squidclaw 3.0.13 → 3.0.14

package/dist/plugin-sdk/fetch-guard-W_A4uSz2.js

@@ -0,0 +1,156 @@
+import { i as logWarn } from "./logger-DDdrdbDu.js";
+import { t as bindAbortRelay } from "./fetch-timeout-D455O27U.js";
+import { c as resolvePinnedHostnameWithPolicy, n as closeDispatcher, r as createPinnedDispatcher, t as SsrFBlockedError, u as hasProxyEnvConfigured } from "./ssrf-B3XRWBsP.js";
+import { EnvHttpProxyAgent } from "undici";
+
+//#region src/infra/net/fetch-guard.ts
+const GUARDED_FETCH_MODE = {
+	STRICT: "strict",
+	TRUSTED_ENV_PROXY: "trusted_env_proxy"
+};
+const DEFAULT_MAX_REDIRECTS = 3;
+const CROSS_ORIGIN_REDIRECT_SENSITIVE_HEADERS = [
+	"authorization",
+	"proxy-authorization",
+	"cookie",
+	"cookie2"
+];
+function withStrictGuardedFetchMode(params) {
+	return {
+		...params,
+		mode: GUARDED_FETCH_MODE.STRICT
+	};
+}
+function withTrustedEnvProxyGuardedFetchMode(params) {
+	return {
+		...params,
+		mode: GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY
+	};
+}
+function resolveGuardedFetchMode(params) {
+	if (params.mode) return params.mode;
+	if (params.proxy === "env" && params.dangerouslyAllowEnvProxyWithoutPinnedDns === true) return GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY;
+	return GUARDED_FETCH_MODE.STRICT;
+}
+function isRedirectStatus(status) {
+	return status === 301 || status === 302 || status === 303 || status === 307 || status === 308;
+}
+function stripSensitiveHeadersForCrossOriginRedirect(init) {
+	if (!init?.headers) return init;
+	const headers = new Headers(init.headers);
+	for (const header of CROSS_ORIGIN_REDIRECT_SENSITIVE_HEADERS) headers.delete(header);
+	return {
+		...init,
+		headers
+	};
+}
+function buildAbortSignal(params) {
+	const { timeoutMs, signal } = params;
+	if (!timeoutMs && !signal) return {
+		signal: void 0,
+		cleanup: () => {}
+	};
+	if (!timeoutMs) return {
+		signal,
+		cleanup: () => {}
+	};
+	const controller = new AbortController();
+	const timeoutId = setTimeout(controller.abort.bind(controller), timeoutMs);
+	const onAbort = bindAbortRelay(controller);
+	if (signal) if (signal.aborted) controller.abort();
+	else signal.addEventListener("abort", onAbort, { once: true });
+	const cleanup = () => {
+		clearTimeout(timeoutId);
+		if (signal) signal.removeEventListener("abort", onAbort);
+	};
+	return {
+		signal: controller.signal,
+		cleanup
+	};
+}
+async function fetchWithSsrFGuard(params) {
+	const fetcher = params.fetchImpl ?? globalThis.fetch;
+	if (!fetcher) throw new Error("fetch is not available");
+	const maxRedirects = typeof params.maxRedirects === "number" && Number.isFinite(params.maxRedirects) ? Math.max(0, Math.floor(params.maxRedirects)) : DEFAULT_MAX_REDIRECTS;
+	const mode = resolveGuardedFetchMode(params);
+	const { signal, cleanup } = buildAbortSignal({
+		timeoutMs: params.timeoutMs,
+		signal: params.signal
+	});
+	let released = false;
+	const release = async (dispatcher) => {
+		if (released) return;
+		released = true;
+		cleanup();
+		await closeDispatcher(dispatcher ?? void 0);
+	};
+	const visited = /* @__PURE__ */ new Set();
+	let currentUrl = params.url;
+	let currentInit = params.init ? { ...params.init } : void 0;
+	let redirectCount = 0;
+	while (true) {
+		let parsedUrl;
+		try {
+			parsedUrl = new URL(currentUrl);
+		} catch {
+			await release();
+			throw new Error("Invalid URL: must be http or https");
+		}
+		if (!["http:", "https:"].includes(parsedUrl.protocol)) {
+			await release();
+			throw new Error("Invalid URL: must be http or https");
+		}
+		let dispatcher = null;
+		try {
+			const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, {
+				lookupFn: params.lookupFn,
+				policy: params.policy
+			});
+			if (mode === GUARDED_FETCH_MODE.TRUSTED_ENV_PROXY && hasProxyEnvConfigured()) dispatcher = new EnvHttpProxyAgent();
+			else if (params.pinDns !== false) dispatcher = createPinnedDispatcher(pinned);
+			const init = {
+				...currentInit ? { ...currentInit } : {},
+				redirect: "manual",
+				...dispatcher ? { dispatcher } : {},
+				...signal ? { signal } : {}
+			};
+			const response = await fetcher(parsedUrl.toString(), init);
+			if (isRedirectStatus(response.status)) {
+				const location = response.headers.get("location");
+				if (!location) {
+					await release(dispatcher);
+					throw new Error(`Redirect missing location header (${response.status})`);
+				}
+				redirectCount += 1;
+				if (redirectCount > maxRedirects) {
+					await release(dispatcher);
+					throw new Error(`Too many redirects (limit: ${maxRedirects})`);
+				}
+				const nextParsedUrl = new URL(location, parsedUrl);
+				const nextUrl = nextParsedUrl.toString();
+				if (visited.has(nextUrl)) {
+					await release(dispatcher);
+					throw new Error("Redirect loop detected");
+				}
+				if (nextParsedUrl.origin !== parsedUrl.origin) currentInit = stripSensitiveHeadersForCrossOriginRedirect(currentInit);
+				visited.add(nextUrl);
+				response.body?.cancel();
+				await closeDispatcher(dispatcher);
+				currentUrl = nextUrl;
+				continue;
+			}
+			return {
+				response,
+				finalUrl: currentUrl,
+				release: async () => release(dispatcher)
+			};
+		} catch (err) {
+			if (err instanceof SsrFBlockedError) logWarn(`security: blocked URL fetch (${params.auditContext ?? "url-fetch"}) target=${parsedUrl.origin}${parsedUrl.pathname} reason=${err.message}`);
+			await release(dispatcher);
+			throw err;
+		}
+	}
+}
+
+//#endregion
+export { withStrictGuardedFetchMode as n, withTrustedEnvProxyGuardedFetchMode as r, fetchWithSsrFGuard as t };

package/dist/plugin-sdk/fs-safe-Dqmpk-Fr.js

@@ -0,0 +1,352 @@
+import { B as isSymlinkOpenError, L as hasNodeErrorCode, N as sameFileIdentity, R as isNotFoundPathError, z as isPathInside } from "./run-with-concurrency-5DMu9szx.js";
+import { l as expandHomePrefix } from "./paths-8xF5kDne.js";
+import { i as logWarn } from "./logger-DDdrdbDu.js";
+import { n as assertNoPathAliasEscape } from "./path-alias-guards-gBhrAn14.js";
+import { constants } from "node:fs";
+import path from "node:path";
+import os from "node:os";
+import fs$1 from "node:fs/promises";
+import { randomUUID } from "node:crypto";
+import { pipeline } from "node:stream/promises";
+
+//#region src/infra/fs-safe.ts
+var SafeOpenError = class extends Error {
+	constructor(code, message, options) {
+		super(message, options);
+		this.code = code;
+		this.name = "SafeOpenError";
+	}
+};
+const SUPPORTS_NOFOLLOW = process.platform !== "win32" && "O_NOFOLLOW" in constants;
+const OPEN_READ_FLAGS = constants.O_RDONLY | (SUPPORTS_NOFOLLOW ? constants.O_NOFOLLOW : 0);
+const OPEN_WRITE_EXISTING_FLAGS = constants.O_WRONLY | (SUPPORTS_NOFOLLOW ? constants.O_NOFOLLOW : 0);
+const OPEN_WRITE_CREATE_FLAGS = constants.O_WRONLY | constants.O_CREAT | constants.O_EXCL | (SUPPORTS_NOFOLLOW ? constants.O_NOFOLLOW : 0);
+const ensureTrailingSep = (value) => value.endsWith(path.sep) ? value : value + path.sep;
+async function expandRelativePathWithHome(relativePath) {
+	let home = process.env.HOME || process.env.USERPROFILE || os.homedir();
+	try {
+		home = await fs$1.realpath(home);
+	} catch {}
+	return expandHomePrefix(relativePath, { home });
+}
+async function openVerifiedLocalFile(filePath, options) {
+	try {
+		if ((await fs$1.lstat(filePath)).isDirectory()) throw new SafeOpenError("not-file", "not a file");
+	} catch (err) {
+		if (err instanceof SafeOpenError) throw err;
+	}
+	let handle;
+	try {
+		handle = await fs$1.open(filePath, OPEN_READ_FLAGS);
+	} catch (err) {
+		if (isNotFoundPathError(err)) throw new SafeOpenError("not-found", "file not found");
+		if (isSymlinkOpenError(err)) throw new SafeOpenError("symlink", "symlink open blocked", { cause: err });
+		if (hasNodeErrorCode(err, "EISDIR")) throw new SafeOpenError("not-file", "not a file");
+		throw err;
+	}
+	try {
+		const [stat, lstat] = await Promise.all([handle.stat(), fs$1.lstat(filePath)]);
+		if (lstat.isSymbolicLink()) throw new SafeOpenError("symlink", "symlink not allowed");
+		if (!stat.isFile()) throw new SafeOpenError("not-file", "not a file");
+		if (options?.rejectHardlinks && stat.nlink > 1) throw new SafeOpenError("invalid-path", "hardlinked path not allowed");
+		if (!sameFileIdentity(stat, lstat)) throw new SafeOpenError("path-mismatch", "path changed during read");
+		const realPath = await fs$1.realpath(filePath);
+		const realStat = await fs$1.stat(realPath);
+		if (options?.rejectHardlinks && realStat.nlink > 1) throw new SafeOpenError("invalid-path", "hardlinked path not allowed");
+		if (!sameFileIdentity(stat, realStat)) throw new SafeOpenError("path-mismatch", "path mismatch");
+		return {
+			handle,
+			realPath,
+			stat
+		};
+	} catch (err) {
+		await handle.close().catch(() => {});
+		if (err instanceof SafeOpenError) throw err;
+		if (isNotFoundPathError(err)) throw new SafeOpenError("not-found", "file not found");
+		throw err;
+	}
+}
+async function resolvePathWithinRoot(params) {
+	let rootReal;
+	try {
+		rootReal = await fs$1.realpath(params.rootDir);
+	} catch (err) {
+		if (isNotFoundPathError(err)) throw new SafeOpenError("not-found", "root dir not found");
+		throw err;
+	}
+	const rootWithSep = ensureTrailingSep(rootReal);
+	const expanded = await expandRelativePathWithHome(params.relativePath);
+	const resolved = path.resolve(rootWithSep, expanded);
+	if (!isPathInside(rootWithSep, resolved)) throw new SafeOpenError("outside-workspace", "file is outside workspace root");
+	return {
+		rootReal,
+		rootWithSep,
+		resolved
+	};
+}
+async function openFileWithinRoot(params) {
+	const { rootWithSep, resolved } = await resolvePathWithinRoot(params);
+	let opened;
+	try {
+		opened = await openVerifiedLocalFile(resolved);
+	} catch (err) {
+		if (err instanceof SafeOpenError) {
+			if (err.code === "not-found") throw err;
+			throw new SafeOpenError("invalid-path", "path is not a regular file under root", { cause: err });
+		}
+		throw err;
+	}
+	if (params.rejectHardlinks !== false && opened.stat.nlink > 1) {
+		await opened.handle.close().catch(() => {});
+		throw new SafeOpenError("invalid-path", "hardlinked path not allowed");
+	}
+	if (!isPathInside(rootWithSep, opened.realPath)) {
+		await opened.handle.close().catch(() => {});
+		throw new SafeOpenError("outside-workspace", "file is outside workspace root");
+	}
+	return opened;
+}
+async function readFileWithinRoot(params) {
+	const opened = await openFileWithinRoot({
+		rootDir: params.rootDir,
+		relativePath: params.relativePath,
+		rejectHardlinks: params.rejectHardlinks
+	});
+	try {
+		return await readOpenedFileSafely({
+			opened,
+			maxBytes: params.maxBytes
+		});
+	} finally {
+		await opened.handle.close().catch(() => {});
+	}
+}
+async function readPathWithinRoot(params) {
+	const rootDir = path.resolve(params.rootDir);
+	const candidatePath = path.isAbsolute(params.filePath) ? path.resolve(params.filePath) : path.resolve(rootDir, params.filePath);
+	return await readFileWithinRoot({
+		rootDir,
+		relativePath: path.relative(rootDir, candidatePath),
+		rejectHardlinks: params.rejectHardlinks,
+		maxBytes: params.maxBytes
+	});
+}
+function createRootScopedReadFile(params) {
+	const rootDir = path.resolve(params.rootDir);
+	return async (filePath) => {
+		return (await readPathWithinRoot({
+			rootDir,
+			filePath,
+			rejectHardlinks: params.rejectHardlinks,
+			maxBytes: params.maxBytes
+		})).buffer;
+	};
+}
+async function readLocalFileSafely(params) {
+	const opened = await openVerifiedLocalFile(params.filePath);
+	try {
+		return await readOpenedFileSafely({
+			opened,
+			maxBytes: params.maxBytes
+		});
+	} finally {
+		await opened.handle.close().catch(() => {});
+	}
+}
+async function readOpenedFileSafely(params) {
+	if (params.maxBytes !== void 0 && params.opened.stat.size > params.maxBytes) throw new SafeOpenError("too-large", `file exceeds limit of ${params.maxBytes} bytes (got ${params.opened.stat.size})`);
+	return {
+		buffer: await params.opened.handle.readFile(),
+		realPath: params.opened.realPath,
+		stat: params.opened.stat
+	};
+}
+function emitWriteBoundaryWarning(reason) {
+	logWarn(`security: fs-safe write boundary warning (${reason})`);
+}
+function buildAtomicWriteTempPath(targetPath) {
+	const dir = path.dirname(targetPath);
+	const base = path.basename(targetPath);
+	return path.join(dir, `.${base}.${process.pid}.${randomUUID()}.tmp`);
+}
+async function writeTempFileForAtomicReplace(params) {
+	const tempHandle = await fs$1.open(params.tempPath, OPEN_WRITE_CREATE_FLAGS, params.mode);
+	try {
+		if (typeof params.data === "string") await tempHandle.writeFile(params.data, params.encoding ?? "utf8");
+		else await tempHandle.writeFile(params.data);
+		return await tempHandle.stat();
+	} finally {
+		await tempHandle.close().catch(() => {});
+	}
+}
+async function verifyAtomicWriteResult(params) {
+	const rootWithSep = ensureTrailingSep(await fs$1.realpath(params.rootDir));
+	const opened = await openVerifiedLocalFile(params.targetPath, { rejectHardlinks: true });
+	try {
+		if (!sameFileIdentity(opened.stat, params.expectedStat)) throw new SafeOpenError("path-mismatch", "path changed during write");
+		if (!isPathInside(rootWithSep, opened.realPath)) throw new SafeOpenError("outside-workspace", "file is outside workspace root");
+	} finally {
+		await opened.handle.close().catch(() => {});
+	}
+}
+async function resolveOpenedFileRealPathForHandle(handle, ioPath) {
+	try {
+		return await fs$1.realpath(ioPath);
+	} catch (err) {
+		if (!isNotFoundPathError(err)) throw err;
+	}
+	const fdCandidates = process.platform === "linux" ? [`/proc/self/fd/${handle.fd}`, `/dev/fd/${handle.fd}`] : process.platform === "win32" ? [] : [`/dev/fd/${handle.fd}`];
+	for (const fdPath of fdCandidates) try {
+		return await fs$1.realpath(fdPath);
+	} catch {}
+	throw new SafeOpenError("path-mismatch", "unable to resolve opened file path");
+}
+async function openWritableFileWithinRoot(params) {
+	const { rootReal, rootWithSep, resolved } = await resolvePathWithinRoot(params);
+	try {
+		await assertNoPathAliasEscape({
+			absolutePath: resolved,
+			rootPath: rootReal,
+			boundaryLabel: "root"
+		});
+	} catch (err) {
+		throw new SafeOpenError("invalid-path", "path alias escape blocked", { cause: err });
+	}
+	if (params.mkdir !== false) await fs$1.mkdir(path.dirname(resolved), { recursive: true });
+	let ioPath = resolved;
+	try {
+		const resolvedRealPath = await fs$1.realpath(resolved);
+		if (!isPathInside(rootWithSep, resolvedRealPath)) throw new SafeOpenError("outside-workspace", "file is outside workspace root");
+		ioPath = resolvedRealPath;
+	} catch (err) {
+		if (err instanceof SafeOpenError) throw err;
+		if (!isNotFoundPathError(err)) throw err;
+	}
+	const fileMode = params.mode ?? 384;
+	let handle;
+	let createdForWrite = false;
+	try {
+		try {
+			handle = await fs$1.open(ioPath, OPEN_WRITE_EXISTING_FLAGS, fileMode);
+		} catch (err) {
+			if (!isNotFoundPathError(err)) throw err;
+			handle = await fs$1.open(ioPath, OPEN_WRITE_CREATE_FLAGS, fileMode);
+			createdForWrite = true;
+		}
+	} catch (err) {
+		if (isNotFoundPathError(err)) throw new SafeOpenError("not-found", "file not found");
+		if (isSymlinkOpenError(err)) throw new SafeOpenError("invalid-path", "symlink open blocked", { cause: err });
+		throw err;
+	}
+	let openedRealPath = null;
+	try {
+		const stat = await handle.stat();
+		if (!stat.isFile()) throw new SafeOpenError("invalid-path", "path is not a regular file under root");
+		if (stat.nlink > 1) throw new SafeOpenError("invalid-path", "hardlinked path not allowed");
+		try {
+			const lstat = await fs$1.lstat(ioPath);
+			if (lstat.isSymbolicLink() || !lstat.isFile()) throw new SafeOpenError("invalid-path", "path is not a regular file under root");
+			if (!sameFileIdentity(stat, lstat)) throw new SafeOpenError("path-mismatch", "path changed during write");
+		} catch (err) {
+			if (!isNotFoundPathError(err)) throw err;
+		}
+		const realPath = await resolveOpenedFileRealPathForHandle(handle, ioPath);
+		openedRealPath = realPath;
+		const realStat = await fs$1.stat(realPath);
+		if (!sameFileIdentity(stat, realStat)) throw new SafeOpenError("path-mismatch", "path mismatch");
+		if (realStat.nlink > 1) throw new SafeOpenError("invalid-path", "hardlinked path not allowed");
+		if (!isPathInside(rootWithSep, realPath)) throw new SafeOpenError("outside-workspace", "file is outside workspace root");
+		if (params.truncateExisting !== false && !createdForWrite) await handle.truncate(0);
+		return {
+			handle,
+			createdForWrite,
+			openedRealPath: realPath,
+			openedStat: stat
+		};
+	} catch (err) {
+		const cleanupCreatedPath = createdForWrite && err instanceof SafeOpenError;
+		const cleanupPath = openedRealPath ?? ioPath;
+		await handle.close().catch(() => {});
+		if (cleanupCreatedPath) await fs$1.rm(cleanupPath, { force: true }).catch(() => {});
+		throw err;
+	}
+}
+async function writeFileWithinRoot(params) {
+	const target = await openWritableFileWithinRoot({
+		rootDir: params.rootDir,
+		relativePath: params.relativePath,
+		mkdir: params.mkdir,
+		truncateExisting: false
+	});
+	const destinationPath = target.openedRealPath;
+	const targetMode = target.openedStat.mode & 511;
+	await target.handle.close().catch(() => {});
+	let tempPath = null;
+	try {
+		tempPath = buildAtomicWriteTempPath(destinationPath);
+		const writtenStat = await writeTempFileForAtomicReplace({
+			tempPath,
+			data: params.data,
+			encoding: params.encoding,
+			mode: targetMode || 384
+		});
+		await fs$1.rename(tempPath, destinationPath);
+		tempPath = null;
+		try {
+			await verifyAtomicWriteResult({
+				rootDir: params.rootDir,
+				targetPath: destinationPath,
+				expectedStat: writtenStat
+			});
+		} catch (err) {
+			emitWriteBoundaryWarning(`post-write verification failed: ${String(err)}`);
+			throw err;
+		}
+	} finally {
+		if (tempPath) await fs$1.rm(tempPath, { force: true }).catch(() => {});
+	}
+}
+async function copyFileWithinRoot(params) {
+	const source = await openVerifiedLocalFile(params.sourcePath, { rejectHardlinks: params.rejectSourceHardlinks });
+	if (params.maxBytes !== void 0 && source.stat.size > params.maxBytes) {
+		await source.handle.close().catch(() => {});
+		throw new SafeOpenError("too-large", `file exceeds limit of ${params.maxBytes} bytes (got ${source.stat.size})`);
+	}
+	let target = null;
+	let sourceClosedByStream = false;
+	let targetClosedByStream = false;
+	try {
+		target = await openWritableFileWithinRoot({
+			rootDir: params.rootDir,
+			relativePath: params.relativePath,
+			mkdir: params.mkdir
+		});
+		const sourceStream = source.handle.createReadStream();
+		const targetStream = target.handle.createWriteStream();
+		sourceStream.once("close", () => {
+			sourceClosedByStream = true;
+		});
+		targetStream.once("close", () => {
+			targetClosedByStream = true;
+		});
+		await pipeline(sourceStream, targetStream);
+	} catch (err) {
+		if (target?.createdForWrite) await fs$1.rm(target.openedRealPath, { force: true }).catch(() => {});
+		throw err;
+	} finally {
+		if (!sourceClosedByStream) await source.handle.close().catch(() => {});
+		if (target && !targetClosedByStream) await target.handle.close().catch(() => {});
+	}
+}
+async function writeFileFromPathWithinRoot(params) {
+	await copyFileWithinRoot({
+		sourcePath: params.sourcePath,
+		rootDir: params.rootDir,
+		relativePath: params.relativePath,
+		mkdir: params.mkdir,
+		rejectSourceHardlinks: true
+	});
+}
+
+//#endregion
+export { openWritableFileWithinRoot as a, writeFileFromPathWithinRoot as c, openFileWithinRoot as i, writeFileWithinRoot as l, copyFileWithinRoot as n, readFileWithinRoot as o, createRootScopedReadFile as r, readLocalFileSafely as s, SafeOpenError as t };