palaryn 0.5.7 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/src/billing/plan-enforcer.d.ts.map +1 -1
- package/dist/src/billing/plan-enforcer.js +0 -2
- package/dist/src/billing/plan-enforcer.js.map +1 -1
- package/dist/src/config/defaults.js +1 -1
- package/dist/src/config/defaults.js.map +1 -1
- package/dist/src/dlp/circuit-breaker.d.ts +44 -0
- package/dist/src/dlp/circuit-breaker.d.ts.map +1 -0
- package/dist/src/dlp/circuit-breaker.js +69 -0
- package/dist/src/dlp/circuit-breaker.js.map +1 -0
- package/dist/src/dlp/deberta-backend.d.ts +2 -0
- package/dist/src/dlp/deberta-backend.d.ts.map +1 -1
- package/dist/src/dlp/deberta-backend.js +21 -3
- package/dist/src/dlp/deberta-backend.js.map +1 -1
- package/dist/src/dlp/exfiltration-backend.d.ts.map +1 -1
- package/dist/src/dlp/exfiltration-backend.js +10 -0
- package/dist/src/dlp/exfiltration-backend.js.map +1 -1
- package/dist/src/dlp/index.d.ts +2 -0
- package/dist/src/dlp/index.d.ts.map +1 -1
- package/dist/src/dlp/index.js +5 -1
- package/dist/src/dlp/index.js.map +1 -1
- package/dist/src/dlp/llm-classifier.d.ts +8 -1
- package/dist/src/dlp/llm-classifier.d.ts.map +1 -1
- package/dist/src/dlp/llm-classifier.js +138 -61
- package/dist/src/dlp/llm-classifier.js.map +1 -1
- package/dist/src/dlp/multipart-extractor.d.ts +20 -0
- package/dist/src/dlp/multipart-extractor.d.ts.map +1 -0
- package/dist/src/dlp/multipart-extractor.js +60 -0
- package/dist/src/dlp/multipart-extractor.js.map +1 -0
- package/dist/src/dlp/navigation-instruction-backend.d.ts +6 -0
- package/dist/src/dlp/navigation-instruction-backend.d.ts.map +1 -0
- package/dist/src/dlp/navigation-instruction-backend.js +286 -0
- package/dist/src/dlp/navigation-instruction-backend.js.map +1 -0
- package/dist/src/dlp/nemo-backend.d.ts +2 -0
- package/dist/src/dlp/nemo-backend.d.ts.map +1 -1
- package/dist/src/dlp/nemo-backend.js +8 -0
- package/dist/src/dlp/nemo-backend.js.map +1 -1
- package/dist/src/dlp/prompt-injection-patterns.d.ts.map +1 -1
- package/dist/src/dlp/prompt-injection-patterns.js +36 -0
- package/dist/src/dlp/prompt-injection-patterns.js.map +1 -1
- package/dist/src/dlp/text-normalizer.d.ts +2 -15
- package/dist/src/dlp/text-normalizer.d.ts.map +1 -1
- package/dist/src/dlp/text-normalizer.js +34 -7
- package/dist/src/dlp/text-normalizer.js.map +1 -1
- package/dist/src/dlp/tool-patterns.d.ts +12 -0
- package/dist/src/dlp/tool-patterns.d.ts.map +1 -1
- package/dist/src/dlp/tool-patterns.js +61 -1
- package/dist/src/dlp/tool-patterns.js.map +1 -1
- package/dist/src/executor/filesystem-executor.d.ts +5 -5
- package/dist/src/executor/filesystem-executor.d.ts.map +1 -1
- package/dist/src/executor/filesystem-executor.js +43 -0
- package/dist/src/executor/filesystem-executor.js.map +1 -1
- package/dist/src/metrics/collector.d.ts +5 -0
- package/dist/src/metrics/collector.d.ts.map +1 -1
- package/dist/src/metrics/collector.js +14 -0
- package/dist/src/metrics/collector.js.map +1 -1
- package/dist/src/policy/engine.d.ts.map +1 -1
- package/dist/src/policy/engine.js +39 -3
- package/dist/src/policy/engine.js.map +1 -1
- package/dist/src/policy/opa-engine.d.ts.map +1 -1
- package/dist/src/policy/opa-engine.js +2 -1
- package/dist/src/policy/opa-engine.js.map +1 -1
- package/dist/src/server/app.d.ts.map +1 -1
- package/dist/src/server/app.js +17 -9
- package/dist/src/server/app.js.map +1 -1
- package/dist/src/server/gateway.d.ts +4 -0
- package/dist/src/server/gateway.d.ts.map +1 -1
- package/dist/src/server/gateway.js +146 -4
- package/dist/src/server/gateway.js.map +1 -1
- package/dist/src/types/config.d.ts +9 -0
- package/dist/src/types/config.d.ts.map +1 -1
- package/dist/src/types/policy.d.ts +4 -0
- package/dist/src/types/policy.d.ts.map +1 -1
- package/dist/src/types/tool-call.d.ts +4 -0
- package/dist/src/types/tool-call.d.ts.map +1 -1
- package/dist/tests/integration/navigation-chain.test.d.ts +9 -0
- package/dist/tests/integration/navigation-chain.test.d.ts.map +1 -0
- package/dist/tests/integration/navigation-chain.test.js +474 -0
- package/dist/tests/integration/navigation-chain.test.js.map +1 -0
- package/dist/tests/unit/adversarial-pipeline.test.js +173 -15
- package/dist/tests/unit/adversarial-pipeline.test.js.map +1 -1
- package/dist/tests/unit/cli.test.js +3 -7
- package/dist/tests/unit/cli.test.js.map +1 -1
- package/dist/tests/unit/filesystem-executor.test.js +88 -0
- package/dist/tests/unit/filesystem-executor.test.js.map +1 -1
- package/dist/tests/unit/multipart-extractor.test.d.ts +2 -0
- package/dist/tests/unit/multipart-extractor.test.d.ts.map +1 -0
- package/dist/tests/unit/multipart-extractor.test.js +118 -0
- package/dist/tests/unit/multipart-extractor.test.js.map +1 -0
- package/dist/tests/unit/navigation-instruction-backend.test.d.ts +8 -0
- package/dist/tests/unit/navigation-instruction-backend.test.d.ts.map +1 -0
- package/dist/tests/unit/navigation-instruction-backend.test.js +561 -0
- package/dist/tests/unit/navigation-instruction-backend.test.js.map +1 -0
- package/dist/tests/unit/policy-engine.test.js +314 -1
- package/dist/tests/unit/policy-engine.test.js.map +1 -1
- package/dist/tests/unit/prompt-injection-backend.test.js +1 -1
- package/dist/tests/unit/prompt-injection-backend.test.js.map +1 -1
- package/package.json +3 -2
- package/policy-packs/default.yaml +76 -0
- package/src/billing/plan-enforcer.ts +0 -2
- package/src/config/defaults.ts +1 -1
- package/src/dlp/circuit-breaker.ts +83 -0
- package/src/dlp/deberta-backend.ts +21 -3
- package/src/dlp/exfiltration-backend.ts +11 -0
- package/src/dlp/index.ts +2 -0
- package/src/dlp/llm-classifier.ts +148 -66
- package/src/dlp/multipart-extractor.ts +66 -0
- package/src/dlp/navigation-instruction-backend.ts +309 -0
- package/src/dlp/nemo-backend.ts +10 -0
- package/src/dlp/prompt-injection-patterns.ts +37 -0
- package/src/dlp/text-normalizer.ts +36 -7
- package/src/dlp/tool-patterns.ts +63 -0
- package/src/executor/filesystem-executor.ts +51 -0
- package/src/metrics/collector.ts +17 -0
- package/src/policy/engine.ts +39 -3
- package/src/policy/opa-engine.ts +2 -1
- package/src/server/app.ts +19 -10
- package/src/server/gateway.ts +155 -4
- package/src/types/config.ts +9 -0
- package/src/types/policy.ts +5 -0
- package/src/types/tool-call.ts +4 -0
|
@@ -0,0 +1,286 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.NavigationInstructionBackend = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* DLP backend that detects navigation instructions embedded in response content.
|
|
6
|
+
*
|
|
7
|
+
* Addresses the "nested page" attack vector: an agent opens allowed page ABC,
|
|
8
|
+
* which contains instructions (HTML redirects, JS navigation, explicit text
|
|
9
|
+
* commands) to open page XYZ. Even though XYZ may pass policy independently,
|
|
10
|
+
* the agent was *tricked* into requesting it by embedded content.
|
|
11
|
+
*
|
|
12
|
+
* Detection categories (all patterns use /gi flags):
|
|
13
|
+
*
|
|
14
|
+
* 1. HTML meta-refresh redirects (high)
|
|
15
|
+
* 2. JavaScript navigation assignments (high)
|
|
16
|
+
* 3. JavaScript navigation function calls (high)
|
|
17
|
+
* 4. HTML embedding tags (iframe, frame, object, embed) (medium)
|
|
18
|
+
* 5. HTML base tag hijacking (high)
|
|
19
|
+
* 6. Auto-submitting forms (high)
|
|
20
|
+
* 7. JS fetch / XHR / sendBeacon (medium)
|
|
21
|
+
* 8. WebSocket / EventSource connections (medium)
|
|
22
|
+
* 9. Service Worker / dynamic import (high)
|
|
23
|
+
* 10. Data URI with HTML content (high)
|
|
24
|
+
* 11. Explicit textual navigation commands (medium)
|
|
25
|
+
*
|
|
26
|
+
* Pattern names are prefixed with `navigation_instruction_` for namespacing.
|
|
27
|
+
*
|
|
28
|
+
* **False-positive mitigation**: Patterns are designed to match *executable*
|
|
29
|
+
* navigation directives, not passive hyperlinks (<a href>), CSS url() for
|
|
30
|
+
* stylesheets, or <link rel="stylesheet">. Documentation containing code
|
|
31
|
+
* examples may trigger medium-severity detections, which can be filtered
|
|
32
|
+
* by the `navigation_instruction_action` config setting.
|
|
33
|
+
*/
|
|
34
|
+
// ---------------------------------------------------------------------------
|
|
35
|
+
// Category 1: HTML meta-refresh redirects (high)
|
|
36
|
+
// Matches: <meta http-equiv="refresh" content="0;url=https://evil.com">
|
|
37
|
+
// Also handles: content="5; URL=..." with optional spaces and quoting
|
|
38
|
+
// ---------------------------------------------------------------------------
|
|
39
|
+
const META_REFRESH = {
|
|
40
|
+
name: 'navigation_instruction_meta_refresh',
|
|
41
|
+
pattern: /<meta\s[^>]*http-equiv\s*=\s*["']?\s*refresh\s*["']?\s[^>]*content\s*=\s*["']?\s*\d+\s*[;,]\s*url\s*=\s*[^"'\s>]+/gi,
|
|
42
|
+
severity: 'high',
|
|
43
|
+
};
|
|
44
|
+
// ---------------------------------------------------------------------------
|
|
45
|
+
// Category 2: JavaScript navigation assignments (high)
|
|
46
|
+
// Matches: window.location = "...", window.location.href = "...",
|
|
47
|
+
// document.location = "...", document.location.href = "...",
|
|
48
|
+
// location.href = "...", self.location = "..."
|
|
49
|
+
// Captures both assignment (=) and property set patterns.
|
|
50
|
+
// ---------------------------------------------------------------------------
|
|
51
|
+
const JS_LOCATION_ASSIGN = {
|
|
52
|
+
name: 'navigation_instruction_js_redirect',
|
|
53
|
+
pattern: /(?:window|document|self|top|parent)?\s*\.?\s*location\s*(?:\.(?:href|replace|assign))?\s*=\s*["'`][^"'`]{1,2000}["'`]/gi,
|
|
54
|
+
severity: 'high',
|
|
55
|
+
};
|
|
56
|
+
// ---------------------------------------------------------------------------
|
|
57
|
+
// Category 3: JavaScript navigation function calls (high)
|
|
58
|
+
// Matches: window.location.replace("..."), window.location.assign("..."),
|
|
59
|
+
// window.open("..."), location.replace("...")
|
|
60
|
+
// ---------------------------------------------------------------------------
|
|
61
|
+
const JS_LOCATION_FUNC = {
|
|
62
|
+
name: 'navigation_instruction_js_navigate_call',
|
|
63
|
+
pattern: /(?:window|document|self|top|parent)?\s*\.?\s*(?:location\s*\.\s*(?:replace|assign)|open)\s*\(\s*["'`][^"'`]{1,2000}["'`]/gi,
|
|
64
|
+
severity: 'high',
|
|
65
|
+
};
|
|
66
|
+
// ---------------------------------------------------------------------------
|
|
67
|
+
// Category 4: HTML embedding tags (medium)
|
|
68
|
+
// Matches: <iframe src="...">, <frame src="...">, <object data="...">,
|
|
69
|
+
// <embed src="...">
|
|
70
|
+
// These load external content automatically and can be used to redirect
|
|
71
|
+
// or exfiltrate data. Severity is medium because iframes are common in
|
|
72
|
+
// legitimate HTML responses.
|
|
73
|
+
// ---------------------------------------------------------------------------
|
|
74
|
+
const HTML_IFRAME = {
|
|
75
|
+
name: 'navigation_instruction_html_embed',
|
|
76
|
+
pattern: /<(?:iframe|frame)\s[^>]*src\s*=\s*["']?\s*https?:\/\/[^"'\s>]+/gi,
|
|
77
|
+
severity: 'medium',
|
|
78
|
+
};
|
|
79
|
+
const HTML_OBJECT_EMBED = {
|
|
80
|
+
name: 'navigation_instruction_html_object',
|
|
81
|
+
pattern: /<(?:object\s[^>]*data|embed\s[^>]*src)\s*=\s*["']?\s*https?:\/\/[^"'\s>]+/gi,
|
|
82
|
+
severity: 'medium',
|
|
83
|
+
};
|
|
84
|
+
// ---------------------------------------------------------------------------
|
|
85
|
+
// Category 5: HTML base tag hijacking (high)
|
|
86
|
+
// Matches: <base href="https://attacker.com">
|
|
87
|
+
// Silently rewrites all relative URLs in the page to point to attacker domain.
|
|
88
|
+
// ---------------------------------------------------------------------------
|
|
89
|
+
const HTML_BASE_HIJACK = {
|
|
90
|
+
name: 'navigation_instruction_base_hijack',
|
|
91
|
+
pattern: /<base\s[^>]*href\s*=\s*["']?\s*https?:\/\/[^"'\s>]+/gi,
|
|
92
|
+
severity: 'high',
|
|
93
|
+
};
|
|
94
|
+
// ---------------------------------------------------------------------------
|
|
95
|
+
// Category 6: Auto-submitting forms (high)
|
|
96
|
+
// Matches: <form ... with a nearby .submit() call — common CSRF/redirect pattern.
|
|
97
|
+
// Two-part detection: form with action + submit() in close proximity.
|
|
98
|
+
// ---------------------------------------------------------------------------
|
|
99
|
+
const AUTO_SUBMIT_FORM = {
|
|
100
|
+
name: 'navigation_instruction_auto_form_submit',
|
|
101
|
+
pattern: /<form\s[^>]*action\s*=\s*["']?https?:\/\/[^"'\s>]+[^]*?\.submit\s*\(\s*\)/gi,
|
|
102
|
+
severity: 'high',
|
|
103
|
+
};
|
|
104
|
+
// ---------------------------------------------------------------------------
|
|
105
|
+
// Category 7: JS fetch / XHR / sendBeacon (medium)
|
|
106
|
+
// Matches: fetch("https://..."), new XMLHttpRequest() ... .open("GET","https://..."),
|
|
107
|
+
// navigator.sendBeacon("https://...")
|
|
108
|
+
// Medium severity: these are very common in legitimate web pages.
|
|
109
|
+
// ---------------------------------------------------------------------------
|
|
110
|
+
const JS_FETCH = {
|
|
111
|
+
name: 'navigation_instruction_js_fetch',
|
|
112
|
+
pattern: /(?:fetch|navigator\s*\.\s*sendBeacon)\s*\(\s*["'`]https?:\/\/[^"'`]{1,2000}["'`]/gi,
|
|
113
|
+
severity: 'medium',
|
|
114
|
+
};
|
|
115
|
+
// ---------------------------------------------------------------------------
|
|
116
|
+
// Category 8: WebSocket / EventSource connections (medium)
|
|
117
|
+
// Matches: new WebSocket("wss://..."), new EventSource("https://...")
|
|
118
|
+
// ---------------------------------------------------------------------------
|
|
119
|
+
const JS_WEBSOCKET = {
|
|
120
|
+
name: 'navigation_instruction_websocket',
|
|
121
|
+
pattern: /new\s+(?:WebSocket|EventSource)\s*\(\s*["'`](?:wss?|https?):\/\/[^"'`]{1,2000}["'`]/gi,
|
|
122
|
+
severity: 'medium',
|
|
123
|
+
};
|
|
124
|
+
// ---------------------------------------------------------------------------
|
|
125
|
+
// Category 9: Service Worker / dynamic import (high)
|
|
126
|
+
// Matches: navigator.serviceWorker.register("..."), import("https://...")
|
|
127
|
+
// High severity: service workers can intercept all subsequent requests.
|
|
128
|
+
// ---------------------------------------------------------------------------
|
|
129
|
+
const JS_SERVICE_WORKER = {
|
|
130
|
+
name: 'navigation_instruction_service_worker',
|
|
131
|
+
pattern: /navigator\s*\.\s*serviceWorker\s*\.\s*register\s*\(\s*["'`][^"'`]{1,2000}["'`]/gi,
|
|
132
|
+
severity: 'high',
|
|
133
|
+
};
|
|
134
|
+
const JS_DYNAMIC_IMPORT = {
|
|
135
|
+
name: 'navigation_instruction_dynamic_import',
|
|
136
|
+
pattern: /import\s*\(\s*["'`]https?:\/\/[^"'`]{1,2000}["'`]\s*\)/gi,
|
|
137
|
+
severity: 'high',
|
|
138
|
+
};
|
|
139
|
+
// ---------------------------------------------------------------------------
|
|
140
|
+
// Category 10: Data URI with active content (high)
|
|
141
|
+
// Matches: data:text/html, data:image/svg+xml, data:application/javascript,
|
|
142
|
+
// data:text/javascript, data:text/xml, data:application/xml
|
|
143
|
+
// All can contain executable content (scripts, redirects, event handlers).
|
|
144
|
+
// Note: The text-normalizer already decodes base64 data URIs, but this
|
|
145
|
+
// pattern catches them at the structural level before normalization.
|
|
146
|
+
// ---------------------------------------------------------------------------
|
|
147
|
+
const DATA_URI_ACTIVE = {
|
|
148
|
+
name: 'navigation_instruction_data_uri',
|
|
149
|
+
pattern: /data:(?:text\/html|image\/svg\+xml|application\/javascript|text\/javascript|text\/xml|application\/xml)[^"'\s)>]{0,2000}/gi,
|
|
150
|
+
severity: 'high',
|
|
151
|
+
};
|
|
152
|
+
// Backward-compatible alias for tests referencing the old name
|
|
153
|
+
const DATA_URI_HTML = DATA_URI_ACTIVE;
|
|
154
|
+
// ---------------------------------------------------------------------------
|
|
155
|
+
// Category 11: Explicit textual navigation commands (medium)
|
|
156
|
+
// Matches: "visit https://...", "navigate to https://...", "open https://...",
|
|
157
|
+
// "go to https://...", "browse to https://...", "fetch https://..."
|
|
158
|
+
// Medium severity: may appear in legitimate documentation or instructions.
|
|
159
|
+
// Only matches when followed by an actual URL to reduce false positives.
|
|
160
|
+
// ---------------------------------------------------------------------------
|
|
161
|
+
const EXPLICIT_NAVIGATE_TEXT = {
|
|
162
|
+
name: 'navigation_instruction_explicit_text',
|
|
163
|
+
pattern: /(?:visit|navigate\s+to|open|go\s+to|browse\s+to|fetch|request|call|access|load)\s+(?:the\s+(?:url|page|link|endpoint|site)\s+)?(?:at\s+)?["']?https?:\/\/[^\s"'<>]{4,500}/gi,
|
|
164
|
+
severity: 'medium',
|
|
165
|
+
};
|
|
166
|
+
// ---------------------------------------------------------------------------
|
|
167
|
+
// Category 12: SVG with embedded script (high)
|
|
168
|
+
// SVG files are XML and can contain <script> tags with full JS execution.
|
|
169
|
+
// This is one of the most dangerous image-based attack vectors because
|
|
170
|
+
// SVGs are often treated as "images" but carry executable code.
|
|
171
|
+
// ---------------------------------------------------------------------------
|
|
172
|
+
const SVG_SCRIPT = {
|
|
173
|
+
name: 'navigation_instruction_svg_script',
|
|
174
|
+
pattern: /<svg\b[^>]*>[^]*?<script\b[^>]*>[^]*?<\/script>/gi,
|
|
175
|
+
severity: 'high',
|
|
176
|
+
};
|
|
177
|
+
// ---------------------------------------------------------------------------
|
|
178
|
+
// Category 13: SVG event handlers (high)
|
|
179
|
+
// SVG elements support JavaScript event handlers like onload, onerror.
|
|
180
|
+
// <svg onload="malicious()"> executes immediately when the SVG loads.
|
|
181
|
+
// ---------------------------------------------------------------------------
|
|
182
|
+
const SVG_EVENT_HANDLER = {
|
|
183
|
+
name: 'navigation_instruction_svg_event_handler',
|
|
184
|
+
pattern: /<svg\b[^>]*\son(?:load|error|click|mouseover|focus|blur)\s*=\s*["'][^"']*["']/gi,
|
|
185
|
+
severity: 'high',
|
|
186
|
+
};
|
|
187
|
+
// ---------------------------------------------------------------------------
|
|
188
|
+
// Category 14: SVG foreignObject (high)
|
|
189
|
+
// <foreignObject> embeds arbitrary HTML/XHTML inside SVG, including forms,
|
|
190
|
+
// scripts, iframes — essentially a full HTML injection point within an "image".
|
|
191
|
+
// ---------------------------------------------------------------------------
|
|
192
|
+
const SVG_FOREIGN_OBJECT = {
|
|
193
|
+
name: 'navigation_instruction_svg_foreign_object',
|
|
194
|
+
pattern: /<foreignObject\b[^>]*>[^]*?<\/foreignObject>/gi,
|
|
195
|
+
severity: 'high',
|
|
196
|
+
};
|
|
197
|
+
// ---------------------------------------------------------------------------
|
|
198
|
+
// Category 15: HTML event handlers in any tag (high)
|
|
199
|
+
// Catches event handlers (onload, onerror, etc.) on any HTML element,
|
|
200
|
+
// not just SVG. These auto-execute JavaScript without user interaction.
|
|
201
|
+
// ---------------------------------------------------------------------------
|
|
202
|
+
const HTML_EVENT_HANDLER = {
|
|
203
|
+
name: 'navigation_instruction_html_event_handler',
|
|
204
|
+
pattern: /<[a-z][a-z0-9]*\s[^>]*?on(?:load|error|click|mouseover|focus|blur|mouseenter|submit|change|input)\s*=\s*["'][^"']*["']/gi,
|
|
205
|
+
severity: 'high',
|
|
206
|
+
};
|
|
207
|
+
// ---------------------------------------------------------------------------
|
|
208
|
+
// All patterns collected for iteration
|
|
209
|
+
// ---------------------------------------------------------------------------
|
|
210
|
+
const NAVIGATION_PATTERNS = [
|
|
211
|
+
META_REFRESH,
|
|
212
|
+
JS_LOCATION_ASSIGN,
|
|
213
|
+
JS_LOCATION_FUNC,
|
|
214
|
+
HTML_IFRAME,
|
|
215
|
+
HTML_OBJECT_EMBED,
|
|
216
|
+
HTML_BASE_HIJACK,
|
|
217
|
+
AUTO_SUBMIT_FORM,
|
|
218
|
+
JS_FETCH,
|
|
219
|
+
JS_WEBSOCKET,
|
|
220
|
+
JS_SERVICE_WORKER,
|
|
221
|
+
JS_DYNAMIC_IMPORT,
|
|
222
|
+
DATA_URI_ACTIVE,
|
|
223
|
+
SVG_SCRIPT,
|
|
224
|
+
SVG_EVENT_HANDLER,
|
|
225
|
+
SVG_FOREIGN_OBJECT,
|
|
226
|
+
HTML_EVENT_HANDLER,
|
|
227
|
+
EXPLICIT_NAVIGATE_TEXT,
|
|
228
|
+
];
|
|
229
|
+
/**
|
|
230
|
+
* Extract target URLs from a navigation instruction match.
|
|
231
|
+
* Returns the first URL found in the matched string, or null.
|
|
232
|
+
*/
|
|
233
|
+
function extractTargetUrl(match) {
|
|
234
|
+
// Try to extract URL from common patterns
|
|
235
|
+
const urlPatterns = [
|
|
236
|
+
/url\s*=\s*["']?([^"'\s;>]+)/i, // meta-refresh url=...
|
|
237
|
+
/=\s*["'`](https?:\/\/[^"'`]+)["'`]/i, // assignment = "https://..."
|
|
238
|
+
/\(\s*["'`](https?:\/\/[^"'`]+)["'`]/i, // function call("https://...")
|
|
239
|
+
/(?:src|data|href|action)\s*=\s*["']?(https?:\/\/[^"'\s>]+)/i, // HTML attributes
|
|
240
|
+
/(https?:\/\/[^\s"'<>]+)/i, // bare URL fallback
|
|
241
|
+
/((?:wss?):\/\/[^\s"'<>]+)/i, // WebSocket URL
|
|
242
|
+
/(data:text\/html[^\s"'<>)]*)/i, // data URI
|
|
243
|
+
];
|
|
244
|
+
for (const urlPat of urlPatterns) {
|
|
245
|
+
const m = urlPat.exec(match);
|
|
246
|
+
if (m && m[1]) {
|
|
247
|
+
return m[1];
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
return null;
|
|
251
|
+
}
|
|
252
|
+
class NavigationInstructionBackend {
|
|
253
|
+
constructor() {
|
|
254
|
+
this.name = 'navigation_instruction';
|
|
255
|
+
}
|
|
256
|
+
scanString(value) {
|
|
257
|
+
const detections = [];
|
|
258
|
+
// Skip very short strings — no meaningful navigation instructions possible
|
|
259
|
+
if (value.length < 15)
|
|
260
|
+
return detections;
|
|
261
|
+
for (const pat of NAVIGATION_PATTERNS) {
|
|
262
|
+
pat.pattern.lastIndex = 0;
|
|
263
|
+
let m;
|
|
264
|
+
while ((m = pat.pattern.exec(value)) !== null) {
|
|
265
|
+
const targetUrl = extractTargetUrl(m[0]);
|
|
266
|
+
detections.push({
|
|
267
|
+
pattern_name: pat.name,
|
|
268
|
+
severity: pat.severity,
|
|
269
|
+
match: m[0].slice(0, 500), // Truncate long matches for logging
|
|
270
|
+
start: m.index,
|
|
271
|
+
end: m.index + m[0].length,
|
|
272
|
+
...(targetUrl ? { target_url: targetUrl } : {}),
|
|
273
|
+
});
|
|
274
|
+
// Guard against zero-length matches causing infinite loops
|
|
275
|
+
if (m[0].length === 0) {
|
|
276
|
+
pat.pattern.lastIndex++;
|
|
277
|
+
}
|
|
278
|
+
}
|
|
279
|
+
// Reset lastIndex for stateful /g regex reuse
|
|
280
|
+
pat.pattern.lastIndex = 0;
|
|
281
|
+
}
|
|
282
|
+
return detections;
|
|
283
|
+
}
|
|
284
|
+
}
|
|
285
|
+
exports.NavigationInstructionBackend = NavigationInstructionBackend;
|
|
286
|
+
//# sourceMappingURL=navigation-instruction-backend.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"navigation-instruction-backend.js","sourceRoot":"","sources":["../../../src/dlp/navigation-instruction-backend.ts"],"names":[],"mappings":";;;AAIA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AAEH,8EAA8E;AAC9E,iDAAiD;AACjD,wEAAwE;AACxE,sEAAsE;AACtE,8EAA8E;AAC9E,MAAM,YAAY,GAAe;IAC/B,IAAI,EAAE,qCAAqC;IAC3C,OAAO,EAAE,qHAAqH;IAC9H,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,8EAA8E;AAC9E,uDAAuD;AACvD,kEAAkE;AAClE,sEAAsE;AACtE,wDAAwD;AACxD,0DAA0D;AAC1D,8EAA8E;AAC9E,MAAM,kBAAkB,GAAe;IACrC,IAAI,EAAE,oCAAoC;IAC1C,OAAO,EAAE,yHAAyH;IAClI,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,8EAA8E;AAC9E,0DAA0D;AAC1D,0EAA0E;AAC1E,uDAAuD;AACvD,8EAA8E;AAC9E,MAAM,gBAAgB,GAAe;IACnC,IAAI,EAAE,yCAAyC;IAC/C,OAAO,EAAE,4HAA4H;IACrI,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,8EAA8E;AAC9E,2CAA2C;AAC3C,uEAAuE;AACvE,6BAA6B;AAC7B,wEAAwE;AACxE,uEAAuE;AACvE,6BAA6B;AAC7B,8EAA8E;AAC9E,MAAM,WAAW,GAAe;IAC9B,IAAI,EAAE,mCAAmC;IACzC,OAAO,EAAE,kEAAkE;IAC3E,QAAQ,EAAE,QAAQ;CACnB,CAAC;AAEF,MAAM,iBAAiB,GAAe;IACpC,IAAI,EAAE,oCAAoC;IAC1C,OAAO,EAAE,6EAA6E;IACtF,QAAQ,EAAE,QAAQ;CACnB,CAAC;AAEF,8EAA8E;AAC9E,6CAA6C;AAC7C,8CAA8C;AAC9C,+EAA+E;AAC/E,8EAA8E;AAC9E,MAAM,gBAAgB,GAAe;IACnC,IAAI,EAAE,oCAAoC;IAC1C,OAAO,EAAE,uDAAuD;IAChE,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,8EAA8E;AAC9E,2CAA2C;AAC3C,kFAAkF;AAClF,sEAAsE;AACtE,8EAA8E;AAC9E,MAAM,gBAAgB,GAAe;IACnC,IAAI,EAAE,yCAAyC;IAC/C,OAAO,EAAE,6EAA6E;IACtF,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,8EAA8E;AAC9E,mDAAmD;AACnD,sFAAsF;AACtF,+CAA+C;AAC/C,kEAAkE;AAClE,8EAA8E;AAC9E,MAAM,QAAQ,GAAe;IAC3B,IAAI,EAAE,iCAAiC;IACvC,OAAO,EAAE,oFAAoF;IAC7F,QAAQ,EAAE,QAAQ;CACnB,CAAC;AAEF,8EAA8E;AAC9E,2DAA2D;AAC3D,sEAAsE;AACtE,8EAA8E;AAC9E,MAAM,YAAY,GAAe;IAC/B,IAAI,EAAE,kCAAkC;IACxC,OAAO,EAAE,uFAAuF;IAChG,QAAQ,EAAE,QAAQ;CACnB,CAAC;AAEF,8EAA8E;AAC9E,qDAAqD;AACrD,0EAA0E;AAC1E,wEAAwE;AACxE,8EAA8E;AAC9E,MAAM,iBAAiB,GAAe;IACpC,IAAI,EAAE,uCAAuC;IAC7C,OAAO,EAAE,kFAAkF;IAC3F,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,MAAM,iBAAiB,GAAe;IACpC,IAAI,EAAE,uCAAuC;IAC7C,OAAO,EAAE,0DAA0D;IACnE,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,8EAA8E;AAC9E,mDAAmD;AACnD,4EAA4E;AAC5E,qEAAqE;AACrE,2EAA2E;AAC3E,uEAAuE;AACvE,qEAAqE;AACrE,8EAA8E;AAC9E,MAAM,eAAe,GAAe;IAClC,IAAI,EAAE,iCAAiC;IACvC,OAAO,EAAE,4HAA4H;IACrI,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,+DAA+D;AAC/D,MAAM,aAAa,GAAG,eAAe,CAAC;AAEtC,8EAA8E;AAC9E,6DAA6D;AAC7D,+EAA+E;AAC/E,6EAA6E;AAC7E,2EAA2E;AAC3E,yEAAyE;AACzE,8EAA8E;AAC9E,MAAM,sBAAsB,GAAe;IACzC,IAAI,EAAE,sCAAsC;IAC5C,OAAO,EAAE,6KAA6K;IACtL,QAAQ,EAAE,QAAQ;CACnB,CAAC;AAEF,8EAA8E;AAC9E,+CAA+C;AAC/C,0EAA0E;AAC1E,uEAAuE;AACvE,gEAAgE;AAChE,8EAA8E;AAC9E,MAAM,UAAU,GAAe;IAC7B,IAAI,EAAE,mCAAmC;IACzC,OAAO,EAAE,mDAAmD;IAC5D,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,8EAA8E;AAC9E,yCAAyC;AACzC,uEAAuE;AACvE,sEAAsE;AACtE,8EAA8E;AAC9E,MAAM,iBAAiB,GAAe;IACpC,IAAI,EAAE,0CAA0C;IAChD,OAAO,EAAE,iFAAiF;IAC1F,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,8EAA8E;AAC9E,wCAAwC;AACxC,2EAA2E;AAC3E,gFAAgF;AAChF,8EAA8E;AAC9E,MAAM,kBAAkB,GAAe;IACrC,IAAI,EAAE,2CAA2C;IACjD,OAAO,EAAE,gDAAgD;IACzD,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,8EAA8E;AAC9E,qDAAqD;AACrD,sEAAsE;AACtE,wEAAwE;AACxE,8EAA8E;AAC9E,MAAM,kBAAkB,GAAe;IACrC,IAAI,EAAE,2CAA2C;IACjD,OAAO,EAAE,0HAA0H;IACnI,QAAQ,EAAE,MAAM;CACjB,CAAC;AAEF,8EAA8E;AAC9E,uCAAuC;AACvC,8EAA8E;AAC9E,MAAM,mBAAmB,GAAiB;IACxC,YAAY;IACZ,kBAAkB;IAClB,gBAAgB;IAChB,WAAW;IACX,iBAAiB;IACjB,gBAAgB;IAChB,gBAAgB;IAChB,QAAQ;IACR,YAAY;IACZ,iBAAiB;IACjB,iBAAiB;IACjB,eAAe;IACf,UAAU;IACV,iBAAiB;IACjB,kBAAkB;IAClB,kBAAkB;IAClB,sBAAsB;CACvB,CAAC;AAEF;;;GAGG;AACH,SAAS,gBAAgB,CAAC,KAAa;IACrC,0CAA0C;IAC1C,MAAM,WAAW,GAAG;QAClB,8BAA8B,EAAe,uBAAuB;QACpE,qCAAqC,EAAQ,6BAA6B;QAC1E,sCAAsC,EAAO,+BAA+B;QAC5E,6DAA6D,EAAE,kBAAkB;QACjF,0BAA0B,EAAqB,oBAAoB;QACnE,4BAA4B,EAAmB,gBAAgB;QAC/D,+BAA+B,EAAgB,WAAW;KAC3D,CAAC;IAEF,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;QACjC,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7B,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACd,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAa,4BAA4B;IAAzC;QACW,SAAI,GAAG,wBAAwB,CAAC;IAiC3C,CAAC;IA/BC,UAAU,CAAC,KAAa;QACtB,MAAM,UAAU,GAAmB,EAAE,CAAC;QAEtC,2EAA2E;QAC3E,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE;YAAE,OAAO,UAAU,CAAC;QAEzC,KAAK,MAAM,GAAG,IAAI,mBAAmB,EAAE,CAAC;YACtC,GAAG,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;YAC1B,IAAI,CAAyB,CAAC;YAC9B,OAAO,CAAC,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC9C,MAAM,SAAS,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzC,UAAU,CAAC,IAAI,CAAC;oBACd,YAAY,EAAE,GAAG,CAAC,IAAI;oBACtB,QAAQ,EAAE,GAAG,CAAC,QAAuB;oBACrC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,oCAAoC;oBAC/D,KAAK,EAAE,CAAC,CAAC,KAAK;oBACd,GAAG,EAAE,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM;oBAC1B,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACN,CAAC,CAAC;gBAE7C,2DAA2D;gBAC3D,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACtB,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC1B,CAAC;YACH,CAAC;YACD,8CAA8C;YAC9C,GAAG,CAAC,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QAC5B,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF;AAlCD,oEAkCC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { DLPBackend, DLPDetection } from './interfaces';
|
|
2
|
+
import { CircuitBreaker } from './circuit-breaker';
|
|
2
3
|
export interface NemoGuardrailsConfig {
|
|
3
4
|
/** NeMo Guardrails API URL (e.g. 'http://nemo:8000'). */
|
|
4
5
|
api_url: string;
|
|
@@ -20,6 +21,7 @@ export declare class NemoGuardrailsBackend implements DLPBackend {
|
|
|
20
21
|
readonly name = "nemo_guardrails";
|
|
21
22
|
private readonly apiUrl;
|
|
22
23
|
private readonly timeoutMs;
|
|
24
|
+
readonly circuitBreaker: CircuitBreaker;
|
|
23
25
|
constructor(config: NemoGuardrailsConfig);
|
|
24
26
|
scanString(value: string): DLPDetection[];
|
|
25
27
|
private parseResponse;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nemo-backend.d.ts","sourceRoot":"","sources":["../../../src/dlp/nemo-backend.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"nemo-backend.d.ts","sourceRoot":"","sources":["../../../src/dlp/nemo-backend.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAExD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD,MAAM,WAAW,oBAAoB;IACnC,yDAAyD;IACzD,OAAO,EAAE,MAAM,CAAC;IAChB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,qBAAsB,YAAW,UAAU;IACtD,QAAQ,CAAC,IAAI,qBAAqB;IAElC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;gBAE5B,MAAM,EAAE,oBAAoB;IAMxC,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,YAAY,EAAE;IAqCzC,OAAO,CAAC,aAAa;IA0CrB,OAAO,CAAC,WAAW;CAWpB"}
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.NemoGuardrailsBackend = void 0;
|
|
4
4
|
const child_process_1 = require("child_process");
|
|
5
|
+
const circuit_breaker_1 = require("./circuit-breaker");
|
|
5
6
|
/**
|
|
6
7
|
* DLP backend that delegates content safety classification to NeMo Guardrails.
|
|
7
8
|
*
|
|
@@ -18,10 +19,15 @@ class NemoGuardrailsBackend {
|
|
|
18
19
|
this.name = 'nemo_guardrails';
|
|
19
20
|
this.apiUrl = config.api_url.replace(/\/+$/, '');
|
|
20
21
|
this.timeoutMs = config.timeout_ms ?? 5000;
|
|
22
|
+
this.circuitBreaker = new circuit_breaker_1.CircuitBreaker({ name: 'nemo', failureThreshold: 5, resetTimeoutMs: 30000 });
|
|
21
23
|
}
|
|
22
24
|
scanString(value) {
|
|
23
25
|
if (!value || value.length < 5)
|
|
24
26
|
return [];
|
|
27
|
+
if (!this.circuitBreaker.allowRequest()) {
|
|
28
|
+
console.warn(`[NemoGuardrailsBackend] circuit OPEN — skipping external call`);
|
|
29
|
+
return [];
|
|
30
|
+
}
|
|
25
31
|
try {
|
|
26
32
|
const payload = JSON.stringify({
|
|
27
33
|
messages: [{ role: 'user', content: value }],
|
|
@@ -39,9 +45,11 @@ class NemoGuardrailsBackend {
|
|
|
39
45
|
encoding: 'utf-8',
|
|
40
46
|
stdio: ['pipe', 'pipe', 'pipe'],
|
|
41
47
|
});
|
|
48
|
+
this.circuitBreaker.recordSuccess();
|
|
42
49
|
return this.parseResponse(stdout, value);
|
|
43
50
|
}
|
|
44
51
|
catch (err) {
|
|
52
|
+
this.circuitBreaker.recordFailure();
|
|
45
53
|
const message = err instanceof Error ? err.message : String(err);
|
|
46
54
|
console.warn(`[NemoGuardrailsBackend] scan failed: ${message}`);
|
|
47
55
|
return [];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"nemo-backend.js","sourceRoot":"","sources":["../../../src/dlp/nemo-backend.ts"],"names":[],"mappings":";;;AAAA,iDAA6C;
|
|
1
|
+
{"version":3,"file":"nemo-backend.js","sourceRoot":"","sources":["../../../src/dlp/nemo-backend.ts"],"names":[],"mappings":";;;AAAA,iDAA6C;AAG7C,uDAAmD;AASnD;;;;;;;;;;GAUG;AACH,MAAa,qBAAqB;IAOhC,YAAY,MAA4B;QAN/B,SAAI,GAAG,iBAAiB,CAAC;QAOhC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC;QAC3C,IAAI,CAAC,cAAc,GAAG,IAAI,gCAAc,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,EAAE,cAAc,EAAE,KAAM,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED,UAAU,CAAC,KAAa;QACtB,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,EAAE,CAAC;QAE1C,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,EAAE,CAAC;YACxC,OAAO,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;YAC9E,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC;gBAC7B,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;aAC7C,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,IAAA,4BAAY,EAAC,MAAM,EAAE;gBAClC,IAAI;gBACJ,IAAI,EAAE,MAAM;gBACZ,GAAG,IAAI,CAAC,MAAM,sBAAsB;gBACpC,IAAI,EAAE,gCAAgC;gBACtC,IAAI,EAAE,OAAO;gBACb,YAAY,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;gBACtD,mBAAmB,EAAE,GAAG;aACzB,EAAE;gBACD,OAAO,EAAE,IAAI,CAAC,SAAS,GAAG,IAAI;gBAC9B,QAAQ,EAAE,OAAO;gBACjB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;aAChC,CAAC,CAAC;YAEH,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,CAAC,cAAc,CAAC,aAAa,EAAE,CAAC;YACpC,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACjE,OAAO,CAAC,IAAI,CAAC,wCAAwC,OAAO,EAAE,CAAC,CAAC;YAChE,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,aAAa,CAAC,GAAW,EAAE,aAAqB;QACtD,MAAM,UAAU,GAAmB,EAAE,CAAC;QAEtC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAE7B,uDAAuD;YACvD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;YAClE,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,KAAK,CAAC;YAEtC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,IAAI,SAAS,CAAC;oBAClE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;oBAEhG,UAAU,CAAC,IAAI,CAAC;wBACd,YAAY,EAAE,QAAQ,QAAQ,EAAE;wBAChC,QAAQ;wBACR,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;wBAClC,KAAK,EAAE,CAAC;wBACR,GAAG,EAAE,aAAa,CAAC,MAAM;qBAC1B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,6DAA6D;YAC7D,IAAI,OAAO,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACvC,UAAU,CAAC,IAAI,CAAC;oBACd,YAAY,EAAE,sBAAsB;oBACpC,QAAQ,EAAE,MAAM;oBAChB,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;oBAClC,KAAK,EAAE,CAAC;oBACR,GAAG,EAAE,aAAa,CAAC,MAAM;iBAC1B,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,WAAW,CAAC,KAAsB;QACxC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,IAAI,KAAK,IAAI,GAAG;gBAAE,OAAO,MAAM,CAAC;YAChC,IAAI,KAAK,IAAI,GAAG;gBAAE,OAAO,QAAQ,CAAC;YAClC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QAC1C,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,UAAU;YAAE,OAAO,MAAM,CAAC;QAC5D,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,UAAU;YAAE,OAAO,QAAQ,CAAC;QAChE,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAvGD,sDAuGC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prompt-injection-patterns.d.ts","sourceRoot":"","sources":["../../../src/dlp/prompt-injection-patterns.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,yBAAyB,EAAE,UAAU,
|
|
1
|
+
{"version":3,"file":"prompt-injection-patterns.d.ts","sourceRoot":"","sources":["../../../src/dlp/prompt-injection-patterns.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAExC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,yBAAyB,EAAE,UAAU,EAiajD,CAAC;AAMF;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB,EAAE,UAAU,EAgBjD,CAAC"}
|
|
@@ -386,6 +386,42 @@ exports.PROMPT_INJECTION_PATTERNS = [
|
|
|
386
386
|
pattern: /(?:you\s+have\s+)?no\s+(?:rules|limits|limitations|boundaries|restrictions|ethical\s+guidelines|safety\s+(?:measures|protocols|guidelines))/gi,
|
|
387
387
|
severity: 'medium',
|
|
388
388
|
},
|
|
389
|
+
// -----------------------------------------------------------------------
|
|
390
|
+
// Category 18: Policy/config self-modification (high)
|
|
391
|
+
// Detects instructions to modify the agent's own policy, config, or
|
|
392
|
+
// governance files — the most dangerous form of prompt injection as it
|
|
393
|
+
// can disable all security controls.
|
|
394
|
+
// -----------------------------------------------------------------------
|
|
395
|
+
{
|
|
396
|
+
name: 'prompt_injection_modify_policy',
|
|
397
|
+
pattern: /(?:modify|change|update|edit|overwrite|replace|rewrite|alter)\s+(?:the\s+|your\s+)?(?:policy|policies|policy[\s_-]*(?:pack|file|yaml|config|rules?))/gi,
|
|
398
|
+
severity: 'high',
|
|
399
|
+
},
|
|
400
|
+
{
|
|
401
|
+
name: 'prompt_injection_write_policy_file',
|
|
402
|
+
pattern: /(?:write|save|create|output|put|dump)\s+(?:this\s+|the\s+following\s+)?(?:to|into|in)\s+(?:the\s+)?(?:policy|config|yaml|yml|configuration)\s*(?:file|pack)?/gi,
|
|
403
|
+
severity: 'high',
|
|
404
|
+
},
|
|
405
|
+
{
|
|
406
|
+
name: 'prompt_injection_disable_security',
|
|
407
|
+
pattern: /(?:disable|turn\s+off|deactivate|remove|bypass|skip)\s+(?:all\s+)?(?:the\s+)?(?:security|DLP|firewall|policy|protection|enforcement|validation|rate[\s_-]*limit|budget[\s_-]*check|approval)/gi,
|
|
408
|
+
severity: 'high',
|
|
409
|
+
},
|
|
410
|
+
{
|
|
411
|
+
name: 'prompt_injection_allow_all_policy',
|
|
412
|
+
pattern: /(?:set|change|make|switch)\s+(?:the\s+)?(?:default\s+)?(?:policy|effect|rule)\s+(?:to\s+)?(?:allow[\s_-]*all|permissive|allow\s+everything)/gi,
|
|
413
|
+
severity: 'high',
|
|
414
|
+
},
|
|
415
|
+
{
|
|
416
|
+
name: 'prompt_injection_policy_pack_path',
|
|
417
|
+
pattern: /policy[\s_-]*packs?\/[^\s"']+\.ya?ml/gi,
|
|
418
|
+
severity: 'high',
|
|
419
|
+
},
|
|
420
|
+
{
|
|
421
|
+
name: 'prompt_injection_remove_rules',
|
|
422
|
+
pattern: /(?:remove|delete|clear|empty|wipe)\s+(?:all\s+)?(?:the\s+)?(?:policy\s+)?(?:rules?|restrictions?|blocklist|denylist|deny\s+rules?)/gi,
|
|
423
|
+
severity: 'high',
|
|
424
|
+
},
|
|
389
425
|
];
|
|
390
426
|
// ---------------------------------------------------------------------------
|
|
391
427
|
// Output-side prompt injection patterns
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prompt-injection-patterns.js","sourceRoot":"","sources":["../../../src/dlp/prompt-injection-patterns.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;;;;;;;;;;;;;GAoBG;AACU,QAAA,yBAAyB,GAAiB;IACrD,0EAA0E;IAC1E,iDAAiD;IACjD,0EAA0E;IAC1E;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,+CAA+C;QACxD,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,kGAAkG;QAC3G,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,wCAAwC;QAC9C,OAAO,EAAE,yFAAyF;QAClG,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,yCAAyC;IACzC,0EAA0E;IAC1E;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,qCAAqC;QAC9C,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,sEAAsE;QAC/E,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,oBAAoB;QAC7B,QAAQ,EAAE,QAAQ;KACnB;IAED,0EAA0E;IAC1E,wCAAwC;IACxC,0EAA0E;IAC1E;QACE,gEAAgE;QAChE,oFAAoF;QACpF,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,uEAAuE;QAChF,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,8CAA8C;IAC9C,0EAA0E;IAC1E;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,mFAAmF;QAC5F,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,mEAAmE;QAC5E,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,wCAAwC;QAC9C,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,yCAAyC;IACzC,0EAA0E;IAC1E;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,kBAAkB;QAC3B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,oBAAoB;QAC7B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,YAAY;QACrB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,YAAY;QACrB,QAAQ,EAAE,MAAM;KACjB;IAED;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,8FAA8F;QACvG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,0JAA0J;QACnK,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,2IAA2I;QACpJ,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,sGAAsG;QAC/G,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,sDAAsD;QAC/D,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,sEAAsE;QAC/E,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,MAAM;KACjB;IACD,0EAA0E;IAC1E,4CAA4C;IAC5C,0EAA0E;IAC1E;QACE,IAAI,EAAE,wCAAwC;QAC9C,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,uCAAuC;QAC7C,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,QAAQ;KACnB;IAED,0EAA0E;IAC1E,6CAA6C;IAC7C,0EAA0E;IAC1E;QACE,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,oGAAoG;QAC7G,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,mEAAmE;QAC5E,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,oFAAoF;QAC7F,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,wCAAwC;IACxC,0EAA0E;IAC1E;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,4FAA4F;QACrG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,wFAAwF;QACjG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,4CAA4C;QAClD,OAAO,EAAE,yEAAyE;QAClF,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,2CAA2C;IAC3C,0EAA0E;IAC1E;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,8FAA8F;QACvG,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,+EAA+E;QACxF,QAAQ,EAAE,QAAQ;KACnB;IAED,0EAA0E;IAC1E,uCAAuC;IACvC,0EAA0E;IAC1E;QACE,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,8HAA8H;QACvI,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,wIAAwI;QACjJ,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,2EAA2E;QACpF,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,8CAA8C;IAC9C,0EAA0E;IAC1E;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,uHAAuH;QAChI,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,4GAA4G;QACrH,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,4CAA4C;IAC5C,0EAA0E;IAC1E;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,qFAAqF;QAC9F,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,2FAA2F;QACpG,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,gFAAgF;QACzF,QAAQ,EAAE,QAAQ;KACnB;IAED,0EAA0E;IAC1E,gDAAgD;IAChD,0EAA0E;IAC1E;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,8DAA8D;QACvE,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,uEAAuE;QAChF,QAAQ,EAAE,QAAQ;KACnB;IAED,0EAA0E;IAC1E,sDAAsD;IACtD,0EAA0E;IAC1E;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,kIAAkI;QAC3I,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,kHAAkH;QAC3H,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,+LAA+L;QACxM,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,yCAAyC;QAC/C,OAAO,EAAE,qIAAqI;QAC9I,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,+EAA+E;IAC/E,0EAA0E;IAC1E;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,uFAAuF;QAChG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,uCAAuC;QAC7C,OAAO,EAAE,yGAAyG;QAClH,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,+FAA+F;QACxG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,kHAAkH;QAC3H,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,8FAA8F;QACvG,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,2CAA2C;IAC3C,0EAA0E;IAC1E;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,yGAAyG;QAClH,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,uDAAuD;IACvD,0EAA0E;IAC1E;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,+IAA+I;QACxJ,QAAQ,EAAE,QAAQ;KACnB;CACF,CAAC;AAEF,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E;;;;;;GAMG;AACU,QAAA,yBAAyB,GAAiB;IACrD;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,wGAAwG;QACjH,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,2CAA2C;QACjD,OAAO,EAAE,0JAA0J;QACnK,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,uJAAuJ;QAChK,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC"}
|
|
1
|
+
{"version":3,"file":"prompt-injection-patterns.js","sourceRoot":"","sources":["../../../src/dlp/prompt-injection-patterns.ts"],"names":[],"mappings":";;;AAEA;;;;;;;;;;;;;;;;;;;;GAoBG;AACU,QAAA,yBAAyB,GAAiB;IACrD,0EAA0E;IAC1E,iDAAiD;IACjD,0EAA0E;IAC1E;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,+CAA+C;QACxD,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,kGAAkG;QAC3G,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,kEAAkE;QAC3E,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,wCAAwC;QAC9C,OAAO,EAAE,yFAAyF;QAClG,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,yCAAyC;IACzC,0EAA0E;IAC1E;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,qCAAqC;QAC9C,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,yBAAyB;QAC/B,OAAO,EAAE,sEAAsE;QAC/E,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,sCAAsC;QAC/C,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,oBAAoB;QAC7B,QAAQ,EAAE,QAAQ;KACnB;IAED,0EAA0E;IAC1E,wCAAwC;IACxC,0EAA0E;IAC1E;QACE,gEAAgE;QAChE,oFAAoF;QACpF,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,2CAA2C;QACpD,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,uBAAuB;QAChC,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,uEAAuE;QAChF,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,8CAA8C;IAC9C,0EAA0E;IAC1E;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,mFAAmF;QAC5F,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,mEAAmE;QAC5E,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,wCAAwC;QAC9C,OAAO,EAAE,oEAAoE;QAC7E,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,yCAAyC;IACzC,0EAA0E;IAC1E;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,kBAAkB;QAC3B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,oBAAoB;QAC7B,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,YAAY;QACrB,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,YAAY;QACrB,QAAQ,EAAE,MAAM;KACjB;IAED;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,8FAA8F;QACvG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,0JAA0J;QACnK,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,2IAA2I;QACpJ,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,sGAAsG;QAC/G,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,sDAAsD;QAC/D,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,sEAAsE;QAC/E,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,4DAA4D;QACrE,QAAQ,EAAE,MAAM;KACjB;IACD,0EAA0E;IAC1E,4CAA4C;IAC5C,0EAA0E;IAC1E;QACE,IAAI,EAAE,wCAAwC;QAC9C,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,uCAAuC;QAC7C,OAAO,EAAE,uCAAuC;QAChD,QAAQ,EAAE,QAAQ;KACnB;IAED,0EAA0E;IAC1E,6CAA6C;IAC7C,0EAA0E;IAC1E;QACE,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,oGAAoG;QAC7G,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,mEAAmE;QAC5E,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,oFAAoF;QAC7F,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,wCAAwC;IACxC,0EAA0E;IAC1E;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,4FAA4F;QACrG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,wFAAwF;QACjG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,4CAA4C;QAClD,OAAO,EAAE,yEAAyE;QAClF,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,2CAA2C;IAC3C,0EAA0E;IAC1E;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,8FAA8F;QACvG,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,+EAA+E;QACxF,QAAQ,EAAE,QAAQ;KACnB;IAED,0EAA0E;IAC1E,uCAAuC;IACvC,0EAA0E;IAC1E;QACE,IAAI,EAAE,sCAAsC;QAC5C,OAAO,EAAE,8HAA8H;QACvI,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,wIAAwI;QACjJ,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,2EAA2E;QACpF,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,8CAA8C;IAC9C,0EAA0E;IAC1E;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,uHAAuH;QAChI,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,4GAA4G;QACrH,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,4CAA4C;IAC5C,0EAA0E;IAC1E;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,qFAAqF;QAC9F,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,2FAA2F;QACpG,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,gFAAgF;QACzF,QAAQ,EAAE,QAAQ;KACnB;IAED,0EAA0E;IAC1E,gDAAgD;IAChD,0EAA0E;IAC1E;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,8DAA8D;QACvE,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,uEAAuE;QAChF,QAAQ,EAAE,QAAQ;KACnB;IAED,0EAA0E;IAC1E,sDAAsD;IACtD,0EAA0E;IAC1E;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,kIAAkI;QAC3I,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,kHAAkH;QAC3H,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,+LAA+L;QACxM,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,yCAAyC;QAC/C,OAAO,EAAE,qIAAqI;QAC9I,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,+EAA+E;IAC/E,0EAA0E;IAC1E;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,uFAAuF;QAChG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,uDAAuD;QAChE,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,uCAAuC;QAC7C,OAAO,EAAE,yGAAyG;QAClH,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,kCAAkC;QACxC,OAAO,EAAE,0BAA0B;QACnC,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,+FAA+F;QACxG,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,kHAAkH;QAC3H,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,OAAO,EAAE,8FAA8F;QACvG,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,2CAA2C;IAC3C,0EAA0E;IAC1E;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,gDAAgD;QACzD,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,4BAA4B;QAClC,OAAO,EAAE,4BAA4B;QACrC,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,6BAA6B;QACnC,OAAO,EAAE,yGAAyG;QAClH,QAAQ,EAAE,MAAM;KACjB;IAED,0EAA0E;IAC1E,uDAAuD;IACvD,0EAA0E;IAC1E;QACE,IAAI,EAAE,8BAA8B;QACpC,OAAO,EAAE,mDAAmD;QAC5D,QAAQ,EAAE,QAAQ;KACnB;IACD;QACE,IAAI,EAAE,2BAA2B;QACjC,OAAO,EAAE,+IAA+I;QACxJ,QAAQ,EAAE,QAAQ;KACnB;IAED,0EAA0E;IAC1E,sDAAsD;IACtD,oEAAoE;IACpE,uEAAuE;IACvE,qCAAqC;IACrC,0EAA0E;IAC1E;QACE,IAAI,EAAE,gCAAgC;QACtC,OAAO,EAAE,wJAAwJ;QACjK,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,gKAAgK;QACzK,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,gMAAgM;QACzM,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,+IAA+I;QACxJ,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,wCAAwC;QACjD,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,+BAA+B;QACrC,OAAO,EAAE,sIAAsI;QAC/I,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC;AAEF,8EAA8E;AAC9E,wCAAwC;AACxC,8EAA8E;AAE9E;;;;;;GAMG;AACU,QAAA,yBAAyB,GAAiB;IACrD;QACE,IAAI,EAAE,qCAAqC;QAC3C,OAAO,EAAE,wGAAwG;QACjH,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,2CAA2C;QACjD,OAAO,EAAE,0JAA0J;QACnK,QAAQ,EAAE,MAAM;KACjB;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,OAAO,EAAE,uJAAuJ;QAChK,QAAQ,EAAE,MAAM;KACjB;CACF,CAAC"}
|
|
@@ -8,7 +8,8 @@
|
|
|
8
8
|
/** Regex matching zero-width and invisible Unicode characters.
|
|
9
9
|
* Comprehensive list covering: zero-width spaces/joiners, soft hyphen, BOM,
|
|
10
10
|
* directional marks/isolates, word joiners, invisible operators,
|
|
11
|
-
* combining grapheme joiner, Arabic letter mark,
|
|
11
|
+
* combining grapheme joiner, Arabic letter mark, deprecated formatting chars,
|
|
12
|
+
* and Unicode Tags block (U+E0001-U+E007F, deprecated language tags).
|
|
12
13
|
*/
|
|
13
14
|
export declare const ZERO_WIDTH_REGEX: RegExp;
|
|
14
15
|
/** Map of Unicode homoglyphs to their ASCII equivalents. */
|
|
@@ -22,20 +23,6 @@ export declare function decodeROT13(input: string): string;
|
|
|
22
23
|
* contains recognizable injection keywords (avoids false positives).
|
|
23
24
|
*/
|
|
24
25
|
export declare function tryDecodeROT13(input: string): string | null;
|
|
25
|
-
/**
|
|
26
|
-
* Normalize text for bypass-resistant pattern matching.
|
|
27
|
-
*
|
|
28
|
-
* Applies transformations in order:
|
|
29
|
-
* 1. Strip zero-width / invisible Unicode characters
|
|
30
|
-
* 2. Unicode NFKC normalization (collapses fullwidth, ligatures, etc.)
|
|
31
|
-
* 3. Decode HTML entities (named + numeric)
|
|
32
|
-
* 4. Decode URL percent-encoding
|
|
33
|
-
* 5. Collapse homoglyphs (Cyrillic/Greek lookalikes -> ASCII)
|
|
34
|
-
* 6. Collapse repeated whitespace to single space
|
|
35
|
-
*
|
|
36
|
-
* @param input - The raw text to normalize.
|
|
37
|
-
* @returns The normalized text suitable for pattern matching.
|
|
38
|
-
*/
|
|
39
26
|
export declare function normalizeText(input: string): string;
|
|
40
27
|
/**
|
|
41
28
|
* Apply leetspeak normalization on top of standard normalization.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"text-normalizer.d.ts","sourceRoot":"","sources":["../../../src/dlp/text-normalizer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;
|
|
1
|
+
{"version":3,"file":"text-normalizer.d.ts","sourceRoot":"","sources":["../../../src/dlp/text-normalizer.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AASH;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,QAAkL,CAAC;AAMhN,4DAA4D;AAC5D,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CA+EhD,CAAC;AAYF,yEAAyE;AACzE,eAAO,MAAM,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAUhD,CAAC;AAsEF,iCAAiC;AACjC,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAKjD;AAKD;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAK3D;AA2ED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CA0CnD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,kBAAkB,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,CAElE;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAiD7D"}
|
|
@@ -13,15 +13,18 @@ exports.tryDecodeROT13 = tryDecodeROT13;
|
|
|
13
13
|
exports.normalizeText = normalizeText;
|
|
14
14
|
exports.normalizeLeetspeak = normalizeLeetspeak;
|
|
15
15
|
exports.decodeEncodedPayloads = decodeEncodedPayloads;
|
|
16
|
+
// eslint-disable-next-line @typescript-eslint/no-var-requires
|
|
17
|
+
const punycode = require('punycode/');
|
|
16
18
|
// ---------------------------------------------------------------------------
|
|
17
19
|
// Zero-width character stripping
|
|
18
20
|
// ---------------------------------------------------------------------------
|
|
19
21
|
/** Regex matching zero-width and invisible Unicode characters.
|
|
20
22
|
* Comprehensive list covering: zero-width spaces/joiners, soft hyphen, BOM,
|
|
21
23
|
* directional marks/isolates, word joiners, invisible operators,
|
|
22
|
-
* combining grapheme joiner, Arabic letter mark,
|
|
24
|
+
* combining grapheme joiner, Arabic letter mark, deprecated formatting chars,
|
|
25
|
+
* and Unicode Tags block (U+E0001-U+E007F, deprecated language tags).
|
|
23
26
|
*/
|
|
24
|
-
exports.ZERO_WIDTH_REGEX = /[\u200B\u200C\u200D\u00AD\uFEFF\u200E\u200F\u034F\u061C\u180E\u2060\u2061\u2062\u2063\u2064\u2066\u2067\u2068\u2069\u206A\u206B\u206C\u206D\u206E\u206F]/
|
|
27
|
+
exports.ZERO_WIDTH_REGEX = /[\u200B\u200C\u200D\u00AD\uFEFF\u200E\u200F\u034F\u061C\u180E\u2060\u2061\u2062\u2063\u2064\u2066\u2067\u2068\u2069\u206A\u206B\u206C\u206D\u206E\u206F\u{E0001}-\u{E007F}]/gu;
|
|
25
28
|
// ---------------------------------------------------------------------------
|
|
26
29
|
// Homoglyph map (visually similar characters -> ASCII equivalents)
|
|
27
30
|
// ---------------------------------------------------------------------------
|
|
@@ -244,22 +247,38 @@ function stripEmojisBetweenLetters(input) {
|
|
|
244
247
|
* Normalize text for bypass-resistant pattern matching.
|
|
245
248
|
*
|
|
246
249
|
* Applies transformations in order:
|
|
247
|
-
* 1. Strip zero-width / invisible Unicode characters
|
|
250
|
+
* 1. Strip zero-width / invisible Unicode characters (incl. Unicode Tags block)
|
|
248
251
|
* 2. Unicode NFKC normalization (collapses fullwidth, ligatures, etc.)
|
|
249
252
|
* 3. Decode HTML entities (named + numeric)
|
|
250
|
-
* 4. Decode URL percent-encoding
|
|
253
|
+
* 4. Decode URL percent-encoding (multi-pass, up to 3 iterations)
|
|
254
|
+
* 4.5. Decode Punycode domains (xn-- labels -> Unicode -> homoglyph collapse)
|
|
251
255
|
* 5. Collapse homoglyphs (Cyrillic/Greek lookalikes -> ASCII)
|
|
252
256
|
* 6. Collapse repeated whitespace to single space
|
|
253
257
|
*
|
|
254
258
|
* @param input - The raw text to normalize.
|
|
255
259
|
* @returns The normalized text suitable for pattern matching.
|
|
256
260
|
*/
|
|
261
|
+
/**
|
|
262
|
+
* Decode Punycode (xn--) domain labels to Unicode.
|
|
263
|
+
* Enables homoglyph normalization to collapse Punycode-encoded lookalike domains.
|
|
264
|
+
*/
|
|
265
|
+
function decodePunycodeDomains(input) {
|
|
266
|
+
// Match xn-- labels in domain-like contexts (dot-separated labels)
|
|
267
|
+
return input.replace(/\bxn--[a-z0-9-]+(?:\.[a-z0-9-]+)*/gi, (domain) => {
|
|
268
|
+
try {
|
|
269
|
+
return punycode.toUnicode(domain);
|
|
270
|
+
}
|
|
271
|
+
catch {
|
|
272
|
+
return domain; // Leave as-is if decode fails
|
|
273
|
+
}
|
|
274
|
+
});
|
|
275
|
+
}
|
|
257
276
|
function normalizeText(input) {
|
|
258
277
|
// Early exit for very short strings
|
|
259
278
|
if (input.length === 0)
|
|
260
279
|
return input;
|
|
261
280
|
let text = input;
|
|
262
|
-
// 1. Strip zero-width characters
|
|
281
|
+
// 1. Strip zero-width characters (including Unicode Tags block U+E0001-E007F)
|
|
263
282
|
text = text.replace(exports.ZERO_WIDTH_REGEX, '');
|
|
264
283
|
// 2. NFKC normalization (fullwidth -> ASCII, ligatures -> components, etc.)
|
|
265
284
|
text = text.normalize('NFKC');
|
|
@@ -271,8 +290,16 @@ function normalizeText(input) {
|
|
|
271
290
|
text = stripEmojisBetweenLetters(text);
|
|
272
291
|
// 3. Decode HTML entities
|
|
273
292
|
text = decodeHTMLEntities(text);
|
|
274
|
-
// 4. Decode URL percent-encoding
|
|
275
|
-
|
|
293
|
+
// 4. Decode URL percent-encoding (multi-pass for layered encoding like %2569 -> %69 -> i)
|
|
294
|
+
let prevText;
|
|
295
|
+
let passes = 0;
|
|
296
|
+
do {
|
|
297
|
+
prevText = text;
|
|
298
|
+
text = decodeURLEncoding(text);
|
|
299
|
+
passes++;
|
|
300
|
+
} while (text !== prevText && passes < 3);
|
|
301
|
+
// 4.5 Decode Punycode domains (xn-- labels -> Unicode for homoglyph matching)
|
|
302
|
+
text = decodePunycodeDomains(text);
|
|
276
303
|
// 5. Collapse homoglyphs
|
|
277
304
|
text = text.replace(homoglyphRegex, (ch) => exports.HOMOGLYPH_MAP[ch] || ch);
|
|
278
305
|
// 6. Collapse whitespace (spaces, tabs, newlines) to single space and trim
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"text-normalizer.js","sourceRoot":"","sources":["../../../src/dlp/text-normalizer.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;
|
|
1
|
+
{"version":3,"file":"text-normalizer.js","sourceRoot":"","sources":["../../../src/dlp/text-normalizer.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAmMH,kCAKC;AASD,wCAKC;AA2ED,sCA0CC;AAaD,gDAEC;AAMD,sDAiDC;AA/YD,8DAA8D;AAC9D,MAAM,QAAQ,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;AAEtC,8EAA8E;AAC9E,iCAAiC;AACjC,8EAA8E;AAE9E;;;;;GAKG;AACU,QAAA,gBAAgB,GAAG,+KAA+K,CAAC;AAEhN,8EAA8E;AAC9E,mEAAmE;AACnE,8EAA8E;AAE9E,4DAA4D;AAC/C,QAAA,aAAa,GAA2B;IACnD,oBAAoB;IACpB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,iBAAiB;IACjB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,QAAQ,EAAE,GAAG,EAAE,IAAI;IACnB,kEAAkE;IAClE,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,oBAAoB;IACpB,QAAQ,EAAE,GAAG,EAAE,gBAAgB;IAC/B,QAAQ,EAAE,GAAG,EAAE,gBAAgB;IAC/B,QAAQ,EAAE,GAAG,EAAE,wBAAwB;IACvC,+BAA+B;IAC/B,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,4DAA4D;IAC5D,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;CACd,CAAC;AAEF,sCAAsC;AACtC,MAAM,cAAc,GAAG,IAAI,MAAM,CAC/B,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,qBAAa,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,GAAG,EAC/C,GAAG,CACJ,CAAC;AAEF,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,yEAAyE;AAC5D,QAAA,aAAa,GAA2B;IACnD,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;IACR,GAAG,EAAE,GAAG;CACT,CAAC;AAEF,MAAM,cAAc,GAAG,cAAc,CAAC;AAEtC,8EAA8E;AAC9E,uBAAuB;AACvB,8EAA8E;AAE9E,0DAA0D;AAC1D,MAAM,cAAc,GAA2B;IAC7C,MAAM,EAAE,GAAG;IACX,MAAM,EAAE,GAAG;IACX,OAAO,EAAE,GAAG;IACZ,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,QAAQ,EAAE,GAAG;IACb,OAAO,EAAE,IAAI;CACd,CAAC;AAEF,oEAAoE;AACpE,SAAS,kBAAkB,CAAC,KAAa;IACvC,iBAAiB;IACjB,IAAI,MAAM,GAAG,KAAK,CAAC;IACnB,KAAK,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QAC5D,kDAAkD;QAClD,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QACtE,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IACpC,CAAC;IAED,0CAA0C;IAC1C,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,EAAE;QACtD,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAClC,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,QAAQ,EAAE,CAAC;YACjC,OAAO,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH,sCAAsC;IACtC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;QAC7D,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC/B,IAAI,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,QAAQ,EAAE,CAAC;YACjC,OAAO,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,qDAAqD;AACrD,SAAS,iBAAiB,CAAC,KAAa;IACtC,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,kEAAkE;QAClE,OAAO,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,EAAE;YACzD,OAAO,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,iCAAiC;AACjC,SAAgB,WAAW,CAAC,KAAa;IACvC,OAAO,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE;QACtC,MAAM,IAAI,GAAG,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;AACL,CAAC;AAED,yDAAyD;AACzD,MAAM,kBAAkB,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;AAE/I;;;GAGG;AACH,SAAgB,cAAc,CAAC,KAAa;IAC1C,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IACnC,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAC9E,OAAO,UAAU,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;AAC1C,CAAC;AAED,8EAA8E;AAC9E,2BAA2B;AAC3B,8EAA8E;AAE9E,qEAAqE;AACrE,SAAS,gBAAgB,CAAC,KAAa;IACrC,OAAO,KAAK,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE;QACvD,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC/B,OAAO,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC;AAED,oDAAoD;AACpD,SAAS,oBAAoB,CAAC,KAAa;IACzC,OAAO,KAAK,CAAC,OAAO,CAAC,sBAAsB,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE;QACvD,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC/B,OAAO,IAAI,GAAG,CAAC,IAAI,IAAI,IAAI,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACxE,CAAC,CAAC,CAAC;AACL,CAAC;AAED,2EAA2E;AAC3E,SAAS,wBAAwB,CAAC,KAAa;IAC7C,OAAO,KAAK,CAAC,OAAO,CAAC,0CAA0C,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE;QAC5E,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YACzE,IAAI,KAAK,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC;gBAAE,OAAO,EAAE,CAAC;YAC5E,OAAO,MAAM,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC;QACxC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,yFAAyF;AACzF,SAAS,yBAAyB,CAAC,KAAa;IAC9C,gFAAgF;IAChF,OAAO,KAAK,CAAC,OAAO,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;AAC1D,CAAC;AAED,8EAA8E;AAC9E,kBAAkB;AAClB,8EAA8E;AAE9E;;;;;;;;;;;;;;GAcG;AACH;;;GAGG;AACH,SAAS,qBAAqB,CAAC,KAAa;IAC1C,mEAAmE;IACnE,OAAO,KAAK,CAAC,OAAO,CAAC,qCAAqC,EAAE,CAAC,MAAM,EAAE,EAAE;QACrE,IAAI,CAAC;YACH,OAAO,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,MAAM,CAAC,CAAC,8BAA8B;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,aAAa,CAAC,KAAa;IACzC,oCAAoC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAErC,IAAI,IAAI,GAAG,KAAK,CAAC;IAEjB,8EAA8E;IAC9E,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,wBAAgB,EAAE,EAAE,CAAC,CAAC;IAE1C,4EAA4E;IAC5E,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAE9B,8CAA8C;IAC9C,IAAI,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IAC9B,IAAI,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,GAAG,wBAAwB,CAAC,IAAI,CAAC,CAAC;IAEtC,kCAAkC;IAClC,IAAI,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;IAEvC,0BAA0B;IAC1B,IAAI,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAEhC,0FAA0F;IAC1F,IAAI,QAAgB,CAAC;IACrB,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,GAAG,CAAC;QACF,QAAQ,GAAG,IAAI,CAAC;QAChB,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,EAAE,CAAC;IACX,CAAC,QAAQ,IAAI,KAAK,QAAQ,IAAI,MAAM,GAAG,CAAC,EAAE;IAE1C,8EAA8E;IAC9E,IAAI,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;IAEnC,yBAAyB;IACzB,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,qBAAa,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;IAErE,2EAA2E;IAC3E,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAExC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,kBAAkB,CAAC,eAAuB;IACxD,OAAO,eAAe,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,qBAAa,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;AAClF,CAAC;AAED;;;GAGG;AACH,SAAgB,qBAAqB,CAAC,KAAa;IACjD,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,mCAAmC;IACnC,MAAM,SAAS,GAAG,6CAA6C,CAAC;IAChE,IAAI,CAAyB,CAAC;IAC9B,OAAO,CAAC,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC5C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC9D,8CAA8C;YAC9C,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACrC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,4BAA4B,CAAC,CAAC;IAC1C,CAAC;IAED,6BAA6B;IAC7B,MAAM,YAAY,GAAG,sCAAsC,CAAC;IAC5D,OAAO,CAAC,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAC/C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC9D,IAAI,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBACrC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,4BAA4B,CAAC,CAAC;IAC1C,CAAC;IAED,6DAA6D;IAC7D,sEAAsE;IACtE,MAAM,eAAe,GAAG,kEAAkE,CAAC;IAC3F,OAAO,CAAC,CAAC,GAAG,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QAClD,kEAAkE;QAClE,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;QAC/D,IAAI,oBAAoB,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAClE,SAAS;QACX,CAAC;QACD,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC9D,gFAAgF;YAChF,IAAI,OAAO,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;gBACzB,MAAM,cAAc,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC;gBACpE,IAAI,cAAc,GAAG,OAAO,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;oBAC3C,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACxB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,4BAA4B,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|