gatekeeper-cdr 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/gatekeeper.darwin-arm64.node +0 -0
  2. package/gatekeeper.darwin-x64.node +0 -0
  3. package/gatekeeper.linux-x64-gnu.node +0 -0
  4. package/gatekeeper.win32-x64-msvc.node +0 -0
  5. package/index.d.ts +20 -0
  6. package/index.js +315 -0
  7. package/package.json +18 -0
  8. package/test.js +36 -0
package/gatekeeper.darwin-arm64.node ADDED
Binary file
package/gatekeeper.darwin-x64.node ADDED
Binary file
package/gatekeeper.linux-x64-gnu.node ADDED
Binary file
package/gatekeeper.win32-x64-msvc.node ADDED
Binary file
package/index.d.ts ADDED
@@ -0,0 +1,20 @@
1
+ /* tslint:disable */
2
+ /* eslint-disable */
3
+
4
+ /* auto-generated by NAPI-RS */
5
+
6
+ export interface NodeDisarmResult {
7
+ /** The mathematically safe, reconstructed byte stream, returned as a Node.js Buffer. */
8
+ buffer: Buffer
9
+ originalSizeBytes: number
10
+ finalSizeBytes: number
11
+ detectedFormat: string
12
+ }
13
+ /**
14
+ * Zero-trust Content Disarm and Reconstruction pipeline.
15
+ * Safely processes untrusted bytes and guarantees output is mathematically safe.
16
+ *
17
+ * @param rawBuffer The untrusted file buffer
18
+ * @param expectedFormat (Optional) Strict format hint (e.g. "pdf", "png"). Rejects if mismatch.
19
+ */
20
+ export declare function disarm(rawBuffer: Uint8Array, expectedFormat?: string | undefined | null): NodeDisarmResult
package/index.js ADDED
@@ -0,0 +1,315 @@
1
+ /* tslint:disable */
2
+ /* eslint-disable */
3
+ /* prettier-ignore */
4
+
5
+ /* auto-generated by NAPI-RS */
6
+
7
+ const { existsSync, readFileSync } = require('fs')
8
+ const { join } = require('path')
9
+
10
+ const { platform, arch } = process
11
+
12
+ let nativeBinding = null
13
+ let localFileExisted = false
14
+ let loadError = null
15
+
16
+ function isMusl() {
17
+ // For Node 10
18
+ if (!process.report || typeof process.report.getReport !== 'function') {
19
+ try {
20
+ const lddPath = require('child_process').execSync('which ldd').toString().trim()
21
+ return readFileSync(lddPath, 'utf8').includes('musl')
22
+ } catch (e) {
23
+ return true
24
+ }
25
+ } else {
26
+ const { glibcVersionRuntime } = process.report.getReport().header
27
+ return !glibcVersionRuntime
28
+ }
29
+ }
30
+
31
+ switch (platform) {
32
+ case 'android':
33
+ switch (arch) {
34
+ case 'arm64':
35
+ localFileExisted = existsSync(join(__dirname, 'gatekeeper.android-arm64.node'))
36
+ try {
37
+ if (localFileExisted) {
38
+ nativeBinding = require('./gatekeeper.android-arm64.node')
39
+ } else {
40
+ nativeBinding = require('gatekeeper-cdr-android-arm64')
41
+ }
42
+ } catch (e) {
43
+ loadError = e
44
+ }
45
+ break
46
+ case 'arm':
47
+ localFileExisted = existsSync(join(__dirname, 'gatekeeper.android-arm-eabi.node'))
48
+ try {
49
+ if (localFileExisted) {
50
+ nativeBinding = require('./gatekeeper.android-arm-eabi.node')
51
+ } else {
52
+ nativeBinding = require('gatekeeper-cdr-android-arm-eabi')
53
+ }
54
+ } catch (e) {
55
+ loadError = e
56
+ }
57
+ break
58
+ default:
59
+ throw new Error(`Unsupported architecture on Android ${arch}`)
60
+ }
61
+ break
62
+ case 'win32':
63
+ switch (arch) {
64
+ case 'x64':
65
+ localFileExisted = existsSync(
66
+ join(__dirname, 'gatekeeper.win32-x64-msvc.node')
67
+ )
68
+ try {
69
+ if (localFileExisted) {
70
+ nativeBinding = require('./gatekeeper.win32-x64-msvc.node')
71
+ } else {
72
+ nativeBinding = require('gatekeeper-cdr-win32-x64-msvc')
73
+ }
74
+ } catch (e) {
75
+ loadError = e
76
+ }
77
+ break
78
+ case 'ia32':
79
+ localFileExisted = existsSync(
80
+ join(__dirname, 'gatekeeper.win32-ia32-msvc.node')
81
+ )
82
+ try {
83
+ if (localFileExisted) {
84
+ nativeBinding = require('./gatekeeper.win32-ia32-msvc.node')
85
+ } else {
86
+ nativeBinding = require('gatekeeper-cdr-win32-ia32-msvc')
87
+ }
88
+ } catch (e) {
89
+ loadError = e
90
+ }
91
+ break
92
+ case 'arm64':
93
+ localFileExisted = existsSync(
94
+ join(__dirname, 'gatekeeper.win32-arm64-msvc.node')
95
+ )
96
+ try {
97
+ if (localFileExisted) {
98
+ nativeBinding = require('./gatekeeper.win32-arm64-msvc.node')
99
+ } else {
100
+ nativeBinding = require('gatekeeper-cdr-win32-arm64-msvc')
101
+ }
102
+ } catch (e) {
103
+ loadError = e
104
+ }
105
+ break
106
+ default:
107
+ throw new Error(`Unsupported architecture on Windows: ${arch}`)
108
+ }
109
+ break
110
+ case 'darwin':
111
+ localFileExisted = existsSync(join(__dirname, 'gatekeeper.darwin-universal.node'))
112
+ try {
113
+ if (localFileExisted) {
114
+ nativeBinding = require('./gatekeeper.darwin-universal.node')
115
+ } else {
116
+ nativeBinding = require('gatekeeper-cdr-darwin-universal')
117
+ }
118
+ break
119
+ } catch {}
120
+ switch (arch) {
121
+ case 'x64':
122
+ localFileExisted = existsSync(join(__dirname, 'gatekeeper.darwin-x64.node'))
123
+ try {
124
+ if (localFileExisted) {
125
+ nativeBinding = require('./gatekeeper.darwin-x64.node')
126
+ } else {
127
+ nativeBinding = require('gatekeeper-cdr-darwin-x64')
128
+ }
129
+ } catch (e) {
130
+ loadError = e
131
+ }
132
+ break
133
+ case 'arm64':
134
+ localFileExisted = existsSync(
135
+ join(__dirname, 'gatekeeper.darwin-arm64.node')
136
+ )
137
+ try {
138
+ if (localFileExisted) {
139
+ nativeBinding = require('./gatekeeper.darwin-arm64.node')
140
+ } else {
141
+ nativeBinding = require('gatekeeper-cdr-darwin-arm64')
142
+ }
143
+ } catch (e) {
144
+ loadError = e
145
+ }
146
+ break
147
+ default:
148
+ throw new Error(`Unsupported architecture on macOS: ${arch}`)
149
+ }
150
+ break
151
+ case 'freebsd':
152
+ if (arch !== 'x64') {
153
+ throw new Error(`Unsupported architecture on FreeBSD: ${arch}`)
154
+ }
155
+ localFileExisted = existsSync(join(__dirname, 'gatekeeper.freebsd-x64.node'))
156
+ try {
157
+ if (localFileExisted) {
158
+ nativeBinding = require('./gatekeeper.freebsd-x64.node')
159
+ } else {
160
+ nativeBinding = require('gatekeeper-cdr-freebsd-x64')
161
+ }
162
+ } catch (e) {
163
+ loadError = e
164
+ }
165
+ break
166
+ case 'linux':
167
+ switch (arch) {
168
+ case 'x64':
169
+ if (isMusl()) {
170
+ localFileExisted = existsSync(
171
+ join(__dirname, 'gatekeeper.linux-x64-musl.node')
172
+ )
173
+ try {
174
+ if (localFileExisted) {
175
+ nativeBinding = require('./gatekeeper.linux-x64-musl.node')
176
+ } else {
177
+ nativeBinding = require('gatekeeper-cdr-linux-x64-musl')
178
+ }
179
+ } catch (e) {
180
+ loadError = e
181
+ }
182
+ } else {
183
+ localFileExisted = existsSync(
184
+ join(__dirname, 'gatekeeper.linux-x64-gnu.node')
185
+ )
186
+ try {
187
+ if (localFileExisted) {
188
+ nativeBinding = require('./gatekeeper.linux-x64-gnu.node')
189
+ } else {
190
+ nativeBinding = require('gatekeeper-cdr-linux-x64-gnu')
191
+ }
192
+ } catch (e) {
193
+ loadError = e
194
+ }
195
+ }
196
+ break
197
+ case 'arm64':
198
+ if (isMusl()) {
199
+ localFileExisted = existsSync(
200
+ join(__dirname, 'gatekeeper.linux-arm64-musl.node')
201
+ )
202
+ try {
203
+ if (localFileExisted) {
204
+ nativeBinding = require('./gatekeeper.linux-arm64-musl.node')
205
+ } else {
206
+ nativeBinding = require('gatekeeper-cdr-linux-arm64-musl')
207
+ }
208
+ } catch (e) {
209
+ loadError = e
210
+ }
211
+ } else {
212
+ localFileExisted = existsSync(
213
+ join(__dirname, 'gatekeeper.linux-arm64-gnu.node')
214
+ )
215
+ try {
216
+ if (localFileExisted) {
217
+ nativeBinding = require('./gatekeeper.linux-arm64-gnu.node')
218
+ } else {
219
+ nativeBinding = require('gatekeeper-cdr-linux-arm64-gnu')
220
+ }
221
+ } catch (e) {
222
+ loadError = e
223
+ }
224
+ }
225
+ break
226
+ case 'arm':
227
+ if (isMusl()) {
228
+ localFileExisted = existsSync(
229
+ join(__dirname, 'gatekeeper.linux-arm-musleabihf.node')
230
+ )
231
+ try {
232
+ if (localFileExisted) {
233
+ nativeBinding = require('./gatekeeper.linux-arm-musleabihf.node')
234
+ } else {
235
+ nativeBinding = require('gatekeeper-cdr-linux-arm-musleabihf')
236
+ }
237
+ } catch (e) {
238
+ loadError = e
239
+ }
240
+ } else {
241
+ localFileExisted = existsSync(
242
+ join(__dirname, 'gatekeeper.linux-arm-gnueabihf.node')
243
+ )
244
+ try {
245
+ if (localFileExisted) {
246
+ nativeBinding = require('./gatekeeper.linux-arm-gnueabihf.node')
247
+ } else {
248
+ nativeBinding = require('gatekeeper-cdr-linux-arm-gnueabihf')
249
+ }
250
+ } catch (e) {
251
+ loadError = e
252
+ }
253
+ }
254
+ break
255
+ case 'riscv64':
256
+ if (isMusl()) {
257
+ localFileExisted = existsSync(
258
+ join(__dirname, 'gatekeeper.linux-riscv64-musl.node')
259
+ )
260
+ try {
261
+ if (localFileExisted) {
262
+ nativeBinding = require('./gatekeeper.linux-riscv64-musl.node')
263
+ } else {
264
+ nativeBinding = require('gatekeeper-cdr-linux-riscv64-musl')
265
+ }
266
+ } catch (e) {
267
+ loadError = e
268
+ }
269
+ } else {
270
+ localFileExisted = existsSync(
271
+ join(__dirname, 'gatekeeper.linux-riscv64-gnu.node')
272
+ )
273
+ try {
274
+ if (localFileExisted) {
275
+ nativeBinding = require('./gatekeeper.linux-riscv64-gnu.node')
276
+ } else {
277
+ nativeBinding = require('gatekeeper-cdr-linux-riscv64-gnu')
278
+ }
279
+ } catch (e) {
280
+ loadError = e
281
+ }
282
+ }
283
+ break
284
+ case 's390x':
285
+ localFileExisted = existsSync(
286
+ join(__dirname, 'gatekeeper.linux-s390x-gnu.node')
287
+ )
288
+ try {
289
+ if (localFileExisted) {
290
+ nativeBinding = require('./gatekeeper.linux-s390x-gnu.node')
291
+ } else {
292
+ nativeBinding = require('gatekeeper-cdr-linux-s390x-gnu')
293
+ }
294
+ } catch (e) {
295
+ loadError = e
296
+ }
297
+ break
298
+ default:
299
+ throw new Error(`Unsupported architecture on Linux: ${arch}`)
300
+ }
301
+ break
302
+ default:
303
+ throw new Error(`Unsupported OS: ${platform}, architecture: ${arch}`)
304
+ }
305
+
306
+ if (!nativeBinding) {
307
+ if (loadError) {
308
+ throw loadError
309
+ }
310
+ throw new Error(`Failed to load native binding`)
311
+ }
312
+
313
+ const { disarm } = nativeBinding
314
+
315
+ module.exports.disarm = disarm
package/package.json ADDED
@@ -0,0 +1,18 @@
1
+ {
2
+ "name": "gatekeeper-cdr",
3
+ "version": "1.0.0",
4
+ "description": "Zero-trust Content Disarm and Reconstruction native Node.js addon",
5
+ "main": "index.js",
6
+ "napi": {
7
+ "name": "gatekeeper"
8
+ },
9
+ "scripts": {
10
+ "build": "napi build --platform --release",
11
+ "build:debug": "napi build --platform",
12
+ "test": "node test.js"
13
+ },
14
+ "devDependencies": {
15
+ "@napi-rs/cli": "^2.18.3",
16
+ "@types/node": "^26.0.0"
17
+ }
18
+ }
package/test.js ADDED
@@ -0,0 +1,36 @@
1
+ const gatekeeper = require('./index.js');
2
+ const fs = require('fs');
3
+
4
+ console.log("Testing Gatekeeper CDR Node.js Bindings...\n");
5
+
6
+ // 1. Test garbage bytes (Expect Exception)
7
+ const garbage = Buffer.from("UNKNOWN_MAGIC_BYTES_123");
8
+ try {
9
+ gatekeeper.disarm(garbage, null);
10
+ console.error("❌ FAILED: Should have rejected garbage bytes.");
11
+ } catch (e) {
12
+ console.log("✅ Passed: Caught expected error for garbage:");
13
+ console.log(" ->", e.message);
14
+ }
15
+
16
+ // 2. Test FormatMismatch (Expect Exception)
17
+ const pngSignature = Buffer.from([0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A, 0x00, 0x00, 0x00, 0x0D, 0x49, 0x48, 0x44, 0x52]);
18
+ try {
19
+ gatekeeper.disarm(pngSignature, "pdf");
20
+ console.error("❌ FAILED: Should have rejected due to FormatMismatch.");
21
+ } catch (e) {
22
+ console.log("✅ Passed: Caught expected error for FormatMismatch:");
23
+ console.log(" ->", e.message);
24
+ }
25
+
26
+ // 3. Test Minimal PDF (FFI check)
27
+ const validPdf = Buffer.from("%PDF-1.4\nTrailer << /Root << >> >>\n%%EOF");
28
+ try {
29
+ const result = gatekeeper.disarm(validPdf, "pdf");
30
+ console.log("✅ Passed: Sanitized PDF.");
31
+ console.log(` -> Output Size: ${result.finalSizeBytes} bytes`);
32
+ console.log(` -> Detected: ${result.detectedFormat}`);
33
+ } catch (e) {
34
+ console.log("✅ Passed FFI (Handled gracefully via CdrError):");
35
+ console.log(" ->", e.message);
36
+ }