observability-toolkit 1.6.0 → 1.8.2

package/dist/lib/query-sanitizer.d.ts

@@ -0,0 +1,95 @@
+/**
+ * ClickHouse-specific query escaping and input validation
+ *
+ * Provides security utilities for sanitizing user inputs before
+ * including them in ClickHouse queries via SigNoz API.
+ */
+/**
+ * Dangerous SQL/query patterns that should never appear in user input
+ * Case-insensitive matching is used
+ */
+export declare const DANGEROUS_PATTERNS: readonly string[];
+/**
+ * Escape a string value for use in ClickHouse single-quoted strings
+ *
+ * ClickHouse uses backslash escaping for special characters.
+ * @see https://clickhouse.com/docs/en/sql-reference/syntax#string
+ *
+ * @param value - The string value to escape
+ * @returns Escaped string safe for use in single-quoted ClickHouse strings
+ */
+export declare function escapeClickHouseString(value: string): string;
+/**
+ * Escape LIKE wildcard characters for use in ClickHouse LIKE patterns
+ *
+ * This escapes % and _ which have special meaning in LIKE patterns.
+ * Use this when the user's input should be treated as a literal string
+ * in a LIKE clause, not as a pattern.
+ *
+ * @param value - The string value to escape for LIKE
+ * @returns Escaped string with LIKE wildcards escaped
+ */
+export declare function escapeClickHouseLike(value: string): string;
+/**
+ * Sanitize an identifier (column name, table name, etc.)
+ *
+ * Only allows alphanumeric characters, underscores, and dots.
+ * Removes all other characters.
+ *
+ * @param name - The identifier to sanitize
+ * @returns Sanitized identifier containing only safe characters
+ */
+export declare function sanitizeIdentifier(name: string): string;
+/**
+ * Maximum length for query input validation
+ * Prevents performance issues with very long inputs
+ */
+export declare const MAX_QUERY_INPUT_LENGTH = 10000;
+/**
+ * Check if a string contains any dangerous SQL patterns
+ *
+ * Uses case-insensitive matching and word boundary detection
+ * for most patterns to reduce false positives.
+ *
+ * Defense in depth: Rejects inputs exceeding MAX_QUERY_INPUT_LENGTH
+ * to prevent performance issues with very long strings.
+ *
+ * @param input - The input string to check
+ * @returns true if dangerous pattern found, false otherwise
+ */
+export declare function containsDangerousPattern(input: string): boolean;
+/**
+ * Validate that user input does not contain dangerous patterns
+ *
+ * Throws an error if dangerous patterns are detected, including
+ * the field name for better error messages.
+ *
+ * @param input - The input string to validate
+ * @param fieldName - Name of the field being validated (for error messages)
+ * @throws Error if dangerous pattern is found
+ */
+export declare function validateQueryInput(input: string, fieldName: string): void;
+/**
+ * Escape and validate a string value for use in WHERE clause conditions
+ *
+ * Combines validation and escaping for convenience.
+ *
+ * @param value - The value to escape
+ * @param fieldName - Name of the field (for error messages)
+ * @returns Escaped string safe for ClickHouse queries
+ * @throws Error if dangerous pattern is found
+ */
+export declare function escapeFilterValueSafe(value: string, fieldName: string): string;
+/**
+ * Escape and validate a value for use in LIKE clauses
+ *
+ * Escapes both ClickHouse string escapes and LIKE wildcards,
+ * and validates for dangerous patterns.
+ *
+ * @param value - The value to escape
+ * @param fieldName - Name of the field (for error messages)
+ * @returns Escaped string safe for ClickHouse LIKE clauses
+ * @throws Error if dangerous pattern is found
+ */
+export declare function escapeLikeValueSafe(value: string, fieldName: string): string;
+//# sourceMappingURL=query-sanitizer.d.ts.map

package/dist/lib/query-sanitizer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"query-sanitizer.d.ts","sourceRoot":"","sources":["../../src/lib/query-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AACH,eAAO,MAAM,kBAAkB,EAAE,SAAS,MAAM,EAuBtC,CAAC;AAEX;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAc5D;AAED;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAO1D;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEvD;AAED;;;GAGG;AACH,eAAO,MAAM,sBAAsB,QAAQ,CAAC;AAU5C;;;;;;;;;;;GAWG;AACH,wBAAgB,wBAAwB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CA6B/D;AAED;;;;;;;;;GASG;AACH,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CAIzE;AAED;;;;;;;;;GASG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAG9E;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAK5E"}

package/dist/lib/query-sanitizer.js

@@ -0,0 +1,187 @@
+/**
+ * ClickHouse-specific query escaping and input validation
+ *
+ * Provides security utilities for sanitizing user inputs before
+ * including them in ClickHouse queries via SigNoz API.
+ */
+/**
+ * Dangerous SQL/query patterns that should never appear in user input
+ * Case-insensitive matching is used
+ */
+export const DANGEROUS_PATTERNS = [
+    'DROP',
+    'DELETE',
+    'INSERT',
+    'UPDATE',
+    'ALTER',
+    'CREATE',
+    'TRUNCATE',
+    '--',
+    '/*',
+    '*/',
+    ';',
+    'UNION',
+    'INTO OUTFILE',
+    'INTO DUMPFILE',
+    'LOAD_FILE',
+    'SYSTEM',
+    'ATTACH',
+    'DETACH',
+    'RENAME',
+    'OPTIMIZE',
+    'GRANT',
+    'REVOKE',
+];
+/**
+ * Escape a string value for use in ClickHouse single-quoted strings
+ *
+ * ClickHouse uses backslash escaping for special characters.
+ * @see https://clickhouse.com/docs/en/sql-reference/syntax#string
+ *
+ * @param value - The string value to escape
+ * @returns Escaped string safe for use in single-quoted ClickHouse strings
+ */
+export function escapeClickHouseString(value) {
+    return value
+        // Escape backslashes first (must be first to avoid double-escaping)
+        .replace(/\\/g, '\\\\')
+        // Escape single quotes
+        .replace(/'/g, "\\'")
+        // Escape null bytes
+        .replace(/\0/g, '\\0')
+        // Escape newlines
+        .replace(/\n/g, '\\n')
+        // Escape carriage returns
+        .replace(/\r/g, '\\r')
+        // Escape tabs
+        .replace(/\t/g, '\\t');
+}
+/**
+ * Escape LIKE wildcard characters for use in ClickHouse LIKE patterns
+ *
+ * This escapes % and _ which have special meaning in LIKE patterns.
+ * Use this when the user's input should be treated as a literal string
+ * in a LIKE clause, not as a pattern.
+ *
+ * @param value - The string value to escape for LIKE
+ * @returns Escaped string with LIKE wildcards escaped
+ */
+export function escapeClickHouseLike(value) {
+    // First escape backslashes (used as escape character in LIKE)
+    // Then escape the LIKE wildcards
+    return value
+        .replace(/\\/g, '\\\\')
+        .replace(/%/g, '\\%')
+        .replace(/_/g, '\\_');
+}
+/**
+ * Sanitize an identifier (column name, table name, etc.)
+ *
+ * Only allows alphanumeric characters, underscores, and dots.
+ * Removes all other characters.
+ *
+ * @param name - The identifier to sanitize
+ * @returns Sanitized identifier containing only safe characters
+ */
+export function sanitizeIdentifier(name) {
+    return name.replace(/[^a-zA-Z0-9_.]/g, '');
+}
+/**
+ * Maximum length for query input validation
+ * Prevents performance issues with very long inputs
+ */
+export const MAX_QUERY_INPUT_LENGTH = 10000;
+/**
+ * Escape regex metacharacters in a string for safe use in RegExp constructor
+ * Prevents ReDoS attacks when using user-influenced patterns
+ */
+function escapeRegexPattern(pattern) {
+    return pattern.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+/**
+ * Check if a string contains any dangerous SQL patterns
+ *
+ * Uses case-insensitive matching and word boundary detection
+ * for most patterns to reduce false positives.
+ *
+ * Defense in depth: Rejects inputs exceeding MAX_QUERY_INPUT_LENGTH
+ * to prevent performance issues with very long strings.
+ *
+ * @param input - The input string to check
+ * @returns true if dangerous pattern found, false otherwise
+ */
+export function containsDangerousPattern(input) {
+    // Defense in depth: reject excessively long inputs
+    // This prevents O(n) regex operations on very large strings
+    if (input.length > MAX_QUERY_INPUT_LENGTH) {
+        console.warn(`[SECURITY] Input length ${input.length} exceeds maximum ${MAX_QUERY_INPUT_LENGTH}`);
+        return true; // Treat as dangerous
+    }
+    const upperInput = input.toUpperCase();
+    for (const pattern of DANGEROUS_PATTERNS) {
+        // For comment markers and semicolons, do exact substring match
+        if (pattern === '--' || pattern === '/*' || pattern === '*/' || pattern === ';') {
+            if (input.includes(pattern)) {
+                return true;
+            }
+        }
+        else {
+            // For SQL keywords, check with word boundaries to reduce false positives
+            // e.g., "DROPPED" should not match "DROP", but "DROP TABLE" should
+            // Escape pattern to prevent ReDoS if pattern contains regex metacharacters
+            const escapedPattern = escapeRegexPattern(pattern);
+            const regex = new RegExp(`\\b${escapedPattern}\\b`, 'i');
+            if (regex.test(input)) {
+                return true;
+            }
+        }
+    }
+    return false;
+}
+/**
+ * Validate that user input does not contain dangerous patterns
+ *
+ * Throws an error if dangerous patterns are detected, including
+ * the field name for better error messages.
+ *
+ * @param input - The input string to validate
+ * @param fieldName - Name of the field being validated (for error messages)
+ * @throws Error if dangerous pattern is found
+ */
+export function validateQueryInput(input, fieldName) {
+    if (containsDangerousPattern(input)) {
+        throw new Error(`Invalid ${fieldName}: contains potentially dangerous SQL pattern`);
+    }
+}
+/**
+ * Escape and validate a string value for use in WHERE clause conditions
+ *
+ * Combines validation and escaping for convenience.
+ *
+ * @param value - The value to escape
+ * @param fieldName - Name of the field (for error messages)
+ * @returns Escaped string safe for ClickHouse queries
+ * @throws Error if dangerous pattern is found
+ */
+export function escapeFilterValueSafe(value, fieldName) {
+    validateQueryInput(value, fieldName);
+    return escapeClickHouseString(value);
+}
+/**
+ * Escape and validate a value for use in LIKE clauses
+ *
+ * Escapes both ClickHouse string escapes and LIKE wildcards,
+ * and validates for dangerous patterns.
+ *
+ * @param value - The value to escape
+ * @param fieldName - Name of the field (for error messages)
+ * @returns Escaped string safe for ClickHouse LIKE clauses
+ * @throws Error if dangerous pattern is found
+ */
+export function escapeLikeValueSafe(value, fieldName) {
+    validateQueryInput(value, fieldName);
+    // First escape LIKE wildcards, then escape for string context
+    const likeEscaped = escapeClickHouseLike(value);
+    return escapeClickHouseString(likeEscaped);
+}
+//# sourceMappingURL=query-sanitizer.js.map

package/dist/lib/query-sanitizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"query-sanitizer.js","sourceRoot":"","sources":["../../src/lib/query-sanitizer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAsB;IACnD,MAAM;IACN,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,UAAU;IACV,IAAI;IACJ,IAAI;IACJ,IAAI;IACJ,GAAG;IACH,OAAO;IACP,cAAc;IACd,eAAe;IACf,WAAW;IACX,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,QAAQ;IACR,UAAU;IACV,OAAO;IACP,QAAQ;CACA,CAAC;AAEX;;;;;;;;GAQG;AACH,MAAM,UAAU,sBAAsB,CAAC,KAAa;IAClD,OAAO,KAAK;QACV,oEAAoE;SACnE,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,uBAAuB;SACtB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;QACrB,oBAAoB;SACnB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;QACtB,kBAAkB;SACjB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;QACtB,0BAA0B;SACzB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;QACtB,cAAc;SACb,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;AAC3B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAa;IAChD,8DAA8D;IAC9D,iCAAiC;IACjC,OAAO,KAAK;SACT,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC;SACtB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;SACpB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAAC,IAAY;IAC7C,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,KAAK,CAAC;AAE5C;;;GAGG;AACH,SAAS,kBAAkB,CAAC,OAAe;IACzC,OAAO,OAAO,CAAC,OAAO,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;AACxD,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,wBAAwB,CAAC,KAAa;IACpD,mDAAmD;IACnD,4DAA4D;IAC5D,IAAI,KAAK,CAAC,MAAM,GAAG,sBAAsB,EAAE,CAAC;QAC1C,OAAO,CAAC,IAAI,CAAC,2BAA2B,KAAK,CAAC,MAAM,oBAAoB,sBAAsB,EAAE,CAAC,CAAC;QAClG,OAAO,IAAI,CAAC,CAAE,qBAAqB;IACrC,CAAC;IAED,MAAM,UAAU,GAAG,KAAK,CAAC,WAAW,EAAE,CAAC;IAEvC,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,+DAA+D;QAC/D,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,GAAG,EAAE,CAAC;YAChF,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;aAAM,CAAC;YACN,yEAAyE;YACzE,mEAAmE;YACnE,2EAA2E;YAC3E,MAAM,cAAc,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,MAAM,cAAc,KAAK,EAAE,GAAG,CAAC,CAAC;YACzD,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACtB,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa,EAAE,SAAiB;IACjE,IAAI,wBAAwB,CAAC,KAAK,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,WAAW,SAAS,8CAA8C,CAAC,CAAC;IACtF,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAa,EAAE,SAAiB;IACpE,kBAAkB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACrC,OAAO,sBAAsB,CAAC,KAAK,CAAC,CAAC;AACvC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAa,EAAE,SAAiB;IAClE,kBAAkB,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IACrC,8DAA8D;IAC9D,MAAM,WAAW,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC;IAChD,OAAO,sBAAsB,CAAC,WAAW,CAAC,CAAC;AAC7C,CAAC"}

package/dist/lib/query-sanitizer.test.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Unit tests for query-sanitizer.ts
+ */
+export {};
+//# sourceMappingURL=query-sanitizer.test.d.ts.map

package/dist/lib/query-sanitizer.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"query-sanitizer.test.d.ts","sourceRoot":"","sources":["../../src/lib/query-sanitizer.test.ts"],"names":[],"mappings":"AAAA;;GAEG"}

package/dist/lib/query-sanitizer.test.js

@@ -0,0 +1,299 @@
+/**
+ * Unit tests for query-sanitizer.ts
+ */
+import { describe, it } from 'node:test';
+import assert from 'node:assert';
+import { escapeClickHouseString, escapeClickHouseLike, sanitizeIdentifier, containsDangerousPattern, validateQueryInput, escapeFilterValueSafe, escapeLikeValueSafe, DANGEROUS_PATTERNS, } from './query-sanitizer.js';
+describe('query-sanitizer', () => {
+    describe('DANGEROUS_PATTERNS', () => {
+        it('should be a non-empty array', () => {
+            assert.ok(Array.isArray(DANGEROUS_PATTERNS));
+            assert.ok(DANGEROUS_PATTERNS.length > 0);
+        });
+        it('should include common SQL injection keywords', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes('DROP'));
+            assert.ok(DANGEROUS_PATTERNS.includes('DELETE'));
+            assert.ok(DANGEROUS_PATTERNS.includes('INSERT'));
+            assert.ok(DANGEROUS_PATTERNS.includes('UPDATE'));
+            assert.ok(DANGEROUS_PATTERNS.includes('UNION'));
+        });
+        it('should include DDL keywords', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes('ALTER'));
+            assert.ok(DANGEROUS_PATTERNS.includes('CREATE'));
+            assert.ok(DANGEROUS_PATTERNS.includes('TRUNCATE'));
+        });
+        it('should include comment markers', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes('--'));
+            assert.ok(DANGEROUS_PATTERNS.includes('/*'));
+            assert.ok(DANGEROUS_PATTERNS.includes('*/'));
+        });
+        it('should include statement terminator', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes(';'));
+        });
+        it('should include file operation keywords', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes('INTO OUTFILE'));
+            assert.ok(DANGEROUS_PATTERNS.includes('INTO DUMPFILE'));
+            assert.ok(DANGEROUS_PATTERNS.includes('LOAD_FILE'));
+        });
+        it('should include ClickHouse-specific dangerous keywords', () => {
+            assert.ok(DANGEROUS_PATTERNS.includes('SYSTEM'));
+            assert.ok(DANGEROUS_PATTERNS.includes('ATTACH'));
+            assert.ok(DANGEROUS_PATTERNS.includes('DETACH'));
+        });
+    });
+    describe('escapeClickHouseString', () => {
+        it('should return empty string for empty input', () => {
+            assert.strictEqual(escapeClickHouseString(''), '');
+        });
+        it('should return unchanged string with no special characters', () => {
+            assert.strictEqual(escapeClickHouseString('hello'), 'hello');
+            assert.strictEqual(escapeClickHouseString('test123'), 'test123');
+        });
+        it('should escape single quotes', () => {
+            assert.strictEqual(escapeClickHouseString("it's"), "it\\'s");
+            assert.strictEqual(escapeClickHouseString("test'value"), "test\\'value");
+            assert.strictEqual(escapeClickHouseString("''"), "\\'\\'");
+        });
+        it('should escape backslashes', () => {
+            assert.strictEqual(escapeClickHouseString('path\\to\\file'), 'path\\\\to\\\\file');
+            assert.strictEqual(escapeClickHouseString('\\'), '\\\\');
+        });
+        it('should escape backslashes before single quotes', () => {
+            // Important: backslash followed by quote should become \\'
+            assert.strictEqual(escapeClickHouseString("\\'"), "\\\\\\'");
+        });
+        it('should escape null bytes', () => {
+            assert.strictEqual(escapeClickHouseString('test\0value'), 'test\\0value');
+            assert.strictEqual(escapeClickHouseString('\0'), '\\0');
+        });
+        it('should escape newlines', () => {
+            assert.strictEqual(escapeClickHouseString('line1\nline2'), 'line1\\nline2');
+            assert.strictEqual(escapeClickHouseString('\n'), '\\n');
+        });
+        it('should escape carriage returns', () => {
+            assert.strictEqual(escapeClickHouseString('line1\rline2'), 'line1\\rline2');
+            assert.strictEqual(escapeClickHouseString('\r\n'), '\\r\\n');
+        });
+        it('should escape tabs', () => {
+            assert.strictEqual(escapeClickHouseString('col1\tcol2'), 'col1\\tcol2');
+            assert.strictEqual(escapeClickHouseString('\t'), '\\t');
+        });
+        it('should handle multiple special characters', () => {
+            const input = "test'\n\\\t\0";
+            const expected = "test\\'\\n\\\\\\t\\0";
+            assert.strictEqual(escapeClickHouseString(input), expected);
+        });
+        it('should handle unicode characters unchanged', () => {
+            assert.strictEqual(escapeClickHouseString('unicode: \u00E9\u00F1'), 'unicode: \u00E9\u00F1');
+            assert.strictEqual(escapeClickHouseString('emoji: \uD83D\uDE00'), 'emoji: \uD83D\uDE00');
+        });
+    });
+    describe('escapeClickHouseLike', () => {
+        it('should return empty string for empty input', () => {
+            assert.strictEqual(escapeClickHouseLike(''), '');
+        });
+        it('should return unchanged string with no special characters', () => {
+            assert.strictEqual(escapeClickHouseLike('hello'), 'hello');
+            assert.strictEqual(escapeClickHouseLike('test123'), 'test123');
+        });
+        it('should escape percent sign', () => {
+            assert.strictEqual(escapeClickHouseLike('100%'), '100\\%');
+            assert.strictEqual(escapeClickHouseLike('%value%'), '\\%value\\%');
+        });
+        it('should escape underscore', () => {
+            assert.strictEqual(escapeClickHouseLike('test_value'), 'test\\_value');
+            assert.strictEqual(escapeClickHouseLike('_'), '\\_');
+        });
+        it('should escape backslashes', () => {
+            assert.strictEqual(escapeClickHouseLike('path\\file'), 'path\\\\file');
+        });
+        it('should escape backslash before wildcards', () => {
+            assert.strictEqual(escapeClickHouseLike('\\%'), '\\\\\\%');
+            assert.strictEqual(escapeClickHouseLike('\\_'), '\\\\\\_');
+        });
+        it('should handle multiple wildcards', () => {
+            assert.strictEqual(escapeClickHouseLike('%_%'), '\\%\\_\\%');
+        });
+        it('should not escape other special characters', () => {
+            // Single quotes, etc. are handled by escapeClickHouseString
+            assert.strictEqual(escapeClickHouseLike("it's"), "it's");
+        });
+    });
+    describe('sanitizeIdentifier', () => {
+        it('should return empty string for empty input', () => {
+            assert.strictEqual(sanitizeIdentifier(''), '');
+        });
+        it('should allow alphanumeric characters', () => {
+            assert.strictEqual(sanitizeIdentifier('abc123'), 'abc123');
+            assert.strictEqual(sanitizeIdentifier('ABC123'), 'ABC123');
+        });
+        it('should allow underscores', () => {
+            assert.strictEqual(sanitizeIdentifier('my_column'), 'my_column');
+            assert.strictEqual(sanitizeIdentifier('_private'), '_private');
+        });
+        it('should allow dots for qualified names', () => {
+            assert.strictEqual(sanitizeIdentifier('table.column'), 'table.column');
+            assert.strictEqual(sanitizeIdentifier('db.table.column'), 'db.table.column');
+        });
+        it('should remove spaces', () => {
+            assert.strictEqual(sanitizeIdentifier('my column'), 'mycolumn');
+            assert.strictEqual(sanitizeIdentifier(' column '), 'column');
+        });
+        it('should remove special characters', () => {
+            assert.strictEqual(sanitizeIdentifier('column;DROP'), 'columnDROP');
+            assert.strictEqual(sanitizeIdentifier('col--comment'), 'colcomment');
+            assert.strictEqual(sanitizeIdentifier("col'name"), 'colname');
+        });
+        it('should remove SQL injection attempts', () => {
+            assert.strictEqual(sanitizeIdentifier('column; DROP TABLE users'), 'columnDROPTABLEusers');
+            assert.strictEqual(sanitizeIdentifier('column/*comment*/'), 'columncomment');
+        });
+        it('should handle unicode by removing it', () => {
+            assert.strictEqual(sanitizeIdentifier('column\u00E9'), 'column');
+            assert.strictEqual(sanitizeIdentifier('\u4E2D\u6587'), '');
+        });
+    });
+    describe('containsDangerousPattern', () => {
+        it('should return false for empty string', () => {
+            assert.strictEqual(containsDangerousPattern(''), false);
+        });
+        it('should return false for normal strings', () => {
+            assert.strictEqual(containsDangerousPattern('hello'), false);
+            assert.strictEqual(containsDangerousPattern('test123'), false);
+            assert.strictEqual(containsDangerousPattern('my-service-name'), false);
+        });
+        it('should detect DROP keyword', () => {
+            assert.strictEqual(containsDangerousPattern('DROP TABLE'), true);
+            assert.strictEqual(containsDangerousPattern('drop table'), true);
+            assert.strictEqual(containsDangerousPattern('DrOp TaBlE'), true);
+        });
+        it('should detect DELETE keyword', () => {
+            assert.strictEqual(containsDangerousPattern('DELETE FROM'), true);
+            assert.strictEqual(containsDangerousPattern('delete from users'), true);
+        });
+        it('should detect INSERT keyword', () => {
+            assert.strictEqual(containsDangerousPattern('INSERT INTO'), true);
+            assert.strictEqual(containsDangerousPattern('insert values'), true);
+        });
+        it('should detect UPDATE keyword', () => {
+            assert.strictEqual(containsDangerousPattern('UPDATE users SET'), true);
+            assert.strictEqual(containsDangerousPattern('update table'), true);
+        });
+        it('should detect UNION keyword', () => {
+            assert.strictEqual(containsDangerousPattern('UNION SELECT'), true);
+            assert.strictEqual(containsDangerousPattern('union all'), true);
+        });
+        it('should detect comment markers', () => {
+            assert.strictEqual(containsDangerousPattern('value -- comment'), true);
+            assert.strictEqual(containsDangerousPattern('value /* comment */'), true);
+            assert.strictEqual(containsDangerousPattern('*/'), true);
+        });
+        it('should detect semicolon', () => {
+            assert.strictEqual(containsDangerousPattern('value; DROP'), true);
+            assert.strictEqual(containsDangerousPattern(';'), true);
+        });
+        it('should detect file operations', () => {
+            assert.strictEqual(containsDangerousPattern("INTO OUTFILE '/tmp/file'"), true);
+            assert.strictEqual(containsDangerousPattern('INTO DUMPFILE'), true);
+            assert.strictEqual(containsDangerousPattern('LOAD_FILE()'), true);
+        });
+        it('should detect ClickHouse system commands', () => {
+            assert.strictEqual(containsDangerousPattern('SYSTEM RELOAD'), true);
+            assert.strictEqual(containsDangerousPattern('ATTACH TABLE'), true);
+            assert.strictEqual(containsDangerousPattern('DETACH TABLE'), true);
+        });
+        it('should not flag words containing keywords', () => {
+            // "DROPPED" contains "DROP" but is not the DROP command
+            assert.strictEqual(containsDangerousPattern('DROPPED'), false);
+            assert.strictEqual(containsDangerousPattern('DELETED'), false);
+            assert.strictEqual(containsDangerousPattern('UPDATED'), false);
+            assert.strictEqual(containsDangerousPattern('INSERTED'), false);
+        });
+        it('should detect keywords at word boundaries', () => {
+            assert.strictEqual(containsDangerousPattern('DROP'), true);
+            assert.strictEqual(containsDangerousPattern('(DROP)'), true);
+            assert.strictEqual(containsDangerousPattern('x DROP x'), true);
+        });
+    });
+    describe('validateQueryInput', () => {
+        it('should not throw for safe input', () => {
+            assert.doesNotThrow(() => validateQueryInput('hello', 'serviceName'));
+            assert.doesNotThrow(() => validateQueryInput('test-123', 'traceId'));
+            assert.doesNotThrow(() => validateQueryInput('my.service.name', 'serviceName'));
+        });
+        it('should throw for dangerous input', () => {
+            assert.throws(() => validateQueryInput('DROP TABLE', 'serviceName'), /Invalid serviceName: contains potentially dangerous SQL pattern/);
+        });
+        it('should include field name in error message', () => {
+            assert.throws(() => validateQueryInput('DROP TABLE', 'traceId'), /Invalid traceId/);
+            assert.throws(() => validateQueryInput('DELETE FROM', 'spanName'), /Invalid spanName/);
+        });
+        it('should throw for comment injection', () => {
+            assert.throws(() => validateQueryInput('value -- comment', 'search'), /Invalid search/);
+        });
+        it('should throw for semicolon injection', () => {
+            assert.throws(() => validateQueryInput('value; DROP', 'filter'), /Invalid filter/);
+        });
+    });
+    describe('escapeFilterValueSafe', () => {
+        it('should escape and validate safe input', () => {
+            assert.strictEqual(escapeFilterValueSafe('hello', 'field'), 'hello');
+            assert.strictEqual(escapeFilterValueSafe("it's", 'field'), "it\\'s");
+        });
+        it('should throw for dangerous input', () => {
+            assert.throws(() => escapeFilterValueSafe('DROP TABLE', 'serviceName'), /Invalid serviceName/);
+        });
+        it('should escape special characters in safe input', () => {
+            assert.strictEqual(escapeFilterValueSafe("test\nvalue", 'field'), 'test\\nvalue');
+            assert.strictEqual(escapeFilterValueSafe('test\\path', 'field'), 'test\\\\path');
+        });
+    });
+    describe('escapeLikeValueSafe', () => {
+        it('should escape LIKE wildcards and validate', () => {
+            // 100% -> escapeClickHouseLike -> 100\% -> escapeClickHouseString -> 100\\%
+            assert.strictEqual(escapeLikeValueSafe('100%', 'field'), '100\\\\%');
+            // test_value -> escapeClickHouseLike -> test\_value -> escapeClickHouseString -> test\\_value
+            assert.strictEqual(escapeLikeValueSafe('test_value', 'field'), 'test\\\\_value');
+        });
+        it('should throw for dangerous input', () => {
+            assert.throws(() => escapeLikeValueSafe('UNION SELECT', 'search'), /Invalid search/);
+        });
+        it('should handle combined escaping', () => {
+            // Input: test%'value
+            // After LIKE escape: test\%'value (% escaped for LIKE)
+            // After string escape: test\\%\'value (\ and ' escaped for string)
+            const result = escapeLikeValueSafe("test%'value", 'field');
+            assert.strictEqual(result, "test\\\\%\\'value");
+        });
+    });
+    describe('edge cases', () => {
+        it('should handle strings at max length boundary', () => {
+            const longString = 'a'.repeat(10000);
+            assert.strictEqual(escapeClickHouseString(longString), longString);
+            // Exactly at MAX_QUERY_INPUT_LENGTH (10000) should pass
+            assert.strictEqual(containsDangerousPattern(longString), false);
+        });
+        it('should reject strings exceeding max length as dangerous (defense in depth)', () => {
+            const tooLongString = 'a'.repeat(10001);
+            // Exceeds MAX_QUERY_INPUT_LENGTH - treated as dangerous for defense in depth
+            assert.strictEqual(containsDangerousPattern(tooLongString), true);
+        });
+        it('should reject very long strings even if they contain safe content', () => {
+            // 15K of safe characters should still be rejected
+            const safeButLong = 'safe-string-'.repeat(1250);
+            assert.strictEqual(containsDangerousPattern(safeButLong), true);
+        });
+        it('should handle strings with only special characters', () => {
+            assert.strictEqual(escapeClickHouseString("'''"), "\\'\\'\\'");
+            assert.strictEqual(escapeClickHouseLike('%%%'), '\\%\\%\\%');
+        });
+        it('should handle null byte injection attempts', () => {
+            assert.strictEqual(escapeClickHouseString("test\0'DROP"), "test\\0\\'DROP");
+        });
+        it('should handle mixed case dangerous patterns', () => {
+            assert.strictEqual(containsDangerousPattern('DrOp TaBlE'), true);
+            assert.strictEqual(containsDangerousPattern('uNiOn SeLeCt'), true);
+        });
+    });
+});
+//# sourceMappingURL=query-sanitizer.test.js.map

package/dist/lib/query-sanitizer.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"query-sanitizer.test.js","sourceRoot":"","sources":["../../src/lib/query-sanitizer.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,kBAAkB,EAClB,wBAAwB,EACxB,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,sBAAsB,CAAC;AAE9B,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC;YAC7C,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;YAC/C,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YAChD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7C,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAC7C,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;YACvD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;YACxD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;YAC/D,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YACjD,MAAM,CAAC,EAAE,CAAC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;YACnE,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,YAAY,CAAC,EAAE,cAAc,CAAC,CAAC;YACzE,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,gBAAgB,CAAC,EAAE,oBAAoB,CAAC,CAAC;YACnF,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,2DAA2D;YAC3D,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,aAAa,CAAC,EAAE,cAAc,CAAC,CAAC;YAC1E,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;YAChC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,cAAc,CAAC,EAAE,eAAe,CAAC,CAAC;YAC5E,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACxC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,cAAc,CAAC,EAAE,eAAe,CAAC,CAAC;YAC5E,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oBAAoB,EAAE,GAAG,EAAE;YAC5B,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,YAAY,CAAC,EAAE,aAAa,CAAC,CAAC;YACxE,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,IAAI,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,KAAK,GAAG,eAAe,CAAC;YAC9B,MAAM,QAAQ,GAAG,sBAAsB,CAAC;YACxC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,KAAK,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,uBAAuB,CAAC,EAAE,uBAAuB,CAAC,CAAC;YAC7F,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,qBAAqB,CAAC,EAAE,qBAAqB,CAAC,CAAC;QAC3F,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;QACpC,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;YACnE,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,SAAS,CAAC,EAAE,aAAa,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,YAAY,CAAC,EAAE,cAAc,CAAC,CAAC;YACvE,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACnC,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,YAAY,CAAC,EAAE,cAAc,CAAC,CAAC;QACzE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,4DAA4D;YAC5D,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;YAClC,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,WAAW,CAAC,EAAE,WAAW,CAAC,CAAC;YACjE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,cAAc,CAAC,EAAE,cAAc,CAAC,CAAC;YACvE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC9B,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,WAAW,CAAC,EAAE,UAAU,CAAC,CAAC;YAChE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,aAAa,CAAC,EAAE,YAAY,CAAC,CAAC;YACpE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,cAAc,CAAC,EAAE,YAAY,CAAC,CAAC;YACrE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,UAAU,CAAC,EAAE,SAAS,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,EAAE,sBAAsB,CAAC,CAAC;YAC3F,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,mBAAmB,CAAC,EAAE,eAAe,CAAC,CAAC;QAC/E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,cAAc,CAAC,EAAE,QAAQ,CAAC,CAAC;YACjE,MAAM,CAAC,WAAW,CAAC,kBAAkB,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;QACxC,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,OAAO,CAAC,EAAE,KAAK,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,CAAC;QACzE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,YAAY,CAAC,EAAE,IAAI,CAAC,CAAC;YACjE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,YAAY,CAAC,EAAE,IAAI,CAAC,CAAC;YACjE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,YAAY,CAAC,EAAE,IAAI,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;YAClE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,mBAAmB,CAAC,EAAE,IAAI,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;YAClE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,eAAe,CAAC,EAAE,IAAI,CAAC,CAAC;QACtE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,kBAAkB,CAAC,EAAE,IAAI,CAAC,CAAC;YACvE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACrC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC;YACnE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,kBAAkB,CAAC,EAAE,IAAI,CAAC,CAAC;YACvE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,qBAAqB,CAAC,EAAE,IAAI,CAAC,CAAC;YAC1E,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;YAClE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,0BAA0B,CAAC,EAAE,IAAI,CAAC,CAAC;YAC/E,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,eAAe,CAAC,EAAE,IAAI,CAAC,CAAC;YACpE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAClD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,eAAe,CAAC,EAAE,IAAI,CAAC,CAAC;YACpE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC;YACnE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,wDAAwD;YACxD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,SAAS,CAAC,EAAE,KAAK,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC;YAC7D,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,UAAU,CAAC,EAAE,IAAI,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;YACtE,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;YACrE,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC,kBAAkB,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC,CAAC;QAClF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,kBAAkB,CAAC,YAAY,EAAE,aAAa,CAAC,EACrD,iEAAiE,CAClE,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,kBAAkB,CAAC,YAAY,EAAE,SAAS,CAAC,EACjD,iBAAiB,CAClB,CAAC;YACF,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,kBAAkB,CAAC,aAAa,EAAE,UAAU,CAAC,EACnD,kBAAkB,CACnB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,kBAAkB,CAAC,kBAAkB,EAAE,QAAQ,CAAC,EACtD,gBAAgB,CACjB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,kBAAkB,CAAC,aAAa,EAAE,QAAQ,CAAC,EACjD,gBAAgB,CACjB,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;QACrC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC/C,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;YACrE,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,qBAAqB,CAAC,YAAY,EAAE,aAAa,CAAC,EACxD,qBAAqB,CACtB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,cAAc,CAAC,CAAC;YAClF,MAAM,CAAC,WAAW,CAAC,qBAAqB,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,cAAc,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACnC,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACnD,4EAA4E;YAC5E,MAAM,CAAC,WAAW,CAAC,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,UAAU,CAAC,CAAC;YACrE,8FAA8F;YAC9F,MAAM,CAAC,WAAW,CAAC,mBAAmB,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,MAAM,CACX,GAAG,EAAE,CAAC,mBAAmB,CAAC,cAAc,EAAE,QAAQ,CAAC,EACnD,gBAAgB,CACjB,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACzC,qBAAqB;YACrB,uDAAuD;YACvD,mEAAmE;YACnE,MAAM,MAAM,GAAG,mBAAmB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YAC3D,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACtD,MAAM,UAAU,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACrC,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;YACnE,wDAAwD;YACxD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,UAAU,CAAC,EAAE,KAAK,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4EAA4E,EAAE,GAAG,EAAE;YACpF,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACxC,6EAA6E;YAC7E,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mEAAmE,EAAE,GAAG,EAAE;YAC3E,kDAAkD;YAClD,MAAM,WAAW,GAAG,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,WAAW,CAAC,EAAE,IAAI,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;YAC5D,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC,CAAC;YAC/D,MAAM,CAAC,WAAW,CAAC,oBAAoB,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,MAAM,CAAC,WAAW,CAAC,sBAAsB,CAAC,aAAa,CAAC,EAAE,gBAAgB,CAAC,CAAC;QAC9E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,YAAY,CAAC,EAAE,IAAI,CAAC,CAAC;YACjE,MAAM,CAAC,WAAW,CAAC,wBAAwB,CAAC,cAAc,CAAC,EAAE,IAAI,CAAC,CAAC;QACrE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}