varlock 0.0.13 → 0.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auto-load.js +3 -3
- package/dist/{chunk-T3I4UFB2.js → chunk-4QTFFYV6.js} +3 -3
- package/dist/{chunk-T3I4UFB2.js.map → chunk-4QTFFYV6.js.map} +1 -1
- package/dist/{chunk-POJECYSY.js → chunk-7JMYT62X.js} +3 -3
- package/dist/chunk-7JMYT62X.js.map +1 -0
- package/dist/{chunk-UPKIHHPE.js → chunk-C5BEZMSO.js} +2 -2
- package/dist/{chunk-UPKIHHPE.js.map → chunk-C5BEZMSO.js.map} +1 -1
- package/dist/{chunk-LXJMZMID.js → chunk-EQQCW3OI.js} +5 -5
- package/dist/{chunk-LXJMZMID.js.map → chunk-EQQCW3OI.js.map} +1 -1
- package/dist/{chunk-MV5ZAKN7.js → chunk-FCVBOYES.js} +21 -21
- package/dist/chunk-FCVBOYES.js.map +1 -0
- package/dist/{chunk-IML4QZHB.js → chunk-HGJF2DUO.js} +4 -4
- package/dist/{chunk-IML4QZHB.js.map → chunk-HGJF2DUO.js.map} +1 -1
- package/dist/{chunk-UA3DMAAQ.js → chunk-J5SIYSJV.js} +4 -4
- package/dist/{chunk-UA3DMAAQ.js.map → chunk-J5SIYSJV.js.map} +1 -1
- package/dist/{chunk-5EBVEGDW.js → chunk-OJFTFBQG.js} +3 -3
- package/dist/{chunk-5EBVEGDW.js.map → chunk-OJFTFBQG.js.map} +1 -1
- package/dist/{chunk-AS4LIW7A.js → chunk-QCKADJNV.js} +4 -4
- package/dist/{chunk-AS4LIW7A.js.map → chunk-QCKADJNV.js.map} +1 -1
- package/dist/{chunk-MVYXWTAV.js → chunk-UPOIK25P.js} +4 -4
- package/dist/{chunk-MVYXWTAV.js.map → chunk-UPOIK25P.js.map} +1 -1
- package/dist/{chunk-TWKAUCTT.js → chunk-ZYL5D2UA.js} +4 -4
- package/dist/{chunk-TWKAUCTT.js.map → chunk-ZYL5D2UA.js.map} +1 -1
- package/dist/cli/cli-executable.js +14 -14
- package/dist/cli/cli-executable.js.map +1 -1
- package/dist/dotenv-compat.js +3 -3
- package/dist/{env-B_LAqK4w.d.ts → env-DLUhFCnC.d.ts} +3 -0
- package/dist/index.d.ts +2 -2
- package/dist/index.js +4 -4
- package/dist/init.command-VK4OGIYP.js +8 -0
- package/dist/{init.command-CTO64XBL.js.map → init.command-VK4OGIYP.js.map} +1 -1
- package/dist/load.command-N7FMBREX.js +8 -0
- package/dist/{load.command-EWIJDF55.js.map → load.command-N7FMBREX.js.map} +1 -1
- package/dist/login.command-GQCJY4NK.js +8 -0
- package/dist/{login.command-UZJJ4XTV.js.map → login.command-GQCJY4NK.js.map} +1 -1
- package/dist/run.command-LYY2M5AP.js +8 -0
- package/dist/{run.command-T44BAZ7X.js.map → run.command-LYY2M5AP.js.map} +1 -1
- package/dist/runtime/env.d.ts +1 -1
- package/dist/runtime/patch-console.js +1 -1
- package/dist/runtime/patch-server-response.js +1 -1
- package/dist/telemetry.command-QTEDXKIG.js +8 -0
- package/dist/{telemetry.command-2C3MQA4K.js.map → telemetry.command-QTEDXKIG.js.map} +1 -1
- package/package.json +2 -2
- package/dist/chunk-MV5ZAKN7.js.map +0 -1
- package/dist/chunk-POJECYSY.js.map +0 -1
- package/dist/init.command-CTO64XBL.js +0 -8
- package/dist/load.command-EWIJDF55.js +0 -8
- package/dist/login.command-UZJJ4XTV.js +0 -8
- package/dist/run.command-T44BAZ7X.js +0 -8
- package/dist/telemetry.command-2C3MQA4K.js +0 -8
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/runtime/patch-server-response.ts"],"names":[],"mappings":";;;;;AAUA,IAAM,UAAA,GAAa,mBAAA;AACZ,SAAS,0BAA0B,IAAA,EAGvC;AACD,EAAA,KAAA,CAAM,6CAAmC,CAAA;AACzC,EAAA,IAAI,MAAA,CAAO,wBAAA,CAAyB,cAAA,CAAe,SAAA,EAAW,UAAU,CAAA,EAAG;AACzE,IAAA,KAAA,CAAM,mBAAmB,CAAA;AACzB,IAAA;AAAA,EACF;AACA,EAAA,IAAI,eAAA,CAAgB,iBAAiB,KAAA,EAAO;AAC1C,IAAA,KAAA,CAAM,wBAAwB,CAAA;AAC9B,IAAA;AAAA,EACF;AAEA,EAAA,MAAA,CAAO,eAAe,cAAA,CAAe,SAAA,EAAW,YAAY,EAAE,KAAA,EAAO,MAAM,CAAA;AAE3E,EAAA,MAAM,mBAAA,GAAsB,eAAe,SAAA,CAAU,KAAA;AAGrD,EAAA,cAAA,CAAe,SAAA,CAAU,KAAA,mBAAQ,MAAA,CAAA,SAAS,iCAAA,CAAA,GAAqC,IAAA,EAAM;AAInF,IAAA,MAAM,QAAA,GAAW,KAAK,CAAC,CAAA;AAIvB,IAAA,MAAM,cAAc,IAAA,CAAK,SAAA,CAAU,cAAc,CAAA,EAAG,UAAS,IAAK,EAAA;AAElE,IAAA,IAAI,UACF,WAAA,CAAY,UAAA,CAAW,OAAO,CAAA,IAC3B,WAAA,CAAY,WAAW,kBAAkB,CAAA;AAI9C,IAAA,MAAM,MAAA,GAAU,KAAa,GAAA,CAAI,GAAA;AAEjC,IAAA,IAAI,OAAA,IAAW,MAAA,IAAU,IAAA,EAAM,iBAAA,EAAmB,IAAA,CAAK,CAAC,OAAA,KAAY,OAAA,CAAQ,IAAA,CAAK,MAAM,CAAC,CAAA,EAAG;AACzF,MAAA,OAAA,GAAU,KAAA;AAAA,IACZ;AAIA,IAAA,IAAI,CAAC,OAAA,EAAS;AAEZ,MAAA,OAAO,mBAAA,CAAoB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,IAC7C;AAGA,IAAA,MAAM,eAAA,GAAkB,IAAA,CAAK,SAAA,CAAU,kBAAkB,CAAA;AACzD,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI,SAAA,GAAkD,IAAA;AACtD,IAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,MAAA,SAAA,GAAY,QAAA;AACZ,MAAA,QAAA,GAAW,QAAA;AAAA,IACb,CAAA,MAAA,IAAW,CAAC,eAAA,EAAiB;AAC3B,MAAA,SAAA,GAAY,SAAA;AACZ,MAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,MAAA,QAAA,GAAW,OAAA,CAAQ,OAAO,QAAQ,CAAA;AAAA,IACpC,CAAA,MAAA,IAAW,oBAAoB,MAAA,EAAQ;AACrC,MAAA,SAAA,GAAY,MAAA;AAEZ,MAAA,IAAI,CAAE,KAAa,WAAA,EAAa;AAE9B,QAAC,IAAA,CAAa,WAAA,GAAc,CAAC,QAAQ,CAAA;AAAA,MACvC,CAAA,MAAO;AAEL,QAAC,IAAA,CAAa,WAAA,EAAa,IAAA,CAAK,QAAQ,CAAA;AACxC,QAAA,IAAI;AACF,UAAA,MAAM,aAAA,GAAgB,KAAK,SAAA,CAAU,MAAA,CAAO,OAAQ,IAAA,CAAa,WAAA,IAAe,EAAE,CAAA,EAAG;AAAA,YACnF,KAAA,EAAO,KAAK,SAAA,CAAU,YAAA;AAAA,YACtB,WAAA,EAAa,KAAK,SAAA,CAAU;AAAA,WAC7B,CAAA;AACD,UAAA,MAAM,gBAAA,GAAmB,aAAA,CAAc,QAAA,CAAS,OAAO,CAAA;AACvD,UAAA,QAAA,GAAW,gBAAA,CAAiB,SAAA,CAAW,IAAA,CAAa,kBAAA,IAAsB,CAAC,CAAA;AAC3E,UAAC,IAAA,CAAa,qBAAqB,gBAAA,CAAiB,MAAA;AAAA,QACtD,SAAS,GAAA,EAAK;AAAA,QAEd;AAAA,MACF;AAAA,IACF;AAEA,IAAA,IAAI,QAAA,EAAU;AAIZ,MAAA,IAAI;AACF,QAAA,YAAA,CAAa,QAAA,EAAU,EAAE,MAAA,EAAQ,8BAAA,EAAgC,MAAO,IAAA,CAAa,GAAA,CAAI,KAAK,CAAA;AAAA,MAChG,SAAS,GAAA,EAAK;AAGZ,QAAA,IAAI,MAAM,oBAAA,EAAsB;AAC9B,UAAA,QAAA,GAAW,sBAAsB,QAAQ,CAAA;AACzC,UAAA,IAAI,cAAc,QAAA,EAAU;AAC1B,YAAA,IAAA,CAAK,CAAC,CAAA,GAAI,QAAA;AAAA,UACZ,CAAA,MAAA,IAAW,cAAc,SAAA,EAAW;AAClC,YAAA,MAAM,OAAA,GAAU,IAAI,WAAA,EAAY;AAChC,YAAA,IAAA,CAAK,CAAC,CAAA,GAAI,OAAA,CAAQ,MAAA,CAAO,QAAQ,CAAA;AAAA,UACnC,CAAA,MAAA,IAAW,cAAc,MAAA,EAAQ,CAQjC,MAAO;AACL,YAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qCAAA,EAAwC,SAAS,CAAA,CAAE,CAAA;AAAA,UACrE;AAAA,QACF,CAAA,MAAO;AACL,UAAA,MAAM,GAAA;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAGA,IAAA,OAAO,mBAAA,CAAoB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC7C,CAAA,EAlGiC,mCAAA,CAAA;AAsGjC,EAAA,MAAM,iBAAA,GAAoB,eAAe,SAAA,CAAU,GAAA;AAEnD,EAAA,cAAA,CAAe,SAAA,CAAU,GAAA,mBAAM,MAAA,CAAA,SAAS,wBAAA,CAAA,GAA4B,IAAA,EAAM;AAExE,IAAA,MAAM,QAAA,GAAW,KAAK,CAAC,CAAA;AAGvB,IAAA,IAAI,QAAA,IAAY,OAAO,QAAA,KAAa,QAAA,EAAU;AAE5C,MAAA,YAAA,CAAa,QAAA,EAAU,EAAE,MAAA,EAAQ,4BAAA,EAA8B,CAAA;AAAA,IACjE;AAEA,IAAA,OAAO,iBAAA,CAAkB,KAAA,CAAM,IAAA,EAAM,IAAI,CAAA;AAAA,EAC3C,CAAA,EAX+B,0BAAA,CAAA;AAYjC;AAvIgB,MAAA,CAAA,yBAAA,EAAA,2BAAA,CAAA","file":"chunk-POJECYSY.js","sourcesContent":["/*\n This patches the global ServerResponse object to scan for secret leaks - currently used for next.js and remix\n*/\n\nimport zlib from 'node:zlib';\nimport { ServerResponse } from 'node:http';\nimport { redactSensitiveConfig, scanForLeaks, varlockSettings } from './env';\nimport { debug } from './lib/debug';\n\n// NOTE - previously was using a symbol but got weird because of multiple builds and contexts...\nconst patchedKey = '_patchedByVarlock';\nexport function patchGlobalServerResponse(opts?: {\n ignoreUrlPatterns?: Array<RegExp>,\n redactInsteadOfThrow?: boolean,\n}) {\n debug('⚡️ PATCHING global ServerResponse');\n if (Object.getOwnPropertyDescriptor(ServerResponse.prototype, patchedKey)) {\n debug('> already patched');\n return;\n }\n if (varlockSettings.preventLeaks === false) {\n debug('> disabled by settings');\n return;\n }\n\n Object.defineProperty(ServerResponse.prototype, patchedKey, { value: true });\n\n const serverResponseWrite = ServerResponse.prototype.write;\n\n // @ts-ignore\n ServerResponse.prototype.write = function varlockPatchedServerResponseWrite(...args) {\n // console.log('⚡️ patched ServerResponse.write');\n // TODO: do we want to filter out some requests here? maybe based on the file type?\n\n const rawChunk = args[0];\n\n // for now, we only scan rendered html... may need to change this though for server components?\n // so we bail if it looks like this response does not contain html\n const contentType = this.getHeader('content-type')?.toString() || '';\n // console.log('patched ServerResponse.write', contentType);\n let runScan = (\n contentType.startsWith('text/')\n || contentType.startsWith('application/json')\n // || contentType.startsWith('application/javascript')\n );\n\n const reqUrl = (this as any).req.url;\n // console.log('> scan ServerResponse.write', contentType, reqUrl);\n if (runScan && reqUrl && opts?.ignoreUrlPatterns?.some((pattern) => pattern.test(reqUrl))) {\n runScan = false;\n }\n\n // we want to run the scanner on text/html and text/x-component (server actions)\n // TODO: anything else?\n if (!runScan) {\n // @ts-ignore\n return serverResponseWrite.apply(this, args);\n }\n\n // have to deal with compressed data, which is awkward but possible\n const compressionType = this.getHeader('Content-Encoding');\n let chunkStr;\n let chunkType: 'string' | 'encoded' | 'gzip' | null = null;\n if (typeof rawChunk === 'string') {\n chunkType = 'string';\n chunkStr = rawChunk;\n } else if (!compressionType) {\n chunkType = 'encoded';\n const decoder = new TextDecoder();\n chunkStr = decoder.decode(rawChunk);\n } else if (compressionType === 'gzip') {\n chunkType = 'gzip';\n // first chunk of data contains only compression headers\n if (!(this as any)._zlibChunks) {\n // (this as any)._zlibHeadersChunk = rawChunk;\n (this as any)._zlibChunks = [rawChunk];\n } else {\n // TODO: figure out how we can unzip one chunk at a time instead of storing everything\n (this as any)._zlibChunks?.push(rawChunk);\n try {\n const unzippedChunk = zlib.unzipSync(Buffer.concat((this as any)._zlibChunks || []), {\n flush: zlib.constants.Z_SYNC_FLUSH,\n finishFlush: zlib.constants.Z_SYNC_FLUSH,\n });\n const fullUnzippedData = unzippedChunk.toString('utf-8');\n chunkStr = fullUnzippedData.substring((this as any)._lastChunkEndIndex || 0);\n (this as any)._lastChunkEndIndex = fullUnzippedData.length;\n } catch (err) {\n // console.log('error unzipping chunk', err);\n }\n }\n }\n // TODO: we may want to support other compression schemes? but currently only used in nextjs which is using gzip\n if (chunkStr) {\n // console.log('scanning!', chunkStr.substring(0, 1000));\n\n\n try {\n scanForLeaks(chunkStr, { method: 'patched ServerResponse.write', file: (this as any).req.url });\n } catch (err) {\n // console.log('found secret in chunk', chunkType, chunkStr);\n // console.log(this)\n if (opts?.redactInsteadOfThrow) {\n chunkStr = redactSensitiveConfig(chunkStr);\n if (chunkType === 'string') {\n args[0] = chunkStr;\n } else if (chunkType === 'encoded') {\n const encoder = new TextEncoder();\n args[0] = encoder.encode(chunkStr);\n } else if (chunkType === 'gzip') {\n // currently unable to scrub gzip chunks\n // this works sometimes, but othertimes causes decoding error\n // we'll need to pass through chunks from a new gzip stream, because we don't have access to the underlying one\n // args[0] = zlib.gzipSync(chunkStr, {\n // flush: zlib.constants.Z_SYNC_FLUSH,\n // finishFlush: zlib.constants.Z_SYNC_FLUSH,\n // });\n } else {\n throw new Error(`unable to scrub - unknown chunk type ${chunkType}`);\n }\n } else {\n throw err;\n }\n }\n }\n\n // @ts-ignore\n return serverResponseWrite.apply(this, args);\n };\n\n\n // calling `res.json()` in the api routes on pages router calls `res.end` without called `res.write`\n const serverResponseEnd = ServerResponse.prototype.end;\n // @ts-ignore\n ServerResponse.prototype.end = function patchedServerResponseEnd(...args) {\n // console.log('⚡️ patched ServerResponse.end');\n const endChunk = args[0];\n // console.log('patched ServerResponse.end', endChunk);\n // this just needs to work (so far) for nextjs sending json bodies, so does not need to handle all cases...\n if (endChunk && typeof endChunk === 'string') {\n // TODO: currently this throws the error and then things just hang... do we want to try to return an error type response instead?\n scanForLeaks(endChunk, { method: 'patched ServerResponse.end' });\n }\n // @ts-ignore\n return serverResponseEnd.apply(this, args);\n };\n}\n\n// ---\n// patchGlobalServerResponse();\n"]}
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
export { commandFn, commandSpec } from './chunk-LXJMZMID.js';
|
|
2
|
-
import './chunk-5EBVEGDW.js';
|
|
3
|
-
import './chunk-33ROL4J5.js';
|
|
4
|
-
import './chunk-MV5ZAKN7.js';
|
|
5
|
-
import './chunk-FGMXIEFA.js';
|
|
6
|
-
import './chunk-XN24GZXQ.js';
|
|
7
|
-
//# sourceMappingURL=init.command-CTO64XBL.js.map
|
|
8
|
-
//# sourceMappingURL=init.command-CTO64XBL.js.map
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
export { commandFn, commandSpec } from './chunk-AS4LIW7A.js';
|
|
2
|
-
import './chunk-33ROL4J5.js';
|
|
3
|
-
import './chunk-T3I4UFB2.js';
|
|
4
|
-
import './chunk-MV5ZAKN7.js';
|
|
5
|
-
import './chunk-FGMXIEFA.js';
|
|
6
|
-
import './chunk-XN24GZXQ.js';
|
|
7
|
-
//# sourceMappingURL=load.command-EWIJDF55.js.map
|
|
8
|
-
//# sourceMappingURL=load.command-EWIJDF55.js.map
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
export { commandFn, commandSpec } from './chunk-UA3DMAAQ.js';
|
|
2
|
-
import './chunk-5EBVEGDW.js';
|
|
3
|
-
import './chunk-33ROL4J5.js';
|
|
4
|
-
import './chunk-MV5ZAKN7.js';
|
|
5
|
-
import './chunk-FGMXIEFA.js';
|
|
6
|
-
import './chunk-XN24GZXQ.js';
|
|
7
|
-
//# sourceMappingURL=login.command-UZJJ4XTV.js.map
|
|
8
|
-
//# sourceMappingURL=login.command-UZJJ4XTV.js.map
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
export { commandFn, commandSpec } from './chunk-IML4QZHB.js';
|
|
2
|
-
import './chunk-33ROL4J5.js';
|
|
3
|
-
import './chunk-T3I4UFB2.js';
|
|
4
|
-
import './chunk-MV5ZAKN7.js';
|
|
5
|
-
import './chunk-FGMXIEFA.js';
|
|
6
|
-
import './chunk-XN24GZXQ.js';
|
|
7
|
-
//# sourceMappingURL=run.command-T44BAZ7X.js.map
|
|
8
|
-
//# sourceMappingURL=run.command-T44BAZ7X.js.map
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
export { commandFn, commandSpec } from './chunk-MVYXWTAV.js';
|
|
2
|
-
import './chunk-5EBVEGDW.js';
|
|
3
|
-
import './chunk-33ROL4J5.js';
|
|
4
|
-
import './chunk-MV5ZAKN7.js';
|
|
5
|
-
import './chunk-FGMXIEFA.js';
|
|
6
|
-
import './chunk-XN24GZXQ.js';
|
|
7
|
-
//# sourceMappingURL=telemetry.command-2C3MQA4K.js.map
|
|
8
|
-
//# sourceMappingURL=telemetry.command-2C3MQA4K.js.map
|