@defai.digital/guard 13.4.9 → 13.4.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy-engine.d.ts","sourceRoot":"","sources":["../src/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"policy-engine.d.ts","sourceRoot":"","sources":["../src/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAwO7E;;GAEG;AACH,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAE9D;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,MAAM,EAAE,CAEvC;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAC3B,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EACd,cAAc,CAAC,EAAE,eAAe,GAC/B,iBAAiB,CA2CnB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE1D"}
|
package/dist/policy-engine.js
CHANGED
|
@@ -164,14 +164,57 @@ const BUILTIN_POLICIES = {
|
|
|
164
164
|
changeRadiusLimit: 5,
|
|
165
165
|
},
|
|
166
166
|
};
|
|
167
|
+
/**
|
|
168
|
+
* Pattern for detecting path traversal attempts
|
|
169
|
+
* INV-GUARD-PATH-001: Path traversal prevention
|
|
170
|
+
*/
|
|
171
|
+
const PATH_TRAVERSAL_PATTERN = /(?:^|[/\\])\.\.(?:[/\\]|$)/;
|
|
172
|
+
/**
|
|
173
|
+
* Validates a variable value is safe for path substitution
|
|
174
|
+
* INV-GUARD-PATH-001: Prevent path traversal via variable injection
|
|
175
|
+
*/
|
|
176
|
+
function isSafePathValue(value) {
|
|
177
|
+
// Reject empty values
|
|
178
|
+
if (value.length === 0)
|
|
179
|
+
return false;
|
|
180
|
+
// Reject path traversal attempts
|
|
181
|
+
if (PATH_TRAVERSAL_PATTERN.test(value))
|
|
182
|
+
return false;
|
|
183
|
+
// Reject absolute paths
|
|
184
|
+
if (value.startsWith('/') || /^[A-Za-z]:/.test(value))
|
|
185
|
+
return false;
|
|
186
|
+
// Reject null bytes (could truncate paths)
|
|
187
|
+
if (value.includes('\0'))
|
|
188
|
+
return false;
|
|
189
|
+
return true;
|
|
190
|
+
}
|
|
191
|
+
/**
|
|
192
|
+
* Escapes a string for use in a regular expression
|
|
193
|
+
* INV-GUARD-REGEX-001: Prevent regex injection via variable keys
|
|
194
|
+
*/
|
|
195
|
+
function escapeRegexChars(str) {
|
|
196
|
+
return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
|
|
197
|
+
}
|
|
167
198
|
/**
|
|
168
199
|
* Resolves variable placeholders in a path pattern
|
|
169
200
|
* INV-GUARD-002: Variable Substitution
|
|
201
|
+
* INV-GUARD-PATH-001: Path traversal prevention
|
|
202
|
+
* INV-GUARD-REGEX-001: Regex key escaping
|
|
170
203
|
*/
|
|
171
204
|
function resolvePathVariables(pattern, variables) {
|
|
172
205
|
let resolved = pattern;
|
|
173
206
|
for (const [key, value] of Object.entries(variables)) {
|
|
174
|
-
|
|
207
|
+
const placeholder = `{{${key}}}`;
|
|
208
|
+
// Only validate values that will actually be substituted
|
|
209
|
+
if (pattern.includes(placeholder)) {
|
|
210
|
+
// INV-GUARD-PATH-001: Validate each variable value before substitution
|
|
211
|
+
if (!isSafePathValue(value)) {
|
|
212
|
+
throw new Error(`Unsafe path value for variable '${key}': path traversal or absolute paths not allowed`);
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
// INV-GUARD-REGEX-001: Escape key to prevent regex injection
|
|
216
|
+
const escapedKey = escapeRegexChars(key);
|
|
217
|
+
resolved = resolved.replace(new RegExp(`\\{\\{${escapedKey}\\}\\}`, 'g'), value);
|
|
175
218
|
}
|
|
176
219
|
return resolved;
|
|
177
220
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../src/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH;;;GAGG;AACH,MAAM,gBAAgB,GAA2B;IAC/C,mBAAmB,EAAE;QACnB,QAAQ,EAAE,mBAAmB;QAC7B,YAAY,EAAE;YACZ,yDAAyD;YACzD,yDAAyD;YACzD,gCAAgC;SACjC;QACD,cAAc,EAAE;YACd,uBAAuB;YACvB,kBAAkB;YAClB,iBAAiB;YACjB,wBAAwB;YACxB,mBAAmB;SACpB;QACD,iBAAiB,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;QACvC,KAAK,EAAE,CAAC,gBAAgB,EAAE,YAAY,EAAE,eAAe,EAAE,gBAAgB,CAAC;QAC1E,iBAAiB,EAAE,CAAC;KACrB;IACD,MAAM,EAAE;QACN,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,CAAC,aAAa,CAAC;QAC7B,cAAc,EAAE,CAAC,uBAAuB,CAAC;QACzC,iBAAiB,EAAE,EAAE;QACrB,KAAK,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;QAC1C,iBAAiB,EAAE,CAAC;KACrB;IACD,OAAO,EAAE;QACP,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC;QACzC,cAAc,EAAE,EAAE;QAClB,iBAAiB,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,CAAC;QACpE,KAAK,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;QACvC,iBAAiB,EAAE,EAAE;KACtB;IACD;;;;;OAKG;IACH,eAAe,EAAE;QACf,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE;YACZ,yBAAyB;YACzB,wBAAwB;YACxB,4BAA4B;SAC7B;QACD,cAAc,EAAE;YACd,oDAAoD;YACpD,mBAAmB;YACnB,gDAAgD;YAChD,uBAAuB;SACxB;QACD,iBAAiB,EAAE,EAAE;QACrB,KAAK,EAAE,CAAC,gBAAgB,EAAE,mBAAmB,EAAE,kBAAkB,CAAC;QAClE,iBAAiB,EAAE,CAAC;KACrB;IAED;;;;;;;;;OASG;IACH,eAAe,EAAE;QACf,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE;YACZ,sCAAsC;YACtC,wCAAwC;YACxC,yBAAyB;YACzB,qBAAqB;YACrB,wBAAwB;YACxB,iBAAiB;YACjB,qBAAqB;SACtB;QACD,cAAc,EAAE;YACd,iDAAiD;YACjD,iCAAiC;YACjC,kCAAkC;YAClC,gCAAgC;YAChC,6BAA6B;YAC7B,mBAAmB;SACpB;QACD,iBAAiB,EAAE,CAAC,cAAc,EAAE,oBAAoB,EAAE,QAAQ,CAAC;QACnE,KAAK,EAAE,CAAC,gBAAgB,EAAE,YAAY,EAAE,gBAAgB,CAAC;QACzD,iBAAiB,EAAE,CAAC;KACrB;IAED;;;;;;;OAOG;IACH,qBAAqB,EAAE;QACrB,QAAQ,EAAE,qBAAqB;QAC/B,YAAY,EAAE;YACZ,8BAA8B;YAC9B,gCAAgC;YAChC,iCAAiC;YACjC,0BAA0B;YAC1B,sBAAsB;YACtB,sBAAsB;YACtB,6BAA6B;YAC7B,8CAA8C;SAC/C;QACD,cAAc,EAAE;YACd,wDAAwD;YACxD,kBAAkB;YAClB,yBAAyB;YACzB,sBAAsB;YACtB,sBAAsB;YACtB,mBAAmB;SACpB;QACD,iBAAiB,EAAE,CAAC,oBAAoB,CAAC;QACzC,KAAK,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;QAC1C,iBAAiB,EAAE,CAAC;KACrB;IAED;;;;;;;OAOG;IACH,2BAA2B,EAAE;QAC3B,QAAQ,EAAE,2BAA2B;QACrC,YAAY,EAAE;YACZ,qCAAqC;YACrC,yBAAyB;YACzB,YAAY;YACZ,WAAW;YACX,cAAc;YACd,QAAQ;SACT;QACD,cAAc,EAAE;YACd,mCAAmC;YACnC,UAAU;YACV,iBAAiB;YACjB,aAAa;SACd;QACD,iBAAiB,EAAE,CAAC,oBAAoB,CAAC;QACzC,KAAK,EAAE,CAAC,gBAAgB,EAAE,mBAAmB,EAAE,eAAe,CAAC;QAC/D,iBAAiB,EAAE,CAAC;KACrB;CACF,CAAC;AAEF;;;GAGG;AACH,SAAS,oBAAoB,CAC3B,OAAe,EACf,SAA0B;IAE1B,IAAI,QAAQ,GAAG,OAAO,CAAC;IACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,SAAS,
|
|
1
|
+
{"version":3,"file":"policy-engine.js","sourceRoot":"","sources":["../src/policy-engine.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH;;;GAGG;AACH,MAAM,gBAAgB,GAA2B;IAC/C,mBAAmB,EAAE;QACnB,QAAQ,EAAE,mBAAmB;QAC7B,YAAY,EAAE;YACZ,yDAAyD;YACzD,yDAAyD;YACzD,gCAAgC;SACjC;QACD,cAAc,EAAE;YACd,uBAAuB;YACvB,kBAAkB;YAClB,iBAAiB;YACjB,wBAAwB;YACxB,mBAAmB;SACpB;QACD,iBAAiB,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;QACvC,KAAK,EAAE,CAAC,gBAAgB,EAAE,YAAY,EAAE,eAAe,EAAE,gBAAgB,CAAC;QAC1E,iBAAiB,EAAE,CAAC;KACrB;IACD,MAAM,EAAE;QACN,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,CAAC,aAAa,CAAC;QAC7B,cAAc,EAAE,CAAC,uBAAuB,CAAC;QACzC,iBAAiB,EAAE,EAAE;QACrB,KAAK,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;QAC1C,iBAAiB,EAAE,CAAC;KACrB;IACD,OAAO,EAAE;QACP,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC;QACzC,cAAc,EAAE,EAAE;QAClB,iBAAiB,EAAE,CAAC,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,CAAC;QACpE,KAAK,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;QACvC,iBAAiB,EAAE,EAAE;KACtB;IACD;;;;;OAKG;IACH,eAAe,EAAE;QACf,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE;YACZ,yBAAyB;YACzB,wBAAwB;YACxB,4BAA4B;SAC7B;QACD,cAAc,EAAE;YACd,oDAAoD;YACpD,mBAAmB;YACnB,gDAAgD;YAChD,uBAAuB;SACxB;QACD,iBAAiB,EAAE,EAAE;QACrB,KAAK,EAAE,CAAC,gBAAgB,EAAE,mBAAmB,EAAE,kBAAkB,CAAC;QAClE,iBAAiB,EAAE,CAAC;KACrB;IAED;;;;;;;;;OASG;IACH,eAAe,EAAE;QACf,QAAQ,EAAE,eAAe;QACzB,YAAY,EAAE;YACZ,sCAAsC;YACtC,wCAAwC;YACxC,yBAAyB;YACzB,qBAAqB;YACrB,wBAAwB;YACxB,iBAAiB;YACjB,qBAAqB;SACtB;QACD,cAAc,EAAE;YACd,iDAAiD;YACjD,iCAAiC;YACjC,kCAAkC;YAClC,gCAAgC;YAChC,6BAA6B;YAC7B,mBAAmB;SACpB;QACD,iBAAiB,EAAE,CAAC,cAAc,EAAE,oBAAoB,EAAE,QAAQ,CAAC;QACnE,KAAK,EAAE,CAAC,gBAAgB,EAAE,YAAY,EAAE,gBAAgB,CAAC;QACzD,iBAAiB,EAAE,CAAC;KACrB;IAED;;;;;;;OAOG;IACH,qBAAqB,EAAE;QACrB,QAAQ,EAAE,qBAAqB;QAC/B,YAAY,EAAE;YACZ,8BAA8B;YAC9B,gCAAgC;YAChC,iCAAiC;YACjC,0BAA0B;YAC1B,sBAAsB;YACtB,sBAAsB;YACtB,6BAA6B;YAC7B,8CAA8C;SAC/C;QACD,cAAc,EAAE;YACd,wDAAwD;YACxD,kBAAkB;YAClB,yBAAyB;YACzB,sBAAsB;YACtB,sBAAsB;YACtB,mBAAmB;SACpB;QACD,iBAAiB,EAAE,CAAC,oBAAoB,CAAC;QACzC,KAAK,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;QAC1C,iBAAiB,EAAE,CAAC;KACrB;IAED;;;;;;;OAOG;IACH,2BAA2B,EAAE;QAC3B,QAAQ,EAAE,2BAA2B;QACrC,YAAY,EAAE;YACZ,qCAAqC;YACrC,yBAAyB;YACzB,YAAY;YACZ,WAAW;YACX,cAAc;YACd,QAAQ;SACT;QACD,cAAc,EAAE;YACd,mCAAmC;YACnC,UAAU;YACV,iBAAiB;YACjB,aAAa;SACd;QACD,iBAAiB,EAAE,CAAC,oBAAoB,CAAC;QACzC,KAAK,EAAE,CAAC,gBAAgB,EAAE,mBAAmB,EAAE,eAAe,CAAC;QAC/D,iBAAiB,EAAE,CAAC;KACrB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,sBAAsB,GAAG,4BAA4B,CAAC;AAE5D;;;GAGG;AACH,SAAS,eAAe,CAAC,KAAa;IACpC,sBAAsB;IACtB,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,iCAAiC;IACjC,IAAI,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErD,wBAAwB;IACxB,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEpE,2CAA2C;IAC3C,IAAI,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IAEvC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,GAAW;IACnC,OAAO,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH,SAAS,oBAAoB,CAC3B,OAAe,EACf,SAA0B;IAE1B,IAAI,QAAQ,GAAG,OAAO,CAAC;IACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,MAAM,WAAW,GAAG,KAAK,GAAG,IAAI,CAAC;QACjC,yDAAyD;QACzD,IAAI,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAClC,uEAAuE;YACvE,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CACb,mCAAmC,GAAG,iDAAiD,CACxF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,6DAA6D;QAC7D,MAAM,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACzC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,SAAS,UAAU,QAAQ,EAAE,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;IACnF,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB,CAAC,OAAe;IAC7C,OAAO,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,QAAgB;IACxC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,OAAO,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAC3B,QAAgB,EAChB,MAAc,EACd,cAAgC;IAEhC,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;IAEnC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,mBAAmB,QAAQ,yBAAyB,YAAY,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAChF,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAoB;QACjC,MAAM;QACN,GAAG,cAAc;KAClB,CAAC;IAEF,yBAAyB;IACzB,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACjD,oBAAoB,CAAC,CAAC,EAAE,SAAS,CAAC,CACnC,CAAC;IACF,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACrD,oBAAoB,CAAC,CAAC,EAAE,SAAS,CAAC,CACnC,CAAC;IAEF,iCAAiC;IACjC,MAAM,iBAAiB,GAAG,YAAY,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;IACtE,MAAM,mBAAmB,GAAG,cAAc,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;IAE1E,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,IAAI,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnE,MAAM,UAAU,GAAG,CAAC,GAAG,iBAAiB,EAAE,GAAG,mBAAmB,CAAC,CAAC;QAClE,MAAM,IAAI,KAAK,CACb,kCAAkC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;YACzD,mDAAmD,CACtD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY;QACZ,cAAc;QACd,iBAAiB,EAAE,CAAC,GAAG,MAAM,CAAC,iBAAiB,CAAC;QAChD,YAAY,EAAE,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC;QAC/B,iBAAiB,EAAE,MAAM,CAAC,iBAAiB;QAC3C,MAAM;KACP,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,OAAO,QAAQ,IAAI,gBAAgB,CAAC;AACtC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@defai.digital/guard",
|
|
3
|
-
"version": "13.4.
|
|
3
|
+
"version": "13.4.10",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "Post-check AI coding governance engine for AutomatosX",
|
|
6
6
|
"license": "BUSL-1.1",
|
|
@@ -32,8 +32,8 @@
|
|
|
32
32
|
"access": "public"
|
|
33
33
|
},
|
|
34
34
|
"dependencies": {
|
|
35
|
-
"@defai.digital/
|
|
36
|
-
"@defai.digital/
|
|
35
|
+
"@defai.digital/contracts": "13.4.10",
|
|
36
|
+
"@defai.digital/trace-domain": "13.4.10"
|
|
37
37
|
},
|
|
38
38
|
"scripts": {
|
|
39
39
|
"build": "tsc --build",
|