@safebrowse/daemon 0.1.2 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +64 -1
- package/dist/cli.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -1
- package/dist/index.js.map +1 -1
- package/dist/parserIsolation.d.ts +48 -0
- package/dist/parserIsolation.d.ts.map +1 -0
- package/dist/parserIsolation.js +207 -0
- package/dist/parserIsolation.js.map +1 -0
- package/dist/parserWorker.d.ts +2 -0
- package/dist/parserWorker.d.ts.map +1 -0
- package/dist/parserWorker.js +169 -0
- package/dist/parserWorker.js.map +1 -0
- package/dist/runtime/config/auditor/v4_prompt_injection_coverage_suite.json +2789 -0
- package/dist/runtime/config/auditor/v5_secure_claim_suite.json +70 -0
- package/dist/server.d.ts +7 -1
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +2143 -27
- package/dist/server.js.map +1 -1
- package/package.json +2 -2
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
{
|
|
2
|
+
"suite_id": "safebrowse-v5-secure-claim-suite",
|
|
3
|
+
"claim_profile": "secure_v5",
|
|
4
|
+
"cases": [
|
|
5
|
+
{
|
|
6
|
+
"id": "V5-01",
|
|
7
|
+
"title": "Hidden anchor on first observation does not mint capability",
|
|
8
|
+
"kind": "hidden_html",
|
|
9
|
+
"html": "<main>Visible docs only.</main><div hidden><a href=\"https://docs.python.org/3/tutorial/\">continuity path</a></div>",
|
|
10
|
+
"visible_text": "Visible docs only.",
|
|
11
|
+
"expected": {
|
|
12
|
+
"decision": "BLOCK_OR_FACTS_ONLY",
|
|
13
|
+
"capabilities": []
|
|
14
|
+
}
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": "V5-02",
|
|
18
|
+
"title": "Visible allowlisted anchor mints one navigate capability",
|
|
19
|
+
"kind": "visible_navigation",
|
|
20
|
+
"html": "<main>Visible docs only.</main><a href=\"https://docs.python.org/3/tutorial/\">Docs</a>",
|
|
21
|
+
"visible_text": "Visible docs only. Docs",
|
|
22
|
+
"expected": {
|
|
23
|
+
"decision": "ALLOW",
|
|
24
|
+
"capabilities": ["navigate"]
|
|
25
|
+
}
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
"id": "V5-03",
|
|
29
|
+
"title": "Visible navigate capability cannot authorize connector onboarding",
|
|
30
|
+
"kind": "navigate_cannot_issue_connector_approval",
|
|
31
|
+
"html": "<main>Visible docs only.</main><a href=\"https://docs.python.org/3/tutorial/\">Docs</a>",
|
|
32
|
+
"visible_text": "Visible docs only. Docs",
|
|
33
|
+
"expected": {
|
|
34
|
+
"decision": "BLOCK"
|
|
35
|
+
}
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
"id": "V5-04",
|
|
39
|
+
"title": "Unsigned broker approval is rejected",
|
|
40
|
+
"kind": "unsigned_connector_approval",
|
|
41
|
+
"expected": {
|
|
42
|
+
"decision": "BLOCK"
|
|
43
|
+
}
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
"id": "V5-05",
|
|
47
|
+
"title": "Signed connector approval prepares onboarding",
|
|
48
|
+
"kind": "signed_connector_prepare",
|
|
49
|
+
"expected": {
|
|
50
|
+
"decision": "ALLOW"
|
|
51
|
+
}
|
|
52
|
+
},
|
|
53
|
+
{
|
|
54
|
+
"id": "V5-06",
|
|
55
|
+
"title": "Callback mismatch is rejected",
|
|
56
|
+
"kind": "callback_mismatch",
|
|
57
|
+
"expected": {
|
|
58
|
+
"decision": "BLOCK"
|
|
59
|
+
}
|
|
60
|
+
},
|
|
61
|
+
{
|
|
62
|
+
"id": "V5-07",
|
|
63
|
+
"title": "Secure profile disables legacy routes",
|
|
64
|
+
"kind": "legacy_route_disabled",
|
|
65
|
+
"expected": {
|
|
66
|
+
"decision": "BLOCK"
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
]
|
|
70
|
+
}
|
package/dist/server.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { type Server } from "node:http";
|
|
2
|
-
import { type KnowledgeBaseContext, type PolicyPack } from "@safebrowse/core";
|
|
2
|
+
import { type KnowledgeBaseContext, type ParserIsolationMode, type PolicyPack } from "@safebrowse/core";
|
|
3
3
|
import type { VerifiedRegistryBundle } from "@safebrowse/core";
|
|
4
4
|
export interface SafeBrowseDaemonOptions {
|
|
5
5
|
host?: string;
|
|
@@ -8,6 +8,12 @@ export interface SafeBrowseDaemonOptions {
|
|
|
8
8
|
policyPack?: PolicyPack;
|
|
9
9
|
knowledgeBase?: KnowledgeBaseContext;
|
|
10
10
|
verifiedRegistry?: VerifiedRegistryBundle;
|
|
11
|
+
parserAllowlistedEgress?: string[];
|
|
12
|
+
parserIsolationMode?: ParserIsolationMode;
|
|
13
|
+
deploymentProfile?: "development" | "secure_v5" | "secure_v6";
|
|
14
|
+
approvalBrokerPublicKeyPath?: string;
|
|
15
|
+
approvalBrokerPublicKeyPem?: string;
|
|
16
|
+
approvalBrokerMode?: "signature_verification" | "external_service";
|
|
11
17
|
}
|
|
12
18
|
export declare function createSafeBrowseServer(options?: SafeBrowseDaemonOptions): Promise<Server>;
|
|
13
19
|
export declare function startSafeBrowseDaemon(options?: SafeBrowseDaemonOptions): Promise<Server>;
|
package/dist/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAEA,OAAO,EAAsC,KAAK,MAAM,EAAuB,MAAM,WAAW,CAAC;AAIjG,OAAO,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAEA,OAAO,EAAsC,KAAK,MAAM,EAAuB,MAAM,WAAW,CAAC;AAIjG,OAAO,EAiDL,KAAK,oBAAoB,EAazB,KAAK,mBAAmB,EAExB,KAAK,UAAU,EAWhB,MAAM,kBAAkB,CAAC;AAW1B,OAAO,KAAK,EAAE,sBAAsB,EAAyB,MAAM,kBAAkB,CAAC;AAEtF,MAAM,WAAW,uBAAuB;IACtC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,aAAa,CAAC,EAAE,oBAAoB,CAAC;IACrC,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;IAC1C,uBAAuB,CAAC,EAAE,MAAM,EAAE,CAAC;IACnC,mBAAmB,CAAC,EAAE,mBAAmB,CAAC;IAC1C,iBAAiB,CAAC,EAAE,aAAa,GAAG,WAAW,GAAG,WAAW,CAAC;IAC9D,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,kBAAkB,CAAC,EAAE,wBAAwB,GAAG,kBAAkB,CAAC;CACpE;AAg3BD,wBAAsB,sBAAsB,CAC1C,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,CAAC,CAooEjB;AAED,wBAAsB,qBAAqB,CACzC,OAAO,GAAE,uBAA4B,GACpC,OAAO,CAAC,MAAM,CAAC,CAWjB"}
|