@safebrowse/daemon 0.1.2 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +64 -1
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -1
- package/dist/index.js.map +1 -1
- package/dist/parserIsolation.d.ts +48 -0
- package/dist/parserIsolation.d.ts.map +1 -0
- package/dist/parserIsolation.js +207 -0
- package/dist/parserIsolation.js.map +1 -0
- package/dist/parserWorker.d.ts +2 -0
- package/dist/parserWorker.d.ts.map +1 -0
- package/dist/parserWorker.js +169 -0
- package/dist/parserWorker.js.map +1 -0
- package/dist/runtime/config/auditor/v4_prompt_injection_coverage_suite.json +2789 -0
- package/dist/runtime/config/auditor/v5_secure_claim_suite.json +70 -0
- package/dist/server.d.ts +7 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +2143 -27
- package/dist/server.js.map +1 -1
- package/package.json +2 -2
package/dist/cli.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAGA,OAAO,EAAyB,KAAK,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAElF,MAAM,WAAW,mBAAoB,SAAQ,uBAAuB;IAClE,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;
|
|
1
|
+
{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAGA,OAAO,EAAyB,KAAK,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAElF,MAAM,WAAW,mBAAoB,SAAQ,uBAAuB;IAClE,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AA8BD,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,wBAAgB,kBAAkB,CAChC,IAAI,EAAE,MAAM,EAAE,EACd,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,mBAAmB,CA0HrB;AAED,wBAAsB,YAAY,CAChC,IAAI,GAAE,MAAM,EAA0B,EACtC,GAAG,GAAE,MAAM,CAAC,UAAwB,GACnC,OAAO,CAAC,IAAI,CAAC,CAmBf"}
|
package/dist/cli.js
CHANGED
|
@@ -4,12 +4,21 @@ import { startSafeBrowseDaemon } from "./server.js";
|
|
|
4
4
|
const HELP_TEXT = `SafeBrowse daemon
|
|
5
5
|
|
|
6
6
|
Usage:
|
|
7
|
-
safebrowse-daemon [--host 127.0.0.1] [--port 8787] [--root-dir <path>]
|
|
7
|
+
safebrowse-daemon [--host 127.0.0.1] [--port 8787] [--root-dir <path>] [--deployment-profile development|secure_v5]
|
|
8
|
+
[--approval-broker-mode signature_verification|external_service]
|
|
9
|
+
[--parser-isolation-mode scrubbed_process|node_permission_process]
|
|
8
10
|
|
|
9
11
|
Environment:
|
|
10
12
|
SAFEBROWSE_HOST
|
|
11
13
|
SAFEBROWSE_PORT
|
|
12
14
|
SAFEBROWSE_ROOT_DIR
|
|
15
|
+
SAFEBROWSE_DEPLOYMENT_PROFILE
|
|
16
|
+
SAFEBROWSE_APPROVAL_BROKER_PUBLIC_KEY_PATH
|
|
17
|
+
SAFEBROWSE_APPROVAL_BROKER_MODE
|
|
18
|
+
SAFEBROWSE_PARSER_ISOLATION_MODE
|
|
19
|
+
|
|
20
|
+
Notes:
|
|
21
|
+
secure_v6 is accepted as a deprecated alias for secure_v5.
|
|
13
22
|
`;
|
|
14
23
|
function parsePort(value) {
|
|
15
24
|
const port = Number.parseInt(value, 10);
|
|
@@ -27,6 +36,10 @@ export function parseDaemonOptions(argv, env = process.env) {
|
|
|
27
36
|
const envHost = env.SAFEBROWSE_HOST?.trim();
|
|
28
37
|
const envPort = env.SAFEBROWSE_PORT?.trim();
|
|
29
38
|
const envRootDir = env.SAFEBROWSE_ROOT_DIR?.trim();
|
|
39
|
+
const envDeploymentProfile = env.SAFEBROWSE_DEPLOYMENT_PROFILE?.trim();
|
|
40
|
+
const envApprovalBrokerPublicKeyPath = env.SAFEBROWSE_APPROVAL_BROKER_PUBLIC_KEY_PATH?.trim();
|
|
41
|
+
const envApprovalBrokerMode = env.SAFEBROWSE_APPROVAL_BROKER_MODE?.trim();
|
|
42
|
+
const envParserIsolationMode = env.SAFEBROWSE_PARSER_ISOLATION_MODE?.trim();
|
|
30
43
|
if (envHost) {
|
|
31
44
|
options.host = envHost;
|
|
32
45
|
}
|
|
@@ -36,6 +49,21 @@ export function parseDaemonOptions(argv, env = process.env) {
|
|
|
36
49
|
if (envRootDir) {
|
|
37
50
|
options.rootDir = resolve(envRootDir);
|
|
38
51
|
}
|
|
52
|
+
if (envDeploymentProfile === "development" ||
|
|
53
|
+
envDeploymentProfile === "secure_v5" ||
|
|
54
|
+
envDeploymentProfile === "secure_v6") {
|
|
55
|
+
options.deploymentProfile = envDeploymentProfile === "secure_v6" ? "secure_v5" : envDeploymentProfile;
|
|
56
|
+
}
|
|
57
|
+
if (envApprovalBrokerPublicKeyPath) {
|
|
58
|
+
options.approvalBrokerPublicKeyPath = resolve(envApprovalBrokerPublicKeyPath);
|
|
59
|
+
}
|
|
60
|
+
if (envApprovalBrokerMode === "signature_verification" || envApprovalBrokerMode === "external_service") {
|
|
61
|
+
options.approvalBrokerMode = envApprovalBrokerMode;
|
|
62
|
+
}
|
|
63
|
+
if (envParserIsolationMode === "scrubbed_process" ||
|
|
64
|
+
envParserIsolationMode === "node_permission_process") {
|
|
65
|
+
options.parserIsolationMode = envParserIsolationMode;
|
|
66
|
+
}
|
|
39
67
|
while (queue.length > 0) {
|
|
40
68
|
const arg = queue.shift();
|
|
41
69
|
if (!arg) {
|
|
@@ -69,6 +97,41 @@ export function parseDaemonOptions(argv, env = process.env) {
|
|
|
69
97
|
options.rootDir = resolve(value);
|
|
70
98
|
continue;
|
|
71
99
|
}
|
|
100
|
+
if (arg === "--deployment-profile") {
|
|
101
|
+
const value = queue.shift();
|
|
102
|
+
if (!value || !["development", "secure_v5", "secure_v6"].includes(value)) {
|
|
103
|
+
throw new Error("Invalid value for --deployment-profile");
|
|
104
|
+
}
|
|
105
|
+
options.deploymentProfile =
|
|
106
|
+
value === "secure_v6"
|
|
107
|
+
? "secure_v5"
|
|
108
|
+
: value;
|
|
109
|
+
continue;
|
|
110
|
+
}
|
|
111
|
+
if (arg === "--approval-broker-public-key-path") {
|
|
112
|
+
const value = queue.shift();
|
|
113
|
+
if (!value) {
|
|
114
|
+
throw new Error("Missing value for --approval-broker-public-key-path");
|
|
115
|
+
}
|
|
116
|
+
options.approvalBrokerPublicKeyPath = resolve(value);
|
|
117
|
+
continue;
|
|
118
|
+
}
|
|
119
|
+
if (arg === "--approval-broker-mode") {
|
|
120
|
+
const value = queue.shift();
|
|
121
|
+
if (!value || !["signature_verification", "external_service"].includes(value)) {
|
|
122
|
+
throw new Error("Invalid value for --approval-broker-mode");
|
|
123
|
+
}
|
|
124
|
+
options.approvalBrokerMode = value;
|
|
125
|
+
continue;
|
|
126
|
+
}
|
|
127
|
+
if (arg === "--parser-isolation-mode") {
|
|
128
|
+
const value = queue.shift();
|
|
129
|
+
if (!value || !["scrubbed_process", "node_permission_process"].includes(value)) {
|
|
130
|
+
throw new Error("Invalid value for --parser-isolation-mode");
|
|
131
|
+
}
|
|
132
|
+
options.parserIsolationMode = value;
|
|
133
|
+
continue;
|
|
134
|
+
}
|
|
72
135
|
throw new Error(`Unknown argument: ${arg}`);
|
|
73
136
|
}
|
|
74
137
|
return options;
|
package/dist/cli.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,qBAAqB,EAAgC,MAAM,aAAa,CAAC;AAMlF,MAAM,SAAS,GAAG
|
|
1
|
+
{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,OAAO,MAAM,cAAc,CAAC;AAEnC,OAAO,EAAE,qBAAqB,EAAgC,MAAM,aAAa,CAAC;AAMlF,MAAM,SAAS,GAAG;;;;;;;;;;;;;;;;;;CAkBjB,CAAC;AAEF,SAAS,SAAS,CAAC,KAAa;IAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACxC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,GAAG,MAAM,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,iBAAiB,KAAK,EAAE,CAAC,CAAC;IAC5C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,gBAAgB;IAC9B,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,kBAAkB,CAChC,IAAc,EACd,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;IAExB,MAAM,OAAO,GAAG,GAAG,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAG,GAAG,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC;IAC5C,MAAM,UAAU,GAAG,GAAG,CAAC,mBAAmB,EAAE,IAAI,EAAE,CAAC;IACnD,MAAM,oBAAoB,GAAG,GAAG,CAAC,6BAA6B,EAAE,IAAI,EAAE,CAAC;IACvE,MAAM,8BAA8B,GAAG,GAAG,CAAC,0CAA0C,EAAE,IAAI,EAAE,CAAC;IAC9F,MAAM,qBAAqB,GAAG,GAAG,CAAC,+BAA+B,EAAE,IAAI,EAAE,CAAC;IAC1E,MAAM,sBAAsB,GAAG,GAAG,CAAC,gCAAgC,EAAE,IAAI,EAAE,CAAC;IAE5E,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC;IACzB,CAAC;IACD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,CAAC,IAAI,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;IACD,IAAI,UAAU,EAAE,CAAC;QACf,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACxC,CAAC;IACD,IACE,oBAAoB,KAAK,aAAa;QACtC,oBAAoB,KAAK,WAAW;QACpC,oBAAoB,KAAK,WAAW,EACpC,CAAC;QACD,OAAO,CAAC,iBAAiB,GAAG,oBAAoB,KAAK,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,oBAAoB,CAAC;IACxG,CAAC;IACD,IAAI,8BAA8B,EAAE,CAAC;QACnC,OAAO,CAAC,2BAA2B,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAC;IAChF,CAAC;IACD,IAAI,qBAAqB,KAAK,wBAAwB,IAAI,qBAAqB,KAAK,kBAAkB,EAAE,CAAC;QACvG,OAAO,CAAC,kBAAkB,GAAG,qBAAqB,CAAC;IACrD,CAAC;IACD,IACE,sBAAsB,KAAK,kBAAkB;QAC7C,sBAAsB,KAAK,yBAAyB,EACpD,CAAC;QACD,OAAO,CAAC,mBAAmB,GAAG,sBAAsB,CAAC;IACvD,CAAC;IAED,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;QAC1B,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;YACrC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;YACpB,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;YAC9C,CAAC;YACD,OAAO,CAAC,IAAI,GAAG,KAAK,CAAC;YACrB,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,QAAQ,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;YAC9C,CAAC;YACD,OAAO,CAAC,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;YAChC,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,YAAY,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;YAClD,CAAC;YACD,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;YACjC,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,sBAAsB,EAAE,CAAC;YACnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,aAAa,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAC5D,CAAC;YACD,OAAO,CAAC,iBAAiB;gBACvB,KAAK,KAAK,WAAW;oBACnB,CAAC,CAAC,WAAW;oBACb,CAAC,CAAE,KAAqC,CAAC;YAC7C,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,mCAAmC,EAAE,CAAC;YAChD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;YACzE,CAAC;YACD,OAAO,CAAC,2BAA2B,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC;YACrD,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,wBAAwB,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,wBAAwB,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9E,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,CAAC,kBAAkB,GAAG,KAAsD,CAAC;YACpF,SAAS;QACX,CAAC;QAED,IAAI,GAAG,KAAK,yBAAyB,EAAE,CAAC;YACtC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,kBAAkB,EAAE,yBAAyB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/E,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAC/D,CAAC;YACD,OAAO,CAAC,mBAAmB,GAAG,KAAuD,CAAC;YACtF,SAAS;QACX,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,EAAE,CAAC,CAAC;IAC9C,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,OAAiB,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EACtC,MAAyB,OAAO,CAAC,GAAG;IAEpC,MAAM,OAAO,GAAG,kBAAkB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC9C,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAChC,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,GAAG,EAAE;QACpB,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;YAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;IAEF,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACjC,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;AACpC,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
export { formatDaemonHelp, parseDaemonOptions, runDaemonCli } from "./cli.js";
|
|
3
|
+
export { compileObservationInIsolation, createParserIsolationService, probeParserIsolation } from "./parserIsolation.js";
|
|
3
4
|
export { createSafeBrowseServer, startSafeBrowseDaemon } from "./server.js";
|
|
4
5
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAYA,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAC9E,OAAO,EACL,6BAA6B,EAC7B,4BAA4B,EAC5B,oBAAoB,EACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -2,8 +2,10 @@
|
|
|
2
2
|
import { resolve } from "node:path";
|
|
3
3
|
import { fileURLToPath } from "node:url";
|
|
4
4
|
import { formatDaemonHelp, parseDaemonOptions, runDaemonCli } from "./cli.js";
|
|
5
|
+
import { compileObservationInIsolation, createParserIsolationService, probeParserIsolation } from "./parserIsolation.js";
|
|
5
6
|
import { createSafeBrowseServer, startSafeBrowseDaemon } from "./server.js";
|
|
6
7
|
export { formatDaemonHelp, parseDaemonOptions, runDaemonCli } from "./cli.js";
|
|
8
|
+
export { compileObservationInIsolation, createParserIsolationService, probeParserIsolation } from "./parserIsolation.js";
|
|
7
9
|
export { createSafeBrowseServer, startSafeBrowseDaemon } from "./server.js";
|
|
8
10
|
function isDirectExecution() {
|
|
9
11
|
if (!process.argv[1]) {
|
|
@@ -12,10 +14,15 @@ function isDirectExecution() {
|
|
|
12
14
|
return fileURLToPath(import.meta.url) === resolve(process.argv[1]);
|
|
13
15
|
}
|
|
14
16
|
if (isDirectExecution()) {
|
|
15
|
-
|
|
17
|
+
const startupKeepalive = setInterval(() => undefined, 1 << 30);
|
|
18
|
+
runDaemonCli()
|
|
19
|
+
.catch((error) => {
|
|
16
20
|
console.error(error instanceof Error ? error.message : String(error));
|
|
17
21
|
console.error(formatDaemonHelp());
|
|
18
22
|
process.exitCode = 1;
|
|
23
|
+
})
|
|
24
|
+
.finally(() => {
|
|
25
|
+
clearInterval(startupKeepalive);
|
|
19
26
|
});
|
|
20
27
|
}
|
|
21
28
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAC9E,OAAO,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAE5E,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAC9E,OAAO,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAE5E,SAAS,iBAAiB;IACxB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,IAAI,iBAAiB,EAAE,EAAE,CAAC;IACxB,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAC9E,OAAO,EACL,6BAA6B,EAC7B,4BAA4B,EAC5B,oBAAoB,EACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAE5E,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAC9E,OAAO,EACL,6BAA6B,EAC7B,4BAA4B,EAC5B,oBAAoB,EACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AAE5E,SAAS,iBAAiB;IACxB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AACrE,CAAC;AAED,IAAI,iBAAiB,EAAE,EAAE,CAAC;IACxB,MAAM,gBAAgB,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,YAAY,EAAE;SACX,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QACf,OAAO,CAAC,KAAK,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAClC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC,CAAC;SACD,OAAO,CAAC,GAAG,EAAE;QACZ,aAAa,CAAC,gBAAgB,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
import type { CompiledObservation, ParserIsolationMode, ParserWorkerProbe, RuntimeContext, StructuredPlannerInput, SurfaceCapture } from "@safebrowse/core";
|
|
2
|
+
type ToolManifestDigests = {
|
|
3
|
+
manifestHash?: string;
|
|
4
|
+
schemaHash?: string;
|
|
5
|
+
};
|
|
6
|
+
export interface ParserIsolationProbeSnapshot {
|
|
7
|
+
probe: ParserWorkerProbe;
|
|
8
|
+
lastCheckedAt: string;
|
|
9
|
+
}
|
|
10
|
+
export interface ParserIsolationService {
|
|
11
|
+
compileObservation(input: {
|
|
12
|
+
capture: SurfaceCapture;
|
|
13
|
+
workflowHash?: string;
|
|
14
|
+
allowlistedEgress?: string[];
|
|
15
|
+
runtime?: Partial<RuntimeContext>;
|
|
16
|
+
compilerVersion?: "v4" | "v5";
|
|
17
|
+
parserIsolationMode?: ParserIsolationMode;
|
|
18
|
+
}): Promise<{
|
|
19
|
+
compiledObservation: CompiledObservation;
|
|
20
|
+
plannerInput?: StructuredPlannerInput;
|
|
21
|
+
plannerView?: unknown;
|
|
22
|
+
toolManifestDigests?: ToolManifestDigests;
|
|
23
|
+
}>;
|
|
24
|
+
getCachedProbe(): Promise<ParserIsolationProbeSnapshot>;
|
|
25
|
+
refreshProbe(): Promise<ParserIsolationProbeSnapshot>;
|
|
26
|
+
close(): Promise<void>;
|
|
27
|
+
}
|
|
28
|
+
interface ParserIsolationServiceOptions {
|
|
29
|
+
allowlistedEgress?: string[];
|
|
30
|
+
runtime?: Partial<RuntimeContext>;
|
|
31
|
+
}
|
|
32
|
+
export declare function createParserIsolationService(parserIsolationMode?: ParserIsolationMode, options?: ParserIsolationServiceOptions): ParserIsolationService;
|
|
33
|
+
export declare function compileObservationInIsolation(input: {
|
|
34
|
+
capture: SurfaceCapture;
|
|
35
|
+
workflowHash?: string;
|
|
36
|
+
allowlistedEgress?: string[];
|
|
37
|
+
runtime?: Partial<RuntimeContext>;
|
|
38
|
+
compilerVersion?: "v4" | "v5";
|
|
39
|
+
parserIsolationMode?: ParserIsolationMode;
|
|
40
|
+
}): Promise<{
|
|
41
|
+
compiledObservation: CompiledObservation;
|
|
42
|
+
plannerInput?: StructuredPlannerInput;
|
|
43
|
+
plannerView?: unknown;
|
|
44
|
+
toolManifestDigests?: ToolManifestDigests;
|
|
45
|
+
}>;
|
|
46
|
+
export declare function probeParserIsolation(parserIsolationMode?: ParserIsolationMode): Promise<ParserWorkerProbe>;
|
|
47
|
+
export {};
|
|
48
|
+
//# sourceMappingURL=parserIsolation.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parserIsolation.d.ts","sourceRoot":"","sources":["../src/parserIsolation.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EACV,mBAAmB,EACnB,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,EACd,sBAAsB,EACtB,cAAc,EACf,MAAM,kBAAkB,CAAC;AAgC1B,KAAK,mBAAmB,GAAG;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,CAAC;AAoBF,MAAM,WAAW,4BAA4B;IAC3C,KAAK,EAAE,iBAAiB,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,sBAAsB;IACrC,kBAAkB,CAAC,KAAK,EAAE;QACxB,OAAO,EAAE,cAAc,CAAC;QACxB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;QAC7B,OAAO,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;QAClC,eAAe,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;QAC9B,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;KAC3C,GAAG,OAAO,CAAC;QACV,mBAAmB,EAAE,mBAAmB,CAAC;QACzC,YAAY,CAAC,EAAE,sBAAsB,CAAC;QACtC,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;KAC3C,CAAC,CAAC;IACH,cAAc,IAAI,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACxD,YAAY,IAAI,OAAO,CAAC,4BAA4B,CAAC,CAAC;IACtD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAED,UAAU,6BAA6B;IACrC,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;CACnC;AAsPD,wBAAgB,4BAA4B,CAC1C,mBAAmB,GAAE,mBAAwC,EAC7D,OAAO,GAAE,6BAAkC,GAC1C,sBAAsB,CAExB;AAED,wBAAgB,6BAA6B,CAAC,KAAK,EAAE;IACnD,OAAO,EAAE,cAAc,CAAC;IACxB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,CAAC;IAClC,eAAe,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAC9B,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CAC3C,GAAG,OAAO,CAAC;IACV,mBAAmB,EAAE,mBAAmB,CAAC;IACzC,YAAY,CAAC,EAAE,sBAAsB,CAAC;IACtC,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;CAC3C,CAAC,CAMD;AAED,wBAAgB,oBAAoB,CAClC,mBAAmB,GAAE,mBAAwC,GAC5D,OAAO,CAAC,iBAAiB,CAAC,CAI5B"}
|
|
@@ -0,0 +1,207 @@
|
|
|
1
|
+
import { randomUUID } from "node:crypto";
|
|
2
|
+
import { existsSync } from "node:fs";
|
|
3
|
+
import { fork } from "node:child_process";
|
|
4
|
+
import { fileURLToPath } from "node:url";
|
|
5
|
+
import { resolve, dirname } from "node:path";
|
|
6
|
+
const moduleDir = dirname(fileURLToPath(import.meta.url));
|
|
7
|
+
const compiledWorkerPath = resolve(moduleDir, "parserWorker.js");
|
|
8
|
+
const sourceWorkerPath = resolve(moduleDir, "parserWorker.ts");
|
|
9
|
+
const workerPath = existsSync(compiledWorkerPath) ? compiledWorkerPath : sourceWorkerPath;
|
|
10
|
+
function parserReadRoots() {
|
|
11
|
+
return [...new Set([resolve(process.cwd()), resolve(dirname(workerPath), "..", "..")])];
|
|
12
|
+
}
|
|
13
|
+
function buildExecArgv(mode) {
|
|
14
|
+
const baseArgs = workerPath.endsWith(".ts")
|
|
15
|
+
? mode === "node_permission_process"
|
|
16
|
+
? ["--experimental-strip-types"]
|
|
17
|
+
: ["--import", "tsx"]
|
|
18
|
+
: [];
|
|
19
|
+
if (mode !== "node_permission_process") {
|
|
20
|
+
return baseArgs;
|
|
21
|
+
}
|
|
22
|
+
return [
|
|
23
|
+
"--permission",
|
|
24
|
+
...parserReadRoots().map((root) => `--allow-fs-read=${root}`),
|
|
25
|
+
...baseArgs
|
|
26
|
+
];
|
|
27
|
+
}
|
|
28
|
+
class ParserIsolationServiceImpl {
|
|
29
|
+
mode;
|
|
30
|
+
options;
|
|
31
|
+
child;
|
|
32
|
+
closed = false;
|
|
33
|
+
cachedProbe;
|
|
34
|
+
startup;
|
|
35
|
+
pending = new Map();
|
|
36
|
+
constructor(mode, options = {}) {
|
|
37
|
+
this.mode = mode;
|
|
38
|
+
this.options = options;
|
|
39
|
+
}
|
|
40
|
+
async compileObservation(input) {
|
|
41
|
+
const result = await this.sendRequest({
|
|
42
|
+
kind: "parse",
|
|
43
|
+
compilerVersion: input.compilerVersion,
|
|
44
|
+
parserIsolationMode: input.parserIsolationMode ?? this.mode,
|
|
45
|
+
capture: input.capture,
|
|
46
|
+
workflowHash: input.workflowHash,
|
|
47
|
+
allowlistedEgress: input.allowlistedEgress ?? this.options.allowlistedEgress,
|
|
48
|
+
runtime: input.runtime ?? this.options.runtime
|
|
49
|
+
});
|
|
50
|
+
return result;
|
|
51
|
+
}
|
|
52
|
+
async getCachedProbe() {
|
|
53
|
+
if (this.cachedProbe) {
|
|
54
|
+
return this.cachedProbe;
|
|
55
|
+
}
|
|
56
|
+
return this.refreshProbe();
|
|
57
|
+
}
|
|
58
|
+
async refreshProbe() {
|
|
59
|
+
const probe = await this.sendRequest({
|
|
60
|
+
kind: "probe"
|
|
61
|
+
});
|
|
62
|
+
this.cachedProbe = {
|
|
63
|
+
probe,
|
|
64
|
+
lastCheckedAt: new Date().toISOString()
|
|
65
|
+
};
|
|
66
|
+
return this.cachedProbe;
|
|
67
|
+
}
|
|
68
|
+
async close() {
|
|
69
|
+
this.closed = true;
|
|
70
|
+
this.cachedProbe = undefined;
|
|
71
|
+
const pendingError = new Error("parser isolation service closed");
|
|
72
|
+
for (const [requestId, pending] of this.pending.entries()) {
|
|
73
|
+
this.pending.delete(requestId);
|
|
74
|
+
pending.reject(pendingError);
|
|
75
|
+
}
|
|
76
|
+
this.startup = undefined;
|
|
77
|
+
const child = this.child;
|
|
78
|
+
this.child = undefined;
|
|
79
|
+
if (!child) {
|
|
80
|
+
return;
|
|
81
|
+
}
|
|
82
|
+
await new Promise((resolvePromise) => {
|
|
83
|
+
child.once("close", () => resolvePromise());
|
|
84
|
+
child.kill();
|
|
85
|
+
});
|
|
86
|
+
}
|
|
87
|
+
async ensureWorker() {
|
|
88
|
+
if (this.closed) {
|
|
89
|
+
throw new Error("parser isolation service closed");
|
|
90
|
+
}
|
|
91
|
+
if (this.child?.connected) {
|
|
92
|
+
return;
|
|
93
|
+
}
|
|
94
|
+
if (this.startup) {
|
|
95
|
+
return this.startup;
|
|
96
|
+
}
|
|
97
|
+
this.startup = (async () => {
|
|
98
|
+
const child = fork(workerPath, [], {
|
|
99
|
+
env: workerPath.endsWith(".ts") && this.mode !== "node_permission_process"
|
|
100
|
+
? { TSX_DISABLE_CACHE: "1" }
|
|
101
|
+
: {},
|
|
102
|
+
stdio: ["ignore", "ignore", "ignore", "ipc"],
|
|
103
|
+
execArgv: buildExecArgv(this.mode)
|
|
104
|
+
});
|
|
105
|
+
child.unref();
|
|
106
|
+
child.on("message", (message) => this.handleMessage(message));
|
|
107
|
+
child.on("error", (error) => this.handleWorkerFailure(error));
|
|
108
|
+
child.on("exit", (code, signal) => {
|
|
109
|
+
const suffix = signal ? ` (${signal})` : "";
|
|
110
|
+
this.handleWorkerFailure(code && code !== 0 ? new Error(`parser worker exited with code ${code}${suffix}`) : undefined);
|
|
111
|
+
});
|
|
112
|
+
this.child = child;
|
|
113
|
+
if (this.options.allowlistedEgress || this.options.runtime) {
|
|
114
|
+
await this.sendRequest({
|
|
115
|
+
kind: "configure",
|
|
116
|
+
parserIsolationMode: this.mode,
|
|
117
|
+
allowlistedEgress: this.options.allowlistedEgress,
|
|
118
|
+
runtime: this.options.runtime
|
|
119
|
+
});
|
|
120
|
+
}
|
|
121
|
+
})().finally(() => {
|
|
122
|
+
this.startup = undefined;
|
|
123
|
+
});
|
|
124
|
+
return this.startup;
|
|
125
|
+
}
|
|
126
|
+
handleMessage(message) {
|
|
127
|
+
if (!message || typeof message !== "object" || !("requestId" in message)) {
|
|
128
|
+
return;
|
|
129
|
+
}
|
|
130
|
+
const response = message;
|
|
131
|
+
const pending = this.pending.get(response.requestId);
|
|
132
|
+
if (!pending) {
|
|
133
|
+
return;
|
|
134
|
+
}
|
|
135
|
+
this.pending.delete(response.requestId);
|
|
136
|
+
if (!response.ok) {
|
|
137
|
+
pending.reject(new Error(response.error));
|
|
138
|
+
return;
|
|
139
|
+
}
|
|
140
|
+
pending.resolve((response.probe ?? response.result));
|
|
141
|
+
}
|
|
142
|
+
handleWorkerFailure(error) {
|
|
143
|
+
this.cachedProbe = undefined;
|
|
144
|
+
const child = this.child;
|
|
145
|
+
this.child = undefined;
|
|
146
|
+
if (child) {
|
|
147
|
+
child.removeAllListeners();
|
|
148
|
+
}
|
|
149
|
+
if (this.closed && this.pending.size === 0) {
|
|
150
|
+
return;
|
|
151
|
+
}
|
|
152
|
+
const failure = error ?? new Error("parser worker exited unexpectedly");
|
|
153
|
+
for (const [requestId, pending] of this.pending.entries()) {
|
|
154
|
+
this.pending.delete(requestId);
|
|
155
|
+
pending.reject(failure);
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
async sendRequest(payload) {
|
|
159
|
+
await this.ensureWorker();
|
|
160
|
+
const child = this.child;
|
|
161
|
+
if (!child?.connected) {
|
|
162
|
+
throw new Error("parser worker is not connected");
|
|
163
|
+
}
|
|
164
|
+
return new Promise((resolvePromise, rejectPromise) => {
|
|
165
|
+
const requestId = randomUUID();
|
|
166
|
+
this.pending.set(requestId, {
|
|
167
|
+
resolve: (value) => resolvePromise(value),
|
|
168
|
+
reject: rejectPromise
|
|
169
|
+
});
|
|
170
|
+
try {
|
|
171
|
+
child.send({
|
|
172
|
+
requestId,
|
|
173
|
+
payload
|
|
174
|
+
});
|
|
175
|
+
}
|
|
176
|
+
catch (error) {
|
|
177
|
+
this.pending.delete(requestId);
|
|
178
|
+
rejectPromise(error instanceof Error ? error : new Error(String(error)));
|
|
179
|
+
}
|
|
180
|
+
});
|
|
181
|
+
}
|
|
182
|
+
}
|
|
183
|
+
const defaultServices = new Map();
|
|
184
|
+
function defaultServiceForMode(mode) {
|
|
185
|
+
let service = defaultServices.get(mode);
|
|
186
|
+
if (!service) {
|
|
187
|
+
service = createParserIsolationService(mode);
|
|
188
|
+
defaultServices.set(mode, service);
|
|
189
|
+
}
|
|
190
|
+
return service;
|
|
191
|
+
}
|
|
192
|
+
export function createParserIsolationService(parserIsolationMode = "scrubbed_process", options = {}) {
|
|
193
|
+
return new ParserIsolationServiceImpl(parserIsolationMode, options);
|
|
194
|
+
}
|
|
195
|
+
export function compileObservationInIsolation(input) {
|
|
196
|
+
const mode = input.parserIsolationMode ?? "scrubbed_process";
|
|
197
|
+
return defaultServiceForMode(mode).compileObservation({
|
|
198
|
+
...input,
|
|
199
|
+
parserIsolationMode: mode
|
|
200
|
+
});
|
|
201
|
+
}
|
|
202
|
+
export function probeParserIsolation(parserIsolationMode = "scrubbed_process") {
|
|
203
|
+
return defaultServiceForMode(parserIsolationMode)
|
|
204
|
+
.refreshProbe()
|
|
205
|
+
.then((snapshot) => snapshot.probe);
|
|
206
|
+
}
|
|
207
|
+
//# sourceMappingURL=parserIsolation.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parserIsolation.js","sourceRoot":"","sources":["../src/parserIsolation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,IAAI,EAAqB,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAW7C,MAAM,SAAS,GAAG,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC1D,MAAM,kBAAkB,GAAG,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;AACjE,MAAM,gBAAgB,GAAG,OAAO,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;AAC/D,MAAM,UAAU,GAAG,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,gBAAgB,CAAC;AA+E1F,SAAS,eAAe;IACtB,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1F,CAAC;AAED,SAAS,aAAa,CAAC,IAAyB;IAC9C,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QACzC,CAAC,CAAC,IAAI,KAAK,yBAAyB;YAClC,CAAC,CAAC,CAAC,4BAA4B,CAAC;YAChC,CAAC,CAAC,CAAC,UAAU,EAAE,KAAK,CAAC;QACvB,CAAC,CAAC,EAAE,CAAC;IACP,IAAI,IAAI,KAAK,yBAAyB,EAAE,CAAC;QACvC,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO;QACL,cAAc;QACd,GAAG,eAAe,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,mBAAmB,IAAI,EAAE,CAAC;QAC7D,GAAG,QAAQ;KACZ,CAAC;AACJ,CAAC;AAOD,MAAM,0BAA0B;IAYX;IACA;IAZX,KAAK,CAAgB;IAErB,MAAM,GAAG,KAAK,CAAC;IAEf,WAAW,CAAgC;IAE3C,OAAO,CAAiB;IAEf,OAAO,GAAG,IAAI,GAAG,EAAmC,CAAC;IAEtE,YACmB,IAAyB,EACzB,UAAyC,EAAE;QAD3C,SAAI,GAAJ,IAAI,CAAqB;QACzB,YAAO,GAAP,OAAO,CAAoC;IAC3D,CAAC;IAEJ,KAAK,CAAC,kBAAkB,CAAC,KAOxB;QAMC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAKlC;YACD,IAAI,EAAE,OAAO;YACb,eAAe,EAAE,KAAK,CAAC,eAAe;YACtC,mBAAmB,EAAE,KAAK,CAAC,mBAAmB,IAAI,IAAI,CAAC,IAAI;YAC3D,OAAO,EAAE,KAAK,CAAC,OAAO;YACtB,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,iBAAiB,EACf,KAAK,CAAC,iBAAiB,IAAI,IAAI,CAAC,OAAO,CAAC,iBAAiB;YAC3D,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO;SAC/C,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1B,CAAC;QAED,OAAO,IAAI,CAAC,YAAY,EAAE,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAoB;YACtD,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,GAAG;YACjB,KAAK;YACL,aAAa,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACxC,CAAC;QACF,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC7B,MAAM,YAAY,GAAG,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAClE,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YAC1D,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC/B,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC/B,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QAEzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;QACT,CAAC;QAED,MAAM,IAAI,OAAO,CAAO,CAAC,cAAc,EAAE,EAAE;YACzC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,cAAc,EAAE,CAAC,CAAC;YAC5C,KAAK,CAAC,IAAI,EAAE,CAAC;QACf,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC;YAC1B,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,OAAO,CAAC;QACtB,CAAC;QAED,IAAI,CAAC,OAAO,GAAG,CAAC,KAAK,IAAI,EAAE;YACzB,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,EAAE,EAAE;gBACjC,GAAG,EACD,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,IAAI,KAAK,yBAAyB;oBACnE,CAAC,CAAC,EAAE,iBAAiB,EAAE,GAAG,EAAE;oBAC5B,CAAC,CAAC,EAAE;gBACR,KAAK,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,CAAC;gBAC5C,QAAQ,EAAE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;aACnC,CAAC,CAAC;YACH,KAAK,CAAC,KAAK,EAAE,CAAC;YAEd,KAAK,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAgB,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC;YACvE,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,CAAC;YAC9D,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE;gBAChC,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC5C,IAAI,CAAC,mBAAmB,CACtB,IAAI,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,kCAAkC,IAAI,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAC9F,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YAEnB,IAAI,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC3D,MAAM,IAAI,CAAC,WAAW,CAAO;oBAC3B,IAAI,EAAE,WAAW;oBACjB,mBAAmB,EAAE,IAAI,CAAC,IAAI;oBAC9B,iBAAiB,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB;oBACjD,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;iBAC9B,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE;YAChB,IAAI,CAAC,OAAO,GAAG,SAAS,CAAC;QAC3B,CAAC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAEO,aAAa,CAAC,OAAgB;QACpC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW,IAAI,OAAO,CAAC,EAAE,CAAC;YACzE,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAG,OAAiC,CAAC;QACnD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACrD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACxC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1C,OAAO;QACT,CAAC;QAED,OAAO,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,MAAM,CAAY,CAAC,CAAC;IAClE,CAAC;IAEO,mBAAmB,CAAC,KAAa;QACvC,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,IAAI,KAAK,EAAE,CAAC;YACV,KAAK,CAAC,kBAAkB,EAAE,CAAC;QAC7B,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YAC3C,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,KAAK,IAAI,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACxE,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YAC1D,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YAC/B,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,WAAW,CAAI,OAAsB;QACjD,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAE1B,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,IAAI,OAAO,CAAI,CAAC,cAAc,EAAE,aAAa,EAAE,EAAE;YACtD,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE;gBAC1B,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,cAAc,CAAC,KAAU,CAAC;gBAC9C,MAAM,EAAE,aAAa;aACtB,CAAC,CAAC;YAEH,IAAI,CAAC;gBACH,KAAK,CAAC,IAAI,CAAC;oBACT,SAAS;oBACT,OAAO;iBACwB,CAAC,CAAC;YACrC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC/B,aAAa,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,eAAe,GAAG,IAAI,GAAG,EAA+C,CAAC;AAE/E,SAAS,qBAAqB,CAAC,IAAyB;IACtD,IAAI,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,4BAA4B,CAAC,IAAI,CAAC,CAAC;QAC7C,eAAe,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,sBAA2C,kBAAkB,EAC7D,UAAyC,EAAE;IAE3C,OAAO,IAAI,0BAA0B,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;AACtE,CAAC;AAED,MAAM,UAAU,6BAA6B,CAAC,KAO7C;IAMC,MAAM,IAAI,GAAG,KAAK,CAAC,mBAAmB,IAAI,kBAAkB,CAAC;IAC7D,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC,kBAAkB,CAAC;QACpD,GAAG,KAAK;QACR,mBAAmB,EAAE,IAAI;KAC1B,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,sBAA2C,kBAAkB;IAE7D,OAAO,qBAAqB,CAAC,mBAAmB,CAAC;SAC9C,YAAY,EAAE;SACd,IAAI,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parserWorker.d.ts","sourceRoot":"","sources":["../src/parserWorker.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
import { existsSync } from "node:fs";
|
|
2
|
+
import { createRequire } from "node:module";
|
|
3
|
+
import os from "node:os";
|
|
4
|
+
import process from "node:process";
|
|
5
|
+
const require = createRequire(import.meta.url);
|
|
6
|
+
function denyNetwork(message = "Parser worker egress denied") {
|
|
7
|
+
const denial = () => {
|
|
8
|
+
throw new Error(message);
|
|
9
|
+
};
|
|
10
|
+
const http = require("node:http");
|
|
11
|
+
const https = require("node:https");
|
|
12
|
+
const net = require("node:net");
|
|
13
|
+
const tls = require("node:tls");
|
|
14
|
+
const dns = require("node:dns");
|
|
15
|
+
http.request = denial;
|
|
16
|
+
http.get = denial;
|
|
17
|
+
https.request = denial;
|
|
18
|
+
https.get = denial;
|
|
19
|
+
net.connect = denial;
|
|
20
|
+
net.createConnection = denial;
|
|
21
|
+
tls.connect = denial;
|
|
22
|
+
dns.lookup = denial;
|
|
23
|
+
dns.resolve = denial;
|
|
24
|
+
dns.resolve4 = denial;
|
|
25
|
+
dns.resolve6 = denial;
|
|
26
|
+
Object.assign(globalThis, {
|
|
27
|
+
fetch: async () => {
|
|
28
|
+
throw new Error(message);
|
|
29
|
+
}
|
|
30
|
+
});
|
|
31
|
+
}
|
|
32
|
+
function lockDownEnvironment() {
|
|
33
|
+
for (const key of Object.keys(process.env)) {
|
|
34
|
+
delete process.env[key];
|
|
35
|
+
}
|
|
36
|
+
denyNetwork();
|
|
37
|
+
}
|
|
38
|
+
async function probeIsolation() {
|
|
39
|
+
let egressDenied = false;
|
|
40
|
+
try {
|
|
41
|
+
await globalThis.fetch("https://example.com");
|
|
42
|
+
}
|
|
43
|
+
catch {
|
|
44
|
+
egressDenied = true;
|
|
45
|
+
}
|
|
46
|
+
const permissionModelEnabled = Boolean(process.permission);
|
|
47
|
+
const fsReadRestricted = permissionModelEnabled
|
|
48
|
+
? !process.permission.has("fs.read", os.tmpdir()) && !process.permission.has("fs.read", os.homedir())
|
|
49
|
+
: false;
|
|
50
|
+
return {
|
|
51
|
+
mode: permissionModelEnabled ? "node_permission_process" : "scrubbed_process",
|
|
52
|
+
envKeys: Object.keys(process.env),
|
|
53
|
+
egressDenied,
|
|
54
|
+
processIsolated: true,
|
|
55
|
+
permissionModelEnabled,
|
|
56
|
+
fsReadRestricted,
|
|
57
|
+
childProcessDenied: permissionModelEnabled ? !process.permission.has("child") : false,
|
|
58
|
+
workerThreadsDenied: permissionModelEnabled ? !process.permission.has("worker") : false
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
lockDownEnvironment();
|
|
62
|
+
let cachedProbePromise;
|
|
63
|
+
let cachedCoreRuntimePromise;
|
|
64
|
+
let workerRuntimeDefaults;
|
|
65
|
+
let workerAllowlistedEgress = [];
|
|
66
|
+
let workerParserIsolationMode;
|
|
67
|
+
async function getCachedProbe() {
|
|
68
|
+
if (!cachedProbePromise) {
|
|
69
|
+
cachedProbePromise = probeIsolation();
|
|
70
|
+
}
|
|
71
|
+
return cachedProbePromise;
|
|
72
|
+
}
|
|
73
|
+
async function loadCoreRuntime(parserIsolationMode) {
|
|
74
|
+
if (cachedCoreRuntimePromise) {
|
|
75
|
+
return cachedCoreRuntimePromise;
|
|
76
|
+
}
|
|
77
|
+
cachedCoreRuntimePromise = (async () => {
|
|
78
|
+
if (import.meta.url.endsWith(".ts")) {
|
|
79
|
+
if (parserIsolationMode === "node_permission_process") {
|
|
80
|
+
const distEntryUrl = new URL("../../core/dist/index.js", import.meta.url);
|
|
81
|
+
if (existsSync(distEntryUrl)) {
|
|
82
|
+
return import(distEntryUrl.href);
|
|
83
|
+
}
|
|
84
|
+
throw new Error("secure profile parser worker requires a built @safebrowse/core dist runtime");
|
|
85
|
+
}
|
|
86
|
+
const sourceEntryUrl = new URL("../../core/src/index.ts", import.meta.url).href;
|
|
87
|
+
return import(sourceEntryUrl);
|
|
88
|
+
}
|
|
89
|
+
return import("@safebrowse/core");
|
|
90
|
+
})();
|
|
91
|
+
return cachedCoreRuntimePromise;
|
|
92
|
+
}
|
|
93
|
+
function sendResponse(requestId, message) {
|
|
94
|
+
process.send?.({
|
|
95
|
+
requestId,
|
|
96
|
+
...message
|
|
97
|
+
});
|
|
98
|
+
}
|
|
99
|
+
process.on("message", async (message) => {
|
|
100
|
+
try {
|
|
101
|
+
const payload = message.payload;
|
|
102
|
+
if (payload.kind === "configure") {
|
|
103
|
+
workerRuntimeDefaults = payload.runtime;
|
|
104
|
+
workerAllowlistedEgress = payload.allowlistedEgress ?? [];
|
|
105
|
+
workerParserIsolationMode = payload.parserIsolationMode;
|
|
106
|
+
await loadCoreRuntime(workerParserIsolationMode);
|
|
107
|
+
sendResponse(message.requestId, {
|
|
108
|
+
ok: true
|
|
109
|
+
});
|
|
110
|
+
return;
|
|
111
|
+
}
|
|
112
|
+
if (payload.kind === "probe") {
|
|
113
|
+
sendResponse(message.requestId, {
|
|
114
|
+
ok: true,
|
|
115
|
+
probe: await getCachedProbe()
|
|
116
|
+
});
|
|
117
|
+
return;
|
|
118
|
+
}
|
|
119
|
+
const parserIsolationMode = payload.parserIsolationMode ??
|
|
120
|
+
workerParserIsolationMode ??
|
|
121
|
+
(await getCachedProbe()).mode;
|
|
122
|
+
const { compileObservation, compileObservationV5, computeToolManifestHash, computeToolSchemaHash } = await loadCoreRuntime(parserIsolationMode);
|
|
123
|
+
const compiler = payload.compilerVersion === "v5" ? compileObservationV5 : compileObservation;
|
|
124
|
+
const probe = await getCachedProbe();
|
|
125
|
+
const runtime = payload.runtime ?? workerRuntimeDefaults ?? {};
|
|
126
|
+
const allowlistedEgress = payload.allowlistedEgress ?? workerAllowlistedEgress;
|
|
127
|
+
const result = compiler(payload.capture, runtime, {
|
|
128
|
+
workflowHash: payload.workflowHash,
|
|
129
|
+
parserIsolation: {
|
|
130
|
+
mode: probe.mode,
|
|
131
|
+
processIsolated: probe.processIsolated,
|
|
132
|
+
envScrubbed: probe.envKeys.length === 0,
|
|
133
|
+
egressDenied: probe.egressDenied,
|
|
134
|
+
permissionModelEnabled: probe.permissionModelEnabled,
|
|
135
|
+
fsReadRestricted: probe.fsReadRestricted,
|
|
136
|
+
childProcessDenied: probe.childProcessDenied,
|
|
137
|
+
workerThreadsDenied: probe.workerThreadsDenied,
|
|
138
|
+
envKeys: probe.envKeys,
|
|
139
|
+
allowlistedEgress
|
|
140
|
+
}
|
|
141
|
+
});
|
|
142
|
+
const toolManifestDigests = payload.capture.surfaceType === "tool_manifest"
|
|
143
|
+
? {
|
|
144
|
+
manifestHash: computeToolManifestHash({
|
|
145
|
+
toolId: payload.capture.toolId,
|
|
146
|
+
description: payload.capture.description,
|
|
147
|
+
authType: payload.capture.authType,
|
|
148
|
+
requestedScopes: payload.capture.requestedScopes,
|
|
149
|
+
callbackUri: payload.capture.callbackUri
|
|
150
|
+
}),
|
|
151
|
+
schemaHash: computeToolSchemaHash(payload.capture.schemaDescriptions)
|
|
152
|
+
}
|
|
153
|
+
: undefined;
|
|
154
|
+
sendResponse(message.requestId, {
|
|
155
|
+
ok: true,
|
|
156
|
+
result: {
|
|
157
|
+
...result,
|
|
158
|
+
toolManifestDigests
|
|
159
|
+
}
|
|
160
|
+
});
|
|
161
|
+
}
|
|
162
|
+
catch (error) {
|
|
163
|
+
sendResponse(message.requestId, {
|
|
164
|
+
ok: false,
|
|
165
|
+
error: error instanceof Error ? error.message : String(error)
|
|
166
|
+
});
|
|
167
|
+
}
|
|
168
|
+
});
|
|
169
|
+
//# sourceMappingURL=parserWorker.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parserWorker.js","sourceRoot":"","sources":["../src/parserWorker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,OAAO,MAAM,cAAc,CAAC;AAInC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAE/C,SAAS,WAAW,CAAC,OAAO,GAAG,6BAA6B;IAC1D,MAAM,MAAM,GAAG,GAAG,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC,CAAC;IAEF,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAClC,MAAM,KAAK,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IACpC,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAEhC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACtB,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC;IAClB,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC;IACvB,KAAK,CAAC,GAAG,GAAG,MAAM,CAAC;IACnB,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC;IACrB,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;IAC9B,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC;IACrB,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC;IACpB,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC;IACrB,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC;IACtB,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC;IAEtB,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE;QACxB,KAAK,EAAE,KAAK,IAAI,EAAE;YAChB,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;QAC3B,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB;IAC1B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3C,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IACD,WAAW,EAAE,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,cAAc;IAU3B,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,UAAU,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC;IAAC,MAAM,CAAC;QACP,YAAY,GAAG,IAAI,CAAC;IACtB,CAAC;IAED,MAAM,sBAAsB,GAAG,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAC3D,MAAM,gBAAgB,GAAG,sBAAsB;QAC7C,CAAC,CAAC,CAAC,OAAO,CAAC,UAAW,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,UAAW,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,OAAO,EAAE,CAAC;QACvG,CAAC,CAAC,KAAK,CAAC;IACV,OAAO;QACL,IAAI,EAAE,sBAAsB,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,kBAAkB;QAC7E,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC;QACjC,YAAY;QACZ,eAAe,EAAE,IAAI;QACrB,sBAAsB;QACtB,gBAAgB;QAChB,kBAAkB,EAAE,sBAAsB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK;QACtF,mBAAmB,EAAE,sBAAsB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,KAAK;KACzF,CAAC;AACJ,CAAC;AAED,mBAAmB,EAAE,CAAC;AAEtB,IAAI,kBAAmF,CAAC;AACxF,IAAI,wBAOS,CAAC;AACd,IAAI,qBAA0D,CAAC;AAC/D,IAAI,uBAAuB,GAAa,EAAE,CAAC;AAC3C,IAAI,yBAAqF,CAAC;AAE1F,KAAK,UAAU,cAAc;IAC3B,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,kBAAkB,GAAG,cAAc,EAAE,CAAC;IACxC,CAAC;IACD,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,mBAAoE;IAOpE,IAAI,wBAAwB,EAAE,CAAC;QAC7B,OAAO,wBAAwB,CAAC;IAClC,CAAC;IAED,wBAAwB,GAAG,CAAC,KAAK,IAAI,EAAE;QACrC,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACpC,IAAI,mBAAmB,KAAK,yBAAyB,EAAE,CAAC;gBACtD,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,0BAA0B,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBAC1E,IAAI,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;oBAC7B,OAAO,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;gBACnC,CAAC;gBACD,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC,CAAC;YACjG,CAAC;YACD,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,yBAAyB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAChF,OAAO,MAAM,CAAC,cAAc,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACpC,CAAC,CAAC,EAAE,CAAC;IAEL,OAAO,wBAAwB,CAAC;AAClC,CAAC;AA+BD,SAAS,YAAY,CACnB,SAAiB,EACjB,OAiBK;IAEL,OAAO,CAAC,IAAI,EAAE,CAAC;QACb,SAAS;QACT,GAAG,OAAO;KACX,CAAC,CAAC;AACL,CAAC;AAED,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,KAAK,EAAE,OAA4B,EAAE,EAAE;IAC3D,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAChC,IAAI,OAAO,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACjC,qBAAqB,GAAG,OAAO,CAAC,OAAO,CAAC;YACxC,uBAAuB,GAAG,OAAO,CAAC,iBAAiB,IAAI,EAAE,CAAC;YAC1D,yBAAyB,GAAG,OAAO,CAAC,mBAAmB,CAAC;YACxD,MAAM,eAAe,CAAC,yBAAyB,CAAC,CAAC;YACjD,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE;gBAC9B,EAAE,EAAE,IAAI;aACT,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAC7B,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE;gBAC9B,EAAE,EAAE,IAAI;gBACR,KAAK,EAAE,MAAM,cAAc,EAAE;aAC9B,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,mBAAmB,GACvB,OAAO,CAAC,mBAAmB;YAC3B,yBAAyB;YACzB,CAAC,MAAM,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC;QAChC,MAAM,EACJ,kBAAkB,EAClB,oBAAoB,EACpB,uBAAuB,EACvB,qBAAqB,EACtB,GACC,MAAM,eAAe,CAAC,mBAAmB,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,OAAO,CAAC,eAAe,KAAK,IAAI,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,kBAAkB,CAAC;QAC9F,MAAM,KAAK,GAAG,MAAM,cAAc,EAAE,CAAC;QACrC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,qBAAqB,IAAI,EAAE,CAAC;QAC/D,MAAM,iBAAiB,GAAG,OAAO,CAAC,iBAAiB,IAAI,uBAAuB,CAAC;QAC/E,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,EAAE;YAChD,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,eAAe,EAAE;gBACf,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,eAAe,EAAE,KAAK,CAAC,eAAe;gBACtC,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC;gBACvC,YAAY,EAAE,KAAK,CAAC,YAAY;gBAChC,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;gBACpD,gBAAgB,EAAE,KAAK,CAAC,gBAAgB;gBACxC,kBAAkB,EAAE,KAAK,CAAC,kBAAkB;gBAC5C,mBAAmB,EAAE,KAAK,CAAC,mBAAmB;gBAC9C,OAAO,EAAE,KAAK,CAAC,OAAO;gBACtB,iBAAiB;aAClB;SACF,CAAC,CAAC;QACH,MAAM,mBAAmB,GACvB,OAAO,CAAC,OAAO,CAAC,WAAW,KAAK,eAAe;YAC7C,CAAC,CAAC;gBACE,YAAY,EAAE,uBAAuB,CAAC;oBACpC,MAAM,EAAE,OAAO,CAAC,OAAO,CAAC,MAAM;oBAC9B,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW;oBACxC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,QAAQ;oBAClC,eAAe,EAAE,OAAO,CAAC,OAAO,CAAC,eAAe;oBAChD,WAAW,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW;iBACzC,CAAC;gBACF,UAAU,EAAE,qBAAqB,CAAC,OAAO,CAAC,OAAO,CAAC,kBAAkB,CAAC;aACtE;YACH,CAAC,CAAC,SAAS,CAAC;QAEhB,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE;YAC9B,EAAE,EAAE,IAAI;YACR,MAAM,EAAE;gBACN,GAAG,MAAM;gBACT,mBAAmB;aACpB;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,YAAY,CAAC,OAAO,CAAC,SAAS,EAAE;YAC9B,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;SAC9D,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,CAAC"}
|