@mastra/memory 1.0.0-beta.5 → 1.0.0-beta.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +11 -0
- package/dist/index.cjs +53 -13
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +51 -14
- package/dist/index.js.map +1 -1
- package/dist/working-memory-utils.d.ts +20 -0
- package/dist/working-memory-utils.d.ts.map +1 -0
- package/package.json +4 -4
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,16 @@
|
|
|
1
1
|
# @mastra/memory
|
|
2
2
|
|
|
3
|
+
## 1.0.0-beta.6
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- Fixed ReDoS vulnerability in working memory tag parsing. ([#11248](https://github.com/mastra-ai/mastra/pull/11248))
|
|
8
|
+
|
|
9
|
+
Replaced regex-based parsing with indexOf-based string parsing to prevent denial of service attacks from malicious input. The vulnerable regex `/<working_memory>([^]*?)<\/working_memory>/g` had O(n²) complexity on pathological inputs - the new implementation maintains O(n) linear time.
|
|
10
|
+
|
|
11
|
+
- Updated dependencies [[`4f94ed8`](https://github.com/mastra-ai/mastra/commit/4f94ed8177abfde3ec536e3574883e075423350c), [`ac3cc23`](https://github.com/mastra-ai/mastra/commit/ac3cc2397d1966bc0fc2736a223abc449d3c7719), [`a86f4df`](https://github.com/mastra-ai/mastra/commit/a86f4df0407311e0d2ea49b9a541f0938810d6a9), [`029540c`](https://github.com/mastra-ai/mastra/commit/029540ca1e582fc2dd8d288ecd4a9b0f31a954ef), [`66741d1`](https://github.com/mastra-ai/mastra/commit/66741d1a99c4f42cf23a16109939e8348ac6852e), [`01b20fe`](https://github.com/mastra-ai/mastra/commit/01b20fefb7c67c2b7d79417598ef4e60256d1225), [`0dbf199`](https://github.com/mastra-ai/mastra/commit/0dbf199110f22192ce5c95b1c8148d4872b4d119), [`a7ce182`](https://github.com/mastra-ai/mastra/commit/a7ce1822a8785ce45d62dd5c911af465e144f7d7)]:
|
|
12
|
+
- @mastra/core@1.0.0-beta.14
|
|
13
|
+
|
|
3
14
|
## 1.0.0-beta.5
|
|
4
15
|
|
|
5
16
|
### Patch Changes
|
package/dist/index.cjs
CHANGED
|
@@ -9237,6 +9237,50 @@ var __experimental_updateWorkingMemoryToolVNext = (config) => {
|
|
|
9237
9237
|
}
|
|
9238
9238
|
});
|
|
9239
9239
|
};
|
|
9240
|
+
|
|
9241
|
+
// src/working-memory-utils.ts
|
|
9242
|
+
var WORKING_MEMORY_START_TAG = "<working_memory>";
|
|
9243
|
+
var WORKING_MEMORY_END_TAG = "</working_memory>";
|
|
9244
|
+
function extractWorkingMemoryTags(text3) {
|
|
9245
|
+
const results = [];
|
|
9246
|
+
let pos = 0;
|
|
9247
|
+
while (pos < text3.length) {
|
|
9248
|
+
const start = text3.indexOf(WORKING_MEMORY_START_TAG, pos);
|
|
9249
|
+
if (start === -1) break;
|
|
9250
|
+
const end = text3.indexOf(WORKING_MEMORY_END_TAG, start + WORKING_MEMORY_START_TAG.length);
|
|
9251
|
+
if (end === -1) break;
|
|
9252
|
+
results.push(text3.substring(start, end + WORKING_MEMORY_END_TAG.length));
|
|
9253
|
+
pos = end + WORKING_MEMORY_END_TAG.length;
|
|
9254
|
+
}
|
|
9255
|
+
return results.length > 0 ? results : null;
|
|
9256
|
+
}
|
|
9257
|
+
function removeWorkingMemoryTags(text3) {
|
|
9258
|
+
let result = "";
|
|
9259
|
+
let pos = 0;
|
|
9260
|
+
while (pos < text3.length) {
|
|
9261
|
+
const start = text3.indexOf(WORKING_MEMORY_START_TAG, pos);
|
|
9262
|
+
if (start === -1) {
|
|
9263
|
+
result += text3.substring(pos);
|
|
9264
|
+
break;
|
|
9265
|
+
}
|
|
9266
|
+
result += text3.substring(pos, start);
|
|
9267
|
+
const end = text3.indexOf(WORKING_MEMORY_END_TAG, start + WORKING_MEMORY_START_TAG.length);
|
|
9268
|
+
if (end === -1) {
|
|
9269
|
+
result += text3.substring(start);
|
|
9270
|
+
break;
|
|
9271
|
+
}
|
|
9272
|
+
pos = end + WORKING_MEMORY_END_TAG.length;
|
|
9273
|
+
}
|
|
9274
|
+
return result;
|
|
9275
|
+
}
|
|
9276
|
+
function extractWorkingMemoryContent(text3) {
|
|
9277
|
+
const start = text3.indexOf(WORKING_MEMORY_START_TAG);
|
|
9278
|
+
if (start === -1) return null;
|
|
9279
|
+
const contentStart = start + WORKING_MEMORY_START_TAG.length;
|
|
9280
|
+
const end = text3.indexOf(WORKING_MEMORY_END_TAG, contentStart);
|
|
9281
|
+
if (end === -1) return null;
|
|
9282
|
+
return text3.substring(contentStart, end);
|
|
9283
|
+
}
|
|
9240
9284
|
var CHARS_PER_TOKEN = 4;
|
|
9241
9285
|
var DEFAULT_MESSAGE_RANGE = { before: 1, after: 1 };
|
|
9242
9286
|
var DEFAULT_TOP_K = 4;
|
|
@@ -9653,11 +9697,10 @@ ${workingMemory}`;
|
|
|
9653
9697
|
return result;
|
|
9654
9698
|
}
|
|
9655
9699
|
updateMessageToHideWorkingMemory(message) {
|
|
9656
|
-
const workingMemoryRegex = /<working_memory>([^]*?)<\/working_memory>/g;
|
|
9657
9700
|
if (typeof message?.content === `string`) {
|
|
9658
9701
|
return {
|
|
9659
9702
|
...message,
|
|
9660
|
-
content: message.content
|
|
9703
|
+
content: removeWorkingMemoryTags(message.content).trim()
|
|
9661
9704
|
};
|
|
9662
9705
|
} else if (Array.isArray(message?.content)) {
|
|
9663
9706
|
const filteredContent = message.content.filter(
|
|
@@ -9667,7 +9710,7 @@ ${workingMemory}`;
|
|
|
9667
9710
|
if (content.type === "text") {
|
|
9668
9711
|
return {
|
|
9669
9712
|
...content,
|
|
9670
|
-
text: content.text
|
|
9713
|
+
text: removeWorkingMemoryTags(content.text).trim()
|
|
9671
9714
|
};
|
|
9672
9715
|
}
|
|
9673
9716
|
return { ...content };
|
|
@@ -9679,13 +9722,12 @@ ${workingMemory}`;
|
|
|
9679
9722
|
}
|
|
9680
9723
|
}
|
|
9681
9724
|
updateMessageToHideWorkingMemoryV2(message) {
|
|
9682
|
-
const workingMemoryRegex = /<working_memory>([^]*?)<\/working_memory>/g;
|
|
9683
9725
|
const newMessage = { ...message };
|
|
9684
9726
|
if (message.content && typeof message.content === "object" && !Array.isArray(message.content)) {
|
|
9685
9727
|
newMessage.content = { ...message.content };
|
|
9686
9728
|
}
|
|
9687
9729
|
if (typeof newMessage.content?.content === "string" && newMessage.content.content.length > 0) {
|
|
9688
|
-
newMessage.content.content = newMessage.content.content
|
|
9730
|
+
newMessage.content.content = removeWorkingMemoryTags(newMessage.content.content).trim();
|
|
9689
9731
|
}
|
|
9690
9732
|
if (Array.isArray(newMessage.content?.parts)) {
|
|
9691
9733
|
newMessage.content.parts = newMessage.content.parts.filter((part) => {
|
|
@@ -9698,7 +9740,7 @@ ${workingMemory}`;
|
|
|
9698
9740
|
const text3 = typeof part.text === "string" ? part.text : "";
|
|
9699
9741
|
return {
|
|
9700
9742
|
...part,
|
|
9701
|
-
text: text3
|
|
9743
|
+
text: removeWorkingMemoryTags(text3).trim()
|
|
9702
9744
|
};
|
|
9703
9745
|
}
|
|
9704
9746
|
return part;
|
|
@@ -9711,13 +9753,8 @@ ${workingMemory}`;
|
|
|
9711
9753
|
}
|
|
9712
9754
|
parseWorkingMemory(text3) {
|
|
9713
9755
|
if (!this.threadConfig.workingMemory?.enabled) return null;
|
|
9714
|
-
const
|
|
9715
|
-
|
|
9716
|
-
const match = matches?.[0];
|
|
9717
|
-
if (match) {
|
|
9718
|
-
return match.replace(/<\/?working_memory>/g, "").trim();
|
|
9719
|
-
}
|
|
9720
|
-
return null;
|
|
9756
|
+
const content = extractWorkingMemoryContent(text3);
|
|
9757
|
+
return content?.trim() ?? null;
|
|
9721
9758
|
}
|
|
9722
9759
|
async getWorkingMemory({
|
|
9723
9760
|
threadId,
|
|
@@ -9960,5 +9997,8 @@ Object.defineProperty(exports, "WorkingMemory", {
|
|
|
9960
9997
|
});
|
|
9961
9998
|
exports.Memory = Memory;
|
|
9962
9999
|
exports.deepMergeWorkingMemory = deepMergeWorkingMemory;
|
|
10000
|
+
exports.extractWorkingMemoryContent = extractWorkingMemoryContent;
|
|
10001
|
+
exports.extractWorkingMemoryTags = extractWorkingMemoryTags;
|
|
10002
|
+
exports.removeWorkingMemoryTags = removeWorkingMemoryTags;
|
|
9963
10003
|
//# sourceMappingURL=index.cjs.map
|
|
9964
10004
|
//# sourceMappingURL=index.cjs.map
|