npm - @marcuspuchalla/nachos - Versions diffs - 0.1.3 → 0.1.4 - Mend

@marcuspuchalla/nachos 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/CHANGELOG.md +23 -0
package/dist/{chunk-5A5T56JB.js → chunk-5IWW5H47.js} +378 -207
package/dist/chunk-5IWW5H47.js.map +1 -0
package/dist/{chunk-PTWN7K3Y.cjs → chunk-RVG2BY32.cjs} +378 -207
package/dist/chunk-RVG2BY32.cjs.map +1 -0
package/dist/{chunk-R62CQQNI.cjs → chunk-S4RXO6IB.cjs} +195 -165
package/dist/chunk-S4RXO6IB.cjs.map +1 -0
package/dist/{chunk-2MTLSQ7E.js → chunk-UMAX5MX5.js} +195 -165
package/dist/chunk-UMAX5MX5.js.map +1 -0
package/dist/encoder/index.cjs +13 -13
package/dist/encoder/index.d.cts +2 -2
package/dist/encoder/index.d.ts +2 -2
package/dist/encoder/index.js +1 -1
package/dist/index.cjs +32 -32
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +28 -19
package/dist/index.d.ts +28 -19
package/dist/index.js +16 -16
package/dist/index.js.map +1 -1
package/dist/metafile-cjs.json +1 -1
package/dist/metafile-esm.json +1 -1
package/dist/parser/index.cjs +14 -14
package/dist/parser/index.d.cts +3 -1
package/dist/parser/index.d.ts +3 -1
package/dist/parser/index.js +1 -1
package/dist/{useCborSimpleEncoder-TVxzNJ_9.d.ts → useCborSimpleEncoder-BoKEmjP9.d.ts} +0 -2
package/dist/{useCborSimpleEncoder-ButVU988.d.cts → useCborSimpleEncoder-C_OHxoB8.d.cts} +0 -2
package/dist/{useCborTag-Cs1CZuXZ.d.cts → useCborTag-BD6Sqp7p.d.ts} +9 -4
package/dist/{useCborTag-xV2Pz2VY.d.ts → useCborTag-QpZR-Er2.d.cts} +9 -4
package/package.json +1 -1
package/src/__tests__/public-api.test.ts +153 -0
package/src/__tests__/roundtrip.test.ts +5 -6
package/src/encoder/__tests__/cbor-collection-encoder.test.ts +103 -5
package/src/encoder/__tests__/cbor-encoder-errors.test.ts +40 -5
package/src/encoder/__tests__/cbor-simple-encoder.test.ts +126 -0
package/src/encoder/composables/useCborCollectionEncoder.ts +28 -25
package/src/encoder/composables/useCborEncoder.ts +21 -0
package/src/encoder/composables/useCborSimpleEncoder.ts +34 -7
package/src/encoder/types.ts +0 -2
package/src/index.ts +29 -20
package/src/parser/__tests__/buffer-native-parsing.test.ts +338 -0
package/src/parser/__tests__/cbor-map-duplicate-keys.test.ts +97 -7
package/src/parser/__tests__/cbor-security-dos-protection.test.ts +164 -31
package/src/parser/__tests__/cbor-standard-tags.test.ts +75 -7
package/src/parser/__tests__/cbor-tag-reparse-fix.test.ts +268 -0
package/src/parser/composables/useCborCollection.ts +45 -42
package/src/parser/composables/useCborFloat.ts +2 -1
package/src/parser/composables/useCborInteger.ts +24 -10
package/src/parser/composables/useCborParser.ts +387 -197
package/src/parser/composables/useCborTag.ts +45 -37
package/src/parser/utils.ts +11 -0
package/dist/chunk-2MTLSQ7E.js.map +0 -1
package/dist/chunk-5A5T56JB.js.map +0 -1
package/dist/chunk-PTWN7K3Y.cjs.map +0 -1
package/dist/chunk-R62CQQNI.cjs.map +0 -1

package/src/parser/composables/useCborCollection.ts CHANGED Viewed

@@ -6,7 +6,7 @@
 import type { ParseResult, CborValue, CborMap, ParseOptions } from '../types'
 import { INDEFINITE_SYMBOL, ALL_ENTRIES_SYMBOL } from '../types'
-import { hexToBytes, readByte, readUint, readBigUint, extractCborHeader, compareBytes, bytesToHex } from '../utils'
+import { hexToBytes, readByte, readUint, readBigUint, extractCborHeader, compareBytes, serializeValueForComparison } from '../utils'
 import { useCborInteger } from './useCborInteger'
 import { useCborString } from './useCborString'
 import { useCborFloat } from './useCborFloat'
@@ -25,21 +25,13 @@ import { logger } from '../../utils/logger'
  * ```
  */
 export function useCborCollection() {
-  const { parseInteger } = useCborInteger()
+  const { parseIntegerFromBuffer } = useCborInteger()
   const { parseByteString, parseTextString } = useCborString()
-  const { parse: parseFloatOrSimple } = useCborFloat()
-  const { parseTag } = useCborTag()
+  const { parseFromBuffer: parseFloatOrSimpleFromBuffer } = useCborFloat()
+  const { parseTagFromBuffer } = useCborTag()
-  /**
-   * Convert a CBOR value to a string key for use in JavaScript objects
-   * Handles Uint8Array keys by converting them to hex strings
-   */
-  const convertKeyToString = (key: CborValue): string => {
-    if (key instanceof Uint8Array) {
-      return bytesToHex(key)
-    }
-    return String(key)
-  }
+  /** Tracks when parsing started for timeout enforcement */
+  let parseStartTime = 0
   /**
    * Internal parser dispatcher for CBOR items
@@ -52,6 +44,14 @@ export function useCborCollection() {
    * @returns Parsed value and bytes consumed
    */
   const parseItem = (buffer: Uint8Array, offset: number, options?: ParseOptions, depth: number = 0): ParseResult => {
+    // Check timeout on every recursive call
+    if (parseStartTime > 0 && options?.limits?.maxParseTime) {
+      const elapsed = Date.now() - parseStartTime
+      if (elapsed > options.limits.maxParseTime) {
+        throw new Error(`Parse timeout: exceeded ${options.limits.maxParseTime}ms limit`)
+      }
+    }
     if (offset >= buffer.length) {
       throw new Error(`Unexpected end of buffer at offset ${offset}`)
     }
@@ -62,14 +62,7 @@ export function useCborCollection() {
     switch (majorType) {
       case 0: // Unsigned integer
       case 1: // Negative integer
-        {
-          // Create a hex string from the buffer starting at offset
-          const intHex = Array.from(buffer.slice(offset))
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join('')
-          const result = parseInteger(intHex, options)
-          return { value: result.value, bytesRead: result.bytesRead }
-        }
+        return parseIntegerFromBuffer(buffer, offset, options)
       case 2: // Byte string
         return parseByteString(buffer, offset, options)
@@ -84,22 +77,10 @@ export function useCborCollection() {
         return parseMapFromBuffer(buffer, offset, options, depth)
       case 6: // Tag
-        {
-          const tagHex = Array.from(buffer.slice(offset))
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join('')
-          const result = parseTag(tagHex, options)
-          return { value: result.value, bytesRead: result.bytesRead }
-        }
+        return parseTagFromBuffer(buffer, offset, options)
       case 7: // Simple/Float
-        {
-          const floatHex = Array.from(buffer.slice(offset))
-            .map(b => b.toString(16).padStart(2, '0'))
-            .join('')
-          const result = parseFloatOrSimple(floatHex, options)
-          return { value: result.value, bytesRead: result.bytesRead }
-        }
+        return parseFloatOrSimpleFromBuffer(buffer, offset, options)
       default:
         throw new Error(`Unknown major type: ${majorType}`)
@@ -356,8 +337,10 @@ export function useCborCollection() {
         const valueResult = parseItem(buffer, currentOffset, options, depth + 1)
         currentOffset += valueResult.bytesRead
-        // For duplicate key detection, serialize the key
-        const keyString = convertKeyToString(keyResult.value)
+        // For duplicate key detection, serialize the parsed value semantically
+        // RFC 8949 Section 5.6: comparison must be on semantic values, not raw bytes
+        // (raw bytes differ when same value uses different byte widths)
+        const keyString = serializeValueForComparison(keyResult.value)
         // Check for duplicate keys based on dupMapKeyMode
         // RFC 8949: Deterministic encoding SHOULD reject duplicate keys
@@ -420,8 +403,10 @@ export function useCborCollection() {
         const valueResult = parseItem(buffer, currentOffset, options, depth + 1)
         currentOffset += valueResult.bytesRead
-        // For duplicate key detection, serialize the key
-        const keyString = convertKeyToString(keyResult.value)
+        // For duplicate key detection, serialize the parsed value semantically
+        // RFC 8949 Section 5.6: comparison must be on semantic values, not raw bytes
+        // (raw bytes differ when same value uses different byte widths)
+        const keyString = serializeValueForComparison(keyResult.value)
         // Check for duplicate keys based on dupMapKeyMode
         // RFC 8949: Deterministic encoding SHOULD reject duplicate keys
@@ -485,7 +470,16 @@ export function useCborCollection() {
     // Remove spaces from hex string
     const cleanHex = hexString.replace(/\s+/g, '')
     const buffer = hexToBytes(cleanHex)
-    return parseArrayFromBuffer(buffer, 0, options, 0)
+    // Set parse start time for timeout enforcement
+    if (options?.limits?.maxParseTime) {
+      parseStartTime = Date.now()
+    }
+    try {
+      return parseArrayFromBuffer(buffer, 0, options, 0)
+    } finally {
+      parseStartTime = 0
+    }
   }
   /**
@@ -499,7 +493,16 @@ export function useCborCollection() {
     // Remove spaces from hex string
     const cleanHex = hexString.replace(/\s+/g, '')
     const buffer = hexToBytes(cleanHex)
-    return parseMapFromBuffer(buffer, 0, options, 0)
+    // Set parse start time for timeout enforcement
+    if (options?.limits?.maxParseTime) {
+      parseStartTime = Date.now()
+    }
+    try {
+      return parseMapFromBuffer(buffer, 0, options, 0)
+    } finally {
+      parseStartTime = 0
+    }
   }
   return {

package/src/parser/composables/useCborFloat.ts CHANGED Viewed

@@ -336,6 +336,7 @@ export function useCborFloat() {
   return {
     parse,
     parseFloat,
-    parseSimple
+    parseSimple,
+    parseFromBuffer
   }
 }

package/src/parser/composables/useCborInteger.ts CHANGED Viewed

@@ -20,15 +20,15 @@ import { hexToBytes, readByte, readUint, readBigUint, extractCborHeader, validat
  */
 export function useCborInteger() {
   /**
-   * Parses CBOR integer (Major Type 0 or 1)
+   * Parses CBOR integer (Major Type 0 or 1) from a buffer at a given offset
    *
-   * @param hexString - CBOR hex string
+   * @param buffer - Data buffer
+   * @param offset - Current offset into the buffer
    * @param options - Parser options (optional)
    * @returns Parsed integer value and bytes read
    */
-  const parseInteger = (hexString: string, options?: ParseOptions): ParseResult => {
-    const buffer = hexToBytes(hexString)
-    const initialByte = readByte(buffer, 0)
+  const parseIntegerFromBuffer = (buffer: Uint8Array, offset: number, options?: ParseOptions): ParseResult => {
+    const initialByte = readByte(buffer, offset)
     const { majorType, additionalInfo } = extractCborHeader(initialByte)
@@ -42,19 +42,19 @@ export function useCborInteger() {
       bytesRead = 1
     } else if (additionalInfo === 24) {
       // 1 byte follows
-      rawValue = readByte(buffer, 1)
+      rawValue = readByte(buffer, offset + 1)
       bytesRead = 2
     } else if (additionalInfo === 25) {
       // 2 bytes follow
-      rawValue = readUint(buffer, 1, 2)
+      rawValue = readUint(buffer, offset + 1, 2)
       bytesRead = 3
     } else if (additionalInfo === 26) {
       // 4 bytes follow
-      rawValue = readUint(buffer, 1, 4)
+      rawValue = readUint(buffer, offset + 1, 4)
       bytesRead = 5
     } else if (additionalInfo === 27) {
       // 8 bytes follow - use BigInt for large values
-      const bigValue = readBigUint(buffer, 1, 8)
+      const bigValue = readBigUint(buffer, offset + 1, 8)
       // Check if value fits in Number.MAX_SAFE_INTEGER
       if (bigValue <= BigInt(Number.MAX_SAFE_INTEGER)) {
@@ -108,7 +108,21 @@ export function useCborInteger() {
     }
   }
+  /**
+   * Parses CBOR integer (Major Type 0 or 1) from hex string
+   * Thin wrapper around parseIntegerFromBuffer
+   *
+   * @param hexString - CBOR hex string
+   * @param options - Parser options (optional)
+   * @returns Parsed integer value and bytes read
+   */
+  const parseInteger = (hexString: string, options?: ParseOptions): ParseResult => {
+    const buffer = hexToBytes(hexString)
+    return parseIntegerFromBuffer(buffer, 0, options)
+  }
   return {
-    parseInteger
+    parseInteger,
+    parseIntegerFromBuffer
   }
 }