vaspera 2.13.0 → 2.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +78 -0
- package/README.md +15 -2
- package/dist/__tests__/antagonist-integration.test.d.ts +6 -0
- package/dist/__tests__/antagonist-integration.test.d.ts.map +1 -0
- package/dist/__tests__/antagonist-integration.test.js +239 -0
- package/dist/__tests__/antagonist-integration.test.js.map +1 -0
- package/dist/__tests__/certification/agent-certificate-e2e.test.d.ts +2 -0
- package/dist/__tests__/certification/agent-certificate-e2e.test.d.ts.map +1 -0
- package/dist/__tests__/certification/agent-certificate-e2e.test.js +90 -0
- package/dist/__tests__/certification/agent-certificate-e2e.test.js.map +1 -0
- package/dist/__tests__/certification/agent-certificate-map.test.d.ts +2 -0
- package/dist/__tests__/certification/agent-certificate-map.test.d.ts.map +1 -0
- package/dist/__tests__/certification/agent-certificate-map.test.js +107 -0
- package/dist/__tests__/certification/agent-certificate-map.test.js.map +1 -0
- package/dist/__tests__/certification/agent-certificate.test.d.ts +2 -0
- package/dist/__tests__/certification/agent-certificate.test.d.ts.map +1 -0
- package/dist/__tests__/certification/agent-certificate.test.js +78 -0
- package/dist/__tests__/certification/agent-certificate.test.js.map +1 -0
- package/dist/__tests__/certification/verify-endpoint.test.d.ts +2 -0
- package/dist/__tests__/certification/verify-endpoint.test.d.ts.map +1 -0
- package/dist/__tests__/certification/verify-endpoint.test.js +81 -0
- package/dist/__tests__/certification/verify-endpoint.test.js.map +1 -0
- package/dist/__tests__/compliance/ai-frameworks.test.d.ts +2 -0
- package/dist/__tests__/compliance/ai-frameworks.test.d.ts.map +1 -0
- package/dist/__tests__/compliance/ai-frameworks.test.js +87 -0
- package/dist/__tests__/compliance/ai-frameworks.test.js.map +1 -0
- package/dist/__tests__/eval/llm-analyzer.test.d.ts +2 -0
- package/dist/__tests__/eval/llm-analyzer.test.d.ts.map +1 -0
- package/dist/__tests__/eval/llm-analyzer.test.js +93 -0
- package/dist/__tests__/eval/llm-analyzer.test.js.map +1 -0
- package/dist/__tests__/eval/redteam-harness.test.d.ts +2 -0
- package/dist/__tests__/eval/redteam-harness.test.d.ts.map +1 -0
- package/dist/__tests__/eval/redteam-harness.test.js +136 -0
- package/dist/__tests__/eval/redteam-harness.test.js.map +1 -0
- package/dist/__tests__/evidence/evidence.test.d.ts +2 -0
- package/dist/__tests__/evidence/evidence.test.d.ts.map +1 -0
- package/dist/__tests__/evidence/evidence.test.js +240 -0
- package/dist/__tests__/evidence/evidence.test.js.map +1 -0
- package/dist/__tests__/history/decisions.test.d.ts +2 -0
- package/dist/__tests__/history/decisions.test.d.ts.map +1 -0
- package/dist/__tests__/history/decisions.test.js +54 -0
- package/dist/__tests__/history/decisions.test.js.map +1 -0
- package/dist/__tests__/http-auth.test.d.ts +2 -0
- package/dist/__tests__/http-auth.test.d.ts.map +1 -0
- package/dist/__tests__/http-auth.test.js +55 -0
- package/dist/__tests__/http-auth.test.js.map +1 -0
- package/dist/__tests__/http-policy.test.d.ts +2 -0
- package/dist/__tests__/http-policy.test.d.ts.map +1 -0
- package/dist/__tests__/http-policy.test.js +69 -0
- package/dist/__tests__/http-policy.test.js.map +1 -0
- package/dist/__tests__/http-server-transport.test.d.ts +2 -0
- package/dist/__tests__/http-server-transport.test.d.ts.map +1 -0
- package/dist/__tests__/http-server-transport.test.js +132 -0
- package/dist/__tests__/http-server-transport.test.js.map +1 -0
- package/dist/__tests__/integration/destructive-guards.test.d.ts +2 -0
- package/dist/__tests__/integration/destructive-guards.test.d.ts.map +1 -0
- package/dist/__tests__/integration/destructive-guards.test.js +49 -0
- package/dist/__tests__/integration/destructive-guards.test.js.map +1 -0
- package/dist/__tests__/logger-redaction.test.d.ts +2 -0
- package/dist/__tests__/logger-redaction.test.d.ts.map +1 -0
- package/dist/__tests__/logger-redaction.test.js +74 -0
- package/dist/__tests__/logger-redaction.test.js.map +1 -0
- package/dist/__tests__/manifest-schema.test.d.ts +2 -0
- package/dist/__tests__/manifest-schema.test.d.ts.map +1 -0
- package/dist/__tests__/manifest-schema.test.js +43 -0
- package/dist/__tests__/manifest-schema.test.js.map +1 -0
- package/dist/__tests__/scanners/builtin-rules.test.d.ts +2 -0
- package/dist/__tests__/scanners/builtin-rules.test.d.ts.map +1 -0
- package/dist/__tests__/scanners/builtin-rules.test.js +51 -0
- package/dist/__tests__/scanners/builtin-rules.test.js.map +1 -0
- package/dist/__tests__/scanners/runtime/golden-path-runner.test.js +13 -1
- package/dist/__tests__/scanners/runtime/golden-path-runner.test.js.map +1 -1
- package/dist/__tests__/tool-guard.test.d.ts +2 -0
- package/dist/__tests__/tool-guard.test.d.ts.map +1 -0
- package/dist/__tests__/tool-guard.test.js +97 -0
- package/dist/__tests__/tool-guard.test.js.map +1 -0
- package/dist/__tests__/util/contained-file.test.d.ts +2 -0
- package/dist/__tests__/util/contained-file.test.d.ts.map +1 -0
- package/dist/__tests__/util/contained-file.test.js +78 -0
- package/dist/__tests__/util/contained-file.test.js.map +1 -0
- package/dist/__tests__/util/subprocess.test.d.ts +2 -0
- package/dist/__tests__/util/subprocess.test.d.ts.map +1 -0
- package/dist/__tests__/util/subprocess.test.js +48 -0
- package/dist/__tests__/util/subprocess.test.js.map +1 -0
- package/dist/action/diff-mode.d.ts.map +1 -1
- package/dist/action/diff-mode.js +31 -12
- package/dist/action/diff-mode.js.map +1 -1
- package/dist/agents/antagonist/challenger.d.ts +46 -0
- package/dist/agents/antagonist/challenger.d.ts.map +1 -0
- package/dist/agents/antagonist/challenger.js +257 -0
- package/dist/agents/antagonist/challenger.js.map +1 -0
- package/dist/agents/antagonist/index.d.ts +31 -0
- package/dist/agents/antagonist/index.d.ts.map +1 -0
- package/dist/agents/antagonist/index.js +175 -0
- package/dist/agents/antagonist/index.js.map +1 -0
- package/dist/agents/antagonist/prioritizer.d.ts +27 -0
- package/dist/agents/antagonist/prioritizer.d.ts.map +1 -0
- package/dist/agents/antagonist/prioritizer.js +181 -0
- package/dist/agents/antagonist/prioritizer.js.map +1 -0
- package/dist/agents/antagonist/prompts.d.ts +12 -0
- package/dist/agents/antagonist/prompts.d.ts.map +1 -0
- package/dist/agents/antagonist/prompts.js +155 -0
- package/dist/agents/antagonist/prompts.js.map +1 -0
- package/dist/agents/antagonist/synthesizer.d.ts +34 -0
- package/dist/agents/antagonist/synthesizer.d.ts.map +1 -0
- package/dist/agents/antagonist/synthesizer.js +451 -0
- package/dist/agents/antagonist/synthesizer.js.map +1 -0
- package/dist/agents/antagonist/types.d.ts +145 -0
- package/dist/agents/antagonist/types.d.ts.map +1 -0
- package/dist/agents/antagonist/types.js +63 -0
- package/dist/agents/antagonist/types.js.map +1 -0
- package/dist/agents/index.d.ts +1 -0
- package/dist/agents/index.d.ts.map +1 -1
- package/dist/agents/index.js +2 -0
- package/dist/agents/index.js.map +1 -1
- package/dist/certification/agent-certificate-map.d.ts +51 -0
- package/dist/certification/agent-certificate-map.d.ts.map +1 -0
- package/dist/certification/agent-certificate-map.js +265 -0
- package/dist/certification/agent-certificate-map.js.map +1 -0
- package/dist/certification/agent-certificate-sample.d.ts +25 -0
- package/dist/certification/agent-certificate-sample.d.ts.map +1 -0
- package/dist/certification/agent-certificate-sample.js +207 -0
- package/dist/certification/agent-certificate-sample.js.map +1 -0
- package/dist/certification/agent-certificate.d.ts +1981 -0
- package/dist/certification/agent-certificate.d.ts.map +1 -0
- package/dist/certification/agent-certificate.js +309 -0
- package/dist/certification/agent-certificate.js.map +1 -0
- package/dist/certification/autofix.d.ts.map +1 -1
- package/dist/certification/autofix.js +5 -3
- package/dist/certification/autofix.js.map +1 -1
- package/dist/certification/consensus.test.js +2 -0
- package/dist/certification/consensus.test.js.map +1 -1
- package/dist/certification/store.d.ts.map +1 -1
- package/dist/certification/store.js +11 -3
- package/dist/certification/store.js.map +1 -1
- package/dist/certification/types.d.ts +1 -1
- package/dist/certification/types.d.ts.map +1 -1
- package/dist/certification/types.js +2 -0
- package/dist/certification/types.js.map +1 -1
- package/dist/certification/verify-endpoint.d.ts +48 -0
- package/dist/certification/verify-endpoint.d.ts.map +1 -0
- package/dist/certification/verify-endpoint.js +79 -0
- package/dist/certification/verify-endpoint.js.map +1 -0
- package/dist/compliance/index.d.ts +2 -0
- package/dist/compliance/index.d.ts.map +1 -1
- package/dist/compliance/index.js +4 -0
- package/dist/compliance/index.js.map +1 -1
- package/dist/compliance/iso42001.d.ts +21 -0
- package/dist/compliance/iso42001.d.ts.map +1 -0
- package/dist/compliance/iso42001.js +160 -0
- package/dist/compliance/iso42001.js.map +1 -0
- package/dist/compliance/mapper.d.ts.map +1 -1
- package/dist/compliance/mapper.js +12 -0
- package/dist/compliance/mapper.js.map +1 -1
- package/dist/compliance/nist-ai-rmf.d.ts +20 -0
- package/dist/compliance/nist-ai-rmf.d.ts.map +1 -0
- package/dist/compliance/nist-ai-rmf.js +140 -0
- package/dist/compliance/nist-ai-rmf.js.map +1 -0
- package/dist/config/flags.d.ts +4 -4
- package/dist/eval/fixtures.d.ts.map +1 -1
- package/dist/eval/fixtures.js +161 -119
- package/dist/eval/fixtures.js.map +1 -1
- package/dist/eval/fixtures.test.js +4 -2
- package/dist/eval/fixtures.test.js.map +1 -1
- package/dist/eval/llm-analyzer.d.ts +40 -0
- package/dist/eval/llm-analyzer.d.ts.map +1 -0
- package/dist/eval/llm-analyzer.js +154 -0
- package/dist/eval/llm-analyzer.js.map +1 -0
- package/dist/eval/redteam-harness.d.ts +95 -0
- package/dist/eval/redteam-harness.d.ts.map +1 -0
- package/dist/eval/redteam-harness.js +137 -0
- package/dist/eval/redteam-harness.js.map +1 -0
- package/dist/evidence/collector.d.ts.map +1 -1
- package/dist/evidence/collector.js +21 -1
- package/dist/evidence/collector.js.map +1 -1
- package/dist/evidence/store.d.ts.map +1 -1
- package/dist/evidence/store.js +29 -5
- package/dist/evidence/store.js.map +1 -1
- package/dist/evidence/types.d.ts +16 -9
- package/dist/evidence/types.d.ts.map +1 -1
- package/dist/history/decisions.d.ts +63 -0
- package/dist/history/decisions.d.ts.map +1 -0
- package/dist/history/decisions.js +60 -0
- package/dist/history/decisions.js.map +1 -0
- package/dist/history/index.d.ts +2 -0
- package/dist/history/index.d.ts.map +1 -1
- package/dist/history/index.js +2 -0
- package/dist/history/index.js.map +1 -1
- package/dist/history/types.d.ts +34 -5
- package/dist/history/types.d.ts.map +1 -1
- package/dist/history/types.js +2 -0
- package/dist/history/types.js.map +1 -1
- package/dist/http-auth.d.ts +22 -0
- package/dist/http-auth.d.ts.map +1 -0
- package/dist/http-auth.js +58 -0
- package/dist/http-auth.js.map +1 -0
- package/dist/http-policy.d.ts +30 -0
- package/dist/http-policy.d.ts.map +1 -0
- package/dist/http-policy.js +54 -0
- package/dist/http-policy.js.map +1 -0
- package/dist/http-server.js +195 -12
- package/dist/http-server.js.map +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +411 -15
- package/dist/index.js.map +1 -1
- package/dist/logger.d.ts.map +1 -1
- package/dist/logger.js +56 -2
- package/dist/logger.js.map +1 -1
- package/dist/plugins/types.d.ts +2 -2
- package/dist/sbom/provenance.test.js +2 -2
- package/dist/sbom/provenance.test.js.map +1 -1
- package/dist/sbom/signing.d.ts.map +1 -1
- package/dist/sbom/signing.js +5 -3
- package/dist/sbom/signing.js.map +1 -1
- package/dist/scanners/agent/prompt-injection-fuzzer.d.ts.map +1 -1
- package/dist/scanners/agent/prompt-injection-fuzzer.js +26 -0
- package/dist/scanners/agent/prompt-injection-fuzzer.js.map +1 -1
- package/dist/scanners/agent/types.d.ts +10 -10
- package/dist/scanners/bandit.d.ts.map +1 -1
- package/dist/scanners/bandit.js +35 -29
- package/dist/scanners/bandit.js.map +1 -1
- package/dist/scanners/binary-analysis.d.ts.map +1 -1
- package/dist/scanners/binary-analysis.js +24 -49
- package/dist/scanners/binary-analysis.js.map +1 -1
- package/dist/scanners/brakeman.d.ts.map +1 -1
- package/dist/scanners/brakeman.js +19 -33
- package/dist/scanners/brakeman.js.map +1 -1
- package/dist/scanners/builtin-rules.d.ts +24 -0
- package/dist/scanners/builtin-rules.d.ts.map +1 -0
- package/dist/scanners/builtin-rules.js +175 -0
- package/dist/scanners/builtin-rules.js.map +1 -0
- package/dist/scanners/dast.d.ts.map +1 -1
- package/dist/scanners/dast.js +24 -34
- package/dist/scanners/dast.js.map +1 -1
- package/dist/scanners/deploy/types.d.ts +6 -6
- package/dist/scanners/eslint.d.ts.map +1 -1
- package/dist/scanners/eslint.js +15 -24
- package/dist/scanners/eslint.js.map +1 -1
- package/dist/scanners/gosec.d.ts.map +1 -1
- package/dist/scanners/gosec.js +14 -62
- package/dist/scanners/gosec.js.map +1 -1
- package/dist/scanners/index.d.ts.map +1 -1
- package/dist/scanners/index.js +38 -7
- package/dist/scanners/index.js.map +1 -1
- package/dist/scanners/memory-safety.d.ts.map +1 -1
- package/dist/scanners/memory-safety.js +27 -28
- package/dist/scanners/memory-safety.js.map +1 -1
- package/dist/scanners/openapi.d.ts.map +1 -1
- package/dist/scanners/openapi.js +14 -22
- package/dist/scanners/openapi.js.map +1 -1
- package/dist/scanners/race-condition.d.ts.map +1 -1
- package/dist/scanners/race-condition.js +17 -16
- package/dist/scanners/race-condition.js.map +1 -1
- package/dist/scanners/runtime/types.d.ts +4 -4
- package/dist/scanners/rust.d.ts.map +1 -1
- package/dist/scanners/rust.js +38 -37
- package/dist/scanners/rust.js.map +1 -1
- package/dist/scanners/scale/types.d.ts +16 -16
- package/dist/scanners/secrets.d.ts.map +1 -1
- package/dist/scanners/secrets.js +66 -78
- package/dist/scanners/secrets.js.map +1 -1
- package/dist/scanners/semgrep.d.ts +2 -0
- package/dist/scanners/semgrep.d.ts.map +1 -1
- package/dist/scanners/semgrep.js +12 -0
- package/dist/scanners/semgrep.js.map +1 -1
- package/dist/scanners/terraform.d.ts.map +1 -1
- package/dist/scanners/terraform.js +47 -40
- package/dist/scanners/terraform.js.map +1 -1
- package/dist/scanners/trivy.d.ts.map +1 -1
- package/dist/scanners/trivy.js +38 -30
- package/dist/scanners/trivy.js.map +1 -1
- package/dist/tool-guard.d.ts +40 -0
- package/dist/tool-guard.d.ts.map +1 -0
- package/dist/tool-guard.js +55 -0
- package/dist/tool-guard.js.map +1 -0
- package/dist/util/index.d.ts +2 -1
- package/dist/util/index.d.ts.map +1 -1
- package/dist/util/index.js +2 -1
- package/dist/util/index.js.map +1 -1
- package/dist/util/paths.d.ts +20 -3
- package/dist/util/paths.d.ts.map +1 -1
- package/dist/util/paths.js +84 -4
- package/dist/util/paths.js.map +1 -1
- package/dist/util/subprocess.d.ts +51 -0
- package/dist/util/subprocess.d.ts.map +1 -0
- package/dist/util/subprocess.js +77 -0
- package/dist/util/subprocess.js.map +1 -0
- package/package.json +12 -2
- package/dist/eval/fixtures/healthcare/audit-gaps.d.ts +0 -28
- package/dist/eval/fixtures/healthcare/audit-gaps.d.ts.map +0 -1
- package/dist/eval/fixtures/healthcare/audit-gaps.js +0 -90
- package/dist/eval/fixtures/healthcare/audit-gaps.js.map +0 -1
- package/dist/eval/fixtures/healthcare/consent-bypass.d.ts +0 -31
- package/dist/eval/fixtures/healthcare/consent-bypass.d.ts.map +0 -1
- package/dist/eval/fixtures/healthcare/consent-bypass.js +0 -61
- package/dist/eval/fixtures/healthcare/consent-bypass.js.map +0 -1
- package/dist/eval/fixtures/healthcare/phi-in-logs.d.ts +0 -24
- package/dist/eval/fixtures/healthcare/phi-in-logs.d.ts.map +0 -1
- package/dist/eval/fixtures/healthcare/phi-in-logs.js +0 -41
- package/dist/eval/fixtures/healthcare/phi-in-logs.js.map +0 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http-server-transport.test.js","sourceRoot":"","sources":["../../src/__tests__/http-server-transport.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AACnE,OAAO,EAAE,KAAK,EAAgB,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAE9C,sEAAsE;AACtE,4DAA4D;AAC5D,MAAM,KAAK,GAAG,UAAU,CAAC,qBAAqB,CAAC,CAAC;AAEhD;;;;;GAKG;AACH,MAAM,IAAI,GAAG,IAAI,CAAC;AAClB,MAAM,IAAI,GAAG,oBAAoB,IAAI,MAAM,CAAC;AAC5C,MAAM,KAAK,GAAG,sBAAsB,CAAC;AACrC,IAAI,IAAkB,CAAC;AAEvB,KAAK,UAAU,GAAG,CAAC,IAAa,EAAE,KAAK,GAAG,KAAK;IAC7C,OAAO,KAAK,CAAC,IAAI,EAAE;QACjB,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,MAAM,EAAE,qCAAqC;YAC7C,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvD;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;KAC3B,CAAC,CAAC;AACL,CAAC;AAED,SAAS,CAAC,KAAK,IAAI,EAAE;IACnB,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,qBAAqB,CAAC,EAAE;QAC5C,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,kBAAkB,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE;QAC/E,KAAK,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC;KACpC,CAAC,CAAC;IACH,sCAAsC;IACtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,KAAK,EAAE,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,MAAO,EAAE,MAAM,CAAC,CAAa,CAAC;QAC/D,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,qBAAqB,CAAC;YAAE,OAAO;IAC/D,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;AAC1C,CAAC,EAAE,KAAK,CAAC,CAAC;AAEV,QAAQ,CAAC,GAAG,EAAE;IACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;AACxB,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,gCAAgC,EAAE,GAAG,EAAE;IAC7D,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QACvF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,KAAK,IAAI,EAAE;QACpE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE;YAC5B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,EAAE,EAAE;SAC9C,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,EAAE;YAC5B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,aAAa,EAAE,UAAU,KAAK,EAAE;aACjC;YACD,IAAI,EAAE,UAAU;SACjB,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC;YACpB,OAAO,EAAE,KAAK;YACd,EAAE,EAAE,CAAC;YACL,MAAM,EAAE,YAAY;YACpB,MAAM,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,EAAE,EAAE;SACjD,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,KAAK,IAAI,EAAE;QACnF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC;YACzF,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,4CAA4C,CAAC,CAAC;QACrE,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,2CAA2C,EAAE,GAAG,EAAE;IACxE,MAAM,MAAM,GAAG,oBAAoB,IAAI,SAAS,CAAC;IACjD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAC3B,YAAY,CAAC,wCAAwC,EAAE,OAAO,CAAC,CAChE,CAAC;IAEF,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;YAC9B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,gCAAgC;YACjF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC;SACjC,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,UAAU,EAAE,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wEAAwE,EAAE,KAAK,IAAI,EAAE;QACtF,MAAM,QAAQ,GAAG,EAAE,GAAG,UAAU,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC;QACtD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;YAC9B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC;SAC/B,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE;YAC9B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,UAAU;SACjB,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QACnD,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"destructive-guards.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/integration/destructive-guards.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
import { describe, it, expect, beforeAll, afterAll } from "vitest";
|
|
2
|
+
import { Client } from "@modelcontextprotocol/sdk/client/index.js";
|
|
3
|
+
import { InMemoryTransport } from "@modelcontextprotocol/sdk/inMemory.js";
|
|
4
|
+
import { server } from "../../index.js";
|
|
5
|
+
/**
|
|
6
|
+
* Fail-closed guards on destructive tools: deploy_vercel_promote /
|
|
7
|
+
* deploy_vercel_rollback / consensus_clear must NOT act unless the caller
|
|
8
|
+
* passes confirm: true. Without it they return a no-op preview. Verified
|
|
9
|
+
* through the real MCP boundary (in-memory client → server tools/call).
|
|
10
|
+
*/
|
|
11
|
+
describe("destructive-tool confirm guards", () => {
|
|
12
|
+
let client;
|
|
13
|
+
beforeAll(async () => {
|
|
14
|
+
const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();
|
|
15
|
+
client = new Client({ name: "guard-test", version: "1.0.0" }, { capabilities: {} });
|
|
16
|
+
await Promise.all([client.connect(clientTransport), server.connect(serverTransport)]);
|
|
17
|
+
});
|
|
18
|
+
afterAll(async () => {
|
|
19
|
+
await client?.close().catch(() => undefined);
|
|
20
|
+
await server.close().catch(() => undefined);
|
|
21
|
+
});
|
|
22
|
+
async function call(name, args) {
|
|
23
|
+
const res = (await client.callTool({ name, arguments: args }));
|
|
24
|
+
const text = res.content.find((c) => c.type === "text")?.text ?? "{}";
|
|
25
|
+
return JSON.parse(text);
|
|
26
|
+
}
|
|
27
|
+
it("consensus_clear is a no-op preview without confirm", async () => {
|
|
28
|
+
const out = await call("consensus_clear", { certification_id: "cert-guard-test" });
|
|
29
|
+
expect(out.preview).toBe(true);
|
|
30
|
+
expect(out.cleared).toBeUndefined();
|
|
31
|
+
});
|
|
32
|
+
it("deploy_vercel_promote is a no-op preview without confirm", async () => {
|
|
33
|
+
const out = await call("deploy_vercel_promote", {
|
|
34
|
+
project_id: "proj",
|
|
35
|
+
deployment_id: "dpl_123",
|
|
36
|
+
});
|
|
37
|
+
expect(out.preview).toBe(true);
|
|
38
|
+
expect(out.success).toBeUndefined();
|
|
39
|
+
});
|
|
40
|
+
it("deploy_vercel_rollback is a no-op preview without confirm", async () => {
|
|
41
|
+
const out = await call("deploy_vercel_rollback", {
|
|
42
|
+
project_id: "proj",
|
|
43
|
+
deployment_id: "dpl_123",
|
|
44
|
+
});
|
|
45
|
+
expect(out.preview).toBe(true);
|
|
46
|
+
expect(out.success).toBeUndefined();
|
|
47
|
+
});
|
|
48
|
+
});
|
|
49
|
+
//# sourceMappingURL=destructive-guards.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"destructive-guards.test.js","sourceRoot":"","sources":["../../../src/__tests__/integration/destructive-guards.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAC1E,OAAO,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAC;AAExC;;;;;GAKG;AACH,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C,IAAI,MAAc,CAAC;IAEnB,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,CAAC,eAAe,EAAE,eAAe,CAAC,GAAG,iBAAiB,CAAC,gBAAgB,EAAE,CAAC;QAChF,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAC;QACpF,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IACxF,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,KAAK,IAAI,EAAE;QAClB,MAAM,MAAM,EAAE,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;QAC7C,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,KAAK,UAAU,IAAI,CAAC,IAAY,EAAE,IAA6B;QAC7D,MAAM,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAE5D,CAAC;QACF,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC;QACtE,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;IACrD,CAAC;IAED,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,CAAC,CAAC;QACnF,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,uBAAuB,EAAE;YAC9C,UAAU,EAAE,MAAM;YAClB,aAAa,EAAE,SAAS;SACzB,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,KAAK,IAAI,EAAE;QACzE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,wBAAwB,EAAE;YAC/C,UAAU,EAAE,MAAM;YAClB,aAAa,EAAE,SAAS;SACzB,CAAC,CAAC;QACH,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC/B,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logger-redaction.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/logger-redaction.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
import { describe, it, expect, vi, afterEach } from "vitest";
|
|
2
|
+
import { logger } from "../logger.js";
|
|
3
|
+
function captureLog(fn) {
|
|
4
|
+
const spy = vi.spyOn(console, "error").mockImplementation(() => { });
|
|
5
|
+
try {
|
|
6
|
+
fn();
|
|
7
|
+
return String(spy.mock.calls[0]?.[0] ?? "");
|
|
8
|
+
}
|
|
9
|
+
finally {
|
|
10
|
+
spy.mockRestore();
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
afterEach(() => {
|
|
14
|
+
vi.restoreAllMocks();
|
|
15
|
+
});
|
|
16
|
+
describe("logger secret redaction", () => {
|
|
17
|
+
it("redacts secret-shaped keys", () => {
|
|
18
|
+
const line = captureLog(() => logger.error("test", {
|
|
19
|
+
apiKey: "sk-abcdef1234567890abcdef",
|
|
20
|
+
authorization: "Bearer abc123",
|
|
21
|
+
password: "hunter2",
|
|
22
|
+
normal: "visible",
|
|
23
|
+
}));
|
|
24
|
+
expect(line).not.toContain("sk-abcdef");
|
|
25
|
+
expect(line).not.toContain("hunter2");
|
|
26
|
+
expect(line).not.toContain("Bearer abc123");
|
|
27
|
+
expect(line).toContain("visible");
|
|
28
|
+
expect(line).toContain("[REDACTED]");
|
|
29
|
+
});
|
|
30
|
+
it("redacts nested config objects", () => {
|
|
31
|
+
const line = captureLog(() => logger.error("test", {
|
|
32
|
+
config: {
|
|
33
|
+
endpoint: "https://example.com",
|
|
34
|
+
api_key: "vpm_live_supersecretvalue",
|
|
35
|
+
nested: { client_secret: "deep-secret" },
|
|
36
|
+
},
|
|
37
|
+
}));
|
|
38
|
+
expect(line).not.toContain("supersecretvalue");
|
|
39
|
+
expect(line).not.toContain("deep-secret");
|
|
40
|
+
expect(line).toContain("https://example.com");
|
|
41
|
+
});
|
|
42
|
+
it("redacts token-shaped values under innocent keys", () => {
|
|
43
|
+
const line = captureLog(() => logger.error("test", {
|
|
44
|
+
detail: "ghp_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
|
|
45
|
+
header: "Bearer eyJhbGciOiJIUzI1NiJ9.payload.sig",
|
|
46
|
+
}));
|
|
47
|
+
expect(line).not.toContain("ghp_");
|
|
48
|
+
expect(line).not.toContain("eyJhbGciOiJIUzI1NiJ9");
|
|
49
|
+
});
|
|
50
|
+
it("redacts a secret EMBEDDED inside a larger string (not just whole values)", () => {
|
|
51
|
+
const line = captureLog(() => logger.error("test", {
|
|
52
|
+
msg: "request to https://api/x failed: Authorization: Bearer sk-abcdef1234567890abcdef returned 401",
|
|
53
|
+
url: "https://u:ghp_abcdefghijklmnopqrstuvwxyz0123456789@host/repo",
|
|
54
|
+
}));
|
|
55
|
+
expect(line).not.toContain("sk-abcdef");
|
|
56
|
+
expect(line).not.toContain("ghp_abcdef");
|
|
57
|
+
expect(line).toContain("[REDACTED]");
|
|
58
|
+
// surrounding context preserved
|
|
59
|
+
expect(line).toContain("returned 401");
|
|
60
|
+
});
|
|
61
|
+
it("does not crash on circular references", () => {
|
|
62
|
+
const a = { name: "node" };
|
|
63
|
+
a.self = a;
|
|
64
|
+
const line = captureLog(() => logger.error("test", { graph: a, ok: "visible" }));
|
|
65
|
+
expect(line).toContain("[Circular]");
|
|
66
|
+
expect(line).toContain("visible");
|
|
67
|
+
});
|
|
68
|
+
it("leaves ordinary context intact", () => {
|
|
69
|
+
const line = captureLog(() => logger.info("test", { certId: "cert-123", count: 5, flag: true }));
|
|
70
|
+
expect(line).toContain("cert-123");
|
|
71
|
+
expect(line).toContain("5");
|
|
72
|
+
});
|
|
73
|
+
});
|
|
74
|
+
//# sourceMappingURL=logger-redaction.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logger-redaction.test.js","sourceRoot":"","sources":["../../src/__tests__/logger-redaction.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEtC,SAAS,UAAU,CAAC,EAAc;IAChC,MAAM,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACpE,IAAI,CAAC;QACH,EAAE,EAAE,CAAC;QACL,OAAO,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC9C,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,WAAW,EAAE,CAAC;IACpB,CAAC;AACH,CAAC;AAED,SAAS,CAAC,GAAG,EAAE;IACb,EAAE,CAAC,eAAe,EAAE,CAAC;AACvB,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,EAAE,CAC3B,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE;YACnB,MAAM,EAAE,2BAA2B;YACnC,aAAa,EAAE,eAAe;YAC9B,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,SAAS;SAClB,CAAC,CACH,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QAC5C,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,EAAE,CAC3B,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE;YACnB,MAAM,EAAE;gBACN,QAAQ,EAAE,qBAAqB;gBAC/B,OAAO,EAAE,2BAA2B;gBACpC,MAAM,EAAE,EAAE,aAAa,EAAE,aAAa,EAAE;aACzC;SACF,CAAC,CACH,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,EAAE,CAC3B,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE;YACnB,MAAM,EAAE,0CAA0C;YAClD,MAAM,EAAE,yCAAyC;SAClD,CAAC,CACH,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0EAA0E,EAAE,GAAG,EAAE;QAClF,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,EAAE,CAC3B,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE;YACnB,GAAG,EAAE,+FAA+F;YACpG,GAAG,EAAE,8DAA8D;SACpE,CAAC,CACH,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACrC,gCAAgC;QAChC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,CAAC,GAA4B,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QACpD,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;QACX,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QACjF,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,EAAE,CAC3B,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAClE,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACnC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"manifest-schema.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/manifest-schema.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import { describe, it, expect } from "vitest";
|
|
2
|
+
import { readFileSync } from "fs";
|
|
3
|
+
import { join } from "path";
|
|
4
|
+
/**
|
|
5
|
+
* Contract test for the published manifest (mcp.json).
|
|
6
|
+
*
|
|
7
|
+
* Regression guard for the empty-schema bug: the generator used to emit a
|
|
8
|
+
* bare `{ type: "object" }` placeholder for every tool, so the published
|
|
9
|
+
* manifest exposed NO input properties (0/113). The generator now derives
|
|
10
|
+
* real JSON Schema from the live server's tools/list. These assertions fail
|
|
11
|
+
* if it ever regresses to placeholders.
|
|
12
|
+
*/
|
|
13
|
+
const manifest = JSON.parse(readFileSync(join(process.cwd(), "mcp.json"), "utf-8"));
|
|
14
|
+
function hasProps(t) {
|
|
15
|
+
return !!t.inputSchema?.properties && Object.keys(t.inputSchema.properties).length > 0;
|
|
16
|
+
}
|
|
17
|
+
describe("mcp.json input schemas", () => {
|
|
18
|
+
it("every tool carries an object inputSchema", () => {
|
|
19
|
+
for (const t of manifest.tools) {
|
|
20
|
+
expect(t.inputSchema, t.name).toBeDefined();
|
|
21
|
+
expect(t.inputSchema.type, t.name).toBe("object");
|
|
22
|
+
}
|
|
23
|
+
});
|
|
24
|
+
it("the vast majority of tools expose real input properties (not placeholders)", () => {
|
|
25
|
+
const withProps = manifest.tools.filter(hasProps).length;
|
|
26
|
+
// Pre-fix this was 0. A handful of tools are genuinely arg-less, so we
|
|
27
|
+
// assert a high floor rather than 100%.
|
|
28
|
+
expect(withProps).toBeGreaterThanOrEqual(Math.floor(manifest.tools.length * 0.85));
|
|
29
|
+
});
|
|
30
|
+
it("a known tool exposes its declared parameter (hardening_list_projects → base_dir)", () => {
|
|
31
|
+
const tool = manifest.tools.find((t) => t.name === "hardening_list_projects");
|
|
32
|
+
expect(tool).toBeDefined();
|
|
33
|
+
expect(tool.inputSchema?.properties).toHaveProperty("base_dir");
|
|
34
|
+
});
|
|
35
|
+
it("no tool is left with a bare placeholder when it declares parameters", () => {
|
|
36
|
+
// A bare placeholder is `{ type: "object" }` with no properties key at
|
|
37
|
+
// all. That's only acceptable for genuinely arg-less tools; assert the
|
|
38
|
+
// count of bare placeholders stays small.
|
|
39
|
+
const bare = manifest.tools.filter((t) => t.inputSchema && !("properties" in t.inputSchema));
|
|
40
|
+
expect(bare.length).toBeLessThanOrEqual(Math.ceil(manifest.tools.length * 0.15));
|
|
41
|
+
});
|
|
42
|
+
});
|
|
43
|
+
//# sourceMappingURL=manifest-schema.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"manifest-schema.test.js","sourceRoot":"","sources":["../../src/__tests__/manifest-schema.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B;;;;;;;;GAQG;AACH,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CACzB,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,UAAU,CAAC,EAAE,OAAO,CAAC,CASvD,CAAC;AAEF,SAAS,QAAQ,CAAC,CAA6D;IAC7E,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;AACzF,CAAC;AAED,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACtC,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAC/B,MAAM,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAC5C,MAAM,CAAC,CAAC,CAAC,WAAY,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4EAA4E,EAAE,GAAG,EAAE;QACpF,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;QACzD,uEAAuE;QACvE,wCAAwC;QACxC,MAAM,CAAC,SAAS,CAAC,CAAC,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC;IACrF,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kFAAkF,EAAE,GAAG,EAAE;QAC1F,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,yBAAyB,CAAC,CAAC;QAC9E,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAK,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qEAAqE,EAAE,GAAG,EAAE;QAC7E,uEAAuE;QACvE,uEAAuE;QACvE,0CAA0C;QAC1C,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,MAAM,CAChC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC,WAAW,CAAC,CACzD,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC;IACnF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"builtin-rules.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/scanners/builtin-rules.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
import { describe, it, expect } from "vitest";
|
|
2
|
+
import { readFile } from "fs/promises";
|
|
3
|
+
import { BUILTIN_SEMGREP_RULES, getBuiltinRulesPath, } from "../../scanners/builtin-rules.js";
|
|
4
|
+
describe("built-in semgrep taint rules", () => {
|
|
5
|
+
it("declares the three taint classes the free community rules miss", () => {
|
|
6
|
+
for (const id of [
|
|
7
|
+
"vaspera-sql-injection",
|
|
8
|
+
"vaspera-command-injection",
|
|
9
|
+
"vaspera-ssrf",
|
|
10
|
+
]) {
|
|
11
|
+
expect(BUILTIN_SEMGREP_RULES).toContain(`id: ${id}`);
|
|
12
|
+
}
|
|
13
|
+
// taint mode + request sources
|
|
14
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("mode: taint");
|
|
15
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("req.query");
|
|
16
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("req.body");
|
|
17
|
+
});
|
|
18
|
+
it("declares the insecure-deserialization and XXE pattern rules", () => {
|
|
19
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("id: vaspera-insecure-deserialization");
|
|
20
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("id: vaspera-xxe");
|
|
21
|
+
// deser sinks: eval / Function constructor / unsafe yaml.load
|
|
22
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("pattern: eval(...)");
|
|
23
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("pattern: new Function(...)");
|
|
24
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("CWE-502");
|
|
25
|
+
// xxe sink: xmldom DOMParser (XMLParser is safe-by-default, not flagged)
|
|
26
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("pattern: new DOMParser()");
|
|
27
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("CWE-611");
|
|
28
|
+
});
|
|
29
|
+
it("scopes the yaml.load sink to yaml receivers and single-arg calls (precision)", () => {
|
|
30
|
+
// a yaml.load with a safe schema (2-arg) must not be reachable by the
|
|
31
|
+
// single-arg pattern, and the receiver is constrained to yaml-ish names
|
|
32
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("pattern: $YAML.load($X)");
|
|
33
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("regex: (?i)(yaml|jsyaml)");
|
|
34
|
+
expect(BUILTIN_SEMGREP_RULES).not.toContain("$YAML.load($X, ...)");
|
|
35
|
+
});
|
|
36
|
+
it("writes the rules to a temp file (cached across calls)", async () => {
|
|
37
|
+
const p1 = await getBuiltinRulesPath();
|
|
38
|
+
const p2 = await getBuiltinRulesPath();
|
|
39
|
+
expect(p1).toBe(p2); // memoized
|
|
40
|
+
expect(p1).toMatch(/vaspera-builtin\.yaml$/);
|
|
41
|
+
const content = await readFile(p1, "utf-8");
|
|
42
|
+
expect(content).toBe(BUILTIN_SEMGREP_RULES);
|
|
43
|
+
});
|
|
44
|
+
it("does not treat array-form spawn or a request body as a sink (precision)", () => {
|
|
45
|
+
// command-injection: plain spawn(...) is intentionally not a bare sink
|
|
46
|
+
expect(BUILTIN_SEMGREP_RULES).not.toContain("- pattern: spawn(...)");
|
|
47
|
+
// ssrf: sinks focus on the URL arg, not the whole call
|
|
48
|
+
expect(BUILTIN_SEMGREP_RULES).toContain("focus-metavariable: $URL");
|
|
49
|
+
});
|
|
50
|
+
});
|
|
51
|
+
//# sourceMappingURL=builtin-rules.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"builtin-rules.test.js","sourceRoot":"","sources":["../../../src/__tests__/scanners/builtin-rules.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EACL,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,iCAAiC,CAAC;AAEzC,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;IAC5C,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,KAAK,MAAM,EAAE,IAAI;YACf,uBAAuB;YACvB,2BAA2B;YAC3B,cAAc;SACf,EAAE,CAAC;YACF,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACvD,CAAC;QACD,+BAA+B;QAC/B,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QACvD,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QACrD,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,sCAAsC,CAAC,CAAC;QAChF,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAC3D,8DAA8D;QAC9D,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;QAC9D,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC;QACtE,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;QACnD,yEAAyE;QACzE,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACpE,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8EAA8E,EAAE,GAAG,EAAE;QACtF,sEAAsE;QACtE,wEAAwE;QACxE,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;QACnE,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QACpE,MAAM,CAAC,qBAAqB,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,qBAAqB,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,MAAM,EAAE,GAAG,MAAM,mBAAmB,EAAE,CAAC;QACvC,MAAM,EAAE,GAAG,MAAM,mBAAmB,EAAE,CAAC;QACvC,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW;QAChC,MAAM,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC5C,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yEAAyE,EAAE,GAAG,EAAE;QACjF,uEAAuE;QACvE,MAAM,CAAC,qBAAqB,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;QACrE,uDAAuD;QACvD,MAAM,CAAC,qBAAqB,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { describe, it, expect, beforeEach, afterEach } from "vitest";
|
|
1
|
+
import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
|
|
2
2
|
import { join } from "path";
|
|
3
3
|
import { mkdir, writeFile, rm, readFile } from "fs/promises";
|
|
4
4
|
import { tmpdir } from "os";
|
|
@@ -103,6 +103,18 @@ steps: []
|
|
|
103
103
|
});
|
|
104
104
|
});
|
|
105
105
|
describe("runFlow", () => {
|
|
106
|
+
// Constitution: tests must pass offline — never hit the real network.
|
|
107
|
+
beforeEach(() => {
|
|
108
|
+
vi.stubGlobal("fetch", vi.fn(async (url) => {
|
|
109
|
+
if (String(url).includes("localhost:99999")) {
|
|
110
|
+
throw new Error("connect ECONNREFUSED");
|
|
111
|
+
}
|
|
112
|
+
return new Response("ok", { status: 200 });
|
|
113
|
+
}));
|
|
114
|
+
});
|
|
115
|
+
afterEach(() => {
|
|
116
|
+
vi.unstubAllGlobals();
|
|
117
|
+
});
|
|
106
118
|
it("executes navigate step successfully", async () => {
|
|
107
119
|
const flow = {
|
|
108
120
|
name: "navigate-test",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"golden-path-runner.test.js","sourceRoot":"","sources":["../../../../src/__tests__/scanners/runtime/golden-path-runner.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,
|
|
1
|
+
{"version":3,"file":"golden-path-runner.test.js","sourceRoot":"","sources":["../../../../src/__tests__/scanners/runtime/golden-path-runner.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AACzE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EACL,QAAQ,EACR,aAAa,EACb,kBAAkB,EAClB,OAAO,GACR,MAAM,iDAAiD,CAAC;AAGzD,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,IAAI,OAAe,CAAC;IAEpB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,EAAE,oBAAoB,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QACrG,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;QACxB,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;YACvC,MAAM,WAAW,GAAG;;;;;;;;;CASzB,CAAC;YACI,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAC5C,MAAM,SAAS,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YAEvC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACpC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE;YACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;YAC/C,MAAM,SAAS,CAAC,QAAQ,EAAE,yBAAyB,CAAC,CAAC;YAErD,MAAM,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,WAAW,GAAG;;;;CAIzB,CAAC;YACI,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,qBAAqB,CAAC,CAAC;YACtD,MAAM,SAAS,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;YAEvC,MAAM,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE3C,MAAM,KAAK,GAAG,2DAA2D,CAAC;YAC1E,MAAM,KAAK,GAAG,gEAAgE,CAAC;YAE/E,MAAM,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC;YACrD,MAAM,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,KAAK,CAAC,CAAC;YAEpD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;YAC3C,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QAC3E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;YAC3C,MAAM,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;YACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE3C,MAAM,SAAS,GAAG,2DAA2D,CAAC;YAC9E,MAAM,WAAW,GAAG,kCAAkC,CAAC;YAEvD,MAAM,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,SAAS,CAAC,CAAC;YACzD,MAAM,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,EAAE,WAAW,CAAC,CAAC;YAE7D,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;YAC3C,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE;YACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YACjD,MAAM,KAAK,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE3C,MAAM,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,0DAA0D,CAAC,CAAC;YACzG,MAAM,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,UAAU,CAAC,CAAC;YACzD,MAAM,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,EAAE,IAAI,CAAC,CAAC;YAErD,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;YAC3C,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAClC,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;YAE/D,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,8BAA8B,CAAC,CAAC,CAAC;YAErE,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YAClD,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;YAC9C,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QAChD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAE1C,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;YAC3C,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YACpD,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,OAAO,CAAC,CAAC;YAEnD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE;QACvB,sEAAsE;QACtE,UAAU,CAAC,GAAG,EAAE;YACd,EAAE,CAAC,UAAU,CACX,OAAO,EACP,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,GAAiB,EAAE,EAAE;gBAChC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAC5C,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;gBAC1C,CAAC;gBACD,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YAC7C,CAAC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,SAAS,CAAC,GAAG,EAAE;YACb,EAAE,CAAC,gBAAgB,EAAE,CAAC;QACxB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;YACnD,MAAM,IAAI,GAAmB;gBAC3B,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE;oBACL,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,EAAE;iBACjC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oBAAoB,EAAE,KAAK,IAAI,EAAE;YAClC,MAAM,IAAI,GAAmB;gBAC3B,IAAI,EAAE,WAAW;gBACjB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE;oBACL,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;iBACjC;aACF,CAAC;YAEF,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YACzD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAEvC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,MAAM,CAAC,OAAO,CAAC,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;YAC5D,MAAM,IAAI,GAAmB;gBAC3B,IAAI,EAAE,iBAAiB;gBACvB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE;oBACL,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE;oBACxC,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE;oBACrD,EAAE,MAAM,EAAE,YAAY,EAAE;iBACzB;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAElC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;gBAC3C,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;YAC/D,MAAM,IAAI,GAAmB;gBAC3B,IAAI,EAAE,cAAc;gBACpB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE;oBACL,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,EAAE;oBAChC,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,oCAAoC,EAAE;oBACjE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;iBACjC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YAE9C,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACvD,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;YACzC,MAAM,IAAI,GAAmB;gBAC3B,IAAI,EAAE,eAAe;gBACrB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE;oBACL,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE;iBAChC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YACzD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC;YAC5D,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,sBAAsB,CAAC,EAAE,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;YACrC,MAAM,IAAI,GAAmB;gBAC3B,IAAI,EAAE,aAAa;gBACnB,QAAQ,EAAE,QAAQ;gBAClB,KAAK,EAAE;oBACL,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,EAAE;oBAChC,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,aAAa,EAAE;iBACzC;aACF,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;YACzD,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAEnC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;YAC3C,MAAM,CAAC,UAAU,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-guard.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/tool-guard.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
import { describe, it, expect, beforeEach, afterEach } from "vitest";
|
|
2
|
+
import { mkdtemp, rm, symlink, mkdir } from "fs/promises";
|
|
3
|
+
import { tmpdir } from "os";
|
|
4
|
+
import { join } from "path";
|
|
5
|
+
import { realpathSync } from "fs";
|
|
6
|
+
import { applyProjectPathGuard } from "../tool-guard.js";
|
|
7
|
+
function fakeServer() {
|
|
8
|
+
const tools = {};
|
|
9
|
+
return {
|
|
10
|
+
tools,
|
|
11
|
+
registerTool(name, _config, handler) {
|
|
12
|
+
tools[name] = handler;
|
|
13
|
+
return { name };
|
|
14
|
+
},
|
|
15
|
+
};
|
|
16
|
+
}
|
|
17
|
+
describe("applyProjectPathGuard", () => {
|
|
18
|
+
let dir;
|
|
19
|
+
beforeEach(async () => {
|
|
20
|
+
// realpath: on macOS, tmpdir is a /var -> /private/var symlink
|
|
21
|
+
dir = realpathSync(await mkdtemp(join(tmpdir(), "guard-test-")));
|
|
22
|
+
});
|
|
23
|
+
afterEach(async () => {
|
|
24
|
+
await rm(dir, { recursive: true, force: true });
|
|
25
|
+
});
|
|
26
|
+
it("passes a validated, resolved project_path to the handler", async () => {
|
|
27
|
+
const server = fakeServer();
|
|
28
|
+
applyProjectPathGuard(server);
|
|
29
|
+
let received;
|
|
30
|
+
server.registerTool("t", {}, (args) => {
|
|
31
|
+
received = args;
|
|
32
|
+
return "ok";
|
|
33
|
+
});
|
|
34
|
+
const result = await server.tools.t({ project_path: dir + "/." });
|
|
35
|
+
expect(result).toBe("ok");
|
|
36
|
+
expect(received.project_path).toBe(dir);
|
|
37
|
+
});
|
|
38
|
+
it("rejects a nonexistent project_path with an isError result, without invoking the handler", async () => {
|
|
39
|
+
const server = fakeServer();
|
|
40
|
+
applyProjectPathGuard(server);
|
|
41
|
+
let invoked = false;
|
|
42
|
+
server.registerTool("t", {}, () => {
|
|
43
|
+
invoked = true;
|
|
44
|
+
});
|
|
45
|
+
const result = (await server.tools.t({
|
|
46
|
+
project_path: join(dir, "does-not-exist"),
|
|
47
|
+
}));
|
|
48
|
+
expect(invoked).toBe(false);
|
|
49
|
+
expect(result.isError).toBe(true);
|
|
50
|
+
expect(result.content[0].text).toMatch(/does not exist/);
|
|
51
|
+
});
|
|
52
|
+
it("leaves tools without project_path untouched", async () => {
|
|
53
|
+
const server = fakeServer();
|
|
54
|
+
applyProjectPathGuard(server);
|
|
55
|
+
server.registerTool("t", {}, (args) => args);
|
|
56
|
+
const args = { other: 1 };
|
|
57
|
+
expect(await server.tools.t(args)).toBe(args);
|
|
58
|
+
});
|
|
59
|
+
it("enforces basePath containment, including prefix-sibling escapes", async () => {
|
|
60
|
+
const inside = join(dir, "workspace", "proj");
|
|
61
|
+
const sibling = dir + "-evil";
|
|
62
|
+
await mkdir(inside, { recursive: true });
|
|
63
|
+
await mkdir(join(dir, "workspace"), { recursive: true }).catch(() => { });
|
|
64
|
+
const server = fakeServer();
|
|
65
|
+
applyProjectPathGuard(server, { basePath: join(dir, "workspace") });
|
|
66
|
+
server.registerTool("t", {}, (args) => args);
|
|
67
|
+
const ok = (await server.tools.t({ project_path: inside }));
|
|
68
|
+
expect(ok.project_path).toBe(inside);
|
|
69
|
+
await mkdir(sibling, { recursive: true });
|
|
70
|
+
try {
|
|
71
|
+
const guarded = fakeServer();
|
|
72
|
+
// basePath = dir; sibling "<dir>-evil" must NOT pass the prefix check
|
|
73
|
+
applyProjectPathGuard(guarded, { basePath: dir });
|
|
74
|
+
guarded.registerTool("t", {}, (args) => args);
|
|
75
|
+
const result = (await guarded.tools.t({ project_path: sibling }));
|
|
76
|
+
expect(result.isError).toBe(true);
|
|
77
|
+
}
|
|
78
|
+
finally {
|
|
79
|
+
await rm(sibling, { recursive: true, force: true });
|
|
80
|
+
}
|
|
81
|
+
});
|
|
82
|
+
it("rejects symlinks that escape the basePath", async () => {
|
|
83
|
+
const outside = join(dir, "outside-target");
|
|
84
|
+
const base = join(dir, "base");
|
|
85
|
+
await mkdir(outside, { recursive: true });
|
|
86
|
+
await mkdir(base, { recursive: true });
|
|
87
|
+
const link = join(base, "sneaky");
|
|
88
|
+
await symlink(outside, link);
|
|
89
|
+
const server = fakeServer();
|
|
90
|
+
applyProjectPathGuard(server, { basePath: base });
|
|
91
|
+
server.registerTool("t", {}, (args) => args);
|
|
92
|
+
const result = (await server.tools.t({ project_path: link }));
|
|
93
|
+
expect(result.isError).toBe(true);
|
|
94
|
+
expect(result.content[0].text).toMatch(/Symlink escapes/);
|
|
95
|
+
});
|
|
96
|
+
});
|
|
97
|
+
//# sourceMappingURL=tool-guard.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tool-guard.test.js","sourceRoot":"","sources":["../../src/__tests__/tool-guard.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAC1D,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAIzD,SAAS,UAAU;IACjB,MAAM,KAAK,GAA4B,EAAE,CAAC;IAC1C,OAAO;QACL,KAAK;QACL,YAAY,CAAC,IAAY,EAAE,OAAgB,EAAE,OAAgB;YAC3D,KAAK,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC;YACtB,OAAO,EAAE,IAAI,EAAE,CAAC;QAClB,CAAC;KACF,CAAC;AACJ,CAAC;AAED,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,IAAI,GAAW,CAAC;IAEhB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,+DAA+D;QAC/D,GAAG,GAAG,YAAY,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAC9B,IAAI,QAAiB,CAAC;QACtB,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,IAAa,EAAE,EAAE;YAC7C,QAAQ,GAAG,IAAI,CAAC;YAChB,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,GAAG,GAAG,IAAI,EAAE,CAAC,CAAC;QAClE,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1B,MAAM,CAAE,QAAqC,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yFAAyF,EAAE,KAAK,IAAI,EAAE;QACvG,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAC9B,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE;YAChC,OAAO,GAAG,IAAI,CAAC;QACjB,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;YACnC,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE,gBAAgB,CAAC;SAC1C,CAAC,CAA2D,CAAC;QAE9D,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5B,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;QAC3D,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAC9B,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,IAAa,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QAEtD,MAAM,IAAI,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC;QAC1B,MAAM,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,GAAG,GAAG,OAAO,CAAC;QAC9B,MAAM,KAAK,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACzC,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAEzE,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,qBAAqB,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC;QACpE,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,IAAa,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QAEtD,MAAM,EAAE,GAAG,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,CAEzD,CAAC;QACF,MAAM,CAAC,EAAE,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAErC,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;YAC7B,sEAAsE;YACtE,qBAAqB,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;YAClD,OAAO,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,IAAa,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,MAAM,GAAG,CAAC,MAAM,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,OAAO,EAAE,CAAC,CAE/D,CAAC;YACF,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC;gBAAS,CAAC;YACT,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;QAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QAC/B,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,MAAM,KAAK,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACvC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAClC,MAAM,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAE7B,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,qBAAqB,CAAC,MAAM,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAClD,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,IAAa,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,CAAC,MAAM,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAG3D,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"contained-file.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/util/contained-file.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
import { describe, it, expect, beforeEach, afterEach } from "vitest";
|
|
2
|
+
import { mkdtemp, rm, mkdir, writeFile, symlink } from "fs/promises";
|
|
3
|
+
import { tmpdir } from "os";
|
|
4
|
+
import { join } from "path";
|
|
5
|
+
import { realpathSync } from "fs";
|
|
6
|
+
import { resolveContainedFile, resolveContainedWritePath, PathValidationError, } from "../../util/paths.js";
|
|
7
|
+
describe("resolveContainedFile", () => {
|
|
8
|
+
let root;
|
|
9
|
+
beforeEach(async () => {
|
|
10
|
+
root = realpathSync(await mkdtemp(join(tmpdir(), "contained-")));
|
|
11
|
+
await writeFile(join(root, "inside.txt"), "ok");
|
|
12
|
+
});
|
|
13
|
+
afterEach(async () => {
|
|
14
|
+
await rm(root, { recursive: true, force: true });
|
|
15
|
+
});
|
|
16
|
+
it("resolves a normal relative file inside the tree", async () => {
|
|
17
|
+
expect(await resolveContainedFile(root, "inside.txt")).toBe(join(root, "inside.txt"));
|
|
18
|
+
});
|
|
19
|
+
it("rejects ../ traversal", async () => {
|
|
20
|
+
await expect(resolveContainedFile(root, "../../../etc/passwd")).rejects.toThrow(PathValidationError);
|
|
21
|
+
});
|
|
22
|
+
it("rejects absolute paths outside the tree", async () => {
|
|
23
|
+
await expect(resolveContainedFile(root, "/etc/passwd")).rejects.toThrow(/escapes project tree/);
|
|
24
|
+
});
|
|
25
|
+
it("rejects in-tree symlinks pointing outside the tree", async () => {
|
|
26
|
+
const outside = join(root, "..", `outside-${Date.now()}`);
|
|
27
|
+
await mkdir(outside, { recursive: true });
|
|
28
|
+
try {
|
|
29
|
+
await writeFile(join(outside, "secret.txt"), "secret");
|
|
30
|
+
await symlink(join(outside, "secret.txt"), join(root, "sneaky.txt"));
|
|
31
|
+
await expect(resolveContainedFile(root, "sneaky.txt")).rejects.toThrow(/Symlinked file escapes/);
|
|
32
|
+
}
|
|
33
|
+
finally {
|
|
34
|
+
await rm(outside, { recursive: true, force: true });
|
|
35
|
+
}
|
|
36
|
+
});
|
|
37
|
+
it("rejects prefix-sibling escapes", async () => {
|
|
38
|
+
const sibling = `${root}-evil`;
|
|
39
|
+
await mkdir(sibling, { recursive: true });
|
|
40
|
+
try {
|
|
41
|
+
await writeFile(join(sibling, "f.txt"), "x");
|
|
42
|
+
await expect(resolveContainedFile(root, join(sibling, "f.txt"))).rejects.toThrow(PathValidationError);
|
|
43
|
+
}
|
|
44
|
+
finally {
|
|
45
|
+
await rm(sibling, { recursive: true, force: true });
|
|
46
|
+
}
|
|
47
|
+
});
|
|
48
|
+
});
|
|
49
|
+
describe("resolveContainedWritePath", () => {
|
|
50
|
+
let root;
|
|
51
|
+
beforeEach(async () => {
|
|
52
|
+
root = realpathSync(await mkdtemp(join(tmpdir(), "cwrite-")));
|
|
53
|
+
});
|
|
54
|
+
afterEach(async () => {
|
|
55
|
+
await rm(root, { recursive: true, force: true });
|
|
56
|
+
});
|
|
57
|
+
it("allows a not-yet-existing file inside the tree", async () => {
|
|
58
|
+
expect(await resolveContainedWritePath(root, "out/report.json")).toBe(join(root, "out", "report.json"));
|
|
59
|
+
});
|
|
60
|
+
it("rejects ../ traversal on a write target", async () => {
|
|
61
|
+
await expect(resolveContainedWritePath(root, "../escape.json")).rejects.toThrow(PathValidationError);
|
|
62
|
+
});
|
|
63
|
+
it("rejects an absolute write target outside the tree", async () => {
|
|
64
|
+
await expect(resolveContainedWritePath(root, "/tmp/evil.json")).rejects.toThrow(/escapes project tree/);
|
|
65
|
+
});
|
|
66
|
+
it("rejects writes through a symlinked directory escaping the tree", async () => {
|
|
67
|
+
const outside = join(root, "..", `wout-${Date.now()}`);
|
|
68
|
+
await mkdir(outside, { recursive: true });
|
|
69
|
+
try {
|
|
70
|
+
await symlink(outside, join(root, "link"));
|
|
71
|
+
await expect(resolveContainedWritePath(root, "link/evil.json")).rejects.toThrow(/Symlinked directory escapes/);
|
|
72
|
+
}
|
|
73
|
+
finally {
|
|
74
|
+
await rm(outside, { recursive: true, force: true });
|
|
75
|
+
}
|
|
76
|
+
});
|
|
77
|
+
});
|
|
78
|
+
//# sourceMappingURL=contained-file.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"contained-file.test.js","sourceRoot":"","sources":["../../../src/__tests__/util/contained-file.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAC;AACrE,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACrE,OAAO,EAAE,MAAM,EAAE,MAAM,IAAI,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EACL,oBAAoB,EACpB,yBAAyB,EACzB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAE7B,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,IAAI,IAAY,CAAC;IAEjB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,IAAI,GAAG,YAAY,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC;QACjE,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,CAAC,MAAM,oBAAoB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC,IAAI,CACzD,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CACzB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;QACrC,MAAM,MAAM,CACV,oBAAoB,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAClD,CAAC,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACrE,sBAAsB,CACvB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1D,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;YACvD,MAAM,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE,IAAI,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC;YACrE,MAAM,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACpE,wBAAwB,CACzB,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,OAAO,GAAG,GAAG,IAAI,OAAO,CAAC;QAC/B,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,SAAS,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC;YAC7C,MAAM,MAAM,CACV,oBAAoB,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CACnD,CAAC,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzC,CAAC;gBAAS,CAAC;YACT,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;IACzC,IAAI,IAAY,CAAC;IAEjB,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,IAAI,GAAG,YAAY,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,CAAC,MAAM,yBAAyB,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC,CAAC,IAAI,CACnE,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,aAAa,CAAC,CACjC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,MAAM,CACV,yBAAyB,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAClD,CAAC,OAAO,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,MAAM,CACV,yBAAyB,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAClD,CAAC,OAAO,CAAC,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACvD,MAAM,KAAK,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC;YACH,MAAM,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;YAC3C,MAAM,MAAM,CACV,yBAAyB,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAClD,CAAC,OAAO,CAAC,OAAO,CAAC,6BAA6B,CAAC,CAAC;QACnD,CAAC;gBAAS,CAAC;YACT,MAAM,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtD,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"subprocess.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/util/subprocess.test.ts"],"names":[],"mappings":""}
|