@wrongstack/core 0.3.8 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/defaults/index.js +29 -22
- package/dist/defaults/index.js.map +1 -1
- package/dist/index.js +30 -22
- package/dist/index.js.map +1 -1
- package/dist/infrastructure/index.js +4 -16
- package/dist/infrastructure/index.js.map +1 -1
- package/dist/security/index.js +16 -5
- package/dist/security/index.js.map +1 -1
- package/dist/storage/index.js +9 -1
- package/dist/storage/index.js.map +1 -1
- package/dist/types/index.js +16 -5
- package/dist/types/index.js.map +1 -1
- package/package.json +1 -1
package/dist/types/index.js
CHANGED
|
@@ -393,7 +393,7 @@ function walkCount(node, vault, counter) {
|
|
|
393
393
|
if (Array.isArray(node)) {
|
|
394
394
|
return node.map((item) => walkCount(item, vault, counter));
|
|
395
395
|
}
|
|
396
|
-
const out =
|
|
396
|
+
const out = /* @__PURE__ */ Object.create(null);
|
|
397
397
|
for (const [k, v] of Object.entries(node)) {
|
|
398
398
|
if (typeof v === "string" && isSecretField(k) && !vault.isEncrypted(v) && v.length > 0) {
|
|
399
399
|
out[k] = vault.encrypt(v);
|
|
@@ -406,7 +406,15 @@ function walkCount(node, vault, counter) {
|
|
|
406
406
|
}
|
|
407
407
|
return out;
|
|
408
408
|
}
|
|
409
|
-
var FORBIDDEN_PROTO_KEYS = /* @__PURE__ */ new Set([
|
|
409
|
+
var FORBIDDEN_PROTO_KEYS = /* @__PURE__ */ new Set([
|
|
410
|
+
"__proto__",
|
|
411
|
+
"constructor",
|
|
412
|
+
"prototype",
|
|
413
|
+
"__defineGetter__",
|
|
414
|
+
"__defineSetter__",
|
|
415
|
+
"__lookupGetter__",
|
|
416
|
+
"__lookupSetter__"
|
|
417
|
+
]);
|
|
410
418
|
function deepMerge(a, b) {
|
|
411
419
|
const out = { ...a };
|
|
412
420
|
for (const [k, v] of Object.entries(b)) {
|
|
@@ -1152,12 +1160,15 @@ var PATTERNS = [
|
|
|
1152
1160
|
{ type: "redis_uri", regex: /redis:\/\/[^\s"'`]+/g },
|
|
1153
1161
|
{
|
|
1154
1162
|
type: "bearer_token",
|
|
1155
|
-
|
|
1163
|
+
// Bounded at 512 chars to prevent catastrophic backtracking on adversarial input.
|
|
1164
|
+
// Negative lookahead is a simple single-char check — no backtracking risk.
|
|
1165
|
+
regex: /(?<![A-Za-z0-9_.~+/-])Bearer\s+[A-Za-z0-9._~+/-]{20,512}=*(?![A-Za-z0-9_.~+/-])/g
|
|
1156
1166
|
},
|
|
1157
1167
|
{
|
|
1158
1168
|
type: "high_entropy_env",
|
|
1159
|
-
// Value
|
|
1160
|
-
|
|
1169
|
+
// Value bounded at 512 chars; negative lookahead simplified to avoid
|
|
1170
|
+
// nested quantifier backtracking on adversarial input.
|
|
1171
|
+
regex: /\b([A-Z_]{4,}(?:KEY|TOKEN|SECRET|PASSWORD|PWD))\s*[:=]\s*['"]?([A-Za-z0-9_/+=-]{20,512})['"]?/g
|
|
1161
1172
|
}
|
|
1162
1173
|
];
|
|
1163
1174
|
var SCRUB_CHUNK_BYTES = 64 * 1024;
|