logshield-cli 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +23 -0
- package/README.md +1 -0
- package/dist/cli/index.cjs +15 -5
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,28 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## v0.7.0
|
|
4
|
+
|
|
5
|
+
### Security
|
|
6
|
+
|
|
7
|
+
- Added a per-line safety cap (`64KB`) alongside the existing `200KB` total input cap
|
|
8
|
+
- Overlong single-line input now fails with a deterministic bounded error instead of flowing into rule evaluation
|
|
9
|
+
- Hardened the strict-mode credit card detector to reduce ambiguous separator-heavy matching on pathological near-miss input
|
|
10
|
+
|
|
11
|
+
### Improved
|
|
12
|
+
|
|
13
|
+
- Added adversarial regression coverage for line-length boundaries, multiline line reporting, and regex near-miss cases
|
|
14
|
+
- Added bounded-failure contract coverage for CLI and detection-only code paths
|
|
15
|
+
|
|
16
|
+
### Docs
|
|
17
|
+
|
|
18
|
+
- Synced README limits documentation with the final bounded input behavior and error contract
|
|
19
|
+
|
|
20
|
+
### Notes
|
|
21
|
+
|
|
22
|
+
- No new CLI flags
|
|
23
|
+
- No breaking changes to normal successful scan output
|
|
24
|
+
- Input/usage bounded failures continue to exit with code `2`
|
|
25
|
+
|
|
3
26
|
## v0.6.0
|
|
4
27
|
|
|
5
28
|
### Added
|
package/README.md
CHANGED
|
@@ -201,6 +201,7 @@ Note: the npm package ships the CLI only; there is no supported JS API surface.
|
|
|
201
201
|
### Limits
|
|
202
202
|
|
|
203
203
|
- Maximum input size: **200KB** (safety cap). Oversized input exits with code `2`.
|
|
204
|
+
- Maximum line length: **64KB** per line. If any single line exceeds the cap, LogShield exits with code `2` and a deterministic `Log line <n> exceeds 64KB limit` error.
|
|
204
205
|
|
|
205
206
|
|
|
206
207
|
### Windows note
|
package/dist/cli/index.cjs
CHANGED
|
@@ -140,15 +140,23 @@ var init_applyRules = __esm({
|
|
|
140
140
|
// src/engine/guard.ts
|
|
141
141
|
function guardInput(input) {
|
|
142
142
|
if (!input) return "";
|
|
143
|
-
if (input.length >
|
|
143
|
+
if (input.length > MAX_INPUT_SIZE) {
|
|
144
144
|
throw new Error("Log size exceeds 200KB limit");
|
|
145
145
|
}
|
|
146
|
+
const lines = input.split(/\r?\n/);
|
|
147
|
+
for (let i = 0; i < lines.length; i += 1) {
|
|
148
|
+
if (lines[i].length > MAX_LINE_LENGTH) {
|
|
149
|
+
const lineNumber = i + 1;
|
|
150
|
+
throw new Error(`Log line ${lineNumber} exceeds 64KB limit`);
|
|
151
|
+
}
|
|
152
|
+
}
|
|
146
153
|
return input;
|
|
147
154
|
}
|
|
148
|
-
var
|
|
155
|
+
var MAX_INPUT_SIZE, MAX_LINE_LENGTH;
|
|
149
156
|
var init_guard = __esm({
|
|
150
157
|
"src/engine/guard.ts"() {
|
|
151
|
-
|
|
158
|
+
MAX_INPUT_SIZE = 200 * 1024;
|
|
159
|
+
MAX_LINE_LENGTH = 64 * 1024;
|
|
152
160
|
}
|
|
153
161
|
});
|
|
154
162
|
|
|
@@ -387,7 +395,9 @@ var init_creditCard = __esm({
|
|
|
387
395
|
creditCardRules = [
|
|
388
396
|
{
|
|
389
397
|
name: "CREDIT_CARD",
|
|
390
|
-
|
|
398
|
+
// Keep separators simple and bounded between digits to avoid ambiguous
|
|
399
|
+
// repetition on long near-miss inputs.
|
|
400
|
+
pattern: /\b\d(?:[ -]?\d){12,18}\b/g,
|
|
391
401
|
replace: (match, { strict }) => {
|
|
392
402
|
if (!strict) return match;
|
|
393
403
|
return isValidLuhn(match) ? "<REDACTED_CC>" : match;
|
|
@@ -595,7 +605,7 @@ var ALLOWED_FLAGS = /* @__PURE__ */ new Set([
|
|
|
595
605
|
"--help"
|
|
596
606
|
]);
|
|
597
607
|
function getVersion() {
|
|
598
|
-
return true ? "0.
|
|
608
|
+
return true ? "0.7.0" : "unknown";
|
|
599
609
|
}
|
|
600
610
|
function printHelp() {
|
|
601
611
|
process.stdout.write(`Usage: logshield scan [file]
|