p6-cdk-s3-protector 0.0.1 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +9 -9
- package/README.md +4 -3
- package/lib/p6cdks3protector.js +1 -1
- package/lib/p6cdks3protector.p6CDKS3Protector.js +23 -23
- package/package.json +12 -12
- package/src/p6cdks3protector.p6CDKS3Protector.ts +22 -22
package/.jsii
CHANGED
|
@@ -8,9 +8,9 @@
|
|
|
8
8
|
]
|
|
9
9
|
},
|
|
10
10
|
"bundled": {
|
|
11
|
-
"@aws-sdk/client-s3": "^3.
|
|
12
|
-
"@aws-sdk/client-s3-control": "^3.
|
|
13
|
-
"@aws-sdk/client-sts": "^3.
|
|
11
|
+
"@aws-sdk/client-s3": "^3.682.0",
|
|
12
|
+
"@aws-sdk/client-s3-control": "^3.682.0",
|
|
13
|
+
"@aws-sdk/client-sts": "^3.682.0",
|
|
14
14
|
"@types/aws-lambda": "^8.10.145",
|
|
15
15
|
"aws-sdk": "^2.1691.0",
|
|
16
16
|
"cdk-iam-floyd": "^0.658.0",
|
|
@@ -3866,15 +3866,15 @@
|
|
|
3866
3866
|
}
|
|
3867
3867
|
}
|
|
3868
3868
|
},
|
|
3869
|
-
"description": "AWS CDK:
|
|
3869
|
+
"description": "AWS CDK: A Real-Time S3 Protector",
|
|
3870
3870
|
"homepage": "https://github.com/p6m7g8/p6-cdk-s3-protector.git",
|
|
3871
3871
|
"jsiiVersion": "5.5.4 (build 1378d94)",
|
|
3872
3872
|
"keywords": [
|
|
3873
3873
|
"aws",
|
|
3874
3874
|
"cdk",
|
|
3875
3875
|
"s3",
|
|
3876
|
-
"
|
|
3877
|
-
"
|
|
3876
|
+
"security",
|
|
3877
|
+
"compliance"
|
|
3878
3878
|
],
|
|
3879
3879
|
"license": "Apache-2.0",
|
|
3880
3880
|
"metadata": {
|
|
@@ -3887,7 +3887,7 @@
|
|
|
3887
3887
|
},
|
|
3888
3888
|
"name": "p6-cdk-s3-protector",
|
|
3889
3889
|
"readme": {
|
|
3890
|
-
"markdown": "AWS CDK: A real-time S3
|
|
3890
|
+
"markdown": "AWS CDK: A real-time S3 Protector\n\n# P6CDKS3Protector\n\n## LICENSE\n\n[](https://opensource.org/licenses/Apache-2.0)\n\n## Other\n\n[](https://gitpod.io/#https://github.com/p6m7g8/p6-cdk-s3-protector)   \n\n## Usage\n\n```ts\n...\nimport { P6CDKS3Protector } from 'p6-cdk-s3-protector'\n\nnew P6CDKS3Protector(this, 'p6CDKS3Protector')\n```\n\n## Architecture\n\n\n\n## Author\n\nPhilip M. Gollucci <pgollucci@p6m7g8.com>\n"
|
|
3891
3891
|
},
|
|
3892
3892
|
"repository": {
|
|
3893
3893
|
"type": "git",
|
|
@@ -3951,6 +3951,6 @@
|
|
|
3951
3951
|
"symbolId": "src/p6cdks3protector:P6CDKS3Protector"
|
|
3952
3952
|
}
|
|
3953
3953
|
},
|
|
3954
|
-
"version": "0.0.
|
|
3955
|
-
"fingerprint": "
|
|
3954
|
+
"version": "0.0.3",
|
|
3955
|
+
"fingerprint": "i8c0ygBbVjf5YtUApVd9jWQiP70l233TMozw1i6tdDE="
|
|
3956
3956
|
}
|
package/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
AWS CDK: A real-time S3
|
|
1
|
+
AWS CDK: A real-time S3 Protector
|
|
2
2
|
|
|
3
3
|
# P6CDKS3Protector
|
|
4
4
|
|
|
@@ -14,8 +14,9 @@ AWS CDK: A real-time S3 protector
|
|
|
14
14
|
|
|
15
15
|
```ts
|
|
16
16
|
...
|
|
17
|
-
import { P6CDKS3Protector } from 'p6-cdk-s3-protector'
|
|
18
|
-
|
|
17
|
+
import { P6CDKS3Protector } from 'p6-cdk-s3-protector'
|
|
18
|
+
|
|
19
|
+
new P6CDKS3Protector(this, 'p6CDKS3Protector')
|
|
19
20
|
```
|
|
20
21
|
|
|
21
22
|
## Architecture
|
package/lib/p6cdks3protector.js
CHANGED
|
@@ -31,7 +31,7 @@ const lambdajs = __importStar(require("aws-cdk-lib/aws-lambda-nodejs"));
|
|
|
31
31
|
const cr = __importStar(require("aws-cdk-lib/custom-resources"));
|
|
32
32
|
const floyd = __importStar(require("cdk-iam-floyd"));
|
|
33
33
|
class P6CDKS3Protector extends cdk.Resource {
|
|
34
|
-
static [JSII_RTTI_SYMBOL_1] = { fqn: "p6-cdk-s3-protector.P6CDKS3Protector", version: "0.0.
|
|
34
|
+
static [JSII_RTTI_SYMBOL_1] = { fqn: "p6-cdk-s3-protector.P6CDKS3Protector", version: "0.0.3" };
|
|
35
35
|
constructor(scope, id) {
|
|
36
36
|
super(scope, id);
|
|
37
37
|
const policy = new floyd.Statement.S3().allow().toPutObject().toPutObjectAcl();
|
|
@@ -23,7 +23,7 @@ const logger = winston_1.default.createLogger({
|
|
|
23
23
|
const s3Client = new client_s3_1.S3({});
|
|
24
24
|
const s3ControlClient = new client_s3_control_1.S3ControlClient({});
|
|
25
25
|
const stsClient = new client_sts_1.STSClient({});
|
|
26
|
-
function
|
|
26
|
+
function smileShortCircuitShould(event) {
|
|
27
27
|
if (event.detail.requestParameters['x-amz-acl']) {
|
|
28
28
|
logger.info('ACL is currently %s', event.detail.requestParameters['x-amz-acl'][0]);
|
|
29
29
|
if (event.detail.requestParameters['x-amz-acl'][0] === 'private') {
|
|
@@ -33,14 +33,14 @@ function p6ShortCircuitShould(event) {
|
|
|
33
33
|
}
|
|
34
34
|
return false;
|
|
35
35
|
}
|
|
36
|
-
function
|
|
36
|
+
function smileLoopPrevent(event) {
|
|
37
37
|
if (event.detail.errorCode || event.detail.errorMessage) {
|
|
38
38
|
logger.info('Previous API call resulted in an error. Ending');
|
|
39
39
|
return true;
|
|
40
40
|
}
|
|
41
41
|
return false;
|
|
42
42
|
}
|
|
43
|
-
async function
|
|
43
|
+
async function smileS3BucketAclGet(event) {
|
|
44
44
|
try {
|
|
45
45
|
const bucketName = event.detail.requestParameters.bucketName;
|
|
46
46
|
logger.info('Describing the current ACL: s3://%s', bucketName);
|
|
@@ -53,7 +53,7 @@ async function p6S3BucketAclGet(event) {
|
|
|
53
53
|
return false;
|
|
54
54
|
}
|
|
55
55
|
}
|
|
56
|
-
function
|
|
56
|
+
function smileLogDeliveryPreserve(bucketAcl) {
|
|
57
57
|
let uriList = '';
|
|
58
58
|
const preserveLogDelivery = [];
|
|
59
59
|
for (const grant of bucketAcl.Grants || []) {
|
|
@@ -67,7 +67,7 @@ function p6LogDeliveryPreserve(bucketAcl) {
|
|
|
67
67
|
}
|
|
68
68
|
return [uriList, preserveLogDelivery];
|
|
69
69
|
}
|
|
70
|
-
function
|
|
70
|
+
function smileS3BucketAclViolation(uriList) {
|
|
71
71
|
if (uriList.includes('AllUsers') || uriList.includes('AuthenticatedUsers')) {
|
|
72
72
|
logger.info('Violation found. Grant ACL greater than Private');
|
|
73
73
|
return true;
|
|
@@ -75,7 +75,7 @@ function p6S3BucketAclViolation(uriList) {
|
|
|
75
75
|
logger.info('ACL is correctly already private');
|
|
76
76
|
return false;
|
|
77
77
|
}
|
|
78
|
-
async function
|
|
78
|
+
async function smileS3BucketAclCorrect(bucketAcl, preserveLogDelivery) {
|
|
79
79
|
logger.info('Attempting Automatic Resolution');
|
|
80
80
|
try {
|
|
81
81
|
if (preserveLogDelivery) {
|
|
@@ -117,20 +117,20 @@ async function p6S3BucketAclCorrect(bucketAcl, preserveLogDelivery) {
|
|
|
117
117
|
logger.info('Error was: %s', err);
|
|
118
118
|
}
|
|
119
119
|
}
|
|
120
|
-
async function
|
|
121
|
-
if (
|
|
120
|
+
async function smileS3PublicBucketAcl(event) {
|
|
121
|
+
if (smileShortCircuitShould(event)) {
|
|
122
122
|
return true;
|
|
123
123
|
}
|
|
124
|
-
if (
|
|
124
|
+
if (smileLoopPrevent(event)) {
|
|
125
125
|
return true;
|
|
126
126
|
}
|
|
127
|
-
const bucketAcl = await
|
|
127
|
+
const bucketAcl = await smileS3BucketAclGet(event);
|
|
128
128
|
if (!bucketAcl) {
|
|
129
129
|
return false;
|
|
130
130
|
}
|
|
131
|
-
const [uriList, preserveLogDelivery] =
|
|
132
|
-
if (
|
|
133
|
-
await
|
|
131
|
+
const [uriList, preserveLogDelivery] = smileLogDeliveryPreserve(bucketAcl);
|
|
132
|
+
if (smileS3BucketAclViolation(uriList)) {
|
|
133
|
+
await smileS3BucketAclCorrect(bucketAcl, preserveLogDelivery);
|
|
134
134
|
return true;
|
|
135
135
|
}
|
|
136
136
|
return false;
|
|
@@ -154,14 +154,14 @@ async function awsMakePrivate(bucket, key) {
|
|
|
154
154
|
logger.info('Making s3://%s/%s private', bucket, key);
|
|
155
155
|
await s3Client.putObjectAcl({ Bucket: bucket, Key: key, ACL: 'private' });
|
|
156
156
|
}
|
|
157
|
-
async function
|
|
157
|
+
async function smileS3PublicBucketObjectAcl(event) {
|
|
158
158
|
const key = event.detail.requestParameters.key;
|
|
159
159
|
const bucket = event.detail.requestParameters.bucketName;
|
|
160
160
|
if (!(await awsIsPrivate(bucket, key))) {
|
|
161
161
|
await awsMakePrivate(bucket, key);
|
|
162
162
|
}
|
|
163
163
|
}
|
|
164
|
-
async function
|
|
164
|
+
async function smileS3PublicBucketAccessBlock(event) {
|
|
165
165
|
const pbc = event.detail.requestParameters.PublicAccessBlockConfiguration;
|
|
166
166
|
logger.info(JSON.stringify(pbc));
|
|
167
167
|
if (!pbc.RestrictPublicBuckets || !pbc.BlockPublicPolicy || !pbc.BlockPublicAcls || !pbc.IgnorePublicAcls) {
|
|
@@ -179,7 +179,7 @@ async function p6S3PublicBucketAccessBlock(event) {
|
|
|
179
179
|
logger.info(JSON.stringify(response));
|
|
180
180
|
}
|
|
181
181
|
}
|
|
182
|
-
async function
|
|
182
|
+
async function smileS3PublicAccessBlock(event) {
|
|
183
183
|
const pbc = event.detail.requestParameters.PublicAccessBlockConfiguration;
|
|
184
184
|
logger.info(JSON.stringify(pbc));
|
|
185
185
|
if (!pbc.RestrictPublicBuckets || !pbc.BlockPublicPolicy || !pbc.BlockPublicAcls || !pbc.IgnorePublicAcls) {
|
|
@@ -198,7 +198,7 @@ async function p6S3PublicAccessBlock(event) {
|
|
|
198
198
|
logger.info(JSON.stringify(response));
|
|
199
199
|
}
|
|
200
200
|
}
|
|
201
|
-
async function
|
|
201
|
+
async function smileS3PublicFusebox(event) {
|
|
202
202
|
if (!event.detail || !event.detail.eventName) {
|
|
203
203
|
return false;
|
|
204
204
|
}
|
|
@@ -214,21 +214,21 @@ async function p6S3PublicFusebox(event) {
|
|
|
214
214
|
logger.info('eventName: %s', eventName);
|
|
215
215
|
}
|
|
216
216
|
if (eventName === 'PutBucketAcl') {
|
|
217
|
-
await
|
|
217
|
+
await smileS3PublicBucketAcl(event);
|
|
218
218
|
}
|
|
219
219
|
else if (eventName === 'PutObjectAcl') {
|
|
220
|
-
await
|
|
220
|
+
await smileS3PublicBucketObjectAcl(event);
|
|
221
221
|
}
|
|
222
222
|
else if (eventName === 'PutBucketPublicAccessBlock') {
|
|
223
|
-
await
|
|
223
|
+
await smileS3PublicBucketAccessBlock(event);
|
|
224
224
|
}
|
|
225
225
|
else if (eventName === 'PutAccountPublicAccessBlock') {
|
|
226
|
-
await
|
|
226
|
+
await smileS3PublicAccessBlock(event);
|
|
227
227
|
}
|
|
228
228
|
return true;
|
|
229
229
|
}
|
|
230
230
|
async function handler(event, _context) {
|
|
231
|
-
await
|
|
231
|
+
await smileS3PublicFusebox(event);
|
|
232
232
|
return true;
|
|
233
233
|
}
|
|
234
234
|
async function main() {
|
|
@@ -240,4 +240,4 @@ async function main() {
|
|
|
240
240
|
if (require.main === module) {
|
|
241
241
|
main();
|
|
242
242
|
}
|
|
243
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicDZjZGtzM3Byb3RlY3Rvci5wNkNES1MzUHJvdGVjdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3A2Y2RrczNwcm90ZWN0b3IucDZDREtTM1Byb3RlY3Rvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQXFSQSwwQkFHQztBQUVELG9CQU1DO0FBN1JELHNEQUF3QjtBQUN4QiwwREFBNEI7QUFDNUIsa0RBQXVDO0FBQ3ZDLGtFQUF5RjtBQUN6RixvREFBeUU7QUFDekUsc0RBQTZCO0FBRTdCLHVCQUF1QjtBQUN2QixNQUFNLE1BQU0sR0FBVyxpQkFBTyxDQUFDLFlBQVksQ0FBQztJQUMxQyxLQUFLLEVBQUUsTUFBTTtJQUNiLE1BQU0sRUFBRSxpQkFBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUU7SUFDN0IsV0FBVyxFQUFFLEVBQUUsT0FBTyxFQUFFLGNBQWMsRUFBRTtJQUN4QyxVQUFVLEVBQUU7UUFDVixJQUFJLGlCQUFPLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRTtLQUNqQztDQUNGLENBQUMsQ0FBQTtBQUVGLE1BQU0sUUFBUSxHQUFHLElBQUksY0FBRSxDQUFDLEVBQUUsQ0FBQyxDQUFBO0FBQzNCLE1BQU0sZUFBZSxHQUFHLElBQUksbUNBQWUsQ0FBQyxFQUFFLENBQUMsQ0FBQTtBQUMvQyxNQUFNLFNBQVMsR0FBRyxJQUFJLHNCQUFTLENBQUMsRUFBRSxDQUFDLENBQUE7QUFhbkMsU0FBUyxvQkFBb0IsQ0FBQyxLQUFjO0lBQzFDLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1FBQ2hELE1BQU0sQ0FBQyxJQUFJLENBQUMscUJBQXFCLEVBQUUsS0FBSyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFBO1FBQ2xGLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxTQUFTLEVBQUUsQ0FBQztZQUNqRSxNQUFNLENBQUMsSUFBSSxDQUFDLGtDQUFrQyxDQUFDLENBQUE7WUFDL0MsT0FBTyxJQUFJLENBQUE7UUFDYixDQUFDO0lBQ0gsQ0FBQztJQUNELE9BQU8sS0FBSyxDQUFBO0FBQ2QsQ0FBQztBQUVELFNBQVMsYUFBYSxDQUFDLEtBQWM7SUFDbkMsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDLFNBQVMsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQ3hELE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0RBQWdELENBQUMsQ0FBQTtRQUM3RCxPQUFPLElBQUksQ0FBQTtJQUNiLENBQUM7SUFDRCxPQUFPLEtBQUssQ0FBQTtBQUNkLENBQUM7QUFFRCxLQUFLLFVBQVUsZ0JBQWdCLENBQUMsS0FBYztJQUM1QyxJQUFJLENBQUM7UUFDSCxNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLFVBQVUsQ0FBQTtRQUM1RCxNQUFNLENBQUMsSUFBSSxDQUFDLHFDQUFxQyxFQUFFLFVBQVUsQ0FBQyxDQUFBO1FBQzlELE1BQU0sU0FBUyxHQUFHLE1BQU0sUUFBUSxDQUFDLFlBQVksQ0FBQyxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFBO1FBQ3JFLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFBO1FBQ3RDLE9BQU8sU0FBUyxDQUFBO0lBQ2xCLENBQUM7SUFDRCxPQUFPLEdBQUcsRUFBRSxDQUFDO1FBQ1gsTUFBTSxDQUFDLEtBQUssQ0FBQyw2Q0FBNkMsRUFBRSxHQUFHLENBQUMsQ0FBQTtRQUNoRSxPQUFPLEtBQUssQ0FBQTtJQUNkLENBQUM7QUFDSCxDQUFDO0FBRUQsU0FBUyxxQkFBcUIsQ0FBQyxTQUE2QjtJQUMxRCxJQUFJLE9BQU8sR0FBRyxFQUFFLENBQUE7SUFDaEIsTUFBTSxtQkFBbUIsR0FBWSxFQUFFLENBQUE7SUFFdkMsS0FBSyxNQUFNLEtBQUssSUFBSSxTQUFTLENBQUMsTUFBTSxJQUFJLEVBQUUsRUFBRSxDQUFDO1FBQzNDLElBQUksS0FBSyxDQUFDLE9BQU8sRUFBRSxHQUFHLEVBQUUsQ0FBQztZQUN2QixNQUFNLENBQUMsSUFBSSxDQUFDLGlCQUFpQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQTtZQUNyRCxPQUFPLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUE7WUFDNUIsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLEVBQUUsQ0FBQztnQkFDOUMsbUJBQW1CLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFBO1lBQ2pDLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUVELE9BQU8sQ0FBQyxPQUFPLEVBQUUsbUJBQW1CLENBQUMsQ0FBQTtBQUN2QyxDQUFDO0FBRUQsU0FBUyxzQkFBc0IsQ0FBQyxPQUFlO0lBQzdDLElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUMsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLG9CQUFvQixDQUFDLEVBQUUsQ0FBQztRQUMzRSxNQUFNLENBQUMsSUFBSSxDQUFDLGtEQUFrRCxDQUFDLENBQUE7UUFDL0QsT0FBTyxJQUFJLENBQUE7SUFDYixDQUFDO0lBQ0QsTUFBTSxDQUFDLElBQUksQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFBO0lBQy9DLE9BQU8sS0FBSyxDQUFBO0FBQ2QsQ0FBQztBQUVELEtBQUssVUFBVSxvQkFBb0IsQ0FBQyxTQUE2QixFQUFFLG1CQUF5QztJQUMxRyxNQUFNLENBQUMsSUFBSSxDQUFDLGlDQUFpQyxDQUFDLENBQUE7SUFDOUMsSUFBSSxDQUFDO1FBQ0gsSUFBSSxtQkFBbUIsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxJQUFJLENBQUMsa0NBQWtDLENBQUMsQ0FBQTtZQUMvQyxNQUFNLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsbUJBQW1CLENBQUMsQ0FBQyxDQUFBO1lBRXBFLE1BQU0sU0FBUyxHQUFHO2dCQUNoQixNQUFNLEVBQUUsbUJBQW1CO2dCQUMzQixLQUFLLEVBQUUsU0FBUyxDQUFDLEtBQUs7YUFDdkIsQ0FBQTtZQUVELE1BQU0sUUFBUSxHQUFHLE1BQU0sUUFBUSxDQUFDLFlBQVksQ0FBQztnQkFDM0MsTUFBTSxFQUFFLFNBQVMsRUFBRSxLQUFLLEVBQUUsRUFBRTtnQkFDNUIsbUJBQW1CLEVBQUUsU0FBUzthQUMvQixDQUFDLENBQUE7WUFFRixNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQTtZQUNyQyxJQUFJLFFBQVEsQ0FBQyxTQUFTLENBQUMsY0FBYyxLQUFLLEdBQUcsRUFBRSxDQUFDO2dCQUM5QyxNQUFNLENBQUMsSUFBSSxDQUFDLHNDQUFzQyxDQUFDLENBQUE7WUFDckQsQ0FBQztpQkFDSSxDQUFDO2dCQUNKLE1BQU0sQ0FBQyxLQUFLLENBQUMsc0NBQXNDLENBQUMsQ0FBQTtZQUN0RCxDQUFDO1FBQ0gsQ0FBQzthQUNJLENBQUM7WUFDSixNQUFNLENBQUMsSUFBSSxDQUFDLDhCQUE4QixDQUFDLENBQUE7WUFDM0MsTUFBTSxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsWUFBWSxDQUFDO2dCQUMzQyxNQUFNLEVBQUUsU0FBUyxFQUFFLEtBQUssRUFBRSxFQUFFO2dCQUM1QixHQUFHLEVBQUUsU0FBUzthQUNmLENBQUMsQ0FBQTtZQUVGLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFBO1lBQ3JDLElBQUksUUFBUSxDQUFDLFNBQVMsQ0FBQyxjQUFjLEtBQUssR0FBRyxFQUFFLENBQUM7Z0JBQzlDLE1BQU0sQ0FBQyxJQUFJLENBQUMsd0NBQXdDLENBQUMsQ0FBQTtZQUN2RCxDQUFDO2lCQUNJLENBQUM7Z0JBQ0osTUFBTSxDQUFDLEtBQUssQ0FBQyxzQ0FBc0MsQ0FBQyxDQUFBO1lBQ3RELENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUNELE9BQU8sR0FBRyxFQUFFLENBQUM7UUFDWCxNQUFNLENBQUMsSUFBSSxDQUFDLDJDQUEyQyxDQUFDLENBQUE7UUFDeEQsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsR0FBRyxDQUFDLENBQUE7SUFDbkMsQ0FBQztBQUNILENBQUM7QUFFRCxLQUFLLFVBQVUsbUJBQW1CLENBQUMsS0FBYztJQUMvQyxJQUFJLG9CQUFvQixDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDaEMsT0FBTyxJQUFJLENBQUE7SUFDYixDQUFDO0lBRUQsSUFBSSxhQUFhLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUN6QixPQUFPLElBQUksQ0FBQTtJQUNiLENBQUM7SUFFRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxDQUFBO0lBQy9DLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztRQUNmLE9BQU8sS0FBSyxDQUFBO0lBQ2QsQ0FBQztJQUVELE1BQU0sQ0FBQyxPQUFPLEVBQUUsbUJBQW1CLENBQUMsR0FBRyxxQkFBcUIsQ0FBQyxTQUFTLENBQUMsQ0FBQTtJQUV2RSxJQUFJLHNCQUFzQixDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDcEMsTUFBTSxvQkFBb0IsQ0FBQyxTQUFTLEVBQUUsbUJBQW1CLENBQUMsQ0FBQTtRQUMxRCxPQUFPLElBQUksQ0FBQTtJQUNiLENBQUM7SUFFRCxPQUFPLEtBQUssQ0FBQTtBQUNkLENBQUM7QUFFRCxLQUFLLFVBQVUsWUFBWSxDQUFDLE1BQWMsRUFBRSxHQUFXO0lBQ3JELE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0NBQWdDLEVBQUUsTUFBTSxFQUFFLEdBQUcsQ0FBQyxDQUFBO0lBQzFELE1BQU0sR0FBRyxHQUFHLE1BQU0sUUFBUSxDQUFDLFlBQVksQ0FBQyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUE7SUFFckUsSUFBSSxHQUFHLENBQUMsTUFBTyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUMzQixNQUFNLENBQUMsSUFBSSxDQUFDLHdCQUF3QixDQUFDLENBQUE7UUFDckMsT0FBTyxLQUFLLENBQUE7SUFDZCxDQUFDO0lBRUQsTUFBTSxPQUFPLEdBQUcsR0FBRyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUE7SUFDN0IsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDLE1BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFBO0lBQzVDLElBQUksT0FBTyxLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQzFCLE1BQU0sQ0FBQyxJQUFJLENBQUMsc0NBQXNDLEVBQUUsT0FBTyxFQUFFLFNBQVMsQ0FBQyxDQUFBO1FBQ3ZFLE9BQU8sS0FBSyxDQUFBO0lBQ2QsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFBO0FBQ2IsQ0FBQztBQUVELEtBQUssVUFBVSxjQUFjLENBQUMsTUFBYyxFQUFFLEdBQVc7SUFDdkQsTUFBTSxDQUFDLElBQUksQ0FBQywyQkFBMkIsRUFBRSxNQUFNLEVBQUUsR0FBRyxDQUFDLENBQUE7SUFDckQsTUFBTSxRQUFRLENBQUMsWUFBWSxDQUFDLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFBO0FBQzNFLENBQUM7QUFFRCxLQUFLLFVBQVUseUJBQXlCLENBQUMsS0FBYztJQUNyRCxNQUFNLEdBQUcsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQTtJQUM5QyxNQUFNLE1BQU0sR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLFVBQVUsQ0FBQTtJQUV4RCxJQUFJLENBQUMsQ0FBQyxNQUFNLFlBQVksQ0FBQyxNQUFNLEVBQUUsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFDO1FBQ3ZDLE1BQU0sY0FBYyxDQUFDLE1BQU0sRUFBRSxHQUFHLENBQUMsQ0FBQTtJQUNuQyxDQUFDO0FBQ0gsQ0FBQztBQUVELEtBQUssVUFBVSwyQkFBMkIsQ0FBQyxLQUFjO0lBQ3ZELE1BQU0sR0FBRyxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUMsOEJBQThCLENBQUE7SUFDekUsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUE7SUFFaEMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxlQUFlLElBQUksQ0FBQyxHQUFHLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztRQUMxRyxNQUFNLE1BQU0sR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLFVBQVUsQ0FBQTtRQUN4RCxNQUFNLENBQUMsSUFBSSxDQUFDLG9DQUFvQyxFQUFFLE1BQU0sQ0FBQyxDQUFBO1FBRXpELE1BQU0sUUFBUSxHQUFHLE1BQU0sUUFBUSxDQUFDLG9CQUFvQixDQUFDO1lBQ25ELE1BQU0sRUFBRSxNQUFNO1lBQ2QsOEJBQThCLEVBQUU7Z0JBQzlCLGVBQWUsRUFBRSxJQUFJO2dCQUNyQixnQkFBZ0IsRUFBRSxJQUFJO2dCQUN0QixpQkFBaUIsRUFBRSxJQUFJO2dCQUN2QixxQkFBcUIsRUFBRSxJQUFJO2FBQzVCO1NBQ0YsQ0FBQyxDQUFBO1FBRUYsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUE7SUFDdkMsQ0FBQztBQUNILENBQUM7QUFFRCxLQUFLLFVBQVUscUJBQXFCLENBQUMsS0FBYztJQUNqRCxNQUFNLEdBQUcsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLDhCQUE4QixDQUFBO0lBQ3pFLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFBO0lBRWhDLElBQUksQ0FBQyxHQUFHLENBQUMscUJBQXFCLElBQUksQ0FBQyxHQUFHLENBQUMsaUJBQWlCLElBQUksQ0FBQyxHQUFHLENBQUMsZUFBZSxJQUFJLENBQUMsR0FBRyxDQUFDLGdCQUFnQixFQUFFLENBQUM7UUFDMUcsTUFBTSxPQUFPLEdBQUcsSUFBSSxxQ0FBd0IsQ0FBQyxFQUFFLENBQUMsQ0FBQTtRQUNoRCxNQUFNLE9BQU8sR0FBRyxNQUFNLFNBQVMsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUE7UUFDN0MsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUE7UUFFMUIsTUFBTSxRQUFRLEdBQUcsTUFBTSxlQUFlLENBQUMsSUFBSSxDQUFDLElBQUksK0NBQTJCLENBQUM7WUFDMUUsOEJBQThCLEVBQUU7Z0JBQzlCLGVBQWUsRUFBRSxJQUFJO2dCQUNyQixnQkFBZ0IsRUFBRSxJQUFJO2dCQUN0QixpQkFBaUIsRUFBRSxJQUFJO2dCQUN2QixxQkFBcUIsRUFBRSxJQUFJO2FBQzVCO1lBQ0QsU0FBUyxFQUFFLE9BQU8sQ0FBQyxPQUFPO1NBQzNCLENBQUMsQ0FBQyxDQUFBO1FBRUgsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUE7SUFDdkMsQ0FBQztBQUNILENBQUM7QUFFRCxLQUFLLFVBQVUsaUJBQWlCLENBQUMsS0FBYztJQUM3QyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDN0MsT0FBTyxLQUFLLENBQUE7SUFDZCxDQUFDO0lBRUQsTUFBTSxNQUFNLEdBQUc7UUFDYixjQUFjO1FBQ2QsY0FBYztRQUNkLDRCQUE0QjtRQUM1Qiw2QkFBNkI7S0FDOUIsQ0FBQTtJQUVELE1BQU0sU0FBUyxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFBO0lBQ3hDLElBQUksTUFBTSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO1FBQy9CLE1BQU0sQ0FBQyxJQUFJLENBQUMsd0ZBQXdGLENBQUMsQ0FBQTtRQUNyRyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsRUFBRSxTQUFTLENBQUMsQ0FBQTtJQUN6QyxDQUFDO0lBRUQsSUFBSSxTQUFTLEtBQUssY0FBYyxFQUFFLENBQUM7UUFDakMsTUFBTSxtQkFBbUIsQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUNsQyxDQUFDO1NBQ0ksSUFBSSxTQUFTLEtBQUssY0FBYyxFQUFFLENBQUM7UUFDdEMsTUFBTSx5QkFBeUIsQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUN4QyxDQUFDO1NBQ0ksSUFBSSxTQUFTLEtBQUssNEJBQTRCLEVBQUUsQ0FBQztRQUNwRCxNQUFNLDJCQUEyQixDQUFDLEtBQUssQ0FBQyxDQUFBO0lBQzFDLENBQUM7U0FDSSxJQUFJLFNBQVMsS0FBSyw2QkFBNkIsRUFBRSxDQUFDO1FBQ3JELE1BQU0scUJBQXFCLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDcEMsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFBO0FBQ2IsQ0FBQztBQUVNLEtBQUssVUFBVSxPQUFPLENBQUMsS0FBYyxFQUFFLFFBQWtCO0lBQzlELE1BQU0saUJBQWlCLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDOUIsT0FBTyxJQUFJLENBQUE7QUFDYixDQUFDO0FBRU0sS0FBSyxVQUFVLElBQUk7SUFDeEIsTUFBTSxDQUFDLEtBQUssQ0FBQyxvQ0FBb0MsQ0FBQyxDQUFBO0lBQ2xELE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsaUJBQUUsQ0FBQyxZQUFZLENBQUMsbUJBQUksQ0FBQyxPQUFPLENBQUMsNEJBQTRCLENBQUMsRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFBO0lBRTVGLE1BQU0sQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUE7SUFDekIsTUFBTSxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUE7QUFDckIsQ0FBQztBQUVELElBQUksT0FBTyxDQUFDLElBQUksS0FBSyxNQUFNLEVBQUUsQ0FBQztJQUM1QixJQUFJLEVBQUUsQ0FBQTtBQUNSLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgdHlwZSB7IEdldEJ1Y2tldEFjbE91dHB1dCwgR3JhbnQgfSBmcm9tICdAYXdzLXNkay9jbGllbnQtczMnXG5pbXBvcnQgdHlwZSB7IENvbnRleHQgfSBmcm9tICdhd3MtbGFtYmRhJ1xuaW1wb3J0IHR5cGUgeyBMb2dnZXIgfSBmcm9tICd3aW5zdG9uJ1xuaW1wb3J0IGZzIGZyb20gJ25vZGU6ZnMnXG5pbXBvcnQgcGF0aCBmcm9tICdub2RlOnBhdGgnXG5pbXBvcnQgeyBTMyB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1zMydcbmltcG9ydCB7IFB1dFB1YmxpY0FjY2Vzc0Jsb2NrQ29tbWFuZCwgUzNDb250cm9sQ2xpZW50IH0gZnJvbSAnQGF3cy1zZGsvY2xpZW50LXMzLWNvbnRyb2wnXG5pbXBvcnQgeyBHZXRDYWxsZXJJZGVudGl0eUNvbW1hbmQsIFNUU0NsaWVudCB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1zdHMnXG5pbXBvcnQgd2luc3RvbiBmcm9tICd3aW5zdG9uJ1xuXG4vLyBDb25maWd1cmUgdGhlIGxvZ2dlclxuY29uc3QgbG9nZ2VyOiBMb2dnZXIgPSB3aW5zdG9uLmNyZWF0ZUxvZ2dlcih7XG4gIGxldmVsOiAnaW5mbycsXG4gIGZvcm1hdDogd2luc3Rvbi5mb3JtYXQuanNvbigpLFxuICBkZWZhdWx0TWV0YTogeyBzZXJ2aWNlOiAndXNlci1zZXJ2aWNlJyB9LFxuICB0cmFuc3BvcnRzOiBbXG4gICAgbmV3IHdpbnN0b24udHJhbnNwb3J0cy5Db25zb2xlKCksXG4gIF0sXG59KVxuXG5jb25zdCBzM0NsaWVudCA9IG5ldyBTMyh7fSlcbmNvbnN0IHMzQ29udHJvbENsaWVudCA9IG5ldyBTM0NvbnRyb2xDbGllbnQoe30pXG5jb25zdCBzdHNDbGllbnQgPSBuZXcgU1RTQ2xpZW50KHt9KVxuXG5pbnRlcmZhY2UgUzNFdmVudCB7XG4gIGRldGFpbDoge1xuICAgIHJlcXVlc3RQYXJhbWV0ZXJzOiB7XG4gICAgICBba2V5OiBzdHJpbmddOiBhbnlcbiAgICB9XG4gICAgZXZlbnROYW1lOiBzdHJpbmdcbiAgICBlcnJvckNvZGU/OiBzdHJpbmdcbiAgICBlcnJvck1lc3NhZ2U/OiBzdHJpbmdcbiAgfVxufVxuXG5mdW5jdGlvbiBwNlNob3J0Q2lyY3VpdFNob3VsZChldmVudDogUzNFdmVudCk6IGJvb2xlYW4ge1xuICBpZiAoZXZlbnQuZGV0YWlsLnJlcXVlc3RQYXJhbWV0ZXJzWyd4LWFtei1hY2wnXSkge1xuICAgIGxvZ2dlci5pbmZvKCdBQ0wgaXMgY3VycmVudGx5ICVzJywgZXZlbnQuZGV0YWlsLnJlcXVlc3RQYXJhbWV0ZXJzWyd4LWFtei1hY2wnXVswXSlcbiAgICBpZiAoZXZlbnQuZGV0YWlsLnJlcXVlc3RQYXJhbWV0ZXJzWyd4LWFtei1hY2wnXVswXSA9PT0gJ3ByaXZhdGUnKSB7XG4gICAgICBsb2dnZXIuaW5mbygnQUNMIGlzIGFscmVhZHkgcHJpdmF0ZS4gIEVuZGluZy4nKVxuICAgICAgcmV0dXJuIHRydWVcbiAgICB9XG4gIH1cbiAgcmV0dXJuIGZhbHNlXG59XG5cbmZ1bmN0aW9uIHA2TG9vcFByZXZlbnQoZXZlbnQ6IFMzRXZlbnQpOiBib29sZWFuIHtcbiAgaWYgKGV2ZW50LmRldGFpbC5lcnJvckNvZGUgfHwgZXZlbnQuZGV0YWlsLmVycm9yTWVzc2FnZSkge1xuICAgIGxvZ2dlci5pbmZvKCdQcmV2aW91cyBBUEkgY2FsbCByZXN1bHRlZCBpbiBhbiBlcnJvci4gRW5kaW5nJylcbiAgICByZXR1cm4gdHJ1ZVxuICB9XG4gIHJldHVybiBmYWxzZVxufVxuXG5hc3luYyBmdW5jdGlvbiBwNlMzQnVja2V0QWNsR2V0KGV2ZW50OiBTM0V2ZW50KTogUHJvbWlzZTxHZXRCdWNrZXRBY2xPdXRwdXQgfCBmYWxzZT4ge1xuICB0cnkge1xuICAgIGNvbnN0IGJ1Y2tldE5hbWUgPSBldmVudC5kZXRhaWwucmVxdWVzdFBhcmFtZXRlcnMuYnVja2V0TmFtZVxuICAgIGxvZ2dlci5pbmZvKCdEZXNjcmliaW5nIHRoZSBjdXJyZW50IEFDTDogczM6Ly8lcycsIGJ1Y2tldE5hbWUpXG4gICAgY29uc3QgYnVja2V0QWNsID0gYXdhaXQgczNDbGllbnQuZ2V0QnVja2V0QWNsKHsgQnVja2V0OiBidWNrZXROYW1lIH0pXG4gICAgbG9nZ2VyLmluZm8oSlNPTi5zdHJpbmdpZnkoYnVja2V0QWNsKSlcbiAgICByZXR1cm4gYnVja2V0QWNsXG4gIH1cbiAgY2F0Y2ggKGVycikge1xuICAgIGxvZ2dlci5lcnJvcignRXJyb3Igd2FzOiB7JXN9IE1hbnVhbCBmb2xsb3d1cCByZWNvbW1lbmRlZCcsIGVycilcbiAgICByZXR1cm4gZmFsc2VcbiAgfVxufVxuXG5mdW5jdGlvbiBwNkxvZ0RlbGl2ZXJ5UHJlc2VydmUoYnVja2V0QWNsOiBHZXRCdWNrZXRBY2xPdXRwdXQpOiBbc3RyaW5nLCBHcmFudFtdXSB7XG4gIGxldCB1cmlMaXN0ID0gJydcbiAgY29uc3QgcHJlc2VydmVMb2dEZWxpdmVyeTogR3JhbnRbXSA9IFtdXG5cbiAgZm9yIChjb25zdCBncmFudCBvZiBidWNrZXRBY2wuR3JhbnRzIHx8IFtdKSB7XG4gICAgaWYgKGdyYW50LkdyYW50ZWU/LlVSSSkge1xuICAgICAgbG9nZ2VyLmluZm8oJ0ZvdW5kIEdyYW50OiAlcycsIEpTT04uc3RyaW5naWZ5KGdyYW50KSlcbiAgICAgIHVyaUxpc3QgKz0gZ3JhbnQuR3JhbnRlZS5VUklcbiAgICAgIGlmIChncmFudC5HcmFudGVlLlVSSS5pbmNsdWRlcygnTG9nRGVsaXZlcnknKSkge1xuICAgICAgICBwcmVzZXJ2ZUxvZ0RlbGl2ZXJ5LnB1c2goZ3JhbnQpXG4gICAgICB9XG4gICAgfVxuICB9XG5cbiAgcmV0dXJuIFt1cmlMaXN0LCBwcmVzZXJ2ZUxvZ0RlbGl2ZXJ5XVxufVxuXG5mdW5jdGlvbiBwNlMzQnVja2V0QWNsVmlvbGF0aW9uKHVyaUxpc3Q6IHN0cmluZyk6IGJvb2xlYW4ge1xuICBpZiAodXJpTGlzdC5pbmNsdWRlcygnQWxsVXNlcnMnKSB8fCB1cmlMaXN0LmluY2x1ZGVzKCdBdXRoZW50aWNhdGVkVXNlcnMnKSkge1xuICAgIGxvZ2dlci5pbmZvKCdWaW9sYXRpb24gZm91bmQuICBHcmFudCBBQ0wgZ3JlYXRlciB0aGFuIFByaXZhdGUnKVxuICAgIHJldHVybiB0cnVlXG4gIH1cbiAgbG9nZ2VyLmluZm8oJ0FDTCBpcyBjb3JyZWN0bHkgYWxyZWFkeSBwcml2YXRlJylcbiAgcmV0dXJuIGZhbHNlXG59XG5cbmFzeW5jIGZ1bmN0aW9uIHA2UzNCdWNrZXRBY2xDb3JyZWN0KGJ1Y2tldEFjbDogR2V0QnVja2V0QWNsT3V0cHV0LCBwcmVzZXJ2ZUxvZ0RlbGl2ZXJ5OiBBcnJheTxHcmFudD4gfCBmYWxzZSk6IFByb21pc2U8dm9pZD4ge1xuICBsb2dnZXIuaW5mbygnQXR0ZW1wdGluZyBBdXRvbWF0aWMgUmVzb2x1dGlvbicpXG4gIHRyeSB7XG4gICAgaWYgKHByZXNlcnZlTG9nRGVsaXZlcnkpIHtcbiAgICAgIGxvZ2dlci5pbmZvKCdBQ0wgcmVzZXR0aW5nIEFDTCB0byBMb2dEZWxpdmVyeScpXG4gICAgICBsb2dnZXIuaW5mbygnUHJlc2VydmUgd2FzOiAlcycsIEpTT04uc3RyaW5naWZ5KHByZXNlcnZlTG9nRGVsaXZlcnkpKVxuXG4gICAgICBjb25zdCBhY2xTdHJpbmcgPSB7XG4gICAgICAgIEdyYW50czogcHJlc2VydmVMb2dEZWxpdmVyeSxcbiAgICAgICAgT3duZXI6IGJ1Y2tldEFjbC5Pd25lcixcbiAgICAgIH1cblxuICAgICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCBzM0NsaWVudC5wdXRCdWNrZXRBY2woe1xuICAgICAgICBCdWNrZXQ6IGJ1Y2tldEFjbD8uT3duZXI/LklELFxuICAgICAgICBBY2Nlc3NDb250cm9sUG9saWN5OiBhY2xTdHJpbmcsXG4gICAgICB9KVxuXG4gICAgICBsb2dnZXIuaW5mbyhKU09OLnN0cmluZ2lmeShyZXNwb25zZSkpXG4gICAgICBpZiAocmVzcG9uc2UuJG1ldGFkYXRhLmh0dHBTdGF0dXNDb2RlID09PSAyMDApIHtcbiAgICAgICAgbG9nZ2VyLmluZm8oJ1JldmVydGVkIHRvIG9ubHkgY29udGFpbiBMb2dEZWxpdmVyeScpXG4gICAgICB9XG4gICAgICBlbHNlIHtcbiAgICAgICAgbG9nZ2VyLmVycm9yKCdQdXRCdWNrZXRBQ0wgZmFpbGVkLiBNYW51YWwgZm9sbG93dXAnKVxuICAgICAgfVxuICAgIH1cbiAgICBlbHNlIHtcbiAgICAgIGxvZ2dlci5pbmZvKCdBQ0wgcmVzZXR0aW5nIEFDTCB0byBQcml2YXRlJylcbiAgICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgczNDbGllbnQucHV0QnVja2V0QWNsKHtcbiAgICAgICAgQnVja2V0OiBidWNrZXRBY2w/Lk93bmVyPy5JRCxcbiAgICAgICAgQUNMOiAncHJpdmF0ZScsXG4gICAgICB9KVxuXG4gICAgICBsb2dnZXIuaW5mbyhKU09OLnN0cmluZ2lmeShyZXNwb25zZSkpXG4gICAgICBpZiAocmVzcG9uc2UuJG1ldGFkYXRhLmh0dHBTdGF0dXNDb2RlID09PSAyMDApIHtcbiAgICAgICAgbG9nZ2VyLmluZm8oJ0J1Y2tldCBBQ0wgaGFzIGJlZW4gY2hhbmdlZCB0byBQcml2YXRlJylcbiAgICAgIH1cbiAgICAgIGVsc2Uge1xuICAgICAgICBsb2dnZXIuZXJyb3IoJ1B1dEJ1Y2tldEFDTCBmYWlsZWQuIE1hbnVhbCBmb2xsb3d1cCcpXG4gICAgICB9XG4gICAgfVxuICB9XG4gIGNhdGNoIChlcnIpIHtcbiAgICBsb2dnZXIuaW5mbygnVW5hYmxlIHRvIHJlc29sdmUgdmlvbGF0aW9uIGF1dG9tYXRpY2FsbHknKVxuICAgIGxvZ2dlci5pbmZvKCdFcnJvciB3YXM6ICVzJywgZXJyKVxuICB9XG59XG5cbmFzeW5jIGZ1bmN0aW9uIHA2UzNQdWJsaWNCdWNrZXRBY2woZXZlbnQ6IFMzRXZlbnQpOiBQcm9taXNlPGJvb2xlYW4+IHtcbiAgaWYgKHA2U2hvcnRDaXJjdWl0U2hvdWxkKGV2ZW50KSkge1xuICAgIHJldHVybiB0cnVlXG4gIH1cblxuICBpZiAocDZMb29wUHJldmVudChldmVudCkpIHtcbiAgICByZXR1cm4gdHJ1ZVxuICB9XG5cbiAgY29uc3QgYnVja2V0QWNsID0gYXdhaXQgcDZTM0J1Y2tldEFjbEdldChldmVudClcbiAgaWYgKCFidWNrZXRBY2wpIHtcbiAgICByZXR1cm4gZmFsc2VcbiAgfVxuXG4gIGNvbnN0IFt1cmlMaXN0LCBwcmVzZXJ2ZUxvZ0RlbGl2ZXJ5XSA9IHA2TG9nRGVsaXZlcnlQcmVzZXJ2ZShidWNrZXRBY2wpXG5cbiAgaWYgKHA2UzNCdWNrZXRBY2xWaW9sYXRpb24odXJpTGlzdCkpIHtcbiAgICBhd2FpdCBwNlMzQnVja2V0QWNsQ29ycmVjdChidWNrZXRBY2wsIHByZXNlcnZlTG9nRGVsaXZlcnkpXG4gICAgcmV0dXJuIHRydWVcbiAgfVxuXG4gIHJldHVybiBmYWxzZVxufVxuXG5hc3luYyBmdW5jdGlvbiBhd3NJc1ByaXZhdGUoYnVja2V0OiBzdHJpbmcsIGtleTogc3RyaW5nKTogUHJvbWlzZTxib29sZWFuPiB7XG4gIGxvZ2dlci5pbmZvKCdEZXNjcmliaW5nIHRoZSBBQ0w6IHMzOi8vJXMvJXMnLCBidWNrZXQsIGtleSlcbiAgY29uc3QgYWNsID0gYXdhaXQgczNDbGllbnQuZ2V0T2JqZWN0QWNsKHsgQnVja2V0OiBidWNrZXQsIEtleToga2V5IH0pXG5cbiAgaWYgKGFjbC5HcmFudHMhLmxlbmd0aCA+IDEpIHtcbiAgICBsb2dnZXIuaW5mbygnR3JlYXRlciB0aGFuIG9uZSBHcmFudCcpXG4gICAgcmV0dXJuIGZhbHNlXG4gIH1cblxuICBjb25zdCBvd25lcklkID0gYWNsLk93bmVyPy5JRFxuICBjb25zdCBncmFudGVlSWQgPSBhY2wuR3JhbnRzIVswXS5HcmFudGVlPy5JRFxuICBpZiAob3duZXJJZCAhPT0gZ3JhbnRlZUlkKSB7XG4gICAgbG9nZ2VyLmluZm8oJ293bmVyOlslc10sIGdyYW50ZWVbJXNdIGRvIG5vdCBtYXRjaCcsIG93bmVySWQsIGdyYW50ZWVJZClcbiAgICByZXR1cm4gZmFsc2VcbiAgfVxuXG4gIHJldHVybiB0cnVlXG59XG5cbmFzeW5jIGZ1bmN0aW9uIGF3c01ha2VQcml2YXRlKGJ1Y2tldDogc3RyaW5nLCBrZXk6IHN0cmluZyk6IFByb21pc2U8dm9pZD4ge1xuICBsb2dnZXIuaW5mbygnTWFraW5nIHMzOi8vJXMvJXMgcHJpdmF0ZScsIGJ1Y2tldCwga2V5KVxuICBhd2FpdCBzM0NsaWVudC5wdXRPYmplY3RBY2woeyBCdWNrZXQ6IGJ1Y2tldCwgS2V5OiBrZXksIEFDTDogJ3ByaXZhdGUnIH0pXG59XG5cbmFzeW5jIGZ1bmN0aW9uIHA2UzNQdWJsaWNCdWNrZXRPYmplY3RBY2woZXZlbnQ6IFMzRXZlbnQpOiBQcm9taXNlPHZvaWQ+IHtcbiAgY29uc3Qga2V5ID0gZXZlbnQuZGV0YWlsLnJlcXVlc3RQYXJhbWV0ZXJzLmtleVxuICBjb25zdCBidWNrZXQgPSBldmVudC5kZXRhaWwucmVxdWVzdFBhcmFtZXRlcnMuYnVja2V0TmFtZVxuXG4gIGlmICghKGF3YWl0IGF3c0lzUHJpdmF0ZShidWNrZXQsIGtleSkpKSB7XG4gICAgYXdhaXQgYXdzTWFrZVByaXZhdGUoYnVja2V0LCBrZXkpXG4gIH1cbn1cblxuYXN5bmMgZnVuY3Rpb24gcDZTM1B1YmxpY0J1Y2tldEFjY2Vzc0Jsb2NrKGV2ZW50OiBTM0V2ZW50KTogUHJvbWlzZTx2b2lkPiB7XG4gIGNvbnN0IHBiYyA9IGV2ZW50LmRldGFpbC5yZXF1ZXN0UGFyYW1ldGVycy5QdWJsaWNBY2Nlc3NCbG9ja0NvbmZpZ3VyYXRpb25cbiAgbG9nZ2VyLmluZm8oSlNPTi5zdHJpbmdpZnkocGJjKSlcblxuICBpZiAoIXBiYy5SZXN0cmljdFB1YmxpY0J1Y2tldHMgfHwgIXBiYy5CbG9ja1B1YmxpY1BvbGljeSB8fCAhcGJjLkJsb2NrUHVibGljQWNscyB8fCAhcGJjLklnbm9yZVB1YmxpY0FjbHMpIHtcbiAgICBjb25zdCBidWNrZXQgPSBldmVudC5kZXRhaWwucmVxdWVzdFBhcmFtZXRlcnMuYnVja2V0TmFtZVxuICAgIGxvZ2dlci5pbmZvKCdzMzovLyVzIG5vdyBub3QgcHJpdmF0ZSwgZml4aW5nLi4uJywgYnVja2V0KVxuXG4gICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCBzM0NsaWVudC5wdXRQdWJsaWNBY2Nlc3NCbG9jayh7XG4gICAgICBCdWNrZXQ6IGJ1Y2tldCxcbiAgICAgIFB1YmxpY0FjY2Vzc0Jsb2NrQ29uZmlndXJhdGlvbjoge1xuICAgICAgICBCbG9ja1B1YmxpY0FjbHM6IHRydWUsXG4gICAgICAgIElnbm9yZVB1YmxpY0FjbHM6IHRydWUsXG4gICAgICAgIEJsb2NrUHVibGljUG9saWN5OiB0cnVlLFxuICAgICAgICBSZXN0cmljdFB1YmxpY0J1Y2tldHM6IHRydWUsXG4gICAgICB9LFxuICAgIH0pXG5cbiAgICBsb2dnZXIuaW5mbyhKU09OLnN0cmluZ2lmeShyZXNwb25zZSkpXG4gIH1cbn1cblxuYXN5bmMgZnVuY3Rpb24gcDZTM1B1YmxpY0FjY2Vzc0Jsb2NrKGV2ZW50OiBTM0V2ZW50KTogUHJvbWlzZTx2b2lkPiB7XG4gIGNvbnN0IHBiYyA9IGV2ZW50LmRldGFpbC5yZXF1ZXN0UGFyYW1ldGVycy5QdWJsaWNBY2Nlc3NCbG9ja0NvbmZpZ3VyYXRpb25cbiAgbG9nZ2VyLmluZm8oSlNPTi5zdHJpbmdpZnkocGJjKSlcblxuICBpZiAoIXBiYy5SZXN0cmljdFB1YmxpY0J1Y2tldHMgfHwgIXBiYy5CbG9ja1B1YmxpY1BvbGljeSB8fCAhcGJjLkJsb2NrUHVibGljQWNscyB8fCAhcGJjLklnbm9yZVB1YmxpY0FjbHMpIHtcbiAgICBjb25zdCBjb21tYW5kID0gbmV3IEdldENhbGxlcklkZW50aXR5Q29tbWFuZCh7fSlcbiAgICBjb25zdCBhY2NvdW50ID0gYXdhaXQgc3RzQ2xpZW50LnNlbmQoY29tbWFuZClcbiAgICBsb2dnZXIuaW5mbygnJXMnLCBhY2NvdW50KVxuXG4gICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCBzM0NvbnRyb2xDbGllbnQuc2VuZChuZXcgUHV0UHVibGljQWNjZXNzQmxvY2tDb21tYW5kKHtcbiAgICAgIFB1YmxpY0FjY2Vzc0Jsb2NrQ29uZmlndXJhdGlvbjoge1xuICAgICAgICBCbG9ja1B1YmxpY0FjbHM6IHRydWUsXG4gICAgICAgIElnbm9yZVB1YmxpY0FjbHM6IHRydWUsXG4gICAgICAgIEJsb2NrUHVibGljUG9saWN5OiB0cnVlLFxuICAgICAgICBSZXN0cmljdFB1YmxpY0J1Y2tldHM6IHRydWUsXG4gICAgICB9LFxuICAgICAgQWNjb3VudElkOiBhY2NvdW50LkFjY291bnQsXG4gICAgfSkpXG5cbiAgICBsb2dnZXIuaW5mbyhKU09OLnN0cmluZ2lmeShyZXNwb25zZSkpXG4gIH1cbn1cblxuYXN5bmMgZnVuY3Rpb24gcDZTM1B1YmxpY0Z1c2Vib3goZXZlbnQ6IFMzRXZlbnQpOiBQcm9taXNlPGJvb2xlYW4+IHtcbiAgaWYgKCFldmVudC5kZXRhaWwgfHwgIWV2ZW50LmRldGFpbC5ldmVudE5hbWUpIHtcbiAgICByZXR1cm4gZmFsc2VcbiAgfVxuXG4gIGNvbnN0IGV2ZW50cyA9IFtcbiAgICAnUHV0QnVja2V0QWNsJyxcbiAgICAnUHV0T2JqZWN0QWNsJyxcbiAgICAnUHV0QnVja2V0UHVibGljQWNjZXNzQmxvY2snLFxuICAgICdQdXRBY2NvdW50UHVibGljQWNjZXNzQmxvY2snLFxuICBdXG5cbiAgY29uc3QgZXZlbnROYW1lID0gZXZlbnQuZGV0YWlsLmV2ZW50TmFtZVxuICBpZiAoZXZlbnRzLmluY2x1ZGVzKGV2ZW50TmFtZSkpIHtcbiAgICBsb2dnZXIuaW5mbygnPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0nKVxuICAgIGxvZ2dlci5pbmZvKCdldmVudE5hbWU6ICVzJywgZXZlbnROYW1lKVxuICB9XG5cbiAgaWYgKGV2ZW50TmFtZSA9PT0gJ1B1dEJ1Y2tldEFjbCcpIHtcbiAgICBhd2FpdCBwNlMzUHVibGljQnVja2V0QWNsKGV2ZW50KVxuICB9XG4gIGVsc2UgaWYgKGV2ZW50TmFtZSA9PT0gJ1B1dE9iamVjdEFjbCcpIHtcbiAgICBhd2FpdCBwNlMzUHVibGljQnVja2V0T2JqZWN0QWNsKGV2ZW50KVxuICB9XG4gIGVsc2UgaWYgKGV2ZW50TmFtZSA9PT0gJ1B1dEJ1Y2tldFB1YmxpY0FjY2Vzc0Jsb2NrJykge1xuICAgIGF3YWl0IHA2UzNQdWJsaWNCdWNrZXRBY2Nlc3NCbG9jayhldmVudClcbiAgfVxuICBlbHNlIGlmIChldmVudE5hbWUgPT09ICdQdXRBY2NvdW50UHVibGljQWNjZXNzQmxvY2snKSB7XG4gICAgYXdhaXQgcDZTM1B1YmxpY0FjY2Vzc0Jsb2NrKGV2ZW50KVxuICB9XG5cbiAgcmV0dXJuIHRydWVcbn1cblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGhhbmRsZXIoZXZlbnQ6IFMzRXZlbnQsIF9jb250ZXh0PzogQ29udGV4dCk6IFByb21pc2U8Ym9vbGVhbj4ge1xuICBhd2FpdCBwNlMzUHVibGljRnVzZWJveChldmVudClcbiAgcmV0dXJuIHRydWVcbn1cblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIG1haW4oKTogUHJvbWlzZTx2b2lkPiB7XG4gIGxvZ2dlci5kZWJ1ZygnUmVhZGluZyBmaXh0dXJlcy9wdXRCdWNrZXRBY2wuanNvbicpXG4gIGNvbnN0IGRhdGEgPSBKU09OLnBhcnNlKGZzLnJlYWRGaWxlU3luYyhwYXRoLnJlc29sdmUoJ2ZpeHR1cmVzL3B1dEJ1Y2tldEFjbC5qc29uJyksICd1dGY4JykpXG5cbiAgbG9nZ2VyLmRlYnVnKCdoYW5kbGVyKCknKVxuICBhd2FpdCBoYW5kbGVyKGRhdGEpXG59XG5cbmlmIChyZXF1aXJlLm1haW4gPT09IG1vZHVsZSkge1xuICBtYWluKClcbn1cbiJdfQ==
|
|
243
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicDZjZGtzM3Byb3RlY3Rvci5wNkNES1MzUHJvdGVjdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL3A2Y2RrczNwcm90ZWN0b3IucDZDREtTM1Byb3RlY3Rvci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQXFSQSwwQkFHQztBQUVELG9CQU1DO0FBN1JELHNEQUF3QjtBQUN4QiwwREFBNEI7QUFDNUIsa0RBQXVDO0FBQ3ZDLGtFQUF5RjtBQUN6RixvREFBeUU7QUFDekUsc0RBQTZCO0FBRTdCLHVCQUF1QjtBQUN2QixNQUFNLE1BQU0sR0FBVyxpQkFBTyxDQUFDLFlBQVksQ0FBQztJQUMxQyxLQUFLLEVBQUUsTUFBTTtJQUNiLE1BQU0sRUFBRSxpQkFBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUU7SUFDN0IsV0FBVyxFQUFFLEVBQUUsT0FBTyxFQUFFLGNBQWMsRUFBRTtJQUN4QyxVQUFVLEVBQUU7UUFDVixJQUFJLGlCQUFPLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRTtLQUNqQztDQUNGLENBQUMsQ0FBQTtBQUVGLE1BQU0sUUFBUSxHQUFHLElBQUksY0FBRSxDQUFDLEVBQUUsQ0FBQyxDQUFBO0FBQzNCLE1BQU0sZUFBZSxHQUFHLElBQUksbUNBQWUsQ0FBQyxFQUFFLENBQUMsQ0FBQTtBQUMvQyxNQUFNLFNBQVMsR0FBRyxJQUFJLHNCQUFTLENBQUMsRUFBRSxDQUFDLENBQUE7QUFhbkMsU0FBUyx1QkFBdUIsQ0FBQyxLQUFjO0lBQzdDLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1FBQ2hELE1BQU0sQ0FBQyxJQUFJLENBQUMscUJBQXFCLEVBQUUsS0FBSyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFBO1FBQ2xGLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxTQUFTLEVBQUUsQ0FBQztZQUNqRSxNQUFNLENBQUMsSUFBSSxDQUFDLGtDQUFrQyxDQUFDLENBQUE7WUFDL0MsT0FBTyxJQUFJLENBQUE7UUFDYixDQUFDO0lBQ0gsQ0FBQztJQUNELE9BQU8sS0FBSyxDQUFBO0FBQ2QsQ0FBQztBQUVELFNBQVMsZ0JBQWdCLENBQUMsS0FBYztJQUN0QyxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUMsU0FBUyxJQUFJLEtBQUssQ0FBQyxNQUFNLENBQUMsWUFBWSxFQUFFLENBQUM7UUFDeEQsTUFBTSxDQUFDLElBQUksQ0FBQyxnREFBZ0QsQ0FBQyxDQUFBO1FBQzdELE9BQU8sSUFBSSxDQUFBO0lBQ2IsQ0FBQztJQUNELE9BQU8sS0FBSyxDQUFBO0FBQ2QsQ0FBQztBQUVELEtBQUssVUFBVSxtQkFBbUIsQ0FBQyxLQUFjO0lBQy9DLElBQUksQ0FBQztRQUNILE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUMsVUFBVSxDQUFBO1FBQzVELE1BQU0sQ0FBQyxJQUFJLENBQUMscUNBQXFDLEVBQUUsVUFBVSxDQUFDLENBQUE7UUFDOUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxRQUFRLENBQUMsWUFBWSxDQUFDLEVBQUUsTUFBTSxFQUFFLFVBQVUsRUFBRSxDQUFDLENBQUE7UUFDckUsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUE7UUFDdEMsT0FBTyxTQUFTLENBQUE7SUFDbEIsQ0FBQztJQUNELE9BQU8sR0FBRyxFQUFFLENBQUM7UUFDWCxNQUFNLENBQUMsS0FBSyxDQUFDLDZDQUE2QyxFQUFFLEdBQUcsQ0FBQyxDQUFBO1FBQ2hFLE9BQU8sS0FBSyxDQUFBO0lBQ2QsQ0FBQztBQUNILENBQUM7QUFFRCxTQUFTLHdCQUF3QixDQUFDLFNBQTZCO0lBQzdELElBQUksT0FBTyxHQUFHLEVBQUUsQ0FBQTtJQUNoQixNQUFNLG1CQUFtQixHQUFZLEVBQUUsQ0FBQTtJQUV2QyxLQUFLLE1BQU0sS0FBSyxJQUFJLFNBQVMsQ0FBQyxNQUFNLElBQUksRUFBRSxFQUFFLENBQUM7UUFDM0MsSUFBSSxLQUFLLENBQUMsT0FBTyxFQUFFLEdBQUcsRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sQ0FBQyxJQUFJLENBQUMsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFBO1lBQ3JELE9BQU8sSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQTtZQUM1QixJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDO2dCQUM5QyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUE7WUFDakMsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxDQUFDLE9BQU8sRUFBRSxtQkFBbUIsQ0FBQyxDQUFBO0FBQ3ZDLENBQUM7QUFFRCxTQUFTLHlCQUF5QixDQUFDLE9BQWU7SUFDaEQsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxJQUFJLE9BQU8sQ0FBQyxRQUFRLENBQUMsb0JBQW9CLENBQUMsRUFBRSxDQUFDO1FBQzNFLE1BQU0sQ0FBQyxJQUFJLENBQUMsa0RBQWtELENBQUMsQ0FBQTtRQUMvRCxPQUFPLElBQUksQ0FBQTtJQUNiLENBQUM7SUFDRCxNQUFNLENBQUMsSUFBSSxDQUFDLGtDQUFrQyxDQUFDLENBQUE7SUFDL0MsT0FBTyxLQUFLLENBQUE7QUFDZCxDQUFDO0FBRUQsS0FBSyxVQUFVLHVCQUF1QixDQUFDLFNBQTZCLEVBQUUsbUJBQXlDO0lBQzdHLE1BQU0sQ0FBQyxJQUFJLENBQUMsaUNBQWlDLENBQUMsQ0FBQTtJQUM5QyxJQUFJLENBQUM7UUFDSCxJQUFJLG1CQUFtQixFQUFFLENBQUM7WUFDeEIsTUFBTSxDQUFDLElBQUksQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFBO1lBQy9DLE1BQU0sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDLENBQUE7WUFFcEUsTUFBTSxTQUFTLEdBQUc7Z0JBQ2hCLE1BQU0sRUFBRSxtQkFBbUI7Z0JBQzNCLEtBQUssRUFBRSxTQUFTLENBQUMsS0FBSzthQUN2QixDQUFBO1lBRUQsTUFBTSxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsWUFBWSxDQUFDO2dCQUMzQyxNQUFNLEVBQUUsU0FBUyxFQUFFLEtBQUssRUFBRSxFQUFFO2dCQUM1QixtQkFBbUIsRUFBRSxTQUFTO2FBQy9CLENBQUMsQ0FBQTtZQUVGLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFBO1lBQ3JDLElBQUksUUFBUSxDQUFDLFNBQVMsQ0FBQyxjQUFjLEtBQUssR0FBRyxFQUFFLENBQUM7Z0JBQzlDLE1BQU0sQ0FBQyxJQUFJLENBQUMsc0NBQXNDLENBQUMsQ0FBQTtZQUNyRCxDQUFDO2lCQUNJLENBQUM7Z0JBQ0osTUFBTSxDQUFDLEtBQUssQ0FBQyxzQ0FBc0MsQ0FBQyxDQUFBO1lBQ3RELENBQUM7UUFDSCxDQUFDO2FBQ0ksQ0FBQztZQUNKLE1BQU0sQ0FBQyxJQUFJLENBQUMsOEJBQThCLENBQUMsQ0FBQTtZQUMzQyxNQUFNLFFBQVEsR0FBRyxNQUFNLFFBQVEsQ0FBQyxZQUFZLENBQUM7Z0JBQzNDLE1BQU0sRUFBRSxTQUFTLEVBQUUsS0FBSyxFQUFFLEVBQUU7Z0JBQzVCLEdBQUcsRUFBRSxTQUFTO2FBQ2YsQ0FBQyxDQUFBO1lBRUYsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUE7WUFDckMsSUFBSSxRQUFRLENBQUMsU0FBUyxDQUFDLGNBQWMsS0FBSyxHQUFHLEVBQUUsQ0FBQztnQkFDOUMsTUFBTSxDQUFDLElBQUksQ0FBQyx3Q0FBd0MsQ0FBQyxDQUFBO1lBQ3ZELENBQUM7aUJBQ0ksQ0FBQztnQkFDSixNQUFNLENBQUMsS0FBSyxDQUFDLHNDQUFzQyxDQUFDLENBQUE7WUFDdEQsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBQ0QsT0FBTyxHQUFHLEVBQUUsQ0FBQztRQUNYLE1BQU0sQ0FBQyxJQUFJLENBQUMsMkNBQTJDLENBQUMsQ0FBQTtRQUN4RCxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsRUFBRSxHQUFHLENBQUMsQ0FBQTtJQUNuQyxDQUFDO0FBQ0gsQ0FBQztBQUVELEtBQUssVUFBVSxzQkFBc0IsQ0FBQyxLQUFjO0lBQ2xELElBQUksdUJBQXVCLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUNuQyxPQUFPLElBQUksQ0FBQTtJQUNiLENBQUM7SUFFRCxJQUFJLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDNUIsT0FBTyxJQUFJLENBQUE7SUFDYixDQUFDO0lBRUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxtQkFBbUIsQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUNsRCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDZixPQUFPLEtBQUssQ0FBQTtJQUNkLENBQUM7SUFFRCxNQUFNLENBQUMsT0FBTyxFQUFFLG1CQUFtQixDQUFDLEdBQUcsd0JBQXdCLENBQUMsU0FBUyxDQUFDLENBQUE7SUFFMUUsSUFBSSx5QkFBeUIsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ3ZDLE1BQU0sdUJBQXVCLENBQUMsU0FBUyxFQUFFLG1CQUFtQixDQUFDLENBQUE7UUFDN0QsT0FBTyxJQUFJLENBQUE7SUFDYixDQUFDO0lBRUQsT0FBTyxLQUFLLENBQUE7QUFDZCxDQUFDO0FBRUQsS0FBSyxVQUFVLFlBQVksQ0FBQyxNQUFjLEVBQUUsR0FBVztJQUNyRCxNQUFNLENBQUMsSUFBSSxDQUFDLGdDQUFnQyxFQUFFLE1BQU0sRUFBRSxHQUFHLENBQUMsQ0FBQTtJQUMxRCxNQUFNLEdBQUcsR0FBRyxNQUFNLFFBQVEsQ0FBQyxZQUFZLENBQUMsRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFBO0lBRXJFLElBQUksR0FBRyxDQUFDLE1BQU8sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7UUFDM0IsTUFBTSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsQ0FBQyxDQUFBO1FBQ3JDLE9BQU8sS0FBSyxDQUFBO0lBQ2QsQ0FBQztJQUVELE1BQU0sT0FBTyxHQUFHLEdBQUcsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFBO0lBQzdCLE1BQU0sU0FBUyxHQUFHLEdBQUcsQ0FBQyxNQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQTtJQUM1QyxJQUFJLE9BQU8sS0FBSyxTQUFTLEVBQUUsQ0FBQztRQUMxQixNQUFNLENBQUMsSUFBSSxDQUFDLHNDQUFzQyxFQUFFLE9BQU8sRUFBRSxTQUFTLENBQUMsQ0FBQTtRQUN2RSxPQUFPLEtBQUssQ0FBQTtJQUNkLENBQUM7SUFFRCxPQUFPLElBQUksQ0FBQTtBQUNiLENBQUM7QUFFRCxLQUFLLFVBQVUsY0FBYyxDQUFDLE1BQWMsRUFBRSxHQUFXO0lBQ3ZELE1BQU0sQ0FBQyxJQUFJLENBQUMsMkJBQTJCLEVBQUUsTUFBTSxFQUFFLEdBQUcsQ0FBQyxDQUFBO0lBQ3JELE1BQU0sUUFBUSxDQUFDLFlBQVksQ0FBQyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQTtBQUMzRSxDQUFDO0FBRUQsS0FBSyxVQUFVLDRCQUE0QixDQUFDLEtBQWM7SUFDeEQsTUFBTSxHQUFHLEdBQUcsS0FBSyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUE7SUFDOUMsTUFBTSxNQUFNLEdBQUcsS0FBSyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxVQUFVLENBQUE7SUFFeEQsSUFBSSxDQUFDLENBQUMsTUFBTSxZQUFZLENBQUMsTUFBTSxFQUFFLEdBQUcsQ0FBQyxDQUFDLEVBQUUsQ0FBQztRQUN2QyxNQUFNLGNBQWMsQ0FBQyxNQUFNLEVBQUUsR0FBRyxDQUFDLENBQUE7SUFDbkMsQ0FBQztBQUNILENBQUM7QUFFRCxLQUFLLFVBQVUsOEJBQThCLENBQUMsS0FBYztJQUMxRCxNQUFNLEdBQUcsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLDhCQUE4QixDQUFBO0lBQ3pFLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFBO0lBRWhDLElBQUksQ0FBQyxHQUFHLENBQUMscUJBQXFCLElBQUksQ0FBQyxHQUFHLENBQUMsaUJBQWlCLElBQUksQ0FBQyxHQUFHLENBQUMsZUFBZSxJQUFJLENBQUMsR0FBRyxDQUFDLGdCQUFnQixFQUFFLENBQUM7UUFDMUcsTUFBTSxNQUFNLEdBQUcsS0FBSyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxVQUFVLENBQUE7UUFDeEQsTUFBTSxDQUFDLElBQUksQ0FBQyxvQ0FBb0MsRUFBRSxNQUFNLENBQUMsQ0FBQTtRQUV6RCxNQUFNLFFBQVEsR0FBRyxNQUFNLFFBQVEsQ0FBQyxvQkFBb0IsQ0FBQztZQUNuRCxNQUFNLEVBQUUsTUFBTTtZQUNkLDhCQUE4QixFQUFFO2dCQUM5QixlQUFlLEVBQUUsSUFBSTtnQkFDckIsZ0JBQWdCLEVBQUUsSUFBSTtnQkFDdEIsaUJBQWlCLEVBQUUsSUFBSTtnQkFDdkIscUJBQXFCLEVBQUUsSUFBSTthQUM1QjtTQUNGLENBQUMsQ0FBQTtRQUVGLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFBO0lBQ3ZDLENBQUM7QUFDSCxDQUFDO0FBRUQsS0FBSyxVQUFVLHdCQUF3QixDQUFDLEtBQWM7SUFDcEQsTUFBTSxHQUFHLEdBQUcsS0FBSyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyw4QkFBOEIsQ0FBQTtJQUN6RSxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQTtJQUVoQyxJQUFJLENBQUMsR0FBRyxDQUFDLHFCQUFxQixJQUFJLENBQUMsR0FBRyxDQUFDLGlCQUFpQixJQUFJLENBQUMsR0FBRyxDQUFDLGVBQWUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1FBQzFHLE1BQU0sT0FBTyxHQUFHLElBQUkscUNBQXdCLENBQUMsRUFBRSxDQUFDLENBQUE7UUFDaEQsTUFBTSxPQUFPLEdBQUcsTUFBTSxTQUFTLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFBO1FBQzdDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLE9BQU8sQ0FBQyxDQUFBO1FBRTFCLE1BQU0sUUFBUSxHQUFHLE1BQU0sZUFBZSxDQUFDLElBQUksQ0FBQyxJQUFJLCtDQUEyQixDQUFDO1lBQzFFLDhCQUE4QixFQUFFO2dCQUM5QixlQUFlLEVBQUUsSUFBSTtnQkFDckIsZ0JBQWdCLEVBQUUsSUFBSTtnQkFDdEIsaUJBQWlCLEVBQUUsSUFBSTtnQkFDdkIscUJBQXFCLEVBQUUsSUFBSTthQUM1QjtZQUNELFNBQVMsRUFBRSxPQUFPLENBQUMsT0FBTztTQUMzQixDQUFDLENBQUMsQ0FBQTtRQUVILE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFBO0lBQ3ZDLENBQUM7QUFDSCxDQUFDO0FBRUQsS0FBSyxVQUFVLG9CQUFvQixDQUFDLEtBQWM7SUFDaEQsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQzdDLE9BQU8sS0FBSyxDQUFBO0lBQ2QsQ0FBQztJQUVELE1BQU0sTUFBTSxHQUFHO1FBQ2IsY0FBYztRQUNkLGNBQWM7UUFDZCw0QkFBNEI7UUFDNUIsNkJBQTZCO0tBQzlCLENBQUE7SUFFRCxNQUFNLFNBQVMsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQTtJQUN4QyxJQUFJLE1BQU0sQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQztRQUMvQixNQUFNLENBQUMsSUFBSSxDQUFDLHdGQUF3RixDQUFDLENBQUE7UUFDckcsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLEVBQUUsU0FBUyxDQUFDLENBQUE7SUFDekMsQ0FBQztJQUVELElBQUksU0FBUyxLQUFLLGNBQWMsRUFBRSxDQUFDO1FBQ2pDLE1BQU0sc0JBQXNCLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDckMsQ0FBQztTQUNJLElBQUksU0FBUyxLQUFLLGNBQWMsRUFBRSxDQUFDO1FBQ3RDLE1BQU0sNEJBQTRCLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDM0MsQ0FBQztTQUNJLElBQUksU0FBUyxLQUFLLDRCQUE0QixFQUFFLENBQUM7UUFDcEQsTUFBTSw4QkFBOEIsQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUM3QyxDQUFDO1NBQ0ksSUFBSSxTQUFTLEtBQUssNkJBQTZCLEVBQUUsQ0FBQztRQUNyRCxNQUFNLHdCQUF3QixDQUFDLEtBQUssQ0FBQyxDQUFBO0lBQ3ZDLENBQUM7SUFFRCxPQUFPLElBQUksQ0FBQTtBQUNiLENBQUM7QUFFTSxLQUFLLFVBQVUsT0FBTyxDQUFDLEtBQWMsRUFBRSxRQUFrQjtJQUM5RCxNQUFNLG9CQUFvQixDQUFDLEtBQUssQ0FBQyxDQUFBO0lBQ2pDLE9BQU8sSUFBSSxDQUFBO0FBQ2IsQ0FBQztBQUVNLEtBQUssVUFBVSxJQUFJO0lBQ3hCLE1BQU0sQ0FBQyxLQUFLLENBQUMsb0NBQW9DLENBQUMsQ0FBQTtJQUNsRCxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLGlCQUFFLENBQUMsWUFBWSxDQUFDLG1CQUFJLENBQUMsT0FBTyxDQUFDLDRCQUE0QixDQUFDLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQTtJQUU1RixNQUFNLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFBO0lBQ3pCLE1BQU0sT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFBO0FBQ3JCLENBQUM7QUFFRCxJQUFJLE9BQU8sQ0FBQyxJQUFJLEtBQUssTUFBTSxFQUFFLENBQUM7SUFDNUIsSUFBSSxFQUFFLENBQUE7QUFDUixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHR5cGUgeyBHZXRCdWNrZXRBY2xPdXRwdXQsIEdyYW50IH0gZnJvbSAnQGF3cy1zZGsvY2xpZW50LXMzJ1xuaW1wb3J0IHR5cGUgeyBDb250ZXh0IH0gZnJvbSAnYXdzLWxhbWJkYSdcbmltcG9ydCB0eXBlIHsgTG9nZ2VyIH0gZnJvbSAnd2luc3RvbidcbmltcG9ydCBmcyBmcm9tICdub2RlOmZzJ1xuaW1wb3J0IHBhdGggZnJvbSAnbm9kZTpwYXRoJ1xuaW1wb3J0IHsgUzMgfSBmcm9tICdAYXdzLXNkay9jbGllbnQtczMnXG5pbXBvcnQgeyBQdXRQdWJsaWNBY2Nlc3NCbG9ja0NvbW1hbmQsIFMzQ29udHJvbENsaWVudCB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1zMy1jb250cm9sJ1xuaW1wb3J0IHsgR2V0Q2FsbGVySWRlbnRpdHlDb21tYW5kLCBTVFNDbGllbnQgfSBmcm9tICdAYXdzLXNkay9jbGllbnQtc3RzJ1xuaW1wb3J0IHdpbnN0b24gZnJvbSAnd2luc3RvbidcblxuLy8gQ29uZmlndXJlIHRoZSBsb2dnZXJcbmNvbnN0IGxvZ2dlcjogTG9nZ2VyID0gd2luc3Rvbi5jcmVhdGVMb2dnZXIoe1xuICBsZXZlbDogJ2luZm8nLFxuICBmb3JtYXQ6IHdpbnN0b24uZm9ybWF0Lmpzb24oKSxcbiAgZGVmYXVsdE1ldGE6IHsgc2VydmljZTogJ3VzZXItc2VydmljZScgfSxcbiAgdHJhbnNwb3J0czogW1xuICAgIG5ldyB3aW5zdG9uLnRyYW5zcG9ydHMuQ29uc29sZSgpLFxuICBdLFxufSlcblxuY29uc3QgczNDbGllbnQgPSBuZXcgUzMoe30pXG5jb25zdCBzM0NvbnRyb2xDbGllbnQgPSBuZXcgUzNDb250cm9sQ2xpZW50KHt9KVxuY29uc3Qgc3RzQ2xpZW50ID0gbmV3IFNUU0NsaWVudCh7fSlcblxuaW50ZXJmYWNlIFMzRXZlbnQge1xuICBkZXRhaWw6IHtcbiAgICByZXF1ZXN0UGFyYW1ldGVyczoge1xuICAgICAgW2tleTogc3RyaW5nXTogYW55XG4gICAgfVxuICAgIGV2ZW50TmFtZTogc3RyaW5nXG4gICAgZXJyb3JDb2RlPzogc3RyaW5nXG4gICAgZXJyb3JNZXNzYWdlPzogc3RyaW5nXG4gIH1cbn1cblxuZnVuY3Rpb24gc21pbGVTaG9ydENpcmN1aXRTaG91bGQoZXZlbnQ6IFMzRXZlbnQpOiBib29sZWFuIHtcbiAgaWYgKGV2ZW50LmRldGFpbC5yZXF1ZXN0UGFyYW1ldGVyc1sneC1hbXotYWNsJ10pIHtcbiAgICBsb2dnZXIuaW5mbygnQUNMIGlzIGN1cnJlbnRseSAlcycsIGV2ZW50LmRldGFpbC5yZXF1ZXN0UGFyYW1ldGVyc1sneC1hbXotYWNsJ11bMF0pXG4gICAgaWYgKGV2ZW50LmRldGFpbC5yZXF1ZXN0UGFyYW1ldGVyc1sneC1hbXotYWNsJ11bMF0gPT09ICdwcml2YXRlJykge1xuICAgICAgbG9nZ2VyLmluZm8oJ0FDTCBpcyBhbHJlYWR5IHByaXZhdGUuICBFbmRpbmcuJylcbiAgICAgIHJldHVybiB0cnVlXG4gICAgfVxuICB9XG4gIHJldHVybiBmYWxzZVxufVxuXG5mdW5jdGlvbiBzbWlsZUxvb3BQcmV2ZW50KGV2ZW50OiBTM0V2ZW50KTogYm9vbGVhbiB7XG4gIGlmIChldmVudC5kZXRhaWwuZXJyb3JDb2RlIHx8IGV2ZW50LmRldGFpbC5lcnJvck1lc3NhZ2UpIHtcbiAgICBsb2dnZXIuaW5mbygnUHJldmlvdXMgQVBJIGNhbGwgcmVzdWx0ZWQgaW4gYW4gZXJyb3IuIEVuZGluZycpXG4gICAgcmV0dXJuIHRydWVcbiAgfVxuICByZXR1cm4gZmFsc2Vcbn1cblxuYXN5bmMgZnVuY3Rpb24gc21pbGVTM0J1Y2tldEFjbEdldChldmVudDogUzNFdmVudCk6IFByb21pc2U8R2V0QnVja2V0QWNsT3V0cHV0IHwgZmFsc2U+IHtcbiAgdHJ5IHtcbiAgICBjb25zdCBidWNrZXROYW1lID0gZXZlbnQuZGV0YWlsLnJlcXVlc3RQYXJhbWV0ZXJzLmJ1Y2tldE5hbWVcbiAgICBsb2dnZXIuaW5mbygnRGVzY3JpYmluZyB0aGUgY3VycmVudCBBQ0w6IHMzOi8vJXMnLCBidWNrZXROYW1lKVxuICAgIGNvbnN0IGJ1Y2tldEFjbCA9IGF3YWl0IHMzQ2xpZW50LmdldEJ1Y2tldEFjbCh7IEJ1Y2tldDogYnVja2V0TmFtZSB9KVxuICAgIGxvZ2dlci5pbmZvKEpTT04uc3RyaW5naWZ5KGJ1Y2tldEFjbCkpXG4gICAgcmV0dXJuIGJ1Y2tldEFjbFxuICB9XG4gIGNhdGNoIChlcnIpIHtcbiAgICBsb2dnZXIuZXJyb3IoJ0Vycm9yIHdhczogeyVzfSBNYW51YWwgZm9sbG93dXAgcmVjb21tZW5kZWQnLCBlcnIpXG4gICAgcmV0dXJuIGZhbHNlXG4gIH1cbn1cblxuZnVuY3Rpb24gc21pbGVMb2dEZWxpdmVyeVByZXNlcnZlKGJ1Y2tldEFjbDogR2V0QnVja2V0QWNsT3V0cHV0KTogW3N0cmluZywgR3JhbnRbXV0ge1xuICBsZXQgdXJpTGlzdCA9ICcnXG4gIGNvbnN0IHByZXNlcnZlTG9nRGVsaXZlcnk6IEdyYW50W10gPSBbXVxuXG4gIGZvciAoY29uc3QgZ3JhbnQgb2YgYnVja2V0QWNsLkdyYW50cyB8fCBbXSkge1xuICAgIGlmIChncmFudC5HcmFudGVlPy5VUkkpIHtcbiAgICAgIGxvZ2dlci5pbmZvKCdGb3VuZCBHcmFudDogJXMnLCBKU09OLnN0cmluZ2lmeShncmFudCkpXG4gICAgICB1cmlMaXN0ICs9IGdyYW50LkdyYW50ZWUuVVJJXG4gICAgICBpZiAoZ3JhbnQuR3JhbnRlZS5VUkkuaW5jbHVkZXMoJ0xvZ0RlbGl2ZXJ5JykpIHtcbiAgICAgICAgcHJlc2VydmVMb2dEZWxpdmVyeS5wdXNoKGdyYW50KVxuICAgICAgfVxuICAgIH1cbiAgfVxuXG4gIHJldHVybiBbdXJpTGlzdCwgcHJlc2VydmVMb2dEZWxpdmVyeV1cbn1cblxuZnVuY3Rpb24gc21pbGVTM0J1Y2tldEFjbFZpb2xhdGlvbih1cmlMaXN0OiBzdHJpbmcpOiBib29sZWFuIHtcbiAgaWYgKHVyaUxpc3QuaW5jbHVkZXMoJ0FsbFVzZXJzJykgfHwgdXJpTGlzdC5pbmNsdWRlcygnQXV0aGVudGljYXRlZFVzZXJzJykpIHtcbiAgICBsb2dnZXIuaW5mbygnVmlvbGF0aW9uIGZvdW5kLiAgR3JhbnQgQUNMIGdyZWF0ZXIgdGhhbiBQcml2YXRlJylcbiAgICByZXR1cm4gdHJ1ZVxuICB9XG4gIGxvZ2dlci5pbmZvKCdBQ0wgaXMgY29ycmVjdGx5IGFscmVhZHkgcHJpdmF0ZScpXG4gIHJldHVybiBmYWxzZVxufVxuXG5hc3luYyBmdW5jdGlvbiBzbWlsZVMzQnVja2V0QWNsQ29ycmVjdChidWNrZXRBY2w6IEdldEJ1Y2tldEFjbE91dHB1dCwgcHJlc2VydmVMb2dEZWxpdmVyeTogQXJyYXk8R3JhbnQ+IHwgZmFsc2UpOiBQcm9taXNlPHZvaWQ+IHtcbiAgbG9nZ2VyLmluZm8oJ0F0dGVtcHRpbmcgQXV0b21hdGljIFJlc29sdXRpb24nKVxuICB0cnkge1xuICAgIGlmIChwcmVzZXJ2ZUxvZ0RlbGl2ZXJ5KSB7XG4gICAgICBsb2dnZXIuaW5mbygnQUNMIHJlc2V0dGluZyBBQ0wgdG8gTG9nRGVsaXZlcnknKVxuICAgICAgbG9nZ2VyLmluZm8oJ1ByZXNlcnZlIHdhczogJXMnLCBKU09OLnN0cmluZ2lmeShwcmVzZXJ2ZUxvZ0RlbGl2ZXJ5KSlcblxuICAgICAgY29uc3QgYWNsU3RyaW5nID0ge1xuICAgICAgICBHcmFudHM6IHByZXNlcnZlTG9nRGVsaXZlcnksXG4gICAgICAgIE93bmVyOiBidWNrZXRBY2wuT3duZXIsXG4gICAgICB9XG5cbiAgICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgczNDbGllbnQucHV0QnVja2V0QWNsKHtcbiAgICAgICAgQnVja2V0OiBidWNrZXRBY2w/Lk93bmVyPy5JRCxcbiAgICAgICAgQWNjZXNzQ29udHJvbFBvbGljeTogYWNsU3RyaW5nLFxuICAgICAgfSlcblxuICAgICAgbG9nZ2VyLmluZm8oSlNPTi5zdHJpbmdpZnkocmVzcG9uc2UpKVxuICAgICAgaWYgKHJlc3BvbnNlLiRtZXRhZGF0YS5odHRwU3RhdHVzQ29kZSA9PT0gMjAwKSB7XG4gICAgICAgIGxvZ2dlci5pbmZvKCdSZXZlcnRlZCB0byBvbmx5IGNvbnRhaW4gTG9nRGVsaXZlcnknKVxuICAgICAgfVxuICAgICAgZWxzZSB7XG4gICAgICAgIGxvZ2dlci5lcnJvcignUHV0QnVja2V0QUNMIGZhaWxlZC4gTWFudWFsIGZvbGxvd3VwJylcbiAgICAgIH1cbiAgICB9XG4gICAgZWxzZSB7XG4gICAgICBsb2dnZXIuaW5mbygnQUNMIHJlc2V0dGluZyBBQ0wgdG8gUHJpdmF0ZScpXG4gICAgICBjb25zdCByZXNwb25zZSA9IGF3YWl0IHMzQ2xpZW50LnB1dEJ1Y2tldEFjbCh7XG4gICAgICAgIEJ1Y2tldDogYnVja2V0QWNsPy5Pd25lcj8uSUQsXG4gICAgICAgIEFDTDogJ3ByaXZhdGUnLFxuICAgICAgfSlcblxuICAgICAgbG9nZ2VyLmluZm8oSlNPTi5zdHJpbmdpZnkocmVzcG9uc2UpKVxuICAgICAgaWYgKHJlc3BvbnNlLiRtZXRhZGF0YS5odHRwU3RhdHVzQ29kZSA9PT0gMjAwKSB7XG4gICAgICAgIGxvZ2dlci5pbmZvKCdCdWNrZXQgQUNMIGhhcyBiZWVuIGNoYW5nZWQgdG8gUHJpdmF0ZScpXG4gICAgICB9XG4gICAgICBlbHNlIHtcbiAgICAgICAgbG9nZ2VyLmVycm9yKCdQdXRCdWNrZXRBQ0wgZmFpbGVkLiBNYW51YWwgZm9sbG93dXAnKVxuICAgICAgfVxuICAgIH1cbiAgfVxuICBjYXRjaCAoZXJyKSB7XG4gICAgbG9nZ2VyLmluZm8oJ1VuYWJsZSB0byByZXNvbHZlIHZpb2xhdGlvbiBhdXRvbWF0aWNhbGx5JylcbiAgICBsb2dnZXIuaW5mbygnRXJyb3Igd2FzOiAlcycsIGVycilcbiAgfVxufVxuXG5hc3luYyBmdW5jdGlvbiBzbWlsZVMzUHVibGljQnVja2V0QWNsKGV2ZW50OiBTM0V2ZW50KTogUHJvbWlzZTxib29sZWFuPiB7XG4gIGlmIChzbWlsZVNob3J0Q2lyY3VpdFNob3VsZChldmVudCkpIHtcbiAgICByZXR1cm4gdHJ1ZVxuICB9XG5cbiAgaWYgKHNtaWxlTG9vcFByZXZlbnQoZXZlbnQpKSB7XG4gICAgcmV0dXJuIHRydWVcbiAgfVxuXG4gIGNvbnN0IGJ1Y2tldEFjbCA9IGF3YWl0IHNtaWxlUzNCdWNrZXRBY2xHZXQoZXZlbnQpXG4gIGlmICghYnVja2V0QWNsKSB7XG4gICAgcmV0dXJuIGZhbHNlXG4gIH1cblxuICBjb25zdCBbdXJpTGlzdCwgcHJlc2VydmVMb2dEZWxpdmVyeV0gPSBzbWlsZUxvZ0RlbGl2ZXJ5UHJlc2VydmUoYnVja2V0QWNsKVxuXG4gIGlmIChzbWlsZVMzQnVja2V0QWNsVmlvbGF0aW9uKHVyaUxpc3QpKSB7XG4gICAgYXdhaXQgc21pbGVTM0J1Y2tldEFjbENvcnJlY3QoYnVja2V0QWNsLCBwcmVzZXJ2ZUxvZ0RlbGl2ZXJ5KVxuICAgIHJldHVybiB0cnVlXG4gIH1cblxuICByZXR1cm4gZmFsc2Vcbn1cblxuYXN5bmMgZnVuY3Rpb24gYXdzSXNQcml2YXRlKGJ1Y2tldDogc3RyaW5nLCBrZXk6IHN0cmluZyk6IFByb21pc2U8Ym9vbGVhbj4ge1xuICBsb2dnZXIuaW5mbygnRGVzY3JpYmluZyB0aGUgQUNMOiBzMzovLyVzLyVzJywgYnVja2V0LCBrZXkpXG4gIGNvbnN0IGFjbCA9IGF3YWl0IHMzQ2xpZW50LmdldE9iamVjdEFjbCh7IEJ1Y2tldDogYnVja2V0LCBLZXk6IGtleSB9KVxuXG4gIGlmIChhY2wuR3JhbnRzIS5sZW5ndGggPiAxKSB7XG4gICAgbG9nZ2VyLmluZm8oJ0dyZWF0ZXIgdGhhbiBvbmUgR3JhbnQnKVxuICAgIHJldHVybiBmYWxzZVxuICB9XG5cbiAgY29uc3Qgb3duZXJJZCA9IGFjbC5Pd25lcj8uSURcbiAgY29uc3QgZ3JhbnRlZUlkID0gYWNsLkdyYW50cyFbMF0uR3JhbnRlZT8uSURcbiAgaWYgKG93bmVySWQgIT09IGdyYW50ZWVJZCkge1xuICAgIGxvZ2dlci5pbmZvKCdvd25lcjpbJXNdLCBncmFudGVlWyVzXSBkbyBub3QgbWF0Y2gnLCBvd25lcklkLCBncmFudGVlSWQpXG4gICAgcmV0dXJuIGZhbHNlXG4gIH1cblxuICByZXR1cm4gdHJ1ZVxufVxuXG5hc3luYyBmdW5jdGlvbiBhd3NNYWtlUHJpdmF0ZShidWNrZXQ6IHN0cmluZywga2V5OiBzdHJpbmcpOiBQcm9taXNlPHZvaWQ+IHtcbiAgbG9nZ2VyLmluZm8oJ01ha2luZyBzMzovLyVzLyVzIHByaXZhdGUnLCBidWNrZXQsIGtleSlcbiAgYXdhaXQgczNDbGllbnQucHV0T2JqZWN0QWNsKHsgQnVja2V0OiBidWNrZXQsIEtleToga2V5LCBBQ0w6ICdwcml2YXRlJyB9KVxufVxuXG5hc3luYyBmdW5jdGlvbiBzbWlsZVMzUHVibGljQnVja2V0T2JqZWN0QWNsKGV2ZW50OiBTM0V2ZW50KTogUHJvbWlzZTx2b2lkPiB7XG4gIGNvbnN0IGtleSA9IGV2ZW50LmRldGFpbC5yZXF1ZXN0UGFyYW1ldGVycy5rZXlcbiAgY29uc3QgYnVja2V0ID0gZXZlbnQuZGV0YWlsLnJlcXVlc3RQYXJhbWV0ZXJzLmJ1Y2tldE5hbWVcblxuICBpZiAoIShhd2FpdCBhd3NJc1ByaXZhdGUoYnVja2V0LCBrZXkpKSkge1xuICAgIGF3YWl0IGF3c01ha2VQcml2YXRlKGJ1Y2tldCwga2V5KVxuICB9XG59XG5cbmFzeW5jIGZ1bmN0aW9uIHNtaWxlUzNQdWJsaWNCdWNrZXRBY2Nlc3NCbG9jayhldmVudDogUzNFdmVudCk6IFByb21pc2U8dm9pZD4ge1xuICBjb25zdCBwYmMgPSBldmVudC5kZXRhaWwucmVxdWVzdFBhcmFtZXRlcnMuUHVibGljQWNjZXNzQmxvY2tDb25maWd1cmF0aW9uXG4gIGxvZ2dlci5pbmZvKEpTT04uc3RyaW5naWZ5KHBiYykpXG5cbiAgaWYgKCFwYmMuUmVzdHJpY3RQdWJsaWNCdWNrZXRzIHx8ICFwYmMuQmxvY2tQdWJsaWNQb2xpY3kgfHwgIXBiYy5CbG9ja1B1YmxpY0FjbHMgfHwgIXBiYy5JZ25vcmVQdWJsaWNBY2xzKSB7XG4gICAgY29uc3QgYnVja2V0ID0gZXZlbnQuZGV0YWlsLnJlcXVlc3RQYXJhbWV0ZXJzLmJ1Y2tldE5hbWVcbiAgICBsb2dnZXIuaW5mbygnczM6Ly8lcyBub3cgbm90IHByaXZhdGUsIGZpeGluZy4uLicsIGJ1Y2tldClcblxuICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgczNDbGllbnQucHV0UHVibGljQWNjZXNzQmxvY2soe1xuICAgICAgQnVja2V0OiBidWNrZXQsXG4gICAgICBQdWJsaWNBY2Nlc3NCbG9ja0NvbmZpZ3VyYXRpb246IHtcbiAgICAgICAgQmxvY2tQdWJsaWNBY2xzOiB0cnVlLFxuICAgICAgICBJZ25vcmVQdWJsaWNBY2xzOiB0cnVlLFxuICAgICAgICBCbG9ja1B1YmxpY1BvbGljeTogdHJ1ZSxcbiAgICAgICAgUmVzdHJpY3RQdWJsaWNCdWNrZXRzOiB0cnVlLFxuICAgICAgfSxcbiAgICB9KVxuXG4gICAgbG9nZ2VyLmluZm8oSlNPTi5zdHJpbmdpZnkocmVzcG9uc2UpKVxuICB9XG59XG5cbmFzeW5jIGZ1bmN0aW9uIHNtaWxlUzNQdWJsaWNBY2Nlc3NCbG9jayhldmVudDogUzNFdmVudCk6IFByb21pc2U8dm9pZD4ge1xuICBjb25zdCBwYmMgPSBldmVudC5kZXRhaWwucmVxdWVzdFBhcmFtZXRlcnMuUHVibGljQWNjZXNzQmxvY2tDb25maWd1cmF0aW9uXG4gIGxvZ2dlci5pbmZvKEpTT04uc3RyaW5naWZ5KHBiYykpXG5cbiAgaWYgKCFwYmMuUmVzdHJpY3RQdWJsaWNCdWNrZXRzIHx8ICFwYmMuQmxvY2tQdWJsaWNQb2xpY3kgfHwgIXBiYy5CbG9ja1B1YmxpY0FjbHMgfHwgIXBiYy5JZ25vcmVQdWJsaWNBY2xzKSB7XG4gICAgY29uc3QgY29tbWFuZCA9IG5ldyBHZXRDYWxsZXJJZGVudGl0eUNvbW1hbmQoe30pXG4gICAgY29uc3QgYWNjb3VudCA9IGF3YWl0IHN0c0NsaWVudC5zZW5kKGNvbW1hbmQpXG4gICAgbG9nZ2VyLmluZm8oJyVzJywgYWNjb3VudClcblxuICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgczNDb250cm9sQ2xpZW50LnNlbmQobmV3IFB1dFB1YmxpY0FjY2Vzc0Jsb2NrQ29tbWFuZCh7XG4gICAgICBQdWJsaWNBY2Nlc3NCbG9ja0NvbmZpZ3VyYXRpb246IHtcbiAgICAgICAgQmxvY2tQdWJsaWNBY2xzOiB0cnVlLFxuICAgICAgICBJZ25vcmVQdWJsaWNBY2xzOiB0cnVlLFxuICAgICAgICBCbG9ja1B1YmxpY1BvbGljeTogdHJ1ZSxcbiAgICAgICAgUmVzdHJpY3RQdWJsaWNCdWNrZXRzOiB0cnVlLFxuICAgICAgfSxcbiAgICAgIEFjY291bnRJZDogYWNjb3VudC5BY2NvdW50LFxuICAgIH0pKVxuXG4gICAgbG9nZ2VyLmluZm8oSlNPTi5zdHJpbmdpZnkocmVzcG9uc2UpKVxuICB9XG59XG5cbmFzeW5jIGZ1bmN0aW9uIHNtaWxlUzNQdWJsaWNGdXNlYm94KGV2ZW50OiBTM0V2ZW50KTogUHJvbWlzZTxib29sZWFuPiB7XG4gIGlmICghZXZlbnQuZGV0YWlsIHx8ICFldmVudC5kZXRhaWwuZXZlbnROYW1lKSB7XG4gICAgcmV0dXJuIGZhbHNlXG4gIH1cblxuICBjb25zdCBldmVudHMgPSBbXG4gICAgJ1B1dEJ1Y2tldEFjbCcsXG4gICAgJ1B1dE9iamVjdEFjbCcsXG4gICAgJ1B1dEJ1Y2tldFB1YmxpY0FjY2Vzc0Jsb2NrJyxcbiAgICAnUHV0QWNjb3VudFB1YmxpY0FjY2Vzc0Jsb2NrJyxcbiAgXVxuXG4gIGNvbnN0IGV2ZW50TmFtZSA9IGV2ZW50LmRldGFpbC5ldmVudE5hbWVcbiAgaWYgKGV2ZW50cy5pbmNsdWRlcyhldmVudE5hbWUpKSB7XG4gICAgbG9nZ2VyLmluZm8oJz09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09JylcbiAgICBsb2dnZXIuaW5mbygnZXZlbnROYW1lOiAlcycsIGV2ZW50TmFtZSlcbiAgfVxuXG4gIGlmIChldmVudE5hbWUgPT09ICdQdXRCdWNrZXRBY2wnKSB7XG4gICAgYXdhaXQgc21pbGVTM1B1YmxpY0J1Y2tldEFjbChldmVudClcbiAgfVxuICBlbHNlIGlmIChldmVudE5hbWUgPT09ICdQdXRPYmplY3RBY2wnKSB7XG4gICAgYXdhaXQgc21pbGVTM1B1YmxpY0J1Y2tldE9iamVjdEFjbChldmVudClcbiAgfVxuICBlbHNlIGlmIChldmVudE5hbWUgPT09ICdQdXRCdWNrZXRQdWJsaWNBY2Nlc3NCbG9jaycpIHtcbiAgICBhd2FpdCBzbWlsZVMzUHVibGljQnVja2V0QWNjZXNzQmxvY2soZXZlbnQpXG4gIH1cbiAgZWxzZSBpZiAoZXZlbnROYW1lID09PSAnUHV0QWNjb3VudFB1YmxpY0FjY2Vzc0Jsb2NrJykge1xuICAgIGF3YWl0IHNtaWxlUzNQdWJsaWNBY2Nlc3NCbG9jayhldmVudClcbiAgfVxuXG4gIHJldHVybiB0cnVlXG59XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBoYW5kbGVyKGV2ZW50OiBTM0V2ZW50LCBfY29udGV4dD86IENvbnRleHQpOiBQcm9taXNlPGJvb2xlYW4+IHtcbiAgYXdhaXQgc21pbGVTM1B1YmxpY0Z1c2Vib3goZXZlbnQpXG4gIHJldHVybiB0cnVlXG59XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBtYWluKCk6IFByb21pc2U8dm9pZD4ge1xuICBsb2dnZXIuZGVidWcoJ1JlYWRpbmcgZml4dHVyZXMvcHV0QnVja2V0QWNsLmpzb24nKVxuICBjb25zdCBkYXRhID0gSlNPTi5wYXJzZShmcy5yZWFkRmlsZVN5bmMocGF0aC5yZXNvbHZlKCdmaXh0dXJlcy9wdXRCdWNrZXRBY2wuanNvbicpLCAndXRmOCcpKVxuXG4gIGxvZ2dlci5kZWJ1ZygnaGFuZGxlcigpJylcbiAgYXdhaXQgaGFuZGxlcihkYXRhKVxufVxuXG5pZiAocmVxdWlyZS5tYWluID09PSBtb2R1bGUpIHtcbiAgbWFpbigpXG59XG4iXX0=
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "p6-cdk-s3-protector",
|
|
3
|
-
"description": "AWS CDK:
|
|
3
|
+
"description": "AWS CDK: A Real-Time S3 Protector",
|
|
4
4
|
"repository": {
|
|
5
5
|
"type": "git",
|
|
6
6
|
"url": "https://github.com/p6m7g8/p6-cdk-s3-protector.git"
|
|
@@ -52,9 +52,9 @@
|
|
|
52
52
|
"@swc-node/register": "^1.10.9",
|
|
53
53
|
"@types/aws-lambda": "^8.10.145",
|
|
54
54
|
"@types/jest": "^29.5.14",
|
|
55
|
-
"@types/node": "22.8.
|
|
56
|
-
"@typescript-eslint/eslint-plugin": "^8.12.
|
|
57
|
-
"@typescript-eslint/parser": "^8.12.
|
|
55
|
+
"@types/node": "22.8.4",
|
|
56
|
+
"@typescript-eslint/eslint-plugin": "^8.12.2",
|
|
57
|
+
"@typescript-eslint/parser": "^8.12.2",
|
|
58
58
|
"aws-cdk": "^2.164.1",
|
|
59
59
|
"aws-cdk-lib": "2.164.1",
|
|
60
60
|
"cdk-dia": "^0.11.0",
|
|
@@ -68,7 +68,7 @@
|
|
|
68
68
|
"jsii-diff": "^1.104.0",
|
|
69
69
|
"jsii-docgen": "^10.5.5",
|
|
70
70
|
"jsii-pacmak": "^1.104.0",
|
|
71
|
-
"publib": "^0.2.
|
|
71
|
+
"publib": "^0.2.907",
|
|
72
72
|
"ts-jest": "^29.2.5",
|
|
73
73
|
"ts-node": "^10.9.2",
|
|
74
74
|
"typescript": "~5.6.3"
|
|
@@ -78,9 +78,9 @@
|
|
|
78
78
|
"constructs": "^10.4.2"
|
|
79
79
|
},
|
|
80
80
|
"dependencies": {
|
|
81
|
-
"@aws-sdk/client-s3": "^3.
|
|
82
|
-
"@aws-sdk/client-s3-control": "^3.
|
|
83
|
-
"@aws-sdk/client-sts": "^3.
|
|
81
|
+
"@aws-sdk/client-s3": "^3.682.0",
|
|
82
|
+
"@aws-sdk/client-s3-control": "^3.682.0",
|
|
83
|
+
"@aws-sdk/client-sts": "^3.682.0",
|
|
84
84
|
"@types/aws-lambda": "^8.10.145",
|
|
85
85
|
"aws-cdk-lib": "2.164.1",
|
|
86
86
|
"aws-sdk": "^2.1691.0",
|
|
@@ -103,13 +103,13 @@
|
|
|
103
103
|
"aws",
|
|
104
104
|
"cdk",
|
|
105
105
|
"s3",
|
|
106
|
-
"
|
|
107
|
-
"
|
|
106
|
+
"security",
|
|
107
|
+
"compliance"
|
|
108
108
|
],
|
|
109
109
|
"main": "lib/index.js",
|
|
110
110
|
"types": "src/index.d.ts",
|
|
111
111
|
"license": "Apache-2.0",
|
|
112
|
-
"version": "0.0.
|
|
112
|
+
"version": "0.0.3",
|
|
113
113
|
"jsii": {
|
|
114
114
|
"outdir": "dist",
|
|
115
115
|
"tsc": {
|
|
@@ -137,5 +137,5 @@
|
|
|
137
137
|
}
|
|
138
138
|
}
|
|
139
139
|
},
|
|
140
|
-
"packageManager": "pnpm@9.12.
|
|
140
|
+
"packageManager": "pnpm@9.12.3+sha512.cce0f9de9c5a7c95bef944169cc5dfe8741abfb145078c0d508b868056848a87c81e626246cb60967cbd7fd29a6c062ef73ff840d96b3c86c40ac92cf4a813ee"
|
|
141
141
|
}
|
|
@@ -33,7 +33,7 @@ interface S3Event {
|
|
|
33
33
|
}
|
|
34
34
|
}
|
|
35
35
|
|
|
36
|
-
function
|
|
36
|
+
function smileShortCircuitShould(event: S3Event): boolean {
|
|
37
37
|
if (event.detail.requestParameters['x-amz-acl']) {
|
|
38
38
|
logger.info('ACL is currently %s', event.detail.requestParameters['x-amz-acl'][0])
|
|
39
39
|
if (event.detail.requestParameters['x-amz-acl'][0] === 'private') {
|
|
@@ -44,7 +44,7 @@ function p6ShortCircuitShould(event: S3Event): boolean {
|
|
|
44
44
|
return false
|
|
45
45
|
}
|
|
46
46
|
|
|
47
|
-
function
|
|
47
|
+
function smileLoopPrevent(event: S3Event): boolean {
|
|
48
48
|
if (event.detail.errorCode || event.detail.errorMessage) {
|
|
49
49
|
logger.info('Previous API call resulted in an error. Ending')
|
|
50
50
|
return true
|
|
@@ -52,7 +52,7 @@ function p6LoopPrevent(event: S3Event): boolean {
|
|
|
52
52
|
return false
|
|
53
53
|
}
|
|
54
54
|
|
|
55
|
-
async function
|
|
55
|
+
async function smileS3BucketAclGet(event: S3Event): Promise<GetBucketAclOutput | false> {
|
|
56
56
|
try {
|
|
57
57
|
const bucketName = event.detail.requestParameters.bucketName
|
|
58
58
|
logger.info('Describing the current ACL: s3://%s', bucketName)
|
|
@@ -66,7 +66,7 @@ async function p6S3BucketAclGet(event: S3Event): Promise<GetBucketAclOutput | fa
|
|
|
66
66
|
}
|
|
67
67
|
}
|
|
68
68
|
|
|
69
|
-
function
|
|
69
|
+
function smileLogDeliveryPreserve(bucketAcl: GetBucketAclOutput): [string, Grant[]] {
|
|
70
70
|
let uriList = ''
|
|
71
71
|
const preserveLogDelivery: Grant[] = []
|
|
72
72
|
|
|
@@ -83,7 +83,7 @@ function p6LogDeliveryPreserve(bucketAcl: GetBucketAclOutput): [string, Grant[]]
|
|
|
83
83
|
return [uriList, preserveLogDelivery]
|
|
84
84
|
}
|
|
85
85
|
|
|
86
|
-
function
|
|
86
|
+
function smileS3BucketAclViolation(uriList: string): boolean {
|
|
87
87
|
if (uriList.includes('AllUsers') || uriList.includes('AuthenticatedUsers')) {
|
|
88
88
|
logger.info('Violation found. Grant ACL greater than Private')
|
|
89
89
|
return true
|
|
@@ -92,7 +92,7 @@ function p6S3BucketAclViolation(uriList: string): boolean {
|
|
|
92
92
|
return false
|
|
93
93
|
}
|
|
94
94
|
|
|
95
|
-
async function
|
|
95
|
+
async function smileS3BucketAclCorrect(bucketAcl: GetBucketAclOutput, preserveLogDelivery: Array<Grant> | false): Promise<void> {
|
|
96
96
|
logger.info('Attempting Automatic Resolution')
|
|
97
97
|
try {
|
|
98
98
|
if (preserveLogDelivery) {
|
|
@@ -139,24 +139,24 @@ async function p6S3BucketAclCorrect(bucketAcl: GetBucketAclOutput, preserveLogDe
|
|
|
139
139
|
}
|
|
140
140
|
}
|
|
141
141
|
|
|
142
|
-
async function
|
|
143
|
-
if (
|
|
142
|
+
async function smileS3PublicBucketAcl(event: S3Event): Promise<boolean> {
|
|
143
|
+
if (smileShortCircuitShould(event)) {
|
|
144
144
|
return true
|
|
145
145
|
}
|
|
146
146
|
|
|
147
|
-
if (
|
|
147
|
+
if (smileLoopPrevent(event)) {
|
|
148
148
|
return true
|
|
149
149
|
}
|
|
150
150
|
|
|
151
|
-
const bucketAcl = await
|
|
151
|
+
const bucketAcl = await smileS3BucketAclGet(event)
|
|
152
152
|
if (!bucketAcl) {
|
|
153
153
|
return false
|
|
154
154
|
}
|
|
155
155
|
|
|
156
|
-
const [uriList, preserveLogDelivery] =
|
|
156
|
+
const [uriList, preserveLogDelivery] = smileLogDeliveryPreserve(bucketAcl)
|
|
157
157
|
|
|
158
|
-
if (
|
|
159
|
-
await
|
|
158
|
+
if (smileS3BucketAclViolation(uriList)) {
|
|
159
|
+
await smileS3BucketAclCorrect(bucketAcl, preserveLogDelivery)
|
|
160
160
|
return true
|
|
161
161
|
}
|
|
162
162
|
|
|
@@ -187,7 +187,7 @@ async function awsMakePrivate(bucket: string, key: string): Promise<void> {
|
|
|
187
187
|
await s3Client.putObjectAcl({ Bucket: bucket, Key: key, ACL: 'private' })
|
|
188
188
|
}
|
|
189
189
|
|
|
190
|
-
async function
|
|
190
|
+
async function smileS3PublicBucketObjectAcl(event: S3Event): Promise<void> {
|
|
191
191
|
const key = event.detail.requestParameters.key
|
|
192
192
|
const bucket = event.detail.requestParameters.bucketName
|
|
193
193
|
|
|
@@ -196,7 +196,7 @@ async function p6S3PublicBucketObjectAcl(event: S3Event): Promise<void> {
|
|
|
196
196
|
}
|
|
197
197
|
}
|
|
198
198
|
|
|
199
|
-
async function
|
|
199
|
+
async function smileS3PublicBucketAccessBlock(event: S3Event): Promise<void> {
|
|
200
200
|
const pbc = event.detail.requestParameters.PublicAccessBlockConfiguration
|
|
201
201
|
logger.info(JSON.stringify(pbc))
|
|
202
202
|
|
|
@@ -218,7 +218,7 @@ async function p6S3PublicBucketAccessBlock(event: S3Event): Promise<void> {
|
|
|
218
218
|
}
|
|
219
219
|
}
|
|
220
220
|
|
|
221
|
-
async function
|
|
221
|
+
async function smileS3PublicAccessBlock(event: S3Event): Promise<void> {
|
|
222
222
|
const pbc = event.detail.requestParameters.PublicAccessBlockConfiguration
|
|
223
223
|
logger.info(JSON.stringify(pbc))
|
|
224
224
|
|
|
@@ -241,7 +241,7 @@ async function p6S3PublicAccessBlock(event: S3Event): Promise<void> {
|
|
|
241
241
|
}
|
|
242
242
|
}
|
|
243
243
|
|
|
244
|
-
async function
|
|
244
|
+
async function smileS3PublicFusebox(event: S3Event): Promise<boolean> {
|
|
245
245
|
if (!event.detail || !event.detail.eventName) {
|
|
246
246
|
return false
|
|
247
247
|
}
|
|
@@ -260,23 +260,23 @@ async function p6S3PublicFusebox(event: S3Event): Promise<boolean> {
|
|
|
260
260
|
}
|
|
261
261
|
|
|
262
262
|
if (eventName === 'PutBucketAcl') {
|
|
263
|
-
await
|
|
263
|
+
await smileS3PublicBucketAcl(event)
|
|
264
264
|
}
|
|
265
265
|
else if (eventName === 'PutObjectAcl') {
|
|
266
|
-
await
|
|
266
|
+
await smileS3PublicBucketObjectAcl(event)
|
|
267
267
|
}
|
|
268
268
|
else if (eventName === 'PutBucketPublicAccessBlock') {
|
|
269
|
-
await
|
|
269
|
+
await smileS3PublicBucketAccessBlock(event)
|
|
270
270
|
}
|
|
271
271
|
else if (eventName === 'PutAccountPublicAccessBlock') {
|
|
272
|
-
await
|
|
272
|
+
await smileS3PublicAccessBlock(event)
|
|
273
273
|
}
|
|
274
274
|
|
|
275
275
|
return true
|
|
276
276
|
}
|
|
277
277
|
|
|
278
278
|
export async function handler(event: S3Event, _context?: Context): Promise<boolean> {
|
|
279
|
-
await
|
|
279
|
+
await smileS3PublicFusebox(event)
|
|
280
280
|
return true
|
|
281
281
|
}
|
|
282
282
|
|