACF"}
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
* @module core/ManagerContext
|
|
9
9
|
*/
|
|
10
10
|
import path from 'path';
|
|
11
|
-
import {
|
|
11
|
+
import { createStorageFromPath } from './StorageFactory.js';
|
|
12
12
|
import { EntityManager } from './EntityManager.js';
|
|
13
13
|
import { RelationManager } from './RelationManager.js';
|
|
14
14
|
import { ObservationManager } from './ObservationManager.js';
|
|
@@ -27,6 +27,8 @@ import { getEmbeddingConfig } from '../utils/constants.js';
|
|
|
27
27
|
* Provides direct manager access for toolHandlers.
|
|
28
28
|
*/
|
|
29
29
|
export class ManagerContext {
|
|
30
|
+
// Type as GraphStorage for manager compatibility; actual instance may be SQLiteStorage
|
|
31
|
+
// which implements the same interface via duck typing
|
|
30
32
|
storage;
|
|
31
33
|
savedSearchesFilePath;
|
|
32
34
|
tagAliasesFilePath;
|
|
@@ -49,7 +51,9 @@ export class ManagerContext {
|
|
|
49
51
|
const basename = path.basename(memoryFilePath, path.extname(memoryFilePath));
|
|
50
52
|
this.savedSearchesFilePath = path.join(dir, `${basename}-saved-searches.jsonl`);
|
|
51
53
|
this.tagAliasesFilePath = path.join(dir, `${basename}-tag-aliases.jsonl`);
|
|
52
|
-
|
|
54
|
+
// Use StorageFactory to respect MEMORY_STORAGE_TYPE environment variable
|
|
55
|
+
// Type assertion: SQLiteStorage implements same interface as GraphStorage
|
|
56
|
+
this.storage = createStorageFromPath(memoryFilePath);
|
|
53
57
|
}
|
|
54
58
|
// ==================== MANAGER ACCESSORS ====================
|
|
55
59
|
// Use these for direct manager access in toolHandlers
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SQLiteStorage.d.ts","sourceRoot":"","sources":["../../src/core/SQLiteStorage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,sBAAsB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;
|
|
1
|
+
{"version":3,"file":"SQLiteStorage.d.ts","sourceRoot":"","sources":["../../src/core/SQLiteStorage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,QAAQ,EAAE,sBAAsB,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAKhI;;;;;;;;;;;;GAYG;AACH,qBAAa,aAAc,YAAW,aAAa;IAyDrC,OAAO,CAAC,UAAU;IAxD9B;;;;;OAKG;IACH,OAAO,CAAC,KAAK,CAAe;IAE5B;;OAEG;IACH,OAAO,CAAC,EAAE,CAA6B;IAEvC;;OAEG;IACH,OAAO,CAAC,WAAW,CAAkB;IAErC;;;OAGG;IACH,OAAO,CAAC,KAAK,CAA+B;IAE5C;;OAEG;IACH,OAAO,CAAC,SAAS,CAA8B;IAE/C;;OAEG;IACH,OAAO,CAAC,SAAS,CAA8B;IAE/C;;OAEG;IACH,OAAO,CAAC,cAAc,CAAyC;IAE/D;;;OAGG;IACH,OAAO,CAAC,cAAc,CAAa;IAEnC;;;OAGG;IACH,OAAO,CAAC,0BAA0B,CAAsC;IAExE;;;;OAIG;gBACiB,UAAU,EAAE,MAAM;IAEtC;;OAEG;IACH,OAAO,CAAC,UAAU;IAmBlB;;OAEG;IACH,OAAO,CAAC,YAAY;IAkFpB;;OAEG;IACH,OAAO,CAAC,SAAS;IA2BjB;;OAEG;IACH,OAAO,CAAC,WAAW;IAanB;;OAEG;IACH,OAAO,CAAC,aAAa;IAUrB;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAW5B;;;;OAIG;IACG,SAAS,IAAI,OAAO,CAAC,sBAAsB,CAAC;IAKlD;;;;OAIG;IACG,mBAAmB,IAAI,OAAO,CAAC,cAAc,CAAC;IAYpD;;;;OAIG;IACG,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAMnC;;;;OAIG;IACH,OAAO,CAAC,4BAA4B;IAIpC;;OAEG;IACH,OAAO,CAAC,uBAAuB;IAI/B;;;;;;;OAOG;IACG,SAAS,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC;IA+ErD;;;;;;;OAOG;IACG,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAyCjD;;;;;;;OAOG;IACG,cAAc,CAAC,QAAQ,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAwCvD;;;;;;;;OAQG;IACG,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAuDlF;;;;;;OAMG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAgB9B;;OAEG;IACH,UAAU,IAAI,IAAI;IAgBlB;;;;;;;OAOG;IACH,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIjD;;;;;OAKG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAIhC;;;;;;;;OAQG;IACH,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE;IAY/C;;;;OAIG;IACH,cAAc,IAAI,MAAM,EAAE;IAI1B;;;;;OAKG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,aAAa,GAAG,SAAS;IAM5D;;;;;OAKG;IACH,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAqBrE;;;;;OAKG;IACH,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE;IAkB1C;;;;OAIG;IACH,WAAW,IAAI,MAAM;IAIrB;;;;OAIG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;;;OAIG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ5B;;OAEG;IACH,KAAK,IAAI,IAAI;IAUb;;;;;;;OAOG;IACH,gBAAgB,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,EAAE;IAqBhD;;;;;;;OAOG;IACH,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,EAAE;IAqB9C;;;;;;;OAOG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,EAAE;IAiC/C;;;;;OAKG;IACH,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAiBzC;;;;;OAKG;IACH,OAAO,CAAC,qBAAqB;IAiB7B;;;;;;OAMG;IACH,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAkBzE;;;;;OAKG;IACH,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,IAAI;IAmBjD;;;;OAIG;IACG,iBAAiB,IAAI,OAAO,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;IAkBxD;;;;OAIG;IACH,eAAe,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAYzC;;OAEG;IACH,kBAAkB,IAAI,IAAI;IAW1B;;;;;OAKG;IACH,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAazC;;;;OAIG;IACH,iBAAiB,IAAI;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAA;KAAE;CAmBzD"}
|
|
@@ -23,6 +23,7 @@ import Database from 'better-sqlite3';
|
|
|
23
23
|
import { Mutex } from 'async-mutex';
|
|
24
24
|
import { clearAllSearchCaches } from '../utils/searchCache.js';
|
|
25
25
|
import { NameIndex, TypeIndex } from '../utils/indexes.js';
|
|
26
|
+
import { sanitizeObject } from '../utils/index.js';
|
|
26
27
|
/**
|
|
27
28
|
* SQLiteStorage manages persistence of the knowledge graph using native SQLite.
|
|
28
29
|
*
|
|
@@ -442,8 +443,8 @@ export class SQLiteStorage {
|
|
|
442
443
|
}
|
|
443
444
|
// Track old type for index update
|
|
444
445
|
const oldType = entity.entityType;
|
|
445
|
-
// Apply updates to cached entity
|
|
446
|
-
Object.assign(entity, updates);
|
|
446
|
+
// Apply updates to cached entity (sanitized to prevent prototype pollution)
|
|
447
|
+
Object.assign(entity, sanitizeObject(updates));
|
|
447
448
|
entity.lastModified = new Date().toISOString();
|
|
448
449
|
// Update in database
|
|
449
450
|
const stmt = this.db.prepare(`
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TransactionManager.d.ts","sourceRoot":"","sources":["../../src/core/TransactionManager.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,MAAM,EACN,QAAQ,EAER,2BAA2B,EAC3B,cAAc,EACd,WAAW,EACX,YAAY,EACb,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAKtD;;GAEG;AACH,oBAAY,aAAa;IACvB,aAAa,kBAAkB;IAC/B,aAAa,kBAAkB;IAC/B,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,eAAe,oBAAoB;CACpC;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IACE,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC;IAClC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,GAAG,cAAc,CAAC,CAAC;CAClD,GACD;IACE,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC;IAClC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;KAAE,CAAC;CAClD,GACD;IACE,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC;IAClC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;CACxB,GACD;IACE,IAAI,EAAE,aAAa,CAAC,eAAe,CAAC;IACpC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,WAAW,GAAG,cAAc,CAAC,CAAC;CACpD,GACD;IACE,IAAI,EAAE,aAAa,CAAC,eAAe,CAAC;IACpC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC;CAC1D,CAAC;AAEN;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,6CAA6C;IAC7C,OAAO,EAAE,OAAO,CAAC;IACjB,oCAAoC;IACpC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,0CAA0C;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,qBAAa,kBAAkB;IAMjB,OAAO,CAAC,OAAO;IAL3B,OAAO,CAAC,UAAU,CAA8B;IAChD,OAAO,CAAC,aAAa,CAAkB;IACvC,OAAO,CAAC,SAAS,CAAY;IAC7B,OAAO,CAAC,iBAAiB,CAAC,CAAS;gBAEf,OAAO,EAAE,YAAY;IAIzC;;;;;;;;;;;;;;OAcG;IACH,KAAK,IAAI,IAAI;IASb;;;;;;;;;;;;;;;OAeG;IACH,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,GAAG,cAAc,CAAC,GAAG,IAAI;IAQtE;;;;;;;;;;;;;;OAcG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI;IAQ1D;;;;;;;;;;OAUG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAQhC;;;;;;;;;;;;;;OAcG;IACH,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,WAAW,GAAG,cAAc,CAAC,GAAG,IAAI;IAQ5E;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAQpE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACG,MAAM,CAAC,OAAO,CAAC,EAAE,2BAA2B,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAgF/E;;;;;;;;;;;;;;;;;OAiBG;IACG,QAAQ,IAAI,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA6BpE;;;;OAIG;IACH,eAAe,IAAI,OAAO;IAI1B;;;;OAIG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;;;OAIG;IACH,OAAO,CAAC,mBAAmB;IAM3B;;;;OAIG;IACH,OAAO,CAAC,cAAc;
|
|
1
|
+
{"version":3,"file":"TransactionManager.d.ts","sourceRoot":"","sources":["../../src/core/TransactionManager.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACV,MAAM,EACN,QAAQ,EAER,2BAA2B,EAC3B,cAAc,EACd,WAAW,EACX,YAAY,EACb,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAKtD;;GAEG;AACH,oBAAY,aAAa;IACvB,aAAa,kBAAkB;IAC/B,aAAa,kBAAkB;IAC/B,aAAa,kBAAkB;IAC/B,eAAe,oBAAoB;IACnC,eAAe,oBAAoB;CACpC;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IACE,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC;IAClC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,GAAG,cAAc,CAAC,CAAC;CAClD,GACD;IACE,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC;IAClC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAA;KAAE,CAAC;CAClD,GACD;IACE,IAAI,EAAE,aAAa,CAAC,aAAa,CAAC;IAClC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;CACxB,GACD;IACE,IAAI,EAAE,aAAa,CAAC,eAAe,CAAC;IACpC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,WAAW,GAAG,cAAc,CAAC,CAAC;CACpD,GACD;IACE,IAAI,EAAE,aAAa,CAAC,eAAe,CAAC;IACpC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC;CAC1D,CAAC;AAEN;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,6CAA6C;IAC7C,OAAO,EAAE,OAAO,CAAC;IACjB,oCAAoC;IACpC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,0CAA0C;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,yCAAyC;IACzC,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,qBAAa,kBAAkB;IAMjB,OAAO,CAAC,OAAO;IAL3B,OAAO,CAAC,UAAU,CAA8B;IAChD,OAAO,CAAC,aAAa,CAAkB;IACvC,OAAO,CAAC,SAAS,CAAY;IAC7B,OAAO,CAAC,iBAAiB,CAAC,CAAS;gBAEf,OAAO,EAAE,YAAY;IAIzC;;;;;;;;;;;;;;OAcG;IACH,KAAK,IAAI,IAAI;IASb;;;;;;;;;;;;;;;OAeG;IACH,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,GAAG,cAAc,CAAC,GAAG,IAAI;IAQtE;;;;;;;;;;;;;;OAcG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI;IAQ1D;;;;;;;;;;OAUG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAQhC;;;;;;;;;;;;;;OAcG;IACH,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,WAAW,GAAG,cAAc,CAAC,GAAG,IAAI;IAQ5E;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAQpE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8BG;IACG,MAAM,CAAC,OAAO,CAAC,EAAE,2BAA2B,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAgF/E;;;;;;;;;;;;;;;;;OAiBG;IACG,QAAQ,IAAI,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA6BpE;;;;OAIG;IACH,eAAe,IAAI,OAAO;IAI1B;;;;OAIG;IACH,iBAAiB,IAAI,MAAM;IAI3B;;;;OAIG;IACH,OAAO,CAAC,mBAAmB;IAM3B;;;;OAIG;IACH,OAAO,CAAC,cAAc;CAkFvB;AAID;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,UAAU,CAAwB;IAC1C,OAAO,CAAC,OAAO,CAAe;IAE9B;;;;OAIG;gBACS,OAAO,EAAE,YAAY;IAIjC;;;;;;;;;;;;;;;OAeG;IACH,YAAY,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,WAAW,GAAG,cAAc,CAAC,GAAG,IAAI;IAKtE;;;;;;;;;;;OAWG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,IAAI;IAK1D;;;;;;;;;;OAUG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAKhC;;;;;;;;;;;;;;OAcG;IACH,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,WAAW,GAAG,cAAc,CAAC,GAAG,IAAI;IAK5E;;;;;;;;;;;;OAYG;IACH,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI;IAKpE;;;;;;;;;;;OAWG;IACH,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI;IAK3D;;;;;;;;;;;OAWG;IACH,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,IAAI;IAK9D;;;;;;;;;;;;;OAaG;IACH,aAAa,CAAC,UAAU,EAAE,cAAc,EAAE,GAAG,IAAI;IAKjD;;;;OAIG;IACH,IAAI,IAAI,MAAM;IAId;;;;OAIG;IACH,KAAK,IAAI,IAAI;IAKb;;;;OAIG;IACH,aAAa,IAAI,cAAc,EAAE;IAIjC;;;;;;;;;;;;;;;;;;OAkBG;IACG,OAAO,CAAC,OAAO,GAAE,YAAiB,GAAG,OAAO,CAAC,WAAW,CAAC;IAuE/D;;;OAGG;IACH,OAAO,CAAC,kBAAkB;IAmE1B;;;OAGG;IACH,OAAO,CAAC,mBAAmB;CAwH5B"}
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
*/
|
|
10
10
|
import { IOManager } from '../features/IOManager.js';
|
|
11
11
|
import { KnowledgeGraphError } from '../utils/errors.js';
|
|
12
|
-
import { checkCancellation, createProgressReporter, createProgress } from '../utils/index.js';
|
|
12
|
+
import { checkCancellation, createProgressReporter, createProgress, sanitizeObject } from '../utils/index.js';
|
|
13
13
|
/**
|
|
14
14
|
* Types of operations that can be performed in a transaction.
|
|
15
15
|
*/
|
|
@@ -377,7 +377,8 @@ export class TransactionManager {
|
|
|
377
377
|
if (!entity) {
|
|
378
378
|
throw new KnowledgeGraphError(`Entity "${name}" not found`, 'ENTITY_NOT_FOUND');
|
|
379
379
|
}
|
|
380
|
-
|
|
380
|
+
// Sanitize updates to prevent prototype pollution
|
|
381
|
+
Object.assign(entity, sanitizeObject(updates));
|
|
381
382
|
entity.lastModified = timestamp;
|
|
382
383
|
break;
|
|
383
384
|
}
|
|
@@ -790,7 +791,8 @@ export class BatchTransaction {
|
|
|
790
791
|
if (!entity) {
|
|
791
792
|
throw new KnowledgeGraphError(`Entity "${name}" not found`, 'ENTITY_NOT_FOUND');
|
|
792
793
|
}
|
|
793
|
-
|
|
794
|
+
// Sanitize updates to prevent prototype pollution
|
|
795
|
+
Object.assign(entity, sanitizeObject(updates));
|
|
794
796
|
entity.lastModified = timestamp;
|
|
795
797
|
result.entitiesUpdated++;
|
|
796
798
|
break;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"IOManager.d.ts","sourceRoot":"","sources":["../../src/features/IOManager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAIV,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,aAAa,EACb,aAAa,EACb,YAAY,EACZ,2BAA2B,EAC5B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"IOManager.d.ts","sourceRoot":"","sources":["../../src/features/IOManager.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAIV,sBAAsB,EACtB,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,aAAa,EACb,aAAa,EACb,YAAY,EACZ,2BAA2B,EAC5B,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAqB5D;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,KAAK,GAAG,SAAS,GAAG,MAAM,GAAG,KAAK,GAAG,UAAU,GAAG,SAAS,CAAC;AAEhG;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,GAAG,KAAK,GAAG,SAAS,CAAC;AAEtD;;GAEG;AACH,MAAM,MAAM,aAAa,GAAG,SAAS,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,CAAC;AAElE;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAClB,uCAAuC;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,wCAAwC;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,yDAAyD;IACzD,QAAQ,EAAE,MAAM,CAAC;IACjB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,uEAAuE;IACvE,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iEAAiE;IACjE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,8BAA8B;IAC9B,iBAAiB,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC;CACvC;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB,uBAAuB;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,sBAAsB;IACtB,QAAQ,EAAE,cAAc,CAAC;IACzB,uCAAuC;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,yBAAyB;IACzB,IAAI,EAAE,MAAM,CAAC;CACd;AAMD;;;;;;;GAOG;AACH,qBAAa,SAAS;IAGR,OAAO,CAAC,OAAO;IAF3B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEf,OAAO,EAAE,YAAY;IAUzC;;;;;;OAMG;IACH,WAAW,CAAC,KAAK,EAAE,sBAAsB,EAAE,MAAM,EAAE,YAAY,GAAG,MAAM;IAqBxE;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACG,0BAA0B,CAC9B,KAAK,EAAE,sBAAsB,EAC7B,MAAM,EAAE,YAAY,EACpB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,YAAY,CAAC;IAuDxB;;;;;;;;;;;OAWG;YACW,YAAY;IA6C1B,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,WAAW;IAsDnB,OAAO,CAAC,eAAe;IAuDvB,OAAO,CAAC,YAAY;IAqDpB,OAAO,CAAC,WAAW;IAiCnB,OAAO,CAAC,gBAAgB;IAwCxB,OAAO,CAAC,eAAe;IAyCvB;;;;;;;;;;;;OAYG;IACG,WAAW,CACf,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,MAAM,EACZ,aAAa,GAAE,aAAsB,EACrC,MAAM,GAAE,OAAe,EACvB,OAAO,CAAC,EAAE,2BAA2B,GACpC,OAAO,CAAC,YAAY,CAAC;IA6CxB,OAAO,CAAC,eAAe;IAwCvB,OAAO,CAAC,cAAc;IAiItB,OAAO,CAAC,kBAAkB;YA6FZ,kBAAkB;IAwJhC;;OAEG;YACW,eAAe;IAQ7B;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAW9B;;;;;;;;;;;;;;;;;;OAkBG;IACG,YAAY,CAAC,OAAO,CAAC,EAAE,aAAa,GAAG,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAiF3E;;;;;;OAMG;IACG,WAAW,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IA+D1C;;;;;;;;;;;;;;;;;;OAkBG;IACG,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAoCnE;;;;OAIG;IACG,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAcrD;;;;;OAKG;IACG,eAAe,CAAC,SAAS,GAAE,MAAW,GAAG,OAAO,CAAC,MAAM,CAAC;IAsB9D;;OAEG;IACH,YAAY,IAAI,MAAM;CAGvB"}
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
import { promises as fs } from 'fs';
|
|
10
10
|
import { dirname, join } from 'path';
|
|
11
11
|
import { FileOperationError } from '../utils/errors.js';
|
|
12
|
-
import { compress, decompress, hasBrotliExtension, COMPRESSION_CONFIG, STREAMING_CONFIG, checkCancellation, createProgressReporter, createProgress, } from '../utils/index.js';
|
|
12
|
+
import { compress, decompress, hasBrotliExtension, COMPRESSION_CONFIG, STREAMING_CONFIG, checkCancellation, createProgressReporter, createProgress, validateFilePath, sanitizeObject, escapeCsvFormula, } from '../utils/index.js';
|
|
13
13
|
import { StreamingExporter } from './StreamingExporter.js';
|
|
14
14
|
// ============================================================
|
|
15
15
|
// IO MANAGER CLASS
|
|
@@ -147,7 +147,9 @@ export class IOManager {
|
|
|
147
147
|
* @private
|
|
148
148
|
*/
|
|
149
149
|
async streamExport(format, graph, options) {
|
|
150
|
-
|
|
150
|
+
// Validate path to prevent path traversal attacks (defense in depth)
|
|
151
|
+
const validatedOutputPath = validateFilePath(options.outputPath);
|
|
152
|
+
const exporter = new StreamingExporter(validatedOutputPath);
|
|
151
153
|
let result;
|
|
152
154
|
switch (format) {
|
|
153
155
|
case 'json':
|
|
@@ -160,7 +162,7 @@ export class IOManager {
|
|
|
160
162
|
default:
|
|
161
163
|
// Fallback to in-memory export for unsupported streaming formats
|
|
162
164
|
const content = this.exportGraph(graph, format);
|
|
163
|
-
await fs.writeFile(
|
|
165
|
+
await fs.writeFile(validatedOutputPath, content);
|
|
164
166
|
result = {
|
|
165
167
|
bytesWritten: Buffer.byteLength(content, 'utf-8'),
|
|
166
168
|
entitiesWritten: graph.entities.length,
|
|
@@ -170,7 +172,7 @@ export class IOManager {
|
|
|
170
172
|
}
|
|
171
173
|
return {
|
|
172
174
|
format,
|
|
173
|
-
content: `Streamed to ${
|
|
175
|
+
content: `Streamed to ${validatedOutputPath}`,
|
|
174
176
|
entityCount: result.entitiesWritten,
|
|
175
177
|
relationCount: result.relationsWritten,
|
|
176
178
|
compressed: false,
|
|
@@ -179,7 +181,7 @@ export class IOManager {
|
|
|
179
181
|
compressedSize: result.bytesWritten,
|
|
180
182
|
compressionRatio: 1,
|
|
181
183
|
streamed: true,
|
|
182
|
-
outputPath:
|
|
184
|
+
outputPath: validatedOutputPath,
|
|
183
185
|
};
|
|
184
186
|
}
|
|
185
187
|
exportAsJson(graph) {
|
|
@@ -190,7 +192,9 @@ export class IOManager {
|
|
|
190
192
|
const escapeCsvField = (field) => {
|
|
191
193
|
if (field === undefined || field === null)
|
|
192
194
|
return '';
|
|
193
|
-
|
|
195
|
+
// First protect against CSV formula injection
|
|
196
|
+
let str = escapeCsvFormula(String(field));
|
|
197
|
+
// Then handle CSV special characters
|
|
194
198
|
if (str.includes(',') || str.includes('"') || str.includes('\n')) {
|
|
195
199
|
return `"${str.replace(/"/g, '""')}"`;
|
|
196
200
|
}
|
|
@@ -479,6 +483,11 @@ export class IOManager {
|
|
|
479
483
|
return await this.mergeImportedGraph(importedGraph, mergeStrategy, dryRun, options);
|
|
480
484
|
}
|
|
481
485
|
parseJsonImport(data) {
|
|
486
|
+
// Security: Limit input size to prevent DoS (10MB max)
|
|
487
|
+
const MAX_IMPORT_SIZE = 10 * 1024 * 1024;
|
|
488
|
+
if (data.length > MAX_IMPORT_SIZE) {
|
|
489
|
+
throw new FileOperationError(`JSON import data exceeds maximum size of ${MAX_IMPORT_SIZE / (1024 * 1024)}MB`, 'json-import');
|
|
490
|
+
}
|
|
482
491
|
const parsed = JSON.parse(data);
|
|
483
492
|
if (!parsed.entities || !Array.isArray(parsed.entities)) {
|
|
484
493
|
throw new Error('Invalid JSON: missing or invalid entities array');
|
|
@@ -486,12 +495,27 @@ export class IOManager {
|
|
|
486
495
|
if (!parsed.relations || !Array.isArray(parsed.relations)) {
|
|
487
496
|
throw new Error('Invalid JSON: missing or invalid relations array');
|
|
488
497
|
}
|
|
498
|
+
// Security: Limit maximum number of entities/relations
|
|
499
|
+
const MAX_ITEMS = 100000;
|
|
500
|
+
if (parsed.entities.length > MAX_ITEMS) {
|
|
501
|
+
throw new FileOperationError(`JSON import exceeds maximum entity count of ${MAX_ITEMS}`, 'json-import');
|
|
502
|
+
}
|
|
503
|
+
if (parsed.relations.length > MAX_ITEMS) {
|
|
504
|
+
throw new FileOperationError(`JSON import exceeds maximum relation count of ${MAX_ITEMS}`, 'json-import');
|
|
505
|
+
}
|
|
489
506
|
return {
|
|
490
507
|
entities: parsed.entities,
|
|
491
508
|
relations: parsed.relations,
|
|
492
509
|
};
|
|
493
510
|
}
|
|
494
511
|
parseCsvImport(data) {
|
|
512
|
+
// Security: Limit input size to prevent DoS (10MB max)
|
|
513
|
+
const MAX_IMPORT_SIZE = 10 * 1024 * 1024;
|
|
514
|
+
if (data.length > MAX_IMPORT_SIZE) {
|
|
515
|
+
throw new FileOperationError(`CSV import data exceeds maximum size of ${MAX_IMPORT_SIZE / (1024 * 1024)}MB`, 'csv-import');
|
|
516
|
+
}
|
|
517
|
+
// Security: Limit maximum number of entities/relations
|
|
518
|
+
const MAX_ITEMS = 100000;
|
|
495
519
|
const lines = data
|
|
496
520
|
.split('\n')
|
|
497
521
|
.map(line => line.trim())
|
|
@@ -546,6 +570,10 @@ export class IOManager {
|
|
|
546
570
|
}
|
|
547
571
|
const fields = parseCsvLine(line);
|
|
548
572
|
if (fields.length >= 2) {
|
|
573
|
+
// Security: Check entity limit
|
|
574
|
+
if (entities.length >= MAX_ITEMS) {
|
|
575
|
+
throw new FileOperationError(`CSV import exceeds maximum entity count of ${MAX_ITEMS}`, 'csv-import');
|
|
576
|
+
}
|
|
549
577
|
const entity = {
|
|
550
578
|
name: fields[0],
|
|
551
579
|
entityType: fields[1],
|
|
@@ -575,6 +603,10 @@ export class IOManager {
|
|
|
575
603
|
}
|
|
576
604
|
const fields = parseCsvLine(line);
|
|
577
605
|
if (fields.length >= 3) {
|
|
606
|
+
// Security: Check relation limit
|
|
607
|
+
if (relations.length >= MAX_ITEMS) {
|
|
608
|
+
throw new FileOperationError(`CSV import exceeds maximum relation count of ${MAX_ITEMS}`, 'csv-import');
|
|
609
|
+
}
|
|
578
610
|
const relation = {
|
|
579
611
|
from: fields[0],
|
|
580
612
|
to: fields[1],
|
|
@@ -591,9 +623,23 @@ export class IOManager {
|
|
|
591
623
|
parseGraphMLImport(data) {
|
|
592
624
|
const entities = [];
|
|
593
625
|
const relations = [];
|
|
626
|
+
// Security: Limit input size to prevent ReDoS attacks (10MB max)
|
|
627
|
+
const MAX_IMPORT_SIZE = 10 * 1024 * 1024;
|
|
628
|
+
if (data.length > MAX_IMPORT_SIZE) {
|
|
629
|
+
throw new FileOperationError(`GraphML import data exceeds maximum size of ${MAX_IMPORT_SIZE / (1024 * 1024)}MB`, 'graphml-import');
|
|
630
|
+
}
|
|
631
|
+
// Security: Limit maximum number of entities/relations to prevent infinite loops
|
|
632
|
+
const MAX_ITEMS = 100000;
|
|
633
|
+
let nodeCount = 0;
|
|
634
|
+
let relationCount = 0;
|
|
635
|
+
// Use non-greedy patterns with character class restrictions
|
|
594
636
|
const nodeRegex = /<node\s+id="([^"]+)"[^>]*>([\s\S]*?)<\/node>/g;
|
|
595
637
|
let nodeMatch;
|
|
596
638
|
while ((nodeMatch = nodeRegex.exec(data)) !== null) {
|
|
639
|
+
// Security: Limit iterations to prevent ReDoS
|
|
640
|
+
if (++nodeCount > MAX_ITEMS) {
|
|
641
|
+
throw new FileOperationError(`GraphML import exceeds maximum entity count of ${MAX_ITEMS}`, 'graphml-import');
|
|
642
|
+
}
|
|
597
643
|
const nodeId = nodeMatch[1];
|
|
598
644
|
const nodeContent = nodeMatch[2];
|
|
599
645
|
const getDataValue = (key) => {
|
|
@@ -621,6 +667,10 @@ export class IOManager {
|
|
|
621
667
|
const edgeRegex = /<edge\s+[^>]*source="([^"]+)"\s+target="([^"]+)"[^>]*>([\s\S]*?)<\/edge>/g;
|
|
622
668
|
let edgeMatch;
|
|
623
669
|
while ((edgeMatch = edgeRegex.exec(data)) !== null) {
|
|
670
|
+
// Security: Limit iterations to prevent ReDoS
|
|
671
|
+
if (++relationCount > MAX_ITEMS) {
|
|
672
|
+
throw new FileOperationError(`GraphML import exceeds maximum relation count of ${MAX_ITEMS}`, 'graphml-import');
|
|
673
|
+
}
|
|
624
674
|
const source = edgeMatch[1];
|
|
625
675
|
const target = edgeMatch[2];
|
|
626
676
|
const edgeContent = edgeMatch[3];
|
|
@@ -682,7 +732,8 @@ export class IOManager {
|
|
|
682
732
|
case 'replace':
|
|
683
733
|
result.entitiesUpdated++;
|
|
684
734
|
if (!dryRun) {
|
|
685
|
-
|
|
735
|
+
// Sanitize imported entity to prevent prototype pollution
|
|
736
|
+
Object.assign(existing, sanitizeObject(importedEntity));
|
|
686
737
|
}
|
|
687
738
|
break;
|
|
688
739
|
case 'skip':
|
|
@@ -48,13 +48,18 @@ export interface StreamResult {
|
|
|
48
48
|
* ```
|
|
49
49
|
*/
|
|
50
50
|
export declare class StreamingExporter {
|
|
51
|
-
private readonly
|
|
51
|
+
private readonly validatedFilePath;
|
|
52
52
|
/**
|
|
53
53
|
* Create a new streaming exporter.
|
|
54
54
|
*
|
|
55
55
|
* @param filePath - Path to the output file
|
|
56
|
+
* @throws {FileOperationError} If path traversal is detected
|
|
56
57
|
*/
|
|
57
58
|
constructor(filePath: string);
|
|
59
|
+
/**
|
|
60
|
+
* Get the validated file path.
|
|
61
|
+
*/
|
|
62
|
+
get filePath(): string;
|
|
58
63
|
/**
|
|
59
64
|
* Stream a knowledge graph to JSONL format.
|
|
60
65
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"StreamingExporter.d.ts","sourceRoot":"","sources":["../../src/features/StreamingExporter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAU,sBAAsB,EAAE,2BAA2B,EAAE,MAAM,mBAAmB,CAAC;AAGrG;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,YAAY;IAC3B,6CAA6C;IAC7C,YAAY,EAAE,MAAM,CAAC;IAErB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IAExB,kCAAkC;IAClC,gBAAgB,EAAE,MAAM,CAAC;IAEzB,uDAAuD;IACvD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,iBAAiB;
|
|
1
|
+
{"version":3,"file":"StreamingExporter.d.ts","sourceRoot":"","sources":["../../src/features/StreamingExporter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAU,sBAAsB,EAAE,2BAA2B,EAAE,MAAM,mBAAmB,CAAC;AAGrG;;;;;;;;;;;;;;;GAeG;AACH,MAAM,WAAW,YAAY;IAC3B,6CAA6C;IAC7C,YAAY,EAAE,MAAM,CAAC;IAErB,iCAAiC;IACjC,eAAe,EAAE,MAAM,CAAC;IAExB,kCAAkC;IAClC,gBAAgB,EAAE,MAAM,CAAC;IAEzB,uDAAuD;IACvD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;;;;;;;;;GAYG;AACH,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAS;IAE3C;;;;;OAKG;gBACS,QAAQ,EAAE,MAAM;IAK5B;;OAEG;IACH,IAAI,QAAQ,IAAI,MAAM,CAErB;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACG,WAAW,CACf,KAAK,EAAE,sBAAsB,EAC7B,OAAO,CAAC,EAAE,2BAA2B,GACpC,OAAO,CAAC,YAAY,CAAC;IA+DxB;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACG,SAAS,CACb,KAAK,EAAE,sBAAsB,EAC7B,OAAO,CAAC,EAAE,2BAA2B,GACpC,OAAO,CAAC,YAAY,CAAC;IAuDxB;;;;;;;;;;OAUG;IACH,OAAO,CAAC,cAAc;CAcvB"}
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
* @module features/StreamingExporter
|
|
9
9
|
*/
|
|
10
10
|
import { createWriteStream } from 'fs';
|
|
11
|
-
import { checkCancellation, createProgressReporter, createProgress } from '../utils/index.js';
|
|
11
|
+
import { checkCancellation, createProgressReporter, createProgress, validateFilePath } from '../utils/index.js';
|
|
12
12
|
/**
|
|
13
13
|
* Streaming exporter for knowledge graphs.
|
|
14
14
|
*
|
|
@@ -23,14 +23,22 @@ import { checkCancellation, createProgressReporter, createProgress } from '../ut
|
|
|
23
23
|
* ```
|
|
24
24
|
*/
|
|
25
25
|
export class StreamingExporter {
|
|
26
|
-
|
|
26
|
+
validatedFilePath;
|
|
27
27
|
/**
|
|
28
28
|
* Create a new streaming exporter.
|
|
29
29
|
*
|
|
30
30
|
* @param filePath - Path to the output file
|
|
31
|
+
* @throws {FileOperationError} If path traversal is detected
|
|
31
32
|
*/
|
|
32
33
|
constructor(filePath) {
|
|
33
|
-
|
|
34
|
+
// Validate path to prevent path traversal attacks
|
|
35
|
+
this.validatedFilePath = validateFilePath(filePath);
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Get the validated file path.
|
|
39
|
+
*/
|
|
40
|
+
get filePath() {
|
|
41
|
+
return this.validatedFilePath;
|
|
34
42
|
}
|
|
35
43
|
/**
|
|
36
44
|
* Stream a knowledge graph to JSONL format.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"SavedSearchManager.d.ts","sourceRoot":"","sources":["../../src/search/SavedSearchManager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"SavedSearchManager.d.ts","sourceRoot":"","sources":["../../src/search/SavedSearchManager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACrE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAGpD;;GAEG;AACH,qBAAa,kBAAkB;IAE3B,OAAO,CAAC,qBAAqB;IAC7B,OAAO,CAAC,WAAW;gBADX,qBAAqB,EAAE,MAAM,EAC7B,WAAW,EAAE,WAAW;IAGlC;;;;OAIG;YACW,iBAAiB;IAa/B;;;;OAIG;YACW,iBAAiB;IAK/B;;;;;;OAMG;IACG,UAAU,CACd,MAAM,EAAE,IAAI,CAAC,WAAW,EAAE,WAAW,GAAG,UAAU,GAAG,UAAU,CAAC,GAC/D,OAAO,CAAC,WAAW,CAAC;IAoBvB;;;;OAIG;IACG,iBAAiB,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAIjD;;;;;OAKG;IACG,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAK/D;;;;;;;;OAQG;IACG,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAsB/D;;;;;OAKG;IACG,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAavD;;;;;;;;;OASG;IACG,iBAAiB,CACrB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,GAAG,WAAW,GAAG,UAAU,GAAG,UAAU,CAAC,CAAC,GAClF,OAAO,CAAC,WAAW,CAAC;CAcxB"}
|
|
@@ -6,6 +6,7 @@
|
|
|
6
6
|
* @module search/SavedSearchManager
|
|
7
7
|
*/
|
|
8
8
|
import * as fs from 'fs/promises';
|
|
9
|
+
import { sanitizeObject } from '../utils/index.js';
|
|
9
10
|
/**
|
|
10
11
|
* Manages saved search queries with usage tracking.
|
|
11
12
|
*/
|
|
@@ -137,8 +138,8 @@ export class SavedSearchManager {
|
|
|
137
138
|
if (!search) {
|
|
138
139
|
throw new Error(`Saved search "${name}" not found`);
|
|
139
140
|
}
|
|
140
|
-
// Apply updates
|
|
141
|
-
Object.assign(search, updates);
|
|
141
|
+
// Apply updates (sanitized to prevent prototype pollution)
|
|
142
|
+
Object.assign(search, sanitizeObject(updates));
|
|
142
143
|
await this.saveSavedSearches(searches);
|
|
143
144
|
return search;
|
|
144
145
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"toolHandlers.d.ts","sourceRoot":"","sources":["../../src/server/toolHandlers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,kBAAkB,
|
|
1
|
+
{"version":3,"file":"toolHandlers.d.ts","sourceRoot":"","sources":["../../src/server/toolHandlers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,kBAAkB,EAmBnB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAIhE;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEjE;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,CACxB,GAAG,EAAE,cAAc,EACnB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC1B,OAAO,CAAC,YAAY,CAAC,CAAC;AAyC3B;;;;;;GAMG;AACH,eAAO,MAAM,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,CAuhBpD,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,GAAG,EAAE,cAAc,GAClB,OAAO,CAAC,YAAY,CAAC,CAMvB"}
|
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
*
|
|
11
11
|
* @module server/toolHandlers
|
|
12
12
|
*/
|
|
13
|
-
import { formatToolResponse, formatTextResponse, formatRawResponse, validateWithSchema, BatchCreateEntitiesSchema, BatchCreateRelationsSchema, EntityNamesSchema, DeleteRelationsSchema, AddObservationsInputSchema, DeleteObservationsInputSchema, ArchiveCriteriaSchema, SavedSearchInputSchema, SavedSearchUpdateSchema, ImportFormatSchema, ExtendedExportFormatSchema, MergeStrategySchema, ExportFilterSchema, SearchQuerySchema, } from '../utils/index.js';
|
|
13
|
+
import { formatToolResponse, formatTextResponse, formatRawResponse, validateWithSchema, validateFilePath, BatchCreateEntitiesSchema, BatchCreateRelationsSchema, EntityNamesSchema, DeleteRelationsSchema, AddObservationsInputSchema, DeleteObservationsInputSchema, ArchiveCriteriaSchema, SavedSearchInputSchema, SavedSearchUpdateSchema, ImportFormatSchema, ExtendedExportFormatSchema, MergeStrategySchema, ExportFilterSchema, SearchQuerySchema, } from '../utils/index.js';
|
|
14
14
|
import { z } from 'zod';
|
|
15
15
|
import { maybeCompressResponse } from './responseCompressor.js';
|
|
16
16
|
/**
|
|
@@ -377,7 +377,9 @@ export const toolHandlers = {
|
|
|
377
377
|
? validateWithSchema(args.compressionQuality, z.number().int().min(0).max(11), 'Invalid compression quality (must be 0-11)')
|
|
378
378
|
: undefined;
|
|
379
379
|
const streaming = args.streaming !== undefined ? validateWithSchema(args.streaming, z.boolean(), 'Invalid streaming value') : undefined;
|
|
380
|
-
const
|
|
380
|
+
const rawOutputPath = args.outputPath !== undefined ? validateWithSchema(args.outputPath, z.string(), 'Invalid outputPath value') : undefined;
|
|
381
|
+
// Validate outputPath to prevent path traversal attacks
|
|
382
|
+
const outputPath = rawOutputPath !== undefined ? validateFilePath(rawOutputPath) : undefined;
|
|
381
383
|
// Get filtered or full graph
|
|
382
384
|
let graph;
|
|
383
385
|
if (filter) {
|
|
@@ -262,6 +262,39 @@ export interface CommonSearchFilters {
|
|
|
262
262
|
* @returns true if entity passes all filters
|
|
263
263
|
*/
|
|
264
264
|
export declare function entityPassesFilters(entity: Entity, filters: Omit<CommonSearchFilters, 'tags'>): boolean;
|
|
265
|
+
/**
|
|
266
|
+
* Sanitizes an object by removing potentially dangerous keys.
|
|
267
|
+
* This prevents prototype pollution attacks when using Object.assign() or spread operators.
|
|
268
|
+
*
|
|
269
|
+
* @param obj - The object to sanitize
|
|
270
|
+
* @returns A new object with dangerous keys removed
|
|
271
|
+
*
|
|
272
|
+
* @example
|
|
273
|
+
* ```typescript
|
|
274
|
+
* // Safe usage with Object.assign
|
|
275
|
+
* const updates = sanitizeObject(userInput);
|
|
276
|
+
* Object.assign(entity, updates);
|
|
277
|
+
*
|
|
278
|
+
* // Protects against prototype pollution
|
|
279
|
+
* const malicious = { __proto__: { admin: true } };
|
|
280
|
+
* const safe = sanitizeObject(malicious); // { }
|
|
281
|
+
* ```
|
|
282
|
+
*/
|
|
283
|
+
export declare function sanitizeObject<T extends Record<string, unknown>>(obj: T): Partial<T>;
|
|
284
|
+
/**
|
|
285
|
+
* Escapes a CSV field to prevent formula injection attacks.
|
|
286
|
+
* Prepends a single quote to values that start with dangerous characters.
|
|
287
|
+
*
|
|
288
|
+
* @param field - The field value to escape
|
|
289
|
+
* @returns Escaped field value safe for CSV export
|
|
290
|
+
*
|
|
291
|
+
* @example
|
|
292
|
+
* ```typescript
|
|
293
|
+
* escapeCsvFormula('=SUM(A1:A10)'); // "'=SUM(A1:A10)"
|
|
294
|
+
* escapeCsvFormula('normal text'); // 'normal text'
|
|
295
|
+
* ```
|
|
296
|
+
*/
|
|
297
|
+
export declare function escapeCsvFormula(field: string | undefined | null): string;
|
|
265
298
|
/**
|
|
266
299
|
* Validate and normalize a file path to prevent path traversal attacks.
|
|
267
300
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"entityUtils.d.ts","sourceRoot":"","sources":["../../src/utils/entityUtils.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH,OAAO,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAKhE;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,MAAM,EACZ,eAAe,EAAE,IAAI,GACpB,MAAM,CAAC;AACV,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,MAAM,EACZ,eAAe,EAAE,KAAK,GACrB,MAAM,GAAG,IAAI,CAAC;AACjB,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,MAAM,EACZ,eAAe,CAAC,EAAE,OAAO,GACxB,MAAM,GAAG,IAAI,CAAC;AAajB;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,cAAc,EACrB,KAAK,EAAE,MAAM,EAAE,EACf,kBAAkB,GAAE,OAAc,GACjC,MAAM,EAAE,CAaV;AAED;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAEzE;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAE1E;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAK/E;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,cAAc,GAAG,GAAG,CAAC,MAAM,CAAC,CAEnE;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAY7E;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAGlD;AAID;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,EAAE,CAGzE;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,UAAU,EAAE,MAAM,EAAE,GAAG,SAAS,EAChC,UAAU,EAAE,MAAM,EAAE,GAAG,SAAS,GAC/B,OAAO,CAQT;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CACxB,UAAU,EAAE,MAAM,EAAE,GAAG,SAAS,EAChC,YAAY,EAAE,MAAM,EAAE,GACrB,OAAO,CAMT;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,CAAC,SAAS;IAAE,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,EACxD,QAAQ,EAAE,CAAC,EAAE,EACb,UAAU,EAAE,MAAM,EAAE,GAAG,SAAS,GAC/B,CAAC,EAAE,CAYL;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAC3B,YAAY,EAAE,MAAM,EAAE,GAAG,SAAS,EAClC,OAAO,EAAE,MAAM,EAAE,GAChB,MAAM,EAAE,CAMV;AAED;;;;;;;GAOG;AACH,wBAAgB,UAAU,CACxB,YAAY,EAAE,MAAM,EAAE,GAAG,SAAS,EAClC,YAAY,EAAE,MAAM,EAAE,GACrB,MAAM,EAAE,CAKV;AAID;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,GAAG,SAAS,EACxB,KAAK,CAAC,EAAE,MAAM,EACd,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAsCT;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAC5B,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACf;IAAE,KAAK,EAAE,IAAI,GAAG,IAAI,CAAC;IAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAA;CAAE,CAmB1C;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAGpD;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,CAE5C;AAID;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,uBAAuB,CACrC,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,aAAa,CAAC,EAAE,MAAM,EACtB,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAqBT;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAAE,EAClB,aAAa,CAAC,EAAE,MAAM,EACtB,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,EAAE,CAOV;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,MAAM,EAAE,EAClB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACf,MAAM,EAAE,CAOV;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,MAAM,EAAE,EAClB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACf,MAAM,EAAE,CAOV;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAAE,EAClB,UAAU,CAAC,EAAE,MAAM,GAClB,MAAM,EAAE,CAKV;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,IAAI,CAAC,mBAAmB,EAAE,MAAM,CAAC,GACzC,OAAO,CAsBT;AAID;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,GAAE,MAAsB,GAAG,MAAM,CAuB1F;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,QAG7B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC,CAmC5D"}
|
|
1
|
+
{"version":3,"file":"entityUtils.d.ts","sourceRoot":"","sources":["../../src/utils/entityUtils.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAKH,OAAO,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAKhE;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,MAAM,EACZ,eAAe,EAAE,IAAI,GACpB,MAAM,CAAC;AACV,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,MAAM,EACZ,eAAe,EAAE,KAAK,GACrB,MAAM,GAAG,IAAI,CAAC;AACjB,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,cAAc,EACrB,IAAI,EAAE,MAAM,EACZ,eAAe,CAAC,EAAE,OAAO,GACxB,MAAM,GAAG,IAAI,CAAC;AAajB;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,cAAc,EACrB,KAAK,EAAE,MAAM,EAAE,EACf,kBAAkB,GAAE,OAAc,GACjC,MAAM,EAAE,CAaV;AAED;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAEzE;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAE1E;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAK/E;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,cAAc,GAAG,GAAG,CAAC,MAAM,CAAC,CAEnE;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAY7E;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAGlD;AAID;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,EAAE,CAGzE;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAC5B,UAAU,EAAE,MAAM,EAAE,GAAG,SAAS,EAChC,UAAU,EAAE,MAAM,EAAE,GAAG,SAAS,GAC/B,OAAO,CAQT;AAED;;;;;;GAMG;AACH,wBAAgB,UAAU,CACxB,UAAU,EAAE,MAAM,EAAE,GAAG,SAAS,EAChC,YAAY,EAAE,MAAM,EAAE,GACrB,OAAO,CAMT;AAED;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,CAAC,SAAS;IAAE,IAAI,CAAC,EAAE,MAAM,EAAE,CAAA;CAAE,EACxD,QAAQ,EAAE,CAAC,EAAE,EACb,UAAU,EAAE,MAAM,EAAE,GAAG,SAAS,GAC/B,CAAC,EAAE,CAYL;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAC3B,YAAY,EAAE,MAAM,EAAE,GAAG,SAAS,EAClC,OAAO,EAAE,MAAM,EAAE,GAChB,MAAM,EAAE,CAMV;AAED;;;;;;;GAOG;AACH,wBAAgB,UAAU,CACxB,YAAY,EAAE,MAAM,EAAE,GAAG,SAAS,EAClC,YAAY,EAAE,MAAM,EAAE,GACrB,MAAM,EAAE,CAKV;AAID;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,GAAG,SAAS,EACxB,KAAK,CAAC,EAAE,MAAM,EACd,GAAG,CAAC,EAAE,MAAM,GACX,OAAO,CAsCT;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAC5B,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACf;IAAE,KAAK,EAAE,IAAI,GAAG,IAAI,CAAC;IAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAA;CAAE,CAmB1C;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAGpD;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,MAAM,CAE5C;AAID;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,uBAAuB,CACrC,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,aAAa,CAAC,EAAE,MAAM,EACtB,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAqBT;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAAE,EAClB,aAAa,CAAC,EAAE,MAAM,EACtB,aAAa,CAAC,EAAE,MAAM,GACrB,MAAM,EAAE,CAOV;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,MAAM,EAAE,EAClB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACf,MAAM,EAAE,CAOV;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,CAClC,QAAQ,EAAE,MAAM,EAAE,EAClB,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACf,MAAM,EAAE,CAOV;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,QAAQ,EAAE,MAAM,EAAE,EAClB,UAAU,CAAC,EAAE,MAAM,GAClB,MAAM,EAAE,CAKV;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,IAAI,CAAC,mBAAmB,EAAE,MAAM,CAAC,GACzC,OAAO,CAsBT;AAcD;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,cAAc,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAuBpF;AAQD;;;;;;;;;;;;GAYG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,MAAM,CASzE;AAID;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,GAAE,MAAsB,GAAG,MAAM,CAuB1F;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,QAG7B,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC,CAmC5D"}
|
|
@@ -432,6 +432,83 @@ export function entityPassesFilters(entity, filters) {
|
|
|
432
432
|
}
|
|
433
433
|
return true;
|
|
434
434
|
}
|
|
435
|
+
// ==================== Security Utilities ====================
|
|
436
|
+
/**
|
|
437
|
+
* Dangerous keys that should never be allowed in object assignment.
|
|
438
|
+
* These can be used for prototype pollution attacks.
|
|
439
|
+
*/
|
|
440
|
+
const DANGEROUS_KEYS = new Set([
|
|
441
|
+
'__proto__',
|
|
442
|
+
'constructor',
|
|
443
|
+
'prototype',
|
|
444
|
+
]);
|
|
445
|
+
/**
|
|
446
|
+
* Sanitizes an object by removing potentially dangerous keys.
|
|
447
|
+
* This prevents prototype pollution attacks when using Object.assign() or spread operators.
|
|
448
|
+
*
|
|
449
|
+
* @param obj - The object to sanitize
|
|
450
|
+
* @returns A new object with dangerous keys removed
|
|
451
|
+
*
|
|
452
|
+
* @example
|
|
453
|
+
* ```typescript
|
|
454
|
+
* // Safe usage with Object.assign
|
|
455
|
+
* const updates = sanitizeObject(userInput);
|
|
456
|
+
* Object.assign(entity, updates);
|
|
457
|
+
*
|
|
458
|
+
* // Protects against prototype pollution
|
|
459
|
+
* const malicious = { __proto__: { admin: true } };
|
|
460
|
+
* const safe = sanitizeObject(malicious); // { }
|
|
461
|
+
* ```
|
|
462
|
+
*/
|
|
463
|
+
export function sanitizeObject(obj) {
|
|
464
|
+
if (obj === null || typeof obj !== 'object') {
|
|
465
|
+
return obj;
|
|
466
|
+
}
|
|
467
|
+
const result = {};
|
|
468
|
+
for (const key of Object.keys(obj)) {
|
|
469
|
+
// Skip dangerous keys
|
|
470
|
+
if (DANGEROUS_KEYS.has(key)) {
|
|
471
|
+
continue;
|
|
472
|
+
}
|
|
473
|
+
// Recursively sanitize nested objects
|
|
474
|
+
const value = obj[key];
|
|
475
|
+
if (value !== null && typeof value === 'object' && !Array.isArray(value)) {
|
|
476
|
+
result[key] = sanitizeObject(value);
|
|
477
|
+
}
|
|
478
|
+
else {
|
|
479
|
+
result[key] = value;
|
|
480
|
+
}
|
|
481
|
+
}
|
|
482
|
+
return result;
|
|
483
|
+
}
|
|
484
|
+
/**
|
|
485
|
+
* CSV formula injection dangerous characters.
|
|
486
|
+
* These can cause spreadsheet applications to execute formulas.
|
|
487
|
+
*/
|
|
488
|
+
const CSV_FORMULA_CHARS = new Set(['=', '+', '-', '@', '\t', '\r']);
|
|
489
|
+
/**
|
|
490
|
+
* Escapes a CSV field to prevent formula injection attacks.
|
|
491
|
+
* Prepends a single quote to values that start with dangerous characters.
|
|
492
|
+
*
|
|
493
|
+
* @param field - The field value to escape
|
|
494
|
+
* @returns Escaped field value safe for CSV export
|
|
495
|
+
*
|
|
496
|
+
* @example
|
|
497
|
+
* ```typescript
|
|
498
|
+
* escapeCsvFormula('=SUM(A1:A10)'); // "'=SUM(A1:A10)"
|
|
499
|
+
* escapeCsvFormula('normal text'); // 'normal text'
|
|
500
|
+
* ```
|
|
501
|
+
*/
|
|
502
|
+
export function escapeCsvFormula(field) {
|
|
503
|
+
if (field === undefined || field === null)
|
|
504
|
+
return '';
|
|
505
|
+
const str = String(field);
|
|
506
|
+
// Prefix with single quote if starts with dangerous character
|
|
507
|
+
if (str.length > 0 && CSV_FORMULA_CHARS.has(str[0])) {
|
|
508
|
+
return "'" + str;
|
|
509
|
+
}
|
|
510
|
+
return str;
|
|
511
|
+
}
|
|
435
512
|
// ==================== Path Utilities ====================
|
|
436
513
|
/**
|
|
437
514
|
* Validate and normalize a file path to prevent path traversal attacks.
|
package/dist/utils/index.d.ts
CHANGED
|
@@ -16,7 +16,7 @@ export { NameIndex, TypeIndex, LowercaseCache, RelationIndex, } from './indexes.
|
|
|
16
16
|
export { SearchCache, searchCaches, clearAllSearchCaches, getAllCacheStats, cleanupAllCaches, type CacheStats, } from './searchCache.js';
|
|
17
17
|
export { EntitySchema, CreateEntitySchema, UpdateEntitySchema, RelationSchema, CreateRelationSchema, SearchQuerySchema, DateRangeSchema, TagAliasSchema, ExportFormatSchema, BatchCreateEntitiesSchema, BatchCreateRelationsSchema, EntityNamesSchema, DeleteRelationsSchema, AddObservationInputSchema, AddObservationsInputSchema, DeleteObservationInputSchema, DeleteObservationsInputSchema, ArchiveCriteriaSchema, SavedSearchInputSchema, SavedSearchUpdateSchema, ImportFormatSchema, ExtendedExportFormatSchema, MergeStrategySchema, ExportFilterSchema, OptionalTagsSchema, OptionalEntityNamesSchema, type EntityInput, type CreateEntityInput, type UpdateEntityInput, type RelationInput, type CreateRelationInput, type SearchQuery, type DateRange, type TagAlias, type ExportFormat, type AddObservationInput, type DeleteObservationInput, type ArchiveCriteriaInput, type SavedSearchInput, type SavedSearchUpdateInput, type ImportFormat, type ExtendedExportFormat, type MergeStrategy, type ExportFilterInput, type ValidationResult, formatZodErrors, validateWithSchema, validateSafe, validateArrayWithSchema, validateEntity, validateRelation, validateImportance, validateTags, } from './schemas.js';
|
|
18
18
|
export { formatToolResponse, formatTextResponse, formatRawResponse, formatErrorResponse, type ToolResponse, validatePagination, applyPagination, paginateArray, getPaginationMeta, type ValidatedPagination, } from './formatters.js';
|
|
19
|
-
export { findEntityByName, findEntitiesByNames, entityExists, getEntityIndex, removeEntityByName, getEntityNameSet, groupEntitiesByType, touchEntity, normalizeTag, normalizeTags, hasMatchingTag, hasAllTags, filterByTags, addUniqueTags, removeTags, isWithinDateRange, parseDateRange, isValidISODate, getCurrentTimestamp, isWithinImportanceRange, filterByImportance, filterByCreatedDate, filterByModifiedDate, filterByEntityType, entityPassesFilters, type CommonSearchFilters, validateFilePath, defaultMemoryPath, ensureMemoryFilePath, } from './entityUtils.js';
|
|
19
|
+
export { findEntityByName, findEntitiesByNames, entityExists, getEntityIndex, removeEntityByName, getEntityNameSet, groupEntitiesByType, touchEntity, normalizeTag, normalizeTags, hasMatchingTag, hasAllTags, filterByTags, addUniqueTags, removeTags, isWithinDateRange, parseDateRange, isValidISODate, getCurrentTimestamp, isWithinImportanceRange, filterByImportance, filterByCreatedDate, filterByModifiedDate, filterByEntityType, entityPassesFilters, type CommonSearchFilters, validateFilePath, defaultMemoryPath, ensureMemoryFilePath, sanitizeObject, escapeCsvFormula, } from './entityUtils.js';
|
|
20
20
|
export { parallelMap, parallelFilter, getPoolStats, shutdownParallelUtils, } from './parallelUtils.js';
|
|
21
21
|
export { TaskPriority, TaskStatus, type Task, type TaskResult, type ProgressCallback, type BatchOptions, type QueueStats, TaskQueue, batchProcess, rateLimitedProcess, withRetry, debounce, throttle, } from './taskScheduler.js';
|
|
22
22
|
export { checkCancellation, createProgressReporter, createProgress, executeWithPhases, processBatchesWithProgress, type PhaseDefinition, } from './operationUtils.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,qBAAqB,EACrB,oBAAoB,EACpB,eAAe,EACf,kBAAkB,EAClB,sBAAsB,EACtB,kBAAkB,EAClB,WAAW,EACX,WAAW,EACX,yBAAyB,EACzB,uBAAuB,GACxB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,eAAe,EACf,aAAa,EACb,kBAAkB,EAClB,QAAQ,EACR,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,EAClB,2BAA2B,EAC3B,aAAa,EACb,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,kBAAkB,GACxB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,0BAA0B,EAC1B,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,GACzB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,eAAe,EACf,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,GAC1B,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAGrC,OAAO,EACL,mBAAmB,EACnB,WAAW,EACX,YAAY,EACZ,yBAAyB,EACzB,cAAc,EACd,QAAQ,GACT,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,SAAS,EACT,SAAS,EACT,cAAc,EACd,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,KAAK,UAAU,GAChB,MAAM,kBAAkB,CAAC;AAI1B,OAAO,EAEL,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,EAClB,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,yBAAyB,EACzB,0BAA0B,EAC1B,iBAAiB,EACjB,qBAAqB,EAErB,yBAAyB,EACzB,0BAA0B,EAC1B,4BAA4B,EAC5B,6BAA6B,EAE7B,qBAAqB,EAErB,sBAAsB,EACtB,uBAAuB,EAEvB,kBAAkB,EAClB,0BAA0B,EAC1B,mBAAmB,EACnB,kBAAkB,EAElB,kBAAkB,EAClB,yBAAyB,EAEzB,KAAK,WAAW,EAChB,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,QAAQ,EACb,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,YAAY,EACjB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EAClB,KAAK,iBAAiB,EAEtB,KAAK,gBAAgB,EAErB,eAAe,EACf,kBAAkB,EAClB,YAAY,EACZ,uBAAuB,EAEvB,cAAc,EACd,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,GACb,MAAM,cAAc,CAAC;AAItB,OAAO,EAEL,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,KAAK,YAAY,EAEjB,kBAAkB,EAClB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,KAAK,mBAAmB,GACzB,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAEL,gBAAgB,EAChB,mBAAmB,EACnB,YAAY,EACZ,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,mBAAmB,EACnB,WAAW,EAEX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,UAAU,EACV,YAAY,EACZ,aAAa,EACb,UAAU,EAEV,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,mBAAmB,EAEnB,uBAAuB,EACvB,kBAAkB,EAClB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,KAAK,mBAAmB,EAExB,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/utils/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,mBAAmB,EACnB,mBAAmB,EACnB,qBAAqB,EACrB,oBAAoB,EACpB,eAAe,EACf,kBAAkB,EAClB,sBAAsB,EACtB,kBAAkB,EAClB,WAAW,EACX,WAAW,EACX,yBAAyB,EACzB,uBAAuB,GACxB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,eAAe,EACf,aAAa,EACb,kBAAkB,EAClB,QAAQ,EACR,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,EAClB,2BAA2B,EAC3B,aAAa,EACb,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,gBAAgB,EAChB,KAAK,kBAAkB,GACxB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,QAAQ,EACR,UAAU,EACV,YAAY,EACZ,cAAc,EACd,gBAAgB,EAChB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,cAAc,EACd,0BAA0B,EAC1B,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,GACzB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,eAAe,EACf,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,GAC1B,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAGrC,OAAO,EACL,mBAAmB,EACnB,WAAW,EACX,YAAY,EACZ,yBAAyB,EACzB,cAAc,EACd,QAAQ,GACT,MAAM,uBAAuB,CAAC;AAG/B,OAAO,EACL,SAAS,EACT,SAAS,EACT,cAAc,EACd,aAAa,GACd,MAAM,cAAc,CAAC;AAGtB,OAAO,EACL,WAAW,EACX,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,gBAAgB,EAChB,KAAK,UAAU,GAChB,MAAM,kBAAkB,CAAC;AAI1B,OAAO,EAEL,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,EAClB,cAAc,EACd,oBAAoB,EACpB,iBAAiB,EACjB,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,yBAAyB,EACzB,0BAA0B,EAC1B,iBAAiB,EACjB,qBAAqB,EAErB,yBAAyB,EACzB,0BAA0B,EAC1B,4BAA4B,EAC5B,6BAA6B,EAE7B,qBAAqB,EAErB,sBAAsB,EACtB,uBAAuB,EAEvB,kBAAkB,EAClB,0BAA0B,EAC1B,mBAAmB,EACnB,kBAAkB,EAElB,kBAAkB,EAClB,yBAAyB,EAEzB,KAAK,WAAW,EAChB,KAAK,iBAAiB,EACtB,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,KAAK,QAAQ,EACb,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,YAAY,EACjB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EAClB,KAAK,iBAAiB,EAEtB,KAAK,gBAAgB,EAErB,eAAe,EACf,kBAAkB,EAClB,YAAY,EACZ,uBAAuB,EAEvB,cAAc,EACd,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,GACb,MAAM,cAAc,CAAC;AAItB,OAAO,EAEL,kBAAkB,EAClB,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,EACnB,KAAK,YAAY,EAEjB,kBAAkB,EAClB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,KAAK,mBAAmB,GACzB,MAAM,iBAAiB,CAAC;AAIzB,OAAO,EAEL,gBAAgB,EAChB,mBAAmB,EACnB,YAAY,EACZ,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,mBAAmB,EACnB,WAAW,EAEX,YAAY,EACZ,aAAa,EACb,cAAc,EACd,UAAU,EACV,YAAY,EACZ,aAAa,EACb,UAAU,EAEV,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,mBAAmB,EAEnB,uBAAuB,EACvB,kBAAkB,EAClB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,KAAK,mBAAmB,EAExB,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,EAEpB,cAAc,EACd,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,WAAW,EACX,cAAc,EACd,YAAY,EACZ,qBAAqB,GACtB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EAEL,YAAY,EACZ,UAAU,EACV,KAAK,IAAI,EACT,KAAK,UAAU,EACf,KAAK,gBAAgB,EACrB,KAAK,YAAY,EACjB,KAAK,UAAU,EAEf,SAAS,EAET,YAAY,EACZ,kBAAkB,EAClB,SAAS,EAET,QAAQ,EACR,QAAQ,GACT,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,iBAAiB,EACjB,sBAAsB,EACtB,cAAc,EACd,iBAAiB,EACjB,0BAA0B,EAC1B,KAAK,eAAe,GACrB,MAAM,qBAAqB,CAAC"}
|
package/dist/utils/index.js
CHANGED
|
@@ -60,7 +60,9 @@ isWithinDateRange, parseDateRange, isValidISODate, getCurrentTimestamp,
|
|
|
60
60
|
// Filter utilities
|
|
61
61
|
isWithinImportanceRange, filterByImportance, filterByCreatedDate, filterByModifiedDate, filterByEntityType, entityPassesFilters,
|
|
62
62
|
// Path utilities
|
|
63
|
-
validateFilePath, defaultMemoryPath, ensureMemoryFilePath,
|
|
63
|
+
validateFilePath, defaultMemoryPath, ensureMemoryFilePath,
|
|
64
|
+
// Security utilities
|
|
65
|
+
sanitizeObject, escapeCsvFormula, } from './entityUtils.js';
|
|
64
66
|
// ==================== Parallel Utilities ====================
|
|
65
67
|
export { parallelMap, parallelFilter, getPoolStats, shutdownParallelUtils, } from './parallelUtils.js';
|
|
66
68
|
// ==================== Task Scheduler ====================
|
package/dist/utils/logger.d.ts
CHANGED
|
@@ -2,22 +2,29 @@
|
|
|
2
2
|
* Simple logging utility for the Memory MCP Server
|
|
3
3
|
*
|
|
4
4
|
* Provides consistent log formatting with levels: debug, info, warn, error
|
|
5
|
+
*
|
|
6
|
+
* IMPORTANT: All log output goes to stderr to avoid interfering with
|
|
7
|
+
* JSON-RPC communication on stdout when running as an MCP server.
|
|
5
8
|
*/
|
|
6
9
|
export declare const logger: {
|
|
7
10
|
/**
|
|
8
11
|
* Debug level logging (verbose, for development)
|
|
12
|
+
* Output: stderr (to avoid interfering with JSON-RPC)
|
|
9
13
|
*/
|
|
10
14
|
debug: (msg: string, ...args: unknown[]) => void;
|
|
11
15
|
/**
|
|
12
16
|
* Info level logging (general informational messages)
|
|
17
|
+
* Output: stderr (to avoid interfering with JSON-RPC)
|
|
13
18
|
*/
|
|
14
19
|
info: (msg: string, ...args: unknown[]) => void;
|
|
15
20
|
/**
|
|
16
21
|
* Warning level logging (warnings that don't prevent operation)
|
|
22
|
+
* Output: stderr (native console.warn behavior)
|
|
17
23
|
*/
|
|
18
24
|
warn: (msg: string, ...args: unknown[]) => void;
|
|
19
25
|
/**
|
|
20
26
|
* Error level logging (errors that affect functionality)
|
|
27
|
+
* Output: stderr (native console.error behavior)
|
|
21
28
|
*/
|
|
22
29
|
error: (msg: string, ...args: unknown[]) => void;
|
|
23
30
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,eAAO,MAAM,MAAM;IACjB;;;OAGG;iBACU,MAAM,WAAW,OAAO,EAAE,KAAG,IAAI;IAM9C;;;OAGG;gBACS,MAAM,WAAW,OAAO,EAAE,KAAG,IAAI;IAI7C;;;OAGG;gBACS,MAAM,WAAW,OAAO,EAAE,KAAG,IAAI;IAI7C;;;OAGG;iBACU,MAAM,WAAW,OAAO,EAAE,KAAG,IAAI;CAG/C,CAAC"}
|
package/dist/utils/logger.js
CHANGED
|
@@ -2,30 +2,37 @@
|
|
|
2
2
|
* Simple logging utility for the Memory MCP Server
|
|
3
3
|
*
|
|
4
4
|
* Provides consistent log formatting with levels: debug, info, warn, error
|
|
5
|
+
*
|
|
6
|
+
* IMPORTANT: All log output goes to stderr to avoid interfering with
|
|
7
|
+
* JSON-RPC communication on stdout when running as an MCP server.
|
|
5
8
|
*/
|
|
6
9
|
export const logger = {
|
|
7
10
|
/**
|
|
8
11
|
* Debug level logging (verbose, for development)
|
|
12
|
+
* Output: stderr (to avoid interfering with JSON-RPC)
|
|
9
13
|
*/
|
|
10
14
|
debug: (msg, ...args) => {
|
|
11
15
|
if (process.env.LOG_LEVEL === 'debug') {
|
|
12
|
-
console.
|
|
16
|
+
console.error(`[DEBUG] ${msg}`, ...args);
|
|
13
17
|
}
|
|
14
18
|
},
|
|
15
19
|
/**
|
|
16
20
|
* Info level logging (general informational messages)
|
|
21
|
+
* Output: stderr (to avoid interfering with JSON-RPC)
|
|
17
22
|
*/
|
|
18
23
|
info: (msg, ...args) => {
|
|
19
|
-
console.
|
|
24
|
+
console.error(`[INFO] ${msg}`, ...args);
|
|
20
25
|
},
|
|
21
26
|
/**
|
|
22
27
|
* Warning level logging (warnings that don't prevent operation)
|
|
28
|
+
* Output: stderr (native console.warn behavior)
|
|
23
29
|
*/
|
|
24
30
|
warn: (msg, ...args) => {
|
|
25
31
|
console.warn(`[WARN] ${msg}`, ...args);
|
|
26
32
|
},
|
|
27
33
|
/**
|
|
28
34
|
* Error level logging (errors that affect functionality)
|
|
35
|
+
* Output: stderr (native console.error behavior)
|
|
29
36
|
*/
|
|
30
37
|
error: (msg, ...args) => {
|
|
31
38
|
console.error(`[ERROR] ${msg}`, ...args);
|
|
@@ -4,6 +4,10 @@
|
|
|
4
4
|
* Utilities for parallel array operations using workerpool.
|
|
5
5
|
* Phase 8 Sprint 3: Parallel array operations for improved performance.
|
|
6
6
|
*
|
|
7
|
+
* **SECURITY WARNING:** These functions use `new Function()` internally for worker serialization.
|
|
8
|
+
* The `fn` parameter MUST be a real function object, never a user-provided string.
|
|
9
|
+
* Runtime validation ensures only function objects are accepted.
|
|
10
|
+
*
|
|
7
11
|
* @module utils/parallelUtils
|
|
8
12
|
*/
|
|
9
13
|
import workerpool from '@danielsimonjr/workerpool';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parallelUtils.d.ts","sourceRoot":"","sources":["../../src/utils/parallelUtils.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"parallelUtils.d.ts","sourceRoot":"","sources":["../../src/utils/parallelUtils.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,UAAU,MAAM,2BAA2B,CAAC;AAmDnD;;;GAGG;AACH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,IAAI,CAAC,CAK3D;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAsB,WAAW,CAAC,CAAC,EAAE,CAAC,EACpC,KAAK,EAAE,CAAC,EAAE,EACV,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,EAClB,SAAS,GAAE,MAA2B,GACrC,OAAO,CAAC,CAAC,EAAE,CAAC,CA2Cd;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,cAAc,CAAC,CAAC,EACpC,KAAK,EAAE,CAAC,EAAE,EACV,SAAS,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,EAC/B,SAAS,GAAE,MAA2B,GACrC,OAAO,CAAC,CAAC,EAAE,CAAC,CA2Cd;AAED;;;;GAIG;AACH,wBAAgB,YAAY,IAAI,UAAU,CAAC,SAAS,GAAG,IAAI,CAK1D"}
|
|
@@ -4,9 +4,27 @@
|
|
|
4
4
|
* Utilities for parallel array operations using workerpool.
|
|
5
5
|
* Phase 8 Sprint 3: Parallel array operations for improved performance.
|
|
6
6
|
*
|
|
7
|
+
* **SECURITY WARNING:** These functions use `new Function()` internally for worker serialization.
|
|
8
|
+
* The `fn` parameter MUST be a real function object, never a user-provided string.
|
|
9
|
+
* Runtime validation ensures only function objects are accepted.
|
|
10
|
+
*
|
|
7
11
|
* @module utils/parallelUtils
|
|
8
12
|
*/
|
|
9
13
|
import workerpool from '@danielsimonjr/workerpool';
|
|
14
|
+
/**
|
|
15
|
+
* Validates that the input is a real function object.
|
|
16
|
+
* Prevents code injection through string masquerading as functions.
|
|
17
|
+
*
|
|
18
|
+
* @param fn - Function to validate
|
|
19
|
+
* @param paramName - Parameter name for error message
|
|
20
|
+
* @throws {TypeError} If fn is not a function
|
|
21
|
+
* @internal
|
|
22
|
+
*/
|
|
23
|
+
function validateFunction(fn, paramName) {
|
|
24
|
+
if (typeof fn !== 'function') {
|
|
25
|
+
throw new TypeError(`${paramName} must be a function, got ${typeof fn}`);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
10
28
|
/**
|
|
11
29
|
* Default chunk size for parallel operations.
|
|
12
30
|
* Can be overridden per operation.
|
|
@@ -73,6 +91,8 @@ export async function shutdownParallelUtils() {
|
|
|
73
91
|
* ```
|
|
74
92
|
*/
|
|
75
93
|
export async function parallelMap(items, fn, chunkSize = DEFAULT_CHUNK_SIZE) {
|
|
94
|
+
// Security: Validate that fn is a real function, not a user-provided string
|
|
95
|
+
validateFunction(fn, 'fn');
|
|
76
96
|
// Fall back to single-threaded for small arrays
|
|
77
97
|
if (items.length < MIN_PARALLEL_SIZE) {
|
|
78
98
|
return items.map(fn);
|
|
@@ -127,6 +147,8 @@ export async function parallelMap(items, fn, chunkSize = DEFAULT_CHUNK_SIZE) {
|
|
|
127
147
|
* ```
|
|
128
148
|
*/
|
|
129
149
|
export async function parallelFilter(items, predicate, chunkSize = DEFAULT_CHUNK_SIZE) {
|
|
150
|
+
// Security: Validate that predicate is a real function, not a user-provided string
|
|
151
|
+
validateFunction(predicate, 'predicate');
|
|
130
152
|
// Fall back to single-threaded for small arrays
|
|
131
153
|
if (items.length < MIN_PARALLEL_SIZE) {
|
|
132
154
|
return items.filter(predicate);
|
package/dist/utils/schemas.d.ts
CHANGED
|
@@ -35,7 +35,7 @@ export declare const CreateEntitySchema: z.ZodObject<{
|
|
|
35
35
|
parentId: z.ZodOptional<z.ZodString>;
|
|
36
36
|
createdAt: z.ZodOptional<z.ZodString>;
|
|
37
37
|
lastModified: z.ZodOptional<z.ZodString>;
|
|
38
|
-
}, z.core.$
|
|
38
|
+
}, z.core.$strict>;
|
|
39
39
|
/**
|
|
40
40
|
* Entity update input schema.
|
|
41
41
|
* All fields are optional for partial updates.
|
|
@@ -47,7 +47,7 @@ export declare const UpdateEntitySchema: z.ZodObject<{
|
|
|
47
47
|
tags: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
48
48
|
importance: z.ZodOptional<z.ZodNumber>;
|
|
49
49
|
parentId: z.ZodOptional<z.ZodString>;
|
|
50
|
-
}, z.core.$
|
|
50
|
+
}, z.core.$strict>;
|
|
51
51
|
/**
|
|
52
52
|
* Complete Relation schema with all fields.
|
|
53
53
|
* Used for validating full relation objects including timestamps.
|
|
@@ -70,7 +70,7 @@ export declare const CreateRelationSchema: z.ZodObject<{
|
|
|
70
70
|
relationType: z.ZodString;
|
|
71
71
|
createdAt: z.ZodOptional<z.ZodString>;
|
|
72
72
|
lastModified: z.ZodOptional<z.ZodString>;
|
|
73
|
-
}, z.core.$
|
|
73
|
+
}, z.core.$strict>;
|
|
74
74
|
/**
|
|
75
75
|
* Search query validation.
|
|
76
76
|
* Validates text search queries with reasonable length constraints.
|
|
@@ -82,14 +82,14 @@ export declare const SearchQuerySchema: z.ZodString;
|
|
|
82
82
|
export declare const DateRangeSchema: z.ZodObject<{
|
|
83
83
|
start: z.ZodString;
|
|
84
84
|
end: z.ZodString;
|
|
85
|
-
}, z.core.$
|
|
85
|
+
}, z.core.$strict>;
|
|
86
86
|
/**
|
|
87
87
|
* Tag alias validation for TagManager.
|
|
88
88
|
*/
|
|
89
89
|
export declare const TagAliasSchema: z.ZodObject<{
|
|
90
90
|
canonical: z.ZodString;
|
|
91
91
|
aliases: z.ZodArray<z.ZodString>;
|
|
92
|
-
}, z.core.$
|
|
92
|
+
}, z.core.$strict>;
|
|
93
93
|
/**
|
|
94
94
|
* Export format validation.
|
|
95
95
|
*/
|
|
@@ -112,7 +112,7 @@ export declare const BatchCreateEntitiesSchema: z.ZodArray<z.ZodObject<{
|
|
|
112
112
|
parentId: z.ZodOptional<z.ZodString>;
|
|
113
113
|
createdAt: z.ZodOptional<z.ZodString>;
|
|
114
114
|
lastModified: z.ZodOptional<z.ZodString>;
|
|
115
|
-
}, z.core.$
|
|
115
|
+
}, z.core.$strict>>;
|
|
116
116
|
/**
|
|
117
117
|
* Batch relation creation validation.
|
|
118
118
|
* Validates array of relations with maximum constraints.
|
|
@@ -124,7 +124,7 @@ export declare const BatchCreateRelationsSchema: z.ZodArray<z.ZodObject<{
|
|
|
124
124
|
relationType: z.ZodString;
|
|
125
125
|
createdAt: z.ZodOptional<z.ZodString>;
|
|
126
126
|
lastModified: z.ZodOptional<z.ZodString>;
|
|
127
|
-
}, z.core.$
|
|
127
|
+
}, z.core.$strict>>;
|
|
128
128
|
/**
|
|
129
129
|
* Entity name array validation for batch deletion.
|
|
130
130
|
*/
|
|
@@ -138,7 +138,7 @@ export declare const DeleteRelationsSchema: z.ZodArray<z.ZodObject<{
|
|
|
138
138
|
relationType: z.ZodString;
|
|
139
139
|
createdAt: z.ZodOptional<z.ZodString>;
|
|
140
140
|
lastModified: z.ZodOptional<z.ZodString>;
|
|
141
|
-
}, z.core.$
|
|
141
|
+
}, z.core.$strict>>;
|
|
142
142
|
/**
|
|
143
143
|
* Single observation input for add operations.
|
|
144
144
|
* Empty contents array is allowed (no-op).
|
|
@@ -146,7 +146,7 @@ export declare const DeleteRelationsSchema: z.ZodArray<z.ZodObject<{
|
|
|
146
146
|
export declare const AddObservationInputSchema: z.ZodObject<{
|
|
147
147
|
entityName: z.ZodString;
|
|
148
148
|
contents: z.ZodArray<z.ZodString>;
|
|
149
|
-
}, z.core.$
|
|
149
|
+
}, z.core.$strict>;
|
|
150
150
|
/**
|
|
151
151
|
* Batch observation addition validation.
|
|
152
152
|
* Empty array is allowed (no-op).
|
|
@@ -154,7 +154,7 @@ export declare const AddObservationInputSchema: z.ZodObject<{
|
|
|
154
154
|
export declare const AddObservationsInputSchema: z.ZodArray<z.ZodObject<{
|
|
155
155
|
entityName: z.ZodString;
|
|
156
156
|
contents: z.ZodArray<z.ZodString>;
|
|
157
|
-
}, z.core.$
|
|
157
|
+
}, z.core.$strict>>;
|
|
158
158
|
/**
|
|
159
159
|
* Single observation deletion input.
|
|
160
160
|
* Empty observations array is allowed (no-op).
|
|
@@ -163,7 +163,7 @@ export declare const AddObservationsInputSchema: z.ZodArray<z.ZodObject<{
|
|
|
163
163
|
export declare const DeleteObservationInputSchema: z.ZodObject<{
|
|
164
164
|
entityName: z.ZodString;
|
|
165
165
|
observations: z.ZodArray<z.ZodString>;
|
|
166
|
-
}, z.core.$
|
|
166
|
+
}, z.core.$strict>;
|
|
167
167
|
/**
|
|
168
168
|
* Batch observation deletion validation.
|
|
169
169
|
* Empty array is allowed (no-op).
|
|
@@ -171,7 +171,7 @@ export declare const DeleteObservationInputSchema: z.ZodObject<{
|
|
|
171
171
|
export declare const DeleteObservationsInputSchema: z.ZodArray<z.ZodObject<{
|
|
172
172
|
entityName: z.ZodString;
|
|
173
173
|
observations: z.ZodArray<z.ZodString>;
|
|
174
|
-
}, z.core.$
|
|
174
|
+
}, z.core.$strict>>;
|
|
175
175
|
/**
|
|
176
176
|
* Archive criteria validation.
|
|
177
177
|
* All fields are optional - the manager handles the case when no criteria provided.
|
|
@@ -180,7 +180,7 @@ export declare const ArchiveCriteriaSchema: z.ZodObject<{
|
|
|
180
180
|
olderThan: z.ZodOptional<z.ZodString>;
|
|
181
181
|
importanceLessThan: z.ZodOptional<z.ZodNumber>;
|
|
182
182
|
tags: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
183
|
-
}, z.core.$
|
|
183
|
+
}, z.core.$strict>;
|
|
184
184
|
/**
|
|
185
185
|
* Saved search creation input validation.
|
|
186
186
|
*/
|
|
@@ -192,7 +192,7 @@ export declare const SavedSearchInputSchema: z.ZodObject<{
|
|
|
192
192
|
minImportance: z.ZodOptional<z.ZodNumber>;
|
|
193
193
|
maxImportance: z.ZodOptional<z.ZodNumber>;
|
|
194
194
|
entityType: z.ZodOptional<z.ZodString>;
|
|
195
|
-
}, z.core.$
|
|
195
|
+
}, z.core.$strict>;
|
|
196
196
|
/**
|
|
197
197
|
* Saved search update validation.
|
|
198
198
|
* All fields are optional for partial updates.
|
|
@@ -204,7 +204,7 @@ export declare const SavedSearchUpdateSchema: z.ZodObject<{
|
|
|
204
204
|
minImportance: z.ZodOptional<z.ZodNumber>;
|
|
205
205
|
maxImportance: z.ZodOptional<z.ZodNumber>;
|
|
206
206
|
entityType: z.ZodOptional<z.ZodString>;
|
|
207
|
-
}, z.core.$
|
|
207
|
+
}, z.core.$strict>;
|
|
208
208
|
/**
|
|
209
209
|
* Import format validation.
|
|
210
210
|
*/
|
|
@@ -242,7 +242,7 @@ export declare const ExportFilterSchema: z.ZodObject<{
|
|
|
242
242
|
endDate: z.ZodOptional<z.ZodString>;
|
|
243
243
|
entityType: z.ZodOptional<z.ZodString>;
|
|
244
244
|
tags: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
245
|
-
}, z.core.$
|
|
245
|
+
}, z.core.$strict>;
|
|
246
246
|
/**
|
|
247
247
|
* Tags array validation (optional, for search filters).
|
|
248
248
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../../src/utils/schemas.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,KAAK,SAAS,EAAE,KAAK,QAAQ,EAAE,MAAM,KAAK,CAAC;AA4EvD;;;GAGG;AACH,eAAO,MAAM,YAAY;;;;;;;;;kBASd,CAAC;AAEZ;;;;GAIG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"schemas.d.ts","sourceRoot":"","sources":["../../src/utils/schemas.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,CAAC,EAAE,KAAK,SAAS,EAAE,KAAK,QAAQ,EAAE,MAAM,KAAK,CAAC;AA4EvD;;;GAGG;AACH,eAAO,MAAM,YAAY;;;;;;;;;kBASd,CAAC;AAEZ;;;;GAIG;AACH,eAAO,MAAM,kBAAkB;;;;;;;;;kBASpB,CAAC;AAEZ;;;;GAIG;AACH,eAAO,MAAM,kBAAkB;;;;;;kBAMpB,CAAC;AAIZ;;;GAGG;AACH,eAAO,MAAM,cAAc;;;;;;kBAMhB,CAAC;AAEZ;;;;GAIG;AACH,eAAO,MAAM,oBAAoB;;;;;;kBAMtB,CAAC;AAIZ;;;GAGG;AACH,eAAO,MAAM,iBAAiB,aAGrB,CAAC;AAEV;;GAEG;AACH,eAAO,MAAM,eAAe;;;kBAM3B,CAAC;AAIF;;GAEG;AACH,eAAO,MAAM,cAAc;;;kBAGhB,CAAC;AAIZ;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;;EAAqC,CAAC;AAIrE;;;;GAIG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;;mBACiC,CAAC;AAExE;;;;GAIG;AACH,eAAO,MAAM,0BAA0B;;;;;;mBACiC,CAAC;AAEzE;;GAEG;AACH,eAAO,MAAM,iBAAiB,yBAEyC,CAAC;AAExE;;GAEG;AACH,eAAO,MAAM,qBAAqB;;;;;;mBAEsC,CAAC;AAIzE;;;GAGG;AACH,eAAO,MAAM,yBAAyB;;;kBAG3B,CAAC;AAEZ;;;GAGG;AACH,eAAO,MAAM,0BAA0B;;;mBAC6C,CAAC;AAErF;;;;GAIG;AACH,eAAO,MAAM,4BAA4B;;;kBAG9B,CAAC;AAEZ;;;GAGG;AACH,eAAO,MAAM,6BAA6B;;;mBAC+C,CAAC;AAI1F;;;GAGG;AACH,eAAO,MAAM,qBAAqB;;;;kBAIvB,CAAC;AAIZ;;GAEG;AACH,eAAO,MAAM,sBAAsB;;;;;;;;kBAQxB,CAAC;AAEZ;;;GAGG;AACH,eAAO,MAAM,uBAAuB;;;;;;;kBAOzB,CAAC;AAIZ;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;;EAAqC,CAAC;AAErE;;GAEG;AACH,eAAO,MAAM,0BAA0B;;;;;;;;EAA2E,CAAC;AAEnH;;GAEG;AACH,eAAO,MAAM,mBAAmB;;;;;EAA+C,CAAC;AAEhF;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;;;kBAKpB,CAAC;AAIZ;;GAEG;AACH,eAAO,MAAM,kBAAkB,wCAAgC,CAAC;AAEhE;;GAEG;AACH,eAAO,MAAM,yBAAyB,wCAAuC,CAAC;AAI9E,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AACvD,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACnE,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AACnE,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAC3D,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AACvE,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AACxD,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AACtD,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAC9D,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAC5E,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAClF,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AACzE,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AACtE,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAC7E,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAC9D,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAC9E,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAChE,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAInE;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAID;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,QAAQ,GAAG,MAAM,EAAE,CAKzD;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,EAClC,IAAI,EAAE,OAAO,EACb,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EACpB,YAAY,GAAE,MAA4B,GACzC,CAAC,CAOH;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,YAAY,CAAC,CAAC,EAC5B,IAAI,EAAE,OAAO,EACb,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,GACnB;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,IAAI,EAAE,CAAC,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAMnE;AAED;;;;;;;;;GASG;AACH,wBAAgB,uBAAuB,CAAC,CAAC,EACvC,KAAK,EAAE,OAAO,EAAE,EAChB,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EACpB,YAAY,GAAE,MAAkC,GAC/C,CAAC,EAAE,CAmBL;AAWD;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,GAAG,gBAAgB,CAsChE;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,OAAO,GAAG,gBAAgB,CAoBpE;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAK9D;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,OAAO,GAAG,gBAAgB,CAY5D"}
|
package/dist/utils/schemas.js
CHANGED
|
@@ -98,7 +98,7 @@ export const CreateEntitySchema = z.object({
|
|
|
98
98
|
parentId: entityNameSchema.optional(),
|
|
99
99
|
createdAt: isoDateSchema.optional(),
|
|
100
100
|
lastModified: isoDateSchema.optional(),
|
|
101
|
-
});
|
|
101
|
+
}).strict();
|
|
102
102
|
/**
|
|
103
103
|
* Entity update input schema.
|
|
104
104
|
* All fields are optional for partial updates.
|
|
@@ -110,7 +110,7 @@ export const UpdateEntitySchema = z.object({
|
|
|
110
110
|
tags: z.array(tagSchema).optional(),
|
|
111
111
|
importance: importanceSchema.optional(),
|
|
112
112
|
parentId: entityNameSchema.optional(),
|
|
113
|
-
});
|
|
113
|
+
}).strict();
|
|
114
114
|
// ==================== Relation Schemas ====================
|
|
115
115
|
/**
|
|
116
116
|
* Complete Relation schema with all fields.
|
|
@@ -134,7 +134,7 @@ export const CreateRelationSchema = z.object({
|
|
|
134
134
|
relationType: relationTypeSchema,
|
|
135
135
|
createdAt: isoDateSchema.optional(),
|
|
136
136
|
lastModified: isoDateSchema.optional(),
|
|
137
|
-
});
|
|
137
|
+
}).strict();
|
|
138
138
|
// ==================== Search Schemas ====================
|
|
139
139
|
/**
|
|
140
140
|
* Search query validation.
|
|
@@ -150,7 +150,7 @@ export const SearchQuerySchema = z.string()
|
|
|
150
150
|
export const DateRangeSchema = z.object({
|
|
151
151
|
start: isoDateSchema,
|
|
152
152
|
end: isoDateSchema,
|
|
153
|
-
}).refine((data) => new Date(data.start) <= new Date(data.end), { message: 'Start date must be before or equal to end date' });
|
|
153
|
+
}).strict().refine((data) => new Date(data.start) <= new Date(data.end), { message: 'Start date must be before or equal to end date' });
|
|
154
154
|
// ==================== Tag Schemas ====================
|
|
155
155
|
/**
|
|
156
156
|
* Tag alias validation for TagManager.
|
|
@@ -158,7 +158,7 @@ export const DateRangeSchema = z.object({
|
|
|
158
158
|
export const TagAliasSchema = z.object({
|
|
159
159
|
canonical: tagSchema,
|
|
160
160
|
aliases: z.array(tagSchema).min(1, 'Must have at least one alias'),
|
|
161
|
-
});
|
|
161
|
+
}).strict();
|
|
162
162
|
// ==================== Export Schemas ====================
|
|
163
163
|
/**
|
|
164
164
|
* Export format validation.
|
|
@@ -199,7 +199,7 @@ export const DeleteRelationsSchema = z.array(CreateRelationSchema)
|
|
|
199
199
|
export const AddObservationInputSchema = z.object({
|
|
200
200
|
entityName: entityNameSchema,
|
|
201
201
|
contents: z.array(observationSchema),
|
|
202
|
-
});
|
|
202
|
+
}).strict();
|
|
203
203
|
/**
|
|
204
204
|
* Batch observation addition validation.
|
|
205
205
|
* Empty array is allowed (no-op).
|
|
@@ -214,7 +214,7 @@ export const AddObservationsInputSchema = z.array(AddObservationInputSchema)
|
|
|
214
214
|
export const DeleteObservationInputSchema = z.object({
|
|
215
215
|
entityName: entityNameSchema,
|
|
216
216
|
observations: z.array(observationSchema),
|
|
217
|
-
});
|
|
217
|
+
}).strict();
|
|
218
218
|
/**
|
|
219
219
|
* Batch observation deletion validation.
|
|
220
220
|
* Empty array is allowed (no-op).
|
|
@@ -227,10 +227,10 @@ export const DeleteObservationsInputSchema = z.array(DeleteObservationInputSchem
|
|
|
227
227
|
* All fields are optional - the manager handles the case when no criteria provided.
|
|
228
228
|
*/
|
|
229
229
|
export const ArchiveCriteriaSchema = z.object({
|
|
230
|
-
olderThan:
|
|
230
|
+
olderThan: isoDateSchema.optional(),
|
|
231
231
|
importanceLessThan: z.number().min(0).max(10).optional(),
|
|
232
232
|
tags: z.array(tagSchema).optional(),
|
|
233
|
-
});
|
|
233
|
+
}).strict();
|
|
234
234
|
// ==================== Saved Search Schemas ====================
|
|
235
235
|
/**
|
|
236
236
|
* Saved search creation input validation.
|
|
@@ -243,7 +243,7 @@ export const SavedSearchInputSchema = z.object({
|
|
|
243
243
|
minImportance: importanceSchema.optional(),
|
|
244
244
|
maxImportance: importanceSchema.optional(),
|
|
245
245
|
entityType: entityTypeSchema.optional(),
|
|
246
|
-
});
|
|
246
|
+
}).strict();
|
|
247
247
|
/**
|
|
248
248
|
* Saved search update validation.
|
|
249
249
|
* All fields are optional for partial updates.
|
|
@@ -255,7 +255,7 @@ export const SavedSearchUpdateSchema = z.object({
|
|
|
255
255
|
minImportance: importanceSchema.optional(),
|
|
256
256
|
maxImportance: importanceSchema.optional(),
|
|
257
257
|
entityType: entityTypeSchema.optional(),
|
|
258
|
-
});
|
|
258
|
+
}).strict();
|
|
259
259
|
// ==================== Import/Export Schemas ====================
|
|
260
260
|
/**
|
|
261
261
|
* Import format validation.
|
|
@@ -277,7 +277,7 @@ export const ExportFilterSchema = z.object({
|
|
|
277
277
|
endDate: isoDateSchema.optional(),
|
|
278
278
|
entityType: entityTypeSchema.optional(),
|
|
279
279
|
tags: z.array(tagSchema).optional(),
|
|
280
|
-
});
|
|
280
|
+
}).strict();
|
|
281
281
|
// ==================== Search Parameter Schemas ====================
|
|
282
282
|
/**
|
|
283
283
|
* Tags array validation (optional, for search filters).
|
|
@@ -4,6 +4,10 @@
|
|
|
4
4
|
* Advanced task scheduling utilities using workerpool.
|
|
5
5
|
* Phase 8 Sprint 4: Priority queues, concurrency control, progress tracking.
|
|
6
6
|
*
|
|
7
|
+
* **SECURITY WARNING:** TaskQueue uses `new Function()` internally for worker serialization.
|
|
8
|
+
* Task functions MUST be real function objects, never user-provided strings.
|
|
9
|
+
* Runtime validation ensures only function objects are accepted.
|
|
10
|
+
*
|
|
7
11
|
* @module utils/taskScheduler
|
|
8
12
|
*/
|
|
9
13
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"taskScheduler.d.ts","sourceRoot":"","sources":["../../src/utils/taskScheduler.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"taskScheduler.d.ts","sourceRoot":"","sources":["../../src/utils/taskScheduler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAqBH;;;GAGG;AACH,oBAAY,YAAY;IACtB,GAAG,IAAI;IACP,MAAM,IAAI;IACV,IAAI,IAAI;IACR,QAAQ,IAAI;CACb;AAED;;GAEG;AACH,oBAAY,UAAU;IACpB,OAAO,YAAY;IACnB,OAAO,YAAY;IACnB,SAAS,cAAc;IACvB,MAAM,WAAW;IACjB,SAAS,cAAc;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,IAAI,CAAC,CAAC,GAAG,OAAO,EAAE,CAAC,GAAG,OAAO;IAC5C,6BAA6B;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,oBAAoB;IACpB,QAAQ,EAAE,YAAY,CAAC;IACvB,iDAAiD;IACjD,EAAE,EAAE,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC;IACpB,kCAAkC;IAClC,KAAK,EAAE,CAAC,CAAC;IACT,uCAAuC;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,6BAA6B;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,UAAU,CAAC,CAAC,GAAG,OAAO;IACrC,sBAAsB;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,kBAAkB;IAClB,MAAM,EAAE,UAAU,CAAC;IACnB,2BAA2B;IAC3B,MAAM,CAAC,EAAE,CAAC,CAAC;IACX,sBAAsB;IACtB,KAAK,CAAC,EAAE,KAAK,CAAC;IACd,yCAAyC;IACzC,QAAQ,EAAE,MAAM,CAAC;IACjB,sBAAsB;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,oBAAoB;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,QAAQ,EAAE;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,KAAK,IAAI,CAAC;AAEX;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,wDAAwD;IACxD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oDAAoD;IACpD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wBAAwB;IACxB,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B,sDAAsD;IACtD,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,8BAA8B;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,oBAAoB,EAAE,MAAM,CAAC;IAC7B,4BAA4B;IAC5B,cAAc,EAAE,MAAM,CAAC;CACxB;AAcD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,qBAAa,SAAS;IACpB,OAAO,CAAC,KAAK,CAAoB;IACjC,OAAO,CAAC,OAAO,CAAsC;IACrD,OAAO,CAAC,SAAS,CAAoB;IACrC,OAAO,CAAC,IAAI,CAAgC;IAC5C,OAAO,CAAC,WAAW,CAAS;IAC5B,OAAO,CAAC,cAAc,CAAS;IAC/B,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,cAAc,CAAK;IAC3B,OAAO,CAAC,aAAa,CAAU;gBAEnB,OAAO,GAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC;QAAC,aAAa,CAAC,EAAE,OAAO,CAAA;KAAO;IAM7F;;OAEG;IACH,OAAO,CAAC,OAAO;IAUf;;;;;OAKG;IACH,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IA4BvD;;OAEG;YACW,WAAW;IAsFzB;;;;;OAKG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAmB/B;;;;OAIG;IACG,KAAK,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;IAQpC;;OAEG;IACH,QAAQ,IAAI,UAAU;IAYtB;;OAEG;IACH,cAAc,IAAI,IAAI;IAItB;;OAEG;IACG,QAAQ,IAAI,OAAO,CAAC,IAAI,CAAC;CAsBhC;AAID;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAsB,YAAY,CAAC,CAAC,EAAE,CAAC,EACrC,KAAK,EAAE,CAAC,EAAE,EACV,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,EAC/B,OAAO,GAAE,YAAiB,GACzB,OAAO,CAAC,KAAK,CAAC;IAAE,OAAO,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,CAAC,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAE,CAAC,CAAC,CAqDjF;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,kBAAkB,CAAC,CAAC,EAAE,CAAC,EAC3C,KAAK,EAAE,CAAC,EAAE,EACV,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,EAC/B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,CAAC,EAAE,CAAC,CAmBd;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,SAAS,CAAC,CAAC,EAC/B,EAAE,EAAE,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,EACxB,OAAO,GAAE;IACP,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CAC9C,GACL,OAAO,CAAC,CAAC,CAAC,CAsBZ;AAED;;;;;;;;GAQG;AACH,wBAAgB,QAAQ,CAAC,CAAC,SAAS,OAAO,EAAE,EAAE,CAAC,EAC7C,EAAE,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC,KAAK,CAAC,EACrB,KAAK,EAAE,MAAM,GACZ,CAAC,GAAG,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC,CAAC,CAAC,CAqB5B;AAED;;;;;;;;GAQG;AACH,wBAAgB,QAAQ,CAAC,CAAC,SAAS,OAAO,EAAE,EAAE,CAAC,EAC7C,EAAE,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC,KAAK,CAAC,EACrB,KAAK,EAAE,MAAM,GACZ,CAAC,GAAG,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,SAAS,CAW/B"}
|
|
@@ -4,9 +4,27 @@
|
|
|
4
4
|
* Advanced task scheduling utilities using workerpool.
|
|
5
5
|
* Phase 8 Sprint 4: Priority queues, concurrency control, progress tracking.
|
|
6
6
|
*
|
|
7
|
+
* **SECURITY WARNING:** TaskQueue uses `new Function()` internally for worker serialization.
|
|
8
|
+
* Task functions MUST be real function objects, never user-provided strings.
|
|
9
|
+
* Runtime validation ensures only function objects are accepted.
|
|
10
|
+
*
|
|
7
11
|
* @module utils/taskScheduler
|
|
8
12
|
*/
|
|
9
13
|
import workerpool from '@danielsimonjr/workerpool';
|
|
14
|
+
/**
|
|
15
|
+
* Validates that the input is a real function object.
|
|
16
|
+
* Prevents code injection through string masquerading as functions.
|
|
17
|
+
*
|
|
18
|
+
* @param fn - Function to validate
|
|
19
|
+
* @param paramName - Parameter name for error message
|
|
20
|
+
* @throws {TypeError} If fn is not a function
|
|
21
|
+
* @internal
|
|
22
|
+
*/
|
|
23
|
+
function validateFunction(fn, paramName) {
|
|
24
|
+
if (typeof fn !== 'function') {
|
|
25
|
+
throw new TypeError(`${paramName} must be a function, got ${typeof fn}`);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
10
28
|
// ==================== Types ====================
|
|
11
29
|
/**
|
|
12
30
|
* Task priority levels.
|
|
@@ -91,6 +109,8 @@ export class TaskQueue {
|
|
|
91
109
|
* @returns Promise that resolves when the task completes
|
|
92
110
|
*/
|
|
93
111
|
enqueue(task) {
|
|
112
|
+
// Security: Validate that task.fn is a real function, not a user-provided string
|
|
113
|
+
validateFunction(task.fn, 'task.fn');
|
|
94
114
|
return new Promise((resolve, reject) => {
|
|
95
115
|
const queuedTask = {
|
|
96
116
|
...task,
|
package/package.json
CHANGED