Medium severity6.5GHSA Advisory· Published May 18, 2026· Updated May 18, 2026
n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters
CVE-2026-45582
Description
Summary
In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant identifiers, short secrets embedded in query strings, and signed request parameters — could therefore appear in stored telemetry, contrary to the collection boundary documented in PRIVACY.md.
Impact
Operators with access to the project's telemetry backend could read partial fragments of workflow URL parameters that should not have been collected. The bug was scoped to URL-shaped fields in workflow *definitions*; credentials, OAuth tokens, and workflow *execution* data are not affected — credentials are removed by a separate code path, and long secrets and known-provider tokens are matched by dedicated patterns.
Patches
Fixed in **n8n-mcp 2.51.3**. Upgrading is the recommended remediation.
Workarounds
For users who cannot upgrade immediately, disable anonymous telemetry by setting any of these environment variables to true:
N8N_MCP_TELEMETRY_DISABLEDTELEMETRY_DISABLEDDISABLE_TELEMETRY
Credit
Reported by @u-ktdi.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In n8n-mcp, the workflow telemetry sanitizer failed to fully redact URL-shaped node parameters, exposing partial fragments to the telemetry backend.
Vulnerability
In n8n-mcp versions before 2.51.3, the WorkflowSanitizer only replaced the hostname of URL-shaped fields (e.g., url, endpoint, webhook) with [domain], leaving the path and query string intact. This allowed partial fragments of URL parameters—such as customer IDs, tenant identifiers, short secrets, and signed request parameters—to be included in telemetry data sent to the project's anonymous telemetry backend (Supabase tables telemetry_workflows and workflow_mutations). Credentials and OAuth tokens were removed by separate code paths, but URL-shaped fields were not fully redacted [1][2][3][4].
Exploitation
An attacker would need access to the project's telemetry backend (Supabase) to read the stored telemetry data. No user interaction or network position is required beyond that access. The telemetry data is sent automatically when workflows are created or mutated, so any workflow containing URL-shaped node parameters with sensitive values would have those fragments stored [4].
Impact
Operators with access to the telemetry backend could read partial fragments of workflow URL parameters that should not have been collected. This could expose customer identifiers, tenant IDs, short secrets, and signed request parameters. The scope is limited to workflow definitions; execution data and credentials are not affected [4].
Mitigation
Fixed in n8n-mcp version 2.51.3. Upgrading is recommended. For users who cannot upgrade immediately, disable anonymous telemetry by setting any of N8N_MCP_TELEMETRY_DISABLED, TELEMETRY_DISABLED, or DISABLE_TELEMETRY to true [2][3][4].
References
- GitHub - czlonkowski/n8n-mcp: A MCP for Claude Desktop / Claude Code / Windsurf / Cursor to build n8n workflows for you
- security: redact URL paths and query strings in workflow telemetry (G… · czlonkowski/n8n-mcp@6cf6fef
- security: redact URL paths and query strings in workflow telemetry (GHSA-f3rg-xqjj-cj9w) by czlonkowski · Pull Request #782 · czlonkowski/n8n-mcp
- CVE-2026-45582 - GitHub Advisory Database
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: < 2.51.3
Patches
16cf6fef653fcsecurity: redact URL paths and query strings in workflow telemetry (GHSA-f3rg-xqjj-cj9w) (#782)
16 files changed · +477 −113
CHANGELOG.md+13 −0 modified@@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [2.51.3] - 2026-05-11 + +### Security + +- Fix workflow-telemetry URL path and query-string leak (GHSA-f3rg-xqjj-cj9w). `WorkflowSanitizer` previously replaced only the hostname of `url`, `endpoint`, and `webhook` field values with `[domain]` and left the path and query string intact, allowing customer IDs in URL paths, tenant identifiers, signed-request parameters, and tokens shorter than the 20-character generic-token threshold to reach the `telemetry_workflows` and `workflow_mutations` Supabase tables. `sanitizeObject` now fully redacts URL-named fields to `[REDACTED_URL]` regardless of value type, the dead hostname-only branch in `sanitizeString` is removed, and `event-validator.ts` replaces `nodes: z.array(z.any())` with a `.strict()` per-node schema that rejects unknown top-level node keys as defense-in-depth. The mutation telemetry path (`sanitizeWorkflowRaw`) shares the same code path and is fixed automatically. Reported by @u-ktdi. + +### Notes + +- **Telemetry output format changed.** Anyone consuming the local telemetry analytics will see `[REDACTED_URL]` in place of the previous `https://[domain]/<path>?<query>` and `[REDACTED_URL_WITH_AUTH]` placeholders for `url`, `endpoint`, `webhook`, and similarly-named fields. Pattern-specific placeholders (`[REDACTED_SUPABASE_URL]`, `[REDACTED_N8N_HOST_URL]`, `[REDACTED_WEBHOOK]`, etc.) still apply to free-text node parameters that happen to contain those URLs (e.g. `jsCode`, `systemMessage`). +- The webhook short-circuit in `sanitizeString` (returns `https://[webhook-url]` when a string value contains `/webhook/` or `/hook/`) remains for non-URL-named fields whose value embeds a webhook URL. + +Conceived by Romuald Członkowski - https://www.aiadvisors.pl/en + ## [2.51.2] - 2026-05-11 ### Security
dist/telemetry/event-validator.d.ts+131 −5 modified@@ -25,13 +25,103 @@ export declare const workflowTelemetrySchema: z.ZodObject<{ has_webhook: z.ZodBoolean; complexity: z.ZodEnum<["simple", "medium", "complex"]>; sanitized_workflow: z.ZodObject<{ - nodes: z.ZodArray<z.ZodAny, "many">; + nodes: z.ZodArray<z.ZodObject<{ + id: z.ZodString; + name: z.ZodString; + type: z.ZodString; + typeVersion: z.ZodNumber; + position: z.ZodTuple<[z.ZodNumber, z.ZodNumber], null>; + parameters: z.ZodRecord<z.ZodString, z.ZodUnknown>; + disabled: z.ZodOptional<z.ZodBoolean>; + notes: z.ZodOptional<z.ZodString>; + notesInFlow: z.ZodOptional<z.ZodBoolean>; + continueOnFail: z.ZodOptional<z.ZodBoolean>; + retryOnFail: z.ZodOptional<z.ZodBoolean>; + maxTries: z.ZodOptional<z.ZodNumber>; + waitBetweenTries: z.ZodOptional<z.ZodNumber>; + alwaysOutputData: z.ZodOptional<z.ZodBoolean>; + executeOnce: z.ZodOptional<z.ZodBoolean>; + onError: z.ZodOptional<z.ZodEnum<["continueRegularOutput", "continueErrorOutput", "stopWorkflow"]>>; + webhookId: z.ZodOptional<z.ZodString>; + }, "strict", z.ZodTypeAny, { + type: string; + id: string; + name: string; + typeVersion: number; + position: [number, number]; + parameters: Record<string, unknown>; + onError?: "continueRegularOutput" | "continueErrorOutput" | "stopWorkflow" | undefined; + retryOnFail?: boolean | undefined; + continueOnFail?: boolean | undefined; + maxTries?: number | undefined; + waitBetweenTries?: number | undefined; + alwaysOutputData?: boolean | undefined; + disabled?: boolean | undefined; + notes?: string | undefined; + notesInFlow?: boolean | undefined; + executeOnce?: boolean | undefined; + webhookId?: string | undefined; + }, { + type: string; + id: string; + name: string; + typeVersion: number; + position: [number, number]; + parameters: Record<string, unknown>; + onError?: "continueRegularOutput" | "continueErrorOutput" | "stopWorkflow" | undefined; + retryOnFail?: boolean | undefined; + continueOnFail?: boolean | undefined; + maxTries?: number | undefined; + waitBetweenTries?: number | undefined; + alwaysOutputData?: boolean | undefined; + disabled?: boolean | undefined; + notes?: string | undefined; + notesInFlow?: boolean | undefined; + executeOnce?: boolean | undefined; + webhookId?: string | undefined; + }>, "many">; connections: z.ZodRecord<z.ZodString, z.ZodAny>; }, "strip", z.ZodTypeAny, { - nodes: any[]; + nodes: { + type: string; + id: string; + name: string; + typeVersion: number; + position: [number, number]; + parameters: Record<string, unknown>; + onError?: "continueRegularOutput" | "continueErrorOutput" | "stopWorkflow" | undefined; + retryOnFail?: boolean | undefined; + continueOnFail?: boolean | undefined; + maxTries?: number | undefined; + waitBetweenTries?: number | undefined; + alwaysOutputData?: boolean | undefined; + disabled?: boolean | undefined; + notes?: string | undefined; + notesInFlow?: boolean | undefined; + executeOnce?: boolean | undefined; + webhookId?: string | undefined; + }[]; connections: Record<string, any>; }, { - nodes: any[]; + nodes: { + type: string; + id: string; + name: string; + typeVersion: number; + position: [number, number]; + parameters: Record<string, unknown>; + onError?: "continueRegularOutput" | "continueErrorOutput" | "stopWorkflow" | undefined; + retryOnFail?: boolean | undefined; + continueOnFail?: boolean | undefined; + maxTries?: number | undefined; + waitBetweenTries?: number | undefined; + alwaysOutputData?: boolean | undefined; + disabled?: boolean | undefined; + notes?: string | undefined; + notesInFlow?: boolean | undefined; + executeOnce?: boolean | undefined; + webhookId?: string | undefined; + }[]; connections: Record<string, any>; }>; created_at: z.ZodOptional<z.ZodString>; @@ -44,7 +134,25 @@ export declare const workflowTelemetrySchema: z.ZodObject<{ has_trigger: boolean; has_webhook: boolean; sanitized_workflow: { - nodes: any[]; + nodes: { + type: string; + id: string; + name: string; + typeVersion: number; + position: [number, number]; + parameters: Record<string, unknown>; + onError?: "continueRegularOutput" | "continueErrorOutput" | "stopWorkflow" | undefined; + retryOnFail?: boolean | undefined; + continueOnFail?: boolean | undefined; + maxTries?: number | undefined; + waitBetweenTries?: number | undefined; + alwaysOutputData?: boolean | undefined; + disabled?: boolean | undefined; + notes?: string | undefined; + notesInFlow?: boolean | undefined; + executeOnce?: boolean | undefined; + webhookId?: string | undefined; + }[]; connections: Record<string, any>; }; created_at?: string | undefined; @@ -57,7 +165,25 @@ export declare const workflowTelemetrySchema: z.ZodObject<{ has_trigger: boolean; has_webhook: boolean; sanitized_workflow: { - nodes: any[]; + nodes: { + type: string; + id: string; + name: string; + typeVersion: number; + position: [number, number]; + parameters: Record<string, unknown>; + onError?: "continueRegularOutput" | "continueErrorOutput" | "stopWorkflow" | undefined; + retryOnFail?: boolean | undefined; + continueOnFail?: boolean | undefined; + maxTries?: number | undefined; + waitBetweenTries?: number | undefined; + alwaysOutputData?: boolean | undefined; + disabled?: boolean | undefined; + notes?: string | undefined; + notesInFlow?: boolean | undefined; + executeOnce?: boolean | undefined; + webhookId?: string | undefined; + }[]; connections: Record<string, any>; }; created_at?: string | undefined;
dist/telemetry/event-validator.d.ts.map+1 −1 modified@@ -1 +1 @@ -{"version":3,"file":"event-validator.d.ts","sourceRoot":"","sources":["../../src/telemetry/event-validator.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAyCtE,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;EAK/B,CAAC;AAGH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAalC,CAAC;AA0JH,qBAAa,uBAAuB;IAClC,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,mBAAmB,CAAa;IAKxC,aAAa,CAAC,KAAK,EAAE,cAAc,GAAG,cAAc,GAAG,IAAI;IAkC3D,gBAAgB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,iBAAiB,GAAG,IAAI;IAmBvE,QAAQ;;;;;;IAYR,UAAU,IAAI,IAAI;CAInB"} \ No newline at end of file +{"version":3,"file":"event-validator.d.ts","sourceRoot":"","sources":["../../src/telemetry/event-validator.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAyCtE,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;EAK/B,CAAC;AA6BH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAalC,CAAC;AA0JH,qBAAa,uBAAuB;IAClC,OAAO,CAAC,gBAAgB,CAAa;IACrC,OAAO,CAAC,mBAAmB,CAAa;IAKxC,aAAa,CAAC,KAAK,EAAE,cAAc,GAAG,cAAc,GAAG,IAAI;IAkC3D,gBAAgB,CAAC,QAAQ,EAAE,iBAAiB,GAAG,iBAAiB,GAAG,IAAI;IAmBvE,QAAQ;;;;;;IAYR,UAAU,IAAI,IAAI;CAInB"} \ No newline at end of file
dist/telemetry/event-validator.js+20 −1 modified@@ -36,6 +36,25 @@ exports.telemetryEventSchema = zod_1.z.object({ properties: eventPropertiesSchema, created_at: zod_1.z.string().datetime().optional() }); +const sanitizedNodeSchema = zod_1.z.object({ + id: zod_1.z.string(), + name: zod_1.z.string(), + type: zod_1.z.string(), + typeVersion: zod_1.z.number(), + position: zod_1.z.tuple([zod_1.z.number(), zod_1.z.number()]), + parameters: zod_1.z.record(zod_1.z.string(), zod_1.z.unknown()), + disabled: zod_1.z.boolean().optional(), + notes: zod_1.z.string().optional(), + notesInFlow: zod_1.z.boolean().optional(), + continueOnFail: zod_1.z.boolean().optional(), + retryOnFail: zod_1.z.boolean().optional(), + maxTries: zod_1.z.number().optional(), + waitBetweenTries: zod_1.z.number().optional(), + alwaysOutputData: zod_1.z.boolean().optional(), + executeOnce: zod_1.z.boolean().optional(), + onError: zod_1.z.enum(['continueRegularOutput', 'continueErrorOutput', 'stopWorkflow']).optional(), + webhookId: zod_1.z.string().optional(), +}).strict(); exports.workflowTelemetrySchema = zod_1.z.object({ user_id: zod_1.z.string().min(1).max(64), workflow_hash: zod_1.z.string().min(1).max(64), @@ -45,7 +64,7 @@ exports.workflowTelemetrySchema = zod_1.z.object({ has_webhook: zod_1.z.boolean(), complexity: zod_1.z.enum(['simple', 'medium', 'complex']), sanitized_workflow: zod_1.z.object({ - nodes: zod_1.z.array(zod_1.z.any()).max(1000), + nodes: zod_1.z.array(sanitizedNodeSchema).max(1000), connections: zod_1.z.record(zod_1.z.any()) }), created_at: zod_1.z.string().datetime().optional()
dist/telemetry/event-validator.js.map+1 −1 modified@@ -1 +1 @@ -{"version":3,"file":"event-validator.js","sourceRoot":"","sources":["../../src/telemetry/event-validator.ts"],"names":[],"mappings":";;;AAKA,6BAAwB;AAExB,4CAAyC;AAGzC,MAAM,eAAe,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;IAEjD,IAAI,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;IAE5D,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;IAE9D,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,iDAAiD,EAAE,SAAS,CAAC,CAAC;IAC5F,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC,CAAC;AAGH,MAAM,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;IAClE,MAAM,SAAS,GAAwB,EAAE,CAAC;IAE1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAE/C,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,SAAS;QACX,CAAC;QAGD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,SAAS,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAChD,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;YACnE,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACzB,CAAC;aAAM,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACjD,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACxB,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAErC,SAAS,CAAC,GAAG,CAAC,GAAG,oBAAoB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC,CAAC;AAGU,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAClC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC;IAC3D,UAAU,EAAE,qBAAqB;IACjC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAGU,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAClC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IACxC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IAC7C,UAAU,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACxC,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE;IACxB,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE;IACxB,UAAU,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACnD,kBAAkB,EAAE,OAAC,CAAC,MAAM,CAAC;QAC3B,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;QACjC,WAAW,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,GAAG,EAAE,CAAC;KAC/B,CAAC;IACF,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAGH,MAAM,yBAAyB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IACzB,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC;CACzC,CAAC,CAAC;AAEH,MAAM,2BAA2B,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;QAEzC,IAAI,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;QAC5D,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;QAC9D,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,iDAAiD,EAAE,SAAS,CAAC,CAAC;QAC5F,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;IACF,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAC9B,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE;IACvB,aAAa,EAAE,OAAC,CAAC,OAAO,EAAE;CAC3B,CAAC,CAAC;AAEH,MAAM,iCAAiC,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IAC7B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IAC9B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IACjC,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH,MAAM,iCAAiC,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IAC9B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC;IACxC,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE;IACnB,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE;IACvB,QAAQ,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC;AAGH,MAAM,4BAA4B,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IAC/B,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IACjC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IAC9B,iBAAiB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAC9C,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IACvD,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;IAC9C,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAC5B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IACxB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAC/B,QAAQ,EAAE,OAAC,CAAC,OAAO,EAAE;CACtB,CAAC,CAAC;AAGH,MAAM,gCAAgC,GAAG,OAAC,CAAC,MAAM,CAAC;IAChD,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;CAC5B,CAAC,CAAC;AAGH,MAAM,aAAa,GAAqC;IACtD,WAAW,EAAE,yBAAyB;IACtC,cAAc,EAAE,2BAA2B;IAC3C,oBAAoB,EAAE,iCAAiC;IACvD,oBAAoB,EAAE,iCAAiC;IACvD,eAAe,EAAE,4BAA4B;IAC7C,mBAAmB,EAAE,gCAAgC;CACtD,CAAC;AAMF,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,iBAAiB,GAAG;QAExB,UAAU,EAAE,QAAQ,EAAE,KAAK;QAC3B,OAAO,EAAE,KAAK,EAAE,QAAQ;QACxB,QAAQ,EAAE,SAAS,EAAE,SAAS;QAC9B,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,MAAM,EAAE,MAAM;QAG5B,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU;QAC5C,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM;QAGtC,OAAO,EAAE,SAAS,EAAE,UAAU;QAC9B,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,cAAc;QACzD,cAAc,EAAE,cAAc,EAAE,aAAa;QAC7C,eAAe,EAAE,eAAe,EAAE,cAAc;KACjD,CAAC;IAEF,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAGnC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAGD,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;QAEnD,MAAM,WAAW,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC;QAC7G,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAGD,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAEtC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,aAAa,OAAO,YAAY,EAAE,GAAG,CAAC,CAAC;QAChE,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;AACL,CAAC;AAKD,SAAS,oBAAoB,CAAC,GAAQ,EAAE,QAAgB;IACtD,IAAI,QAAQ,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACrD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CACjC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,oBAAoB,CAAC,IAAI,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAC3E,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAwB,EAAE,CAAC;IAC1C,IAAI,QAAQ,GAAG,CAAC,CAAC;IAEjB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC;YACrB,SAAS,CAAC,KAAK,CAAC,GAAG,WAAW,CAAC;YAC/B,MAAM;QACR,CAAC;QAED,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,SAAS;QACX,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,SAAS,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAChD,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACvD,SAAS,CAAC,GAAG,CAAC,GAAG,oBAAoB,CAAC,KAAK,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAC;QAC7D,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAa,uBAAuB;IAApC;QACU,qBAAgB,GAAW,CAAC,CAAC;QAC7B,wBAAmB,GAAW,CAAC,CAAC;IA0E1C,CAAC;IArEC,aAAa,CAAC,KAAqB;QACjC,IAAI,CAAC;YAEH,MAAM,cAAc,GAAG,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAElD,IAAI,cAAc,EAAE,CAAC;gBAEnB,MAAM,mBAAmB,GAAG,cAAc,CAAC,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBACvE,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,CAAC;oBACjC,eAAM,CAAC,KAAK,CAAC,+BAA+B,KAAK,CAAC,KAAK,GAAG,EAAE,mBAAmB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBAC9F,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,KAAK,CAAC,UAAU,GAAG,mBAAmB,CAAC,IAAI,CAAC;YAC9C,CAAC;YAGD,MAAM,SAAS,GAAG,4BAAoB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACpD,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,OAAC,CAAC,QAAQ,EAAE,CAAC;gBAChC,eAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YACxD,CAAC;iBAAM,CAAC;gBACN,eAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;YACtD,CAAC;YACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAKD,gBAAgB,CAAC,QAA2B;QAC1C,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,+BAAuB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,OAAC,CAAC,QAAQ,EAAE,CAAC;gBAChC,eAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YAC3D,CAAC;iBAAM,CAAC;gBACN,eAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;YAC/D,CAAC;YACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAKD,QAAQ;QACN,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,gBAAgB;YAC7B,SAAS,EAAE,IAAI,CAAC,mBAAmB;YACnC,KAAK,EAAE,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,mBAAmB;YACvD,SAAS,EAAE,IAAI,CAAC,gBAAgB,GAAG,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;SAC3F,CAAC;IACJ,CAAC;IAKD,UAAU;QACR,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC;QAC1B,IAAI,CAAC,mBAAmB,GAAG,CAAC,CAAC;IAC/B,CAAC;CACF;AA5ED,0DA4EC"} \ No newline at end of file +{"version":3,"file":"event-validator.js","sourceRoot":"","sources":["../../src/telemetry/event-validator.ts"],"names":[],"mappings":";;;AAKA,6BAAwB;AAExB,4CAAyC;AAGzC,MAAM,eAAe,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;IAEjD,IAAI,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;IAE5D,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;IAE9D,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,iDAAiD,EAAE,SAAS,CAAC,CAAC;IAC5F,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC,CAAC;AAGH,MAAM,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;IAClE,MAAM,SAAS,GAAwB,EAAE,CAAC;IAE1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAE/C,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,SAAS;QACX,CAAC;QAGD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,SAAS,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAChD,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,SAAS,EAAE,CAAC;YACnE,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACzB,CAAC;aAAM,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACjD,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACxB,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAErC,SAAS,CAAC,GAAG,CAAC,GAAG,oBAAoB,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC,CAAC,CAAC;AAGU,QAAA,oBAAoB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAClC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC;IAC3D,UAAU,EAAE,qBAAqB;IACjC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAQH,MAAM,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IACnC,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;IAChB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;IAChB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3C,UAAU,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC;IAC7C,QAAQ,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAChC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACtC,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,gBAAgB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACxC,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,OAAO,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,uBAAuB,EAAE,qBAAqB,EAAE,cAAc,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC5F,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC,MAAM,EAAE,CAAC;AAGC,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAClC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IACxC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IAC7C,UAAU,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACxC,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE;IACxB,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE;IACxB,UAAU,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC;IACnD,kBAAkB,EAAE,OAAC,CAAC,MAAM,CAAC;QAC3B,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;QAC7C,WAAW,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,GAAG,EAAE,CAAC;KAC/B,CAAC;IACF,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CAC7C,CAAC,CAAC;AAGH,MAAM,yBAAyB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IACzB,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC;CACzC,CAAC,CAAC;AAEH,MAAM,2BAA2B,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;QAEzC,IAAI,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;QAC5D,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC;QAC9D,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,iDAAiD,EAAE,SAAS,CAAC,CAAC;QAC5F,OAAO,SAAS,CAAC;IACnB,CAAC,CAAC;IACF,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAC9B,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE;IACvB,aAAa,EAAE,OAAC,CAAC,OAAO,EAAE;CAC3B,CAAC,CAAC;AAEH,MAAM,iCAAiC,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IAC7B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IAC9B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IACjC,OAAO,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH,MAAM,iCAAiC,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IAC9B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC;IACxC,MAAM,EAAE,OAAC,CAAC,OAAO,EAAE;IACnB,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE;IACvB,QAAQ,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;CACvC,CAAC,CAAC;AAGH,MAAM,4BAA4B,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IAC/B,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IACjC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;IAC9B,iBAAiB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAC9C,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IACvD,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;IAC9C,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAC5B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IACxB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;IAC/B,QAAQ,EAAE,OAAC,CAAC,OAAO,EAAE;CACtB,CAAC,CAAC;AAGH,MAAM,gCAAgC,GAAG,OAAC,CAAC,MAAM,CAAC;IAChD,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;CAC5B,CAAC,CAAC;AAGH,MAAM,aAAa,GAAqC;IACtD,WAAW,EAAE,yBAAyB;IACtC,cAAc,EAAE,2BAA2B;IAC3C,oBAAoB,EAAE,iCAAiC;IACvD,oBAAoB,EAAE,iCAAiC;IACvD,eAAe,EAAE,4BAA4B;IAC7C,mBAAmB,EAAE,gCAAgC;CACtD,CAAC;AAMF,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,iBAAiB,GAAG;QAExB,UAAU,EAAE,QAAQ,EAAE,KAAK;QAC3B,OAAO,EAAE,KAAK,EAAE,QAAQ;QACxB,QAAQ,EAAE,SAAS,EAAE,SAAS;QAC9B,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,MAAM,EAAE,MAAM;QAG5B,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU;QAC5C,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM;QAGtC,OAAO,EAAE,SAAS,EAAE,UAAU;QAC9B,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,cAAc;QACzD,cAAc,EAAE,cAAc,EAAE,aAAa;QAC7C,eAAe,EAAE,eAAe,EAAE,cAAc;KACjD,CAAC;IAEF,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAGnC,IAAI,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC;IACd,CAAC;IAGD,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,QAAQ,KAAK,KAAK,EAAE,CAAC;QAEnD,MAAM,WAAW,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,CAAC;QAC7G,IAAI,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAC5D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAGD,OAAO,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE;QAEtC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,aAAa,OAAO,YAAY,EAAE,GAAG,CAAC,CAAC;QAChE,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;AACL,CAAC;AAKD,SAAS,oBAAoB,CAAC,GAAQ,EAAE,QAAgB;IACtD,IAAI,QAAQ,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACrD,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CACjC,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,oBAAoB,CAAC,IAAI,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAC3E,CAAC;IACJ,CAAC;IAED,MAAM,SAAS,GAAwB,EAAE,CAAC;IAC1C,IAAI,QAAQ,GAAG,CAAC,CAAC;IAEjB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC;YACrB,SAAS,CAAC,KAAK,CAAC,GAAG,WAAW,CAAC;YAC/B,MAAM;QACR,CAAC;QAED,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,SAAS;QACX,CAAC;QAED,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,SAAS,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAChD,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;YACvD,SAAS,CAAC,GAAG,CAAC,GAAG,oBAAoB,CAAC,KAAK,EAAE,QAAQ,GAAG,CAAC,CAAC,CAAC;QAC7D,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACzB,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAa,uBAAuB;IAApC;QACU,qBAAgB,GAAW,CAAC,CAAC;QAC7B,wBAAmB,GAAW,CAAC,CAAC;IA0E1C,CAAC;IArEC,aAAa,CAAC,KAAqB;QACjC,IAAI,CAAC;YAEH,MAAM,cAAc,GAAG,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAElD,IAAI,cAAc,EAAE,CAAC;gBAEnB,MAAM,mBAAmB,GAAG,cAAc,CAAC,SAAS,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBACvE,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,CAAC;oBACjC,eAAM,CAAC,KAAK,CAAC,+BAA+B,KAAK,CAAC,KAAK,GAAG,EAAE,mBAAmB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;oBAC9F,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACxB,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,KAAK,CAAC,UAAU,GAAG,mBAAmB,CAAC,IAAI,CAAC;YAC9C,CAAC;YAGD,MAAM,SAAS,GAAG,4BAAoB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YACpD,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,OAAC,CAAC,QAAQ,EAAE,CAAC;gBAChC,eAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YACxD,CAAC;iBAAM,CAAC;gBACN,eAAM,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;YACtD,CAAC;YACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAKD,gBAAgB,CAAC,QAA2B;QAC1C,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,+BAAuB,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,OAAC,CAAC,QAAQ,EAAE,CAAC;gBAChC,eAAM,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;YAC3D,CAAC;iBAAM,CAAC;gBACN,eAAM,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;YAC/D,CAAC;YACD,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAKD,QAAQ;QACN,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,gBAAgB;YAC7B,SAAS,EAAE,IAAI,CAAC,mBAAmB;YACnC,KAAK,EAAE,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,mBAAmB;YACvD,SAAS,EAAE,IAAI,CAAC,gBAAgB,GAAG,CAAC,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;SAC3F,CAAC;IACJ,CAAC;IAKD,UAAU;QACR,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC;QAC1B,IAAI,CAAC,mBAAmB,GAAG,CAAC,CAAC;IAC/B,CAAC;CACF;AA5ED,0DA4EC"} \ No newline at end of file
dist/telemetry/workflow-sanitizer.d.ts.map+1 −1 modified@@ -1 +1 @@ -{"version":3,"file":"workflow-sanitizer.d.ts","sourceRoot":"","sources":["../../src/telemetry/workflow-sanitizer.ts"],"names":[],"mappings":"AAOA,UAAU,YAAY;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,UAAU,EAAE,GAAG,CAAC;IAChB,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,UAAU,iBAAiB;IACzB,KAAK,EAAE,YAAY,EAAE,CAAC;IACtB,WAAW,EAAE,GAAG,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;IAC5C,YAAY,EAAE,MAAM,CAAC;CACtB;AAOD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAkExC;IAEF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAoBtC;IAKF,MAAM,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,GAAG,iBAAiB;IA0EzD,MAAM,CAAC,uBAAuB,CAAC,CAAC,GAAG,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAatD,OAAO,CAAC,MAAM,CAAC,YAAY;IAiB3B,OAAO,CAAC,MAAM,CAAC,cAAc;IAqD7B,OAAO,CAAC,MAAM,CAAC,cAAc;IAoE7B,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAU/B,OAAO,CAAC,MAAM,CAAC,mBAAmB;IAsClC,MAAM,CAAC,oBAAoB,CAAC,QAAQ,EAAE,GAAG,GAAG,MAAM;IASlD,MAAM,CAAC,mBAAmB,CAAC,QAAQ,EAAE,GAAG,GAAG,GAAG;CA4B/C"} \ No newline at end of file +{"version":3,"file":"workflow-sanitizer.d.ts","sourceRoot":"","sources":["../../src/telemetry/workflow-sanitizer.ts"],"names":[],"mappings":"AAOA,UAAU,YAAY;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC3B,UAAU,EAAE,GAAG,CAAC;IAChB,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,UAAU,iBAAiB;IACzB,KAAK,EAAE,YAAY,EAAE,CAAC;IACtB,WAAW,EAAE,GAAG,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,OAAO,CAAC;IACpB,UAAU,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC;IAC5C,YAAY,EAAE,MAAM,CAAC;CACtB;AAOD,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAkExC;IAEF,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAoBtC;IAKF,MAAM,CAAC,gBAAgB,CAAC,QAAQ,EAAE,GAAG,GAAG,iBAAiB;IA0EzD,MAAM,CAAC,uBAAuB,CAAC,CAAC,GAAG,GAAG,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC;IAatD,OAAO,CAAC,MAAM,CAAC,YAAY;IAiB3B,OAAO,CAAC,MAAM,CAAC,cAAc;IA6C7B,OAAO,CAAC,MAAM,CAAC,cAAc;IA+C7B,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAU/B,OAAO,CAAC,MAAM,CAAC,mBAAmB;IAsClC,MAAM,CAAC,oBAAoB,CAAC,QAAQ,EAAE,GAAG,GAAG,MAAM;IASlD,MAAM,CAAC,mBAAmB,CAAC,QAAQ,EAAE,GAAG,GAAG,GAAG;CA4B/C"} \ No newline at end of file
dist/telemetry/workflow-sanitizer.js+12 −37 modified@@ -55,7 +55,7 @@ class WorkflowSanitizer { return value; } if (typeof value === 'string') { - return this.sanitizeString(value, ''); + return this.sanitizeString(value); } return this.sanitizeObject(value); } @@ -76,36 +76,27 @@ class WorkflowSanitizer { } const sanitized = {}; for (const [key, value] of Object.entries(obj)) { + const lowerKey = key.toLowerCase(); const isSensitive = this.isSensitiveField(key); - const isUrlField = key.toLowerCase().includes('url') || - key.toLowerCase().includes('endpoint') || - key.toLowerCase().includes('webhook'); - if (typeof value === 'object' && value !== null) { - if (isSensitive && !isUrlField) { - sanitized[key] = '[REDACTED]'; - } - else { - sanitized[key] = this.sanitizeObject(value); - } + const isUrlField = lowerKey.includes('url') || + lowerKey.includes('endpoint') || + lowerKey.includes('webhook'); + if (isSensitive) { + sanitized[key] = isUrlField ? '[REDACTED_URL]' : '[REDACTED]'; } - else if (typeof value === 'string') { - if (isSensitive && !isUrlField) { - sanitized[key] = '[REDACTED]'; - } - else { - sanitized[key] = this.sanitizeString(value, key); - } + else if (typeof value === 'object' && value !== null) { + sanitized[key] = this.sanitizeObject(value); } - else if (isSensitive) { - sanitized[key] = '[REDACTED]'; + else if (typeof value === 'string') { + sanitized[key] = this.sanitizeString(value); } else { sanitized[key] = value; } } return sanitized; } - static sanitizeString(value, fieldName) { + static sanitizeString(value) { if (value.includes('/webhook/') || value.includes('/hook/')) { return 'https://[webhook-url]'; } @@ -135,22 +126,6 @@ class WorkflowSanitizer { } sanitized = sanitized.replace(patternDef.pattern, patternDef.placeholder); } - if (fieldName.toLowerCase().includes('url') || - fieldName.toLowerCase().includes('endpoint')) { - if (sanitized.startsWith('http://') || sanitized.startsWith('https://')) { - if (sanitized.includes('[REDACTED_URL_WITH_AUTH]')) { - return sanitized; - } - if (sanitized.includes('[REDACTED]')) { - return sanitized; - } - const urlParts = sanitized.split('/'); - if (urlParts.length > 2) { - urlParts[2] = '[domain]'; - sanitized = urlParts.join('/'); - } - } - } return sanitized; } static isSensitiveField(fieldName) {
dist/telemetry/workflow-sanitizer.js.map+1 −1 modified@@ -1 +1 @@ -{"version":3,"file":"workflow-sanitizer.js","sourceRoot":"","sources":["../../src/telemetry/workflow-sanitizer.ts"],"names":[],"mappings":";;;AAKA,mCAAoC;AA6BpC,MAAa,iBAAiB;IA8F5B,MAAM,CAAC,gBAAgB,CAAC,QAAa;QAEnC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QAGvD,IAAI,SAAS,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACtD,SAAS,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAkB,EAAE,EAAE,CAC3D,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CACxB,CAAC;QACJ,CAAC;QAGD,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC;YAC1B,SAAS,CAAC,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC1E,CAAC;QAGD,OAAO,SAAS,CAAC,QAAQ,EAAE,aAAa,CAAC;QACzC,OAAO,SAAS,CAAC,UAAU,CAAC;QAC5B,OAAO,SAAS,CAAC,OAAO,CAAC;QACzB,OAAO,SAAS,CAAC,WAAW,CAAC;QAC7B,OAAO,SAAS,CAAC,eAAe,CAAC;QACjC,OAAO,SAAS,CAAC,OAAO,CAAC;QACzB,OAAO,SAAS,CAAC,SAAS,CAAC;QAC3B,OAAO,SAAS,CAAC,SAAS,CAAC;QAG3B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAe,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1E,MAAM,eAAe,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAa,CAAC;QAE5D,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,IAAY,EAAE,EAAE,CACjD,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CACrD,CAAC;QAEF,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,IAAY,EAAE,EAAE,CACjD,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CACzB,CAAC;QAGF,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC,CAAC;QAC/C,IAAI,UAAU,GAAoC,QAAQ,CAAC;QAC3D,IAAI,SAAS,GAAG,EAAE,EAAE,CAAC;YACnB,UAAU,GAAG,SAAS,CAAC;QACzB,CAAC;aAAM,IAAI,SAAS,GAAG,EAAE,EAAE,CAAC;YAC1B,UAAU,GAAG,QAAQ,CAAC;QACxB,CAAC;QAGD,MAAM,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC;YACvC,SAAS,EAAE,eAAe,CAAC,IAAI,EAAE;YACjC,WAAW,EAAE,SAAS,CAAC,WAAW;SACnC,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC;aACtC,MAAM,CAAC,iBAAiB,CAAC;aACzB,MAAM,CAAC,KAAK,CAAC;aACb,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEpB,OAAO;YACL,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,EAAE;YAC5B,WAAW,EAAE,SAAS,CAAC,WAAW,IAAI,EAAE;YACxC,SAAS;YACT,SAAS,EAAE,eAAe;YAC1B,UAAU;YACV,UAAU;YACV,UAAU;YACV,YAAY;SACb,CAAC;IACJ,CAAC;IAOD,MAAM,CAAC,uBAAuB,CAAU,KAAU;QAChD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1C,OAAO,KAAU,CAAC;QACpB,CAAC;QACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,EAAE,CAAiB,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,CAAM,CAAC;IACzC,CAAC;IAKO,MAAM,CAAC,YAAY,CAAC,IAAkB;QAC5C,MAAM,SAAS,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QAG9B,OAAO,SAAS,CAAC,WAAW,CAAC;QAG7B,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;YACzB,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAKO,MAAM,CAAC,cAAc,CAAC,GAAQ;QACpC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO,GAAG,CAAC;QACb,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,SAAS,GAAQ,EAAE,CAAC;QAE1B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAE/C,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;YAC/C,MAAM,UAAU,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACjC,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC;gBACtC,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YAGzD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBAChD,IAAI,WAAW,IAAI,CAAC,UAAU,EAAE,CAAC;oBAE/B,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;gBAChC,CAAC;qBAAM,CAAC;oBACN,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;iBAEI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAEnC,IAAI,WAAW,IAAI,CAAC,UAAU,EAAE,CAAC;oBAC/B,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;gBAChC,CAAC;qBAAM,CAAC;oBAEN,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;gBACnD,CAAC;YACH,CAAC;iBAEI,IAAI,WAAW,EAAE,CAAC;gBACrB,SAAS,CAAC,GAAG,CAAC,GAAG,YAAY,CAAC;YAChC,CAAC;iBAEI,CAAC;gBACJ,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACzB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAKO,MAAM,CAAC,cAAc,CAAC,KAAa,EAAE,SAAiB;QAE5D,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5D,OAAO,uBAAuB,CAAC;QACjC,CAAC;QAED,IAAI,SAAS,GAAG,KAAK,CAAC;QAGtB,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAEjD,IAAI,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/C,SAAS;YACX,CAAC;YAGD,IAAI,UAAU,CAAC,WAAW,KAAK,0BAA0B,EAAE,CAAC;gBAC1D,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBAChD,IAAI,OAAO,EAAE,CAAC;oBACZ,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;wBAE5B,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;wBAC1C,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;4BACxB,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;4BAE9D,IAAI,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gCACzC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;gCAC9C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,GAAG,QAAQ,EAAE,UAAU,CAAC,WAAW,GAAG,QAAQ,CAAC,CAAC;4BACrF,CAAC;iCAAM,CAAC;gCACN,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC;4BAC/D,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,SAAS;YACX,CAAC;YAGD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC;QAC5E,CAAC;QAGD,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;YACvC,SAAS,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAEjD,IAAI,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAExE,IAAI,SAAS,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;oBACnD,OAAO,SAAS,CAAC;gBACnB,CAAC;gBAED,IAAI,SAAS,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;oBACrC,OAAO,SAAS,CAAC;gBACnB,CAAC;gBACD,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACxB,QAAQ,CAAC,CAAC,CAAC,GAAG,UAAU,CAAC;oBACzB,SAAS,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACjC,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAKO,MAAM,CAAC,gBAAgB,CAAC,SAAiB;QAC/C,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAC5C,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CACjD,CAAC;IACJ,CAAC;IAKO,MAAM,CAAC,mBAAmB,CAAC,WAAgB;QACjD,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACpD,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,MAAM,SAAS,GAAQ,EAAE,CAAC;QAE1B,KAAK,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YACpE,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;gBACpE,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;gBAEvB,KAAK,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAsB,CAAC,EAAE,CAAC;oBAC3E,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;wBAC7B,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,KAAU,EAAE,EAAE;4BACzD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gCACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,CAAC;oCAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;oCACf,IAAI,EAAE,IAAI,CAAC,IAAI;oCACf,KAAK,EAAE,IAAI,CAAC,KAAK;iCAClB,CAAC,CAAC,CAAC;4BACN,CAAC;4BACD,OAAO,KAAK,CAAC;wBACf,CAAC,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC;oBAC1C,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,MAAM,CAAC,GAAG,eAAe,CAAC;YACtC,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAKD,MAAM,CAAC,oBAAoB,CAAC,QAAa;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAClD,OAAO,SAAS,CAAC,YAAY,CAAC;IAChC,CAAC;IAMD,MAAM,CAAC,mBAAmB,CAAC,QAAa;QAEtC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QAGvD,IAAI,SAAS,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACtD,SAAS,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAkB,EAAE,EAAE,CAC3D,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CACxB,CAAC;QACJ,CAAC;QAGD,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC;YAC1B,SAAS,CAAC,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC1E,CAAC;QAGD,OAAO,SAAS,CAAC,QAAQ,EAAE,aAAa,CAAC;QACzC,OAAO,SAAS,CAAC,UAAU,CAAC;QAC5B,OAAO,SAAS,CAAC,OAAO,CAAC;QACzB,OAAO,SAAS,CAAC,WAAW,CAAC;QAC7B,OAAO,SAAS,CAAC,eAAe,CAAC;QACjC,OAAO,SAAS,CAAC,OAAO,CAAC;QACzB,OAAO,SAAS,CAAC,SAAS,CAAC;QAC3B,OAAO,SAAS,CAAC,SAAS,CAAC;QAE3B,OAAO,SAAS,CAAC;IACnB,CAAC;;AAnZH,8CAoZC;AAnZyB,oCAAkB,GAAwB;IAEhE,EAAE,OAAO,EAAE,sCAAsC,EAAE,WAAW,EAAE,oBAAoB,EAAE;IACtF,EAAE,OAAO,EAAE,mCAAmC,EAAE,WAAW,EAAE,oBAAoB,EAAE;IAKnF,EAAE,OAAO,EAAE,oEAAoE,EAAE,WAAW,EAAE,yBAAyB,EAAE;IAGzH,EAAE,OAAO,EAAE,0DAA0D,EAAE,WAAW,EAAE,yBAAyB,EAAE;IAG/G,EAAE,OAAO,EAAE,iCAAiC,EAAE,WAAW,EAAE,0BAA0B,EAAE;IACvF,EAAE,OAAO,EAAE,+BAA+B,EAAE,WAAW,EAAE,0BAA0B,EAAE;IACrF,EAAE,OAAO,EAAE,0DAA0D,EAAE,WAAW,EAAE,0BAA0B,EAAE;IAOhH,EAAE,OAAO,EAAE,2BAA2B,EAAE,WAAW,EAAE,mBAAmB,EAAE;IAG1E,EAAE,OAAO,EAAE,oEAAoE,EAAE,WAAW,EAAE,gBAAgB,EAAE;IAGhH,EAAE,OAAO,EAAE,mDAAmD,EAAE,WAAW,EAAE,yBAAyB,EAAE;IAGxG,EAAE,OAAO,EAAE,iCAAiC,EAAE,WAAW,EAAE,wBAAwB,EAAE;IACrF,EAAE,OAAO,EAAE,sCAAsC,EAAE,WAAW,EAAE,wBAAwB,EAAE;IAG1F,EAAE,OAAO,EAAE,+CAA+C,EAAE,WAAW,EAAE,uBAAuB,EAAE;IAGlG,EAAE,OAAO,EAAE,mCAAmC,EAAE,WAAW,EAAE,sBAAsB,EAAE;IACrF,EAAE,OAAO,EAAE,2BAA2B,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAG7E,EAAE,OAAO,EAAE,+BAA+B,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAGjF,EAAE,OAAO,EAAE,0BAA0B,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAC5E,EAAE,OAAO,EAAE,2BAA2B,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAC7E,EAAE,OAAO,EAAE,wBAAwB,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAC1E,EAAE,OAAO,EAAE,oCAAoC,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAGtF,EAAE,OAAO,EAAE,uBAAuB,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAGzE,EAAE,OAAO,EAAE,0BAA0B,EAAE,WAAW,EAAE,wBAAwB,EAAE;IAG9E,EAAE,OAAO,EAAE,qDAAqD,EAAE,WAAW,EAAE,kBAAkB,EAAE;IAGnG,EAAE,OAAO,EAAE,+EAA+E,EAAE,WAAW,EAAE,kBAAkB,EAAE;IAG7H,EAAE,OAAO,EAAE,qCAAqC,EAAE,WAAW,EAAE,kBAAkB,EAAE;IACnF,EAAE,OAAO,EAAE,uCAAuC,EAAE,WAAW,EAAE,YAAY,EAAE;CAChF,CAAC;AAEsB,kCAAgB,GAAG;IACzC,QAAQ;IACR,SAAS;IACT,OAAO;IACP,QAAQ;IACR,UAAU;IACV,YAAY;IACZ,MAAM;IACN,eAAe;IACf,SAAS;IACT,YAAY;IACZ,KAAK;IACL,UAAU;IACV,MAAM;IACN,QAAQ;IACR,UAAU;IACV,kBAAkB;IAClB,YAAY;IACZ,WAAW;IACX,aAAa;CACd,CAAC"} \ No newline at end of file +{"version":3,"file":"workflow-sanitizer.js","sourceRoot":"","sources":["../../src/telemetry/workflow-sanitizer.ts"],"names":[],"mappings":";;;AAKA,mCAAoC;AA6BpC,MAAa,iBAAiB;IA8F5B,MAAM,CAAC,gBAAgB,CAAC,QAAa;QAEnC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QAGvD,IAAI,SAAS,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACtD,SAAS,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAkB,EAAE,EAAE,CAC3D,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CACxB,CAAC;QACJ,CAAC;QAGD,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC;YAC1B,SAAS,CAAC,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC1E,CAAC;QAGD,OAAO,SAAS,CAAC,QAAQ,EAAE,aAAa,CAAC;QACzC,OAAO,SAAS,CAAC,UAAU,CAAC;QAC5B,OAAO,SAAS,CAAC,OAAO,CAAC;QACzB,OAAO,SAAS,CAAC,WAAW,CAAC;QAC7B,OAAO,SAAS,CAAC,eAAe,CAAC;QACjC,OAAO,SAAS,CAAC,OAAO,CAAC;QACzB,OAAO,SAAS,CAAC,SAAS,CAAC;QAC3B,OAAO,SAAS,CAAC,SAAS,CAAC;QAG3B,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAe,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1E,MAAM,eAAe,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAa,CAAC;QAE5D,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,IAAY,EAAE,EAAE,CACjD,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CACrD,CAAC;QAEF,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,IAAY,EAAE,EAAE,CACjD,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CACzB,CAAC;QAGF,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,EAAE,MAAM,IAAI,CAAC,CAAC;QAC/C,IAAI,UAAU,GAAoC,QAAQ,CAAC;QAC3D,IAAI,SAAS,GAAG,EAAE,EAAE,CAAC;YACnB,UAAU,GAAG,SAAS,CAAC;QACzB,CAAC;aAAM,IAAI,SAAS,GAAG,EAAE,EAAE,CAAC;YAC1B,UAAU,GAAG,QAAQ,CAAC;QACxB,CAAC;QAGD,MAAM,iBAAiB,GAAG,IAAI,CAAC,SAAS,CAAC;YACvC,SAAS,EAAE,eAAe,CAAC,IAAI,EAAE;YACjC,WAAW,EAAE,SAAS,CAAC,WAAW;SACnC,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC;aACtC,MAAM,CAAC,iBAAiB,CAAC;aACzB,MAAM,CAAC,KAAK,CAAC;aACb,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAEpB,OAAO;YACL,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,EAAE;YAC5B,WAAW,EAAE,SAAS,CAAC,WAAW,IAAI,EAAE;YACxC,SAAS;YACT,SAAS,EAAE,eAAe;YAC1B,UAAU;YACV,UAAU;YACV,UAAU;YACV,YAAY;SACb,CAAC;IACJ,CAAC;IAOD,MAAM,CAAC,uBAAuB,CAAU,KAAU;QAChD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YAC1C,OAAO,KAAU,CAAC;QACpB,CAAC;QACD,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,CAAiB,CAAC;QACpD,CAAC;QACD,OAAO,IAAI,CAAC,cAAc,CAAC,KAAK,CAAM,CAAC;IACzC,CAAC;IAKO,MAAM,CAAC,YAAY,CAAC,IAAkB;QAC5C,MAAM,SAAS,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;QAG9B,OAAO,SAAS,CAAC,WAAW,CAAC;QAG7B,IAAI,SAAS,CAAC,UAAU,EAAE,CAAC;YACzB,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACnE,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAKO,MAAM,CAAC,cAAc,CAAC,GAAQ;QACpC,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO,GAAG,CAAC;QACb,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC;QACpD,CAAC;QAED,MAAM,SAAS,GAAQ,EAAE,CAAC;QAE1B,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/C,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YACnC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;YAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACxB,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC;gBAC7B,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;YAMhD,IAAI,WAAW,EAAE,CAAC;gBAChB,SAAS,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,YAAY,CAAC;YAChE,CAAC;iBAEI,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,EAAE,CAAC;gBACrD,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAC9C,CAAC;iBAEI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACnC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;YAC9C,CAAC;iBAEI,CAAC;gBACJ,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACzB,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAKO,MAAM,CAAC,cAAc,CAAC,KAAa;QAEzC,IAAI,KAAK,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5D,OAAO,uBAAuB,CAAC;QACjC,CAAC;QAED,IAAI,SAAS,GAAG,KAAK,CAAC;QAGtB,KAAK,MAAM,UAAU,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAEjD,IAAI,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC/C,SAAS;YACX,CAAC;YAGD,IAAI,UAAU,CAAC,WAAW,KAAK,0BAA0B,EAAE,CAAC;gBAC1D,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBAChD,IAAI,OAAO,EAAE,CAAC;oBACZ,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;wBAE5B,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;wBAC1C,IAAI,YAAY,KAAK,CAAC,CAAC,EAAE,CAAC;4BACxB,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,YAAY,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;4BAE9D,IAAI,QAAQ,IAAI,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gCACzC,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;gCAC9C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,GAAG,QAAQ,EAAE,UAAU,CAAC,WAAW,GAAG,QAAQ,CAAC,CAAC;4BACrF,CAAC;iCAAM,CAAC;gCACN,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC;4BAC/D,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,SAAS;YACX,CAAC;YAGD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC;QAC5E,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAKO,MAAM,CAAC,gBAAgB,CAAC,SAAiB;QAC/C,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAC5C,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,CAAC,CACjD,CAAC;IACJ,CAAC;IAKO,MAAM,CAAC,mBAAmB,CAAC,WAAgB;QACjD,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACpD,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,MAAM,SAAS,GAAQ,EAAE,CAAC;QAE1B,KAAK,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;YACpE,IAAI,OAAO,eAAe,KAAK,QAAQ,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;gBACpE,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;gBAEvB,KAAK,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,eAAsB,CAAC,EAAE,CAAC;oBAC3E,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;wBAC7B,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,KAAU,EAAE,EAAE;4BACzD,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gCACzB,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE,CAAC,CAAC;oCAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;oCACf,IAAI,EAAE,IAAI,CAAC,IAAI;oCACf,KAAK,EAAE,IAAI,CAAC,KAAK;iCAClB,CAAC,CAAC,CAAC;4BACN,CAAC;4BACD,OAAO,KAAK,CAAC;wBACf,CAAC,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC;oBAC1C,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,SAAS,CAAC,MAAM,CAAC,GAAG,eAAe,CAAC;YACtC,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAKD,MAAM,CAAC,oBAAoB,CAAC,QAAa;QACvC,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAClD,OAAO,SAAS,CAAC,YAAY,CAAC;IAChC,CAAC;IAMD,MAAM,CAAC,mBAAmB,CAAC,QAAa;QAEtC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QAGvD,IAAI,SAAS,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;YACtD,SAAS,CAAC,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAkB,EAAE,EAAE,CAC3D,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,CACxB,CAAC;QACJ,CAAC;QAGD,IAAI,SAAS,CAAC,WAAW,EAAE,CAAC;YAC1B,SAAS,CAAC,WAAW,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC1E,CAAC;QAGD,OAAO,SAAS,CAAC,QAAQ,EAAE,aAAa,CAAC;QACzC,OAAO,SAAS,CAAC,UAAU,CAAC;QAC5B,OAAO,SAAS,CAAC,OAAO,CAAC;QACzB,OAAO,SAAS,CAAC,WAAW,CAAC;QAC7B,OAAO,SAAS,CAAC,eAAe,CAAC;QACjC,OAAO,SAAS,CAAC,OAAO,CAAC;QACzB,OAAO,SAAS,CAAC,SAAS,CAAC;QAC3B,OAAO,SAAS,CAAC,SAAS,CAAC;QAE3B,OAAO,SAAS,CAAC;IACnB,CAAC;;AAtXH,8CAuXC;AAtXyB,oCAAkB,GAAwB;IAEhE,EAAE,OAAO,EAAE,sCAAsC,EAAE,WAAW,EAAE,oBAAoB,EAAE;IACtF,EAAE,OAAO,EAAE,mCAAmC,EAAE,WAAW,EAAE,oBAAoB,EAAE;IAKnF,EAAE,OAAO,EAAE,oEAAoE,EAAE,WAAW,EAAE,yBAAyB,EAAE;IAGzH,EAAE,OAAO,EAAE,0DAA0D,EAAE,WAAW,EAAE,yBAAyB,EAAE;IAG/G,EAAE,OAAO,EAAE,iCAAiC,EAAE,WAAW,EAAE,0BAA0B,EAAE;IACvF,EAAE,OAAO,EAAE,+BAA+B,EAAE,WAAW,EAAE,0BAA0B,EAAE;IACrF,EAAE,OAAO,EAAE,0DAA0D,EAAE,WAAW,EAAE,0BAA0B,EAAE;IAOhH,EAAE,OAAO,EAAE,2BAA2B,EAAE,WAAW,EAAE,mBAAmB,EAAE;IAG1E,EAAE,OAAO,EAAE,oEAAoE,EAAE,WAAW,EAAE,gBAAgB,EAAE;IAGhH,EAAE,OAAO,EAAE,mDAAmD,EAAE,WAAW,EAAE,yBAAyB,EAAE;IAGxG,EAAE,OAAO,EAAE,iCAAiC,EAAE,WAAW,EAAE,wBAAwB,EAAE;IACrF,EAAE,OAAO,EAAE,sCAAsC,EAAE,WAAW,EAAE,wBAAwB,EAAE;IAG1F,EAAE,OAAO,EAAE,+CAA+C,EAAE,WAAW,EAAE,uBAAuB,EAAE;IAGlG,EAAE,OAAO,EAAE,mCAAmC,EAAE,WAAW,EAAE,sBAAsB,EAAE;IACrF,EAAE,OAAO,EAAE,2BAA2B,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAG7E,EAAE,OAAO,EAAE,+BAA+B,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAGjF,EAAE,OAAO,EAAE,0BAA0B,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAC5E,EAAE,OAAO,EAAE,2BAA2B,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAC7E,EAAE,OAAO,EAAE,wBAAwB,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAC1E,EAAE,OAAO,EAAE,oCAAoC,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAGtF,EAAE,OAAO,EAAE,uBAAuB,EAAE,WAAW,EAAE,sBAAsB,EAAE;IAGzE,EAAE,OAAO,EAAE,0BAA0B,EAAE,WAAW,EAAE,wBAAwB,EAAE;IAG9E,EAAE,OAAO,EAAE,qDAAqD,EAAE,WAAW,EAAE,kBAAkB,EAAE;IAGnG,EAAE,OAAO,EAAE,+EAA+E,EAAE,WAAW,EAAE,kBAAkB,EAAE;IAG7H,EAAE,OAAO,EAAE,qCAAqC,EAAE,WAAW,EAAE,kBAAkB,EAAE;IACnF,EAAE,OAAO,EAAE,uCAAuC,EAAE,WAAW,EAAE,YAAY,EAAE;CAChF,CAAC;AAEsB,kCAAgB,GAAG;IACzC,QAAQ;IACR,SAAS;IACT,OAAO;IACP,QAAQ;IACR,UAAU;IACV,YAAY;IACZ,MAAM;IACN,eAAe;IACf,SAAS;IACT,YAAY;IACZ,KAAK;IACL,UAAU;IACV,MAAM;IACN,QAAQ;IACR,UAAU;IACV,kBAAkB;IAClB,YAAY;IACZ,WAAW;IACX,aAAa;CACd,CAAC"} \ No newline at end of file
package.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "n8n-mcp", - "version": "2.51.2", + "version": "2.51.3", "description": "Integration between n8n workflow automation and Model Context Protocol (MCP)", "main": "dist/index.js", "types": "dist/index.d.ts",
package-lock.json+2 −2 modified@@ -1,12 +1,12 @@ { "name": "n8n-mcp", - "version": "2.51.2", + "version": "2.51.3", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "n8n-mcp", - "version": "2.51.2", + "version": "2.51.3", "license": "MIT", "dependencies": { "@modelcontextprotocol/sdk": "1.28.0",
package.runtime.json+1 −1 modified@@ -1,6 +1,6 @@ { "name": "n8n-mcp-runtime", - "version": "2.51.1", + "version": "2.51.3", "description": "n8n MCP Server Runtime Dependencies Only", "private": true, "dependencies": {
src/telemetry/event-validator.ts+32 −1 modified@@ -52,6 +52,37 @@ export const telemetryEventSchema = z.object({ created_at: z.string().datetime().optional() }); +// SECURITY (GHSA-f3rg-xqjj-cj9w): strict allow-list for sanitized workflow +// nodes so the validator rejects payloads whose node-level fields drift from +// the sanitizer's output. Maintained independently from `workflowNodeSchema` +// in `src/services/n8n-validation.ts` — derivation via `.omit().extend()` +// would silently widen this allow-list every time the general schema gains a +// field, defeating the purpose of `.strict()`. Differences vs. that schema: +// omits `credentials` (deleted by `WorkflowSanitizer.sanitizeNode`), adds +// `onError` and `webhookId` (legitimate post-sanitization node fields not +// yet covered by `workflowNodeSchema`), and applies `.strict()` so an unknown +// node-level key surfaces as a validation failure rather than silently +// propagating to Supabase. +const sanitizedNodeSchema = z.object({ + id: z.string(), + name: z.string(), + type: z.string(), + typeVersion: z.number(), + position: z.tuple([z.number(), z.number()]), + parameters: z.record(z.string(), z.unknown()), + disabled: z.boolean().optional(), + notes: z.string().optional(), + notesInFlow: z.boolean().optional(), + continueOnFail: z.boolean().optional(), + retryOnFail: z.boolean().optional(), + maxTries: z.number().optional(), + waitBetweenTries: z.number().optional(), + alwaysOutputData: z.boolean().optional(), + executeOnce: z.boolean().optional(), + onError: z.enum(['continueRegularOutput', 'continueErrorOutput', 'stopWorkflow']).optional(), + webhookId: z.string().optional(), +}).strict(); + // Schema for workflow telemetry export const workflowTelemetrySchema = z.object({ user_id: z.string().min(1).max(64), @@ -62,7 +93,7 @@ export const workflowTelemetrySchema = z.object({ has_webhook: z.boolean(), complexity: z.enum(['simple', 'medium', 'complex']), sanitized_workflow: z.object({ - nodes: z.array(z.any()).max(1000), + nodes: z.array(sanitizedNodeSchema).max(1000), connections: z.record(z.any()) }), created_at: z.string().datetime().optional()
src/telemetry/workflow-sanitizer.ts+19 −48 modified@@ -205,7 +205,7 @@ export class WorkflowSanitizer { return value as T; } if (typeof value === 'string') { - return this.sanitizeString(value, '') as unknown as T; + return this.sanitizeString(value) as unknown as T; } return this.sanitizeObject(value) as T; } @@ -242,34 +242,26 @@ export class WorkflowSanitizer { const sanitized: any = {}; for (const [key, value] of Object.entries(obj)) { - // Check if field name is sensitive + const lowerKey = key.toLowerCase(); const isSensitive = this.isSensitiveField(key); - const isUrlField = key.toLowerCase().includes('url') || - key.toLowerCase().includes('endpoint') || - key.toLowerCase().includes('webhook'); - - // Recursively sanitize nested objects (unless it's a sensitive non-URL field) - if (typeof value === 'object' && value !== null) { - if (isSensitive && !isUrlField) { - // For sensitive object fields (like 'authentication'), redact completely - sanitized[key] = '[REDACTED]'; - } else { - sanitized[key] = this.sanitizeObject(value); - } + const isUrlField = lowerKey.includes('url') || + lowerKey.includes('endpoint') || + lowerKey.includes('webhook'); + + // SECURITY (GHSA-f3rg-xqjj-cj9w): URL-like fields (url, endpoint, webhook) + // are fully redacted rather than partially sanitized, because preserving + // the path or query string leaks customer IDs, tenant identifiers, signed + // request parameters, and tokens shorter than the generic-token threshold. + if (isSensitive) { + sanitized[key] = isUrlField ? '[REDACTED_URL]' : '[REDACTED]'; } - // Sanitize string values - else if (typeof value === 'string') { - // For sensitive fields (except URL fields), use generic redaction - if (isSensitive && !isUrlField) { - sanitized[key] = '[REDACTED]'; - } else { - // For URL fields or non-sensitive fields, use pattern-specific sanitization - sanitized[key] = this.sanitizeString(value, key); - } + // Recursively sanitize non-sensitive nested objects + else if (typeof value === 'object' && value !== null) { + sanitized[key] = this.sanitizeObject(value); } - // For non-string sensitive fields, redact completely - else if (isSensitive) { - sanitized[key] = '[REDACTED]'; + // Pattern-sanitize non-sensitive strings + else if (typeof value === 'string') { + sanitized[key] = this.sanitizeString(value); } // Keep other types as-is else { @@ -283,7 +275,7 @@ export class WorkflowSanitizer { /** * Sanitize string values */ - private static sanitizeString(value: string, fieldName: string): string { + private static sanitizeString(value: string): string { // First check if this is a webhook URL if (value.includes('/webhook/') || value.includes('/hook/')) { return 'https://[webhook-url]'; @@ -324,27 +316,6 @@ export class WorkflowSanitizer { sanitized = sanitized.replace(patternDef.pattern, patternDef.placeholder); } - // Additional sanitization for specific field types - if (fieldName.toLowerCase().includes('url') || - fieldName.toLowerCase().includes('endpoint')) { - // Keep URL structure but remove domain details - if (sanitized.startsWith('http://') || sanitized.startsWith('https://')) { - // If value has been redacted with URL_WITH_AUTH, preserve it - if (sanitized.includes('[REDACTED_URL_WITH_AUTH]')) { - return sanitized; // Already properly sanitized with path preserved - } - // If value has other redactions, leave it as is - if (sanitized.includes('[REDACTED]')) { - return sanitized; - } - const urlParts = sanitized.split('/'); - if (urlParts.length > 2) { - urlParts[2] = '[domain]'; - sanitized = urlParts.join('/'); - } - } - } - return sanitized; }
tests/unit/telemetry/event-validator.test.ts+119 −0 added@@ -0,0 +1,119 @@ +import { describe, it, expect } from 'vitest'; +import { TelemetryEventValidator } from '../../../src/telemetry/event-validator'; +import type { WorkflowTelemetry } from '../../../src/telemetry/telemetry-types'; + +function makeWorkflowTelemetry(overrides: Partial<WorkflowTelemetry> = {}): WorkflowTelemetry { + return { + user_id: 'u'.repeat(32), + workflow_hash: 'w'.repeat(16), + node_count: 1, + node_types: ['n8n-nodes-base.httpRequest'], + has_trigger: false, + has_webhook: false, + complexity: 'simple', + sanitized_workflow: { + nodes: [ + { + id: '1', + name: 'HTTP', + type: 'n8n-nodes-base.httpRequest', + typeVersion: 4, + position: [0, 0], + parameters: { url: '[REDACTED_URL]', method: 'GET' }, + }, + ], + connections: {}, + }, + ...overrides, + }; +} + +describe('TelemetryEventValidator.validateWorkflow', () => { + it('accepts a well-formed sanitized workflow', () => { + const v = new TelemetryEventValidator(); + expect(v.validateWorkflow(makeWorkflowTelemetry())).not.toBeNull(); + }); + + it('GHSA-f3rg-xqjj-cj9w: rejects a node missing required fields', () => { + const v = new TelemetryEventValidator(); + const bad = makeWorkflowTelemetry({ + sanitized_workflow: { + nodes: [{ name: 'HTTP', type: 'x', typeVersion: 1, position: [0, 0], parameters: {} }], + connections: {}, + }, + }); + expect(v.validateWorkflow(bad)).toBeNull(); + }); + + it('GHSA-f3rg-xqjj-cj9w: rejects unknown top-level node keys (.strict)', () => { + const v = new TelemetryEventValidator(); + const bad = makeWorkflowTelemetry({ + sanitized_workflow: { + nodes: [ + { + id: '1', + name: 'HTTP', + type: 'n8n-nodes-base.httpRequest', + typeVersion: 4, + position: [0, 0], + parameters: {}, + // An unknown sibling field that bypasses sanitization would silently + // leak under the old z.array(z.any()) schema; .strict() catches it. + rawWorkflow: { url: 'https://leaked.example.com/v1/customer/123' }, + }, + ], + connections: {}, + }, + }); + expect(v.validateWorkflow(bad)).toBeNull(); + }); + + it('accepts the full set of optional n8n node fields', () => { + const v = new TelemetryEventValidator(); + const ok = makeWorkflowTelemetry({ + sanitized_workflow: { + nodes: [ + { + id: '1', + name: 'HTTP', + type: 'n8n-nodes-base.httpRequest', + typeVersion: 4, + position: [0, 0], + parameters: {}, + disabled: false, + notes: 'sanitized notes', + notesInFlow: true, + continueOnFail: false, + retryOnFail: true, + maxTries: 3, + waitBetweenTries: 1000, + alwaysOutputData: false, + executeOnce: false, + onError: 'continueRegularOutput', + webhookId: 'wh-1', + }, + ], + connections: {}, + }, + }); + expect(v.validateWorkflow(ok)).not.toBeNull(); + }); + + it('rejects workflows exceeding the 1000-node cap', () => { + const v = new TelemetryEventValidator(); + const oversized = makeWorkflowTelemetry({ + sanitized_workflow: { + nodes: Array.from({ length: 1001 }, (_, i) => ({ + id: String(i), + name: `N${i}`, + type: 'n8n-nodes-base.set', + typeVersion: 1, + position: [0, 0] as [number, number], + parameters: {}, + })), + connections: {}, + }, + }); + expect(v.validateWorkflow(oversized)).toBeNull(); + }); +});
tests/unit/telemetry/telemetry-events.test.ts+3 −3 modified@@ -107,9 +107,9 @@ describe('TelemetryEventTracker', () => { describe('trackWorkflowCreation()', () => { const mockWorkflow = { nodes: [ - { id: '1', type: 'webhook', name: 'Webhook', position: [0, 0] as [number, number], parameters: {} }, - { id: '2', type: 'httpRequest', name: 'HTTP Request', position: [100, 0] as [number, number], parameters: {} }, - { id: '3', type: 'set', name: 'Set', position: [200, 0] as [number, number], parameters: {} } + { id: '1', type: 'webhook', name: 'Webhook', typeVersion: 1, position: [0, 0] as [number, number], parameters: {} }, + { id: '2', type: 'httpRequest', name: 'HTTP Request', typeVersion: 1, position: [100, 0] as [number, number], parameters: {} }, + { id: '3', type: 'set', name: 'Set', typeVersion: 1, position: [200, 0] as [number, number], parameters: {} } ], connections: { '1': { main: [[{ node: '2', type: 'main', index: 0 }]] }
tests/unit/telemetry/workflow-sanitizer.test.ts+120 −10 modified@@ -29,7 +29,11 @@ describe('WorkflowSanitizer', () => { expect(sanitized.nodes[0].parameters.headers.Authorization).toBe('[REDACTED]'); }); - it('should sanitize webhook URLs but keep structure', () => { + it('should redact webhook URL fields and keep other fields', () => { + // Post-GHSA-f3rg-xqjj-cj9w: URL-named fields are fully redacted regardless + // of value, so we no longer try to preserve the `https://[webhook-url]` + // shape. The webhook short-circuit in sanitizeString still applies to + // non-URL-named fields whose value embeds a /webhook/ URL (see below). const workflow = { nodes: [ { @@ -49,11 +53,30 @@ describe('WorkflowSanitizer', () => { const sanitized = WorkflowSanitizer.sanitizeWorkflow(workflow); - expect(sanitized.nodes[0].parameters.webhookUrl).toBe('https://[webhook-url]'); + expect(sanitized.nodes[0].parameters.webhookUrl).toBe('[REDACTED_URL]'); expect(sanitized.nodes[0].parameters.method).toBe('POST'); // Method should remain expect(sanitized.nodes[0].parameters.path).toBe('my-webhook'); // Path should remain }); + it('redacts /webhook/ URLs embedded in non-URL-named fields', () => { + const workflow = { + nodes: [ + { + id: '1', + name: 'Note', + type: 'n8n-nodes-base.set', + position: [100, 100], + parameters: { + note: 'Trigger fires at https://n8n.example.com/webhook/abc-def-ghi when ready.' + } + } + ], + connections: {} + }; + const sanitized = WorkflowSanitizer.sanitizeWorkflow(workflow); + expect(sanitized.nodes[0].parameters.note).toBe('https://[webhook-url]'); + }); + it('should remove credentials entirely', () => { const workflow = { nodes: [ @@ -84,7 +107,7 @@ describe('WorkflowSanitizer', () => { expect(sanitized.nodes[0].parameters.text).toBe('Hello World'); // Text should remain }); - it('should sanitize URLs in parameters', () => { + it('should fully redact URL-like fields (GHSA-f3rg-xqjj-cj9w)', () => { const workflow = { nodes: [ { @@ -104,9 +127,87 @@ describe('WorkflowSanitizer', () => { const sanitized = WorkflowSanitizer.sanitizeWorkflow(workflow); - expect(sanitized.nodes[0].parameters.url).toBe('https://[domain]/endpoint'); - expect(sanitized.nodes[0].parameters.endpoint).toBe('https://[domain]/api'); - expect(sanitized.nodes[0].parameters.baseUrl).toBe('https://[domain]'); + expect(sanitized.nodes[0].parameters.url).toBe('[REDACTED_URL]'); + expect(sanitized.nodes[0].parameters.endpoint).toBe('[REDACTED_URL]'); + expect(sanitized.nodes[0].parameters.baseUrl).toBe('[REDACTED_URL]'); + }); + + it('GHSA-f3rg-xqjj-cj9w: does not leak URL paths or query strings', () => { + // Verbatim reproduction of the advisory PoC. Confirms that: + // - customer/tenant identifiers in URL paths + // - short query-string secrets (< 20 chars; under the generic-token threshold) + // - signed/short tokens hidden in query strings + // never reach the telemetry payload. + const workflow = { + nodes: [ + { + id: '1', + name: 'HTTP', + type: 'n8n-nodes-base.httpRequest', + typeVersion: 4, + position: [0, 0] as [number, number], + parameters: { + url: 'https://api.example.com/v1/customer/123?api_key=shortsecret&tenant=acme', + endpoint: 'https://internal.example.local/v2/users?token=abcd123456789012345', + headers: { Authorization: 'Bearer abcdefghijklmnop' } + } + } + ], + connections: {} + }; + + const sanitized = WorkflowSanitizer.sanitizeWorkflow(workflow); + const params = sanitized.nodes[0].parameters; + const serialized = JSON.stringify(params); + + expect(params.url).toBe('[REDACTED_URL]'); + expect(params.endpoint).toBe('[REDACTED_URL]'); + expect(params.headers.Authorization).toBe('[REDACTED]'); + + // Nothing from the original path/query string should survive anywhere. + for (const leak of [ + 'customer/123', + 'shortsecret', + 'tenant=acme', + 'v2/users', + 'abcd123456789012345', + 'api.example.com', + 'internal.example.local' + ]) { + expect(serialized).not.toContain(leak); + } + }); + + it('GHSA-f3rg-xqjj-cj9w: redacts short OAuth codes and signed query parameters', () => { + const workflow = { + nodes: [ + { + id: '1', + name: 'OAuth', + type: 'n8n-nodes-base.httpRequest', + position: [0, 0] as [number, number], + parameters: { + url: 'https://oauth.example.com/callback?code=4/0AY0e&state=xyz', + callbackUrl: 'https://s3.amazonaws.com/bucket/file.pdf?X-Amz-Signature=abc123' + } + } + ], + connections: {} + }; + + const sanitized = WorkflowSanitizer.sanitizeWorkflow(workflow); + const serialized = JSON.stringify(sanitized.nodes[0].parameters); + + for (const leak of [ + 'code=4/0AY0e', + 'state=xyz', + 'X-Amz-Signature', + 'bucket/file.pdf', + 'oauth.example.com', + 's3.amazonaws.com' + ]) { + expect(serialized).not.toContain(leak); + } }); it('should calculate workflow metrics correctly', () => { @@ -480,8 +581,10 @@ describe('WorkflowSanitizer', () => { expect(params.secret_token).toBe('[REDACTED]'); expect(params.authKey).toBe('[REDACTED]'); expect(params.clientSecret).toBe('[REDACTED]'); - expect(params.webhookUrl).toBe('https://hooks.example.com/services/T00000000/B00000000/[REDACTED]'); - expect(params.databaseUrl).toBe('[REDACTED_URL_WITH_AUTH]'); + // Post-GHSA-f3rg-xqjj-cj9w: URL-named fields are fully redacted to + // [REDACTED_URL] regardless of pattern matches inside the value. + expect(params.webhookUrl).toBe('[REDACTED_URL]'); + expect(params.databaseUrl).toBe('[REDACTED_URL]'); expect(params.connectionString).toBe('[REDACTED]'); // Safe values should remain @@ -862,7 +965,11 @@ describe('WorkflowSanitizer', () => { expect(out).toContain('[REDACTED_SUPABASE_URL]'); }); - it('keeps Supabase URL redaction even when in a non-credential url field (no [domain] swap)', () => { + it('redacts Supabase URLs in url fields (no path or project-ref leak)', () => { + // Post-GHSA-f3rg-xqjj-cj9w: url-named fields are fully redacted at the + // field-name layer, so even the Supabase-specific pattern is short- + // circuited. What matters is that no fragment of the original URL + // survives. const wf = { nodes: [{ id: '1', name: 'HTTP', type: 'n8n-nodes-base.httpRequest', @@ -872,7 +979,10 @@ describe('WorkflowSanitizer', () => { connections: {}, }; const out = (WorkflowSanitizer.sanitizeWorkflow(wf).nodes[0].parameters as any).url; - expect(out).toContain('[REDACTED_SUPABASE_URL]'); + expect(out).toBe('[REDACTED_URL]'); + expect(out).not.toContain('supabase.co'); + expect(out).not.toContain('abcdefghijklmnopqrst'); + expect(out).not.toContain('rest/v1/x'); }); });
Vulnerability mechanics
Root cause
"URL-shaped node parameters (url, endpoint, webhook) were partially sanitized, preserving path and query-string fragments that could contain customer identifiers, short secrets, and signed request parameters."
Attack vector
An attacker who can create or modify n8n workflows can embed sensitive data—such as customer IDs, tenant identifiers, short API keys, or signed query parameters—in HTTP-Request-style node parameters (url, endpoint, webhook). When the workflow telemetry event is generated, the old sanitizer preserved the path and query-string portions of these URL-shaped fields, sending the fragments to the project's anonymous telemetry backend [patch_id=415724]. Operators with access to that backend could then read the leaked fragments. No authentication to the telemetry backend is required by the attacker; the precondition is only the ability to author a workflow containing URL parameters with sensitive values.
Affected code
The vulnerability resides in `src/telemetry/workflow-sanitizer.ts` within the `sanitizeObject` and `sanitizeString` methods. The `sanitizeObject` method previously treated URL-like fields (url, endpoint, webhook) as non-sensitive for string values, passing them to `sanitizeString` which preserved the path and query string after replacing the domain with `[domain]`. The `sanitizeString` method also contained a special branch that kept URL structure for fields whose name contained "url" or "endpoint".
What the fix does
The patch replaces the partial URL sanitization logic in `sanitizeObject` with a hard redaction: any field whose lowercased name contains "url", "endpoint", or "webhook" is replaced with the literal string `[REDACTED_URL]` [patch_id=415724]. The old code attempted to preserve URL structure by replacing only the domain with `[domain]` and keeping the path, which allowed path and query-string fragments to leak. Additionally, the `sanitizeString` method no longer receives a `fieldName` argument, removing the special-case URL-structure-preservation branch entirely. The Zod schema in `event-validator.d.ts` was also tightened from `z.array(z.any())` to a strict object schema, preventing unknown sibling fields from bypassing sanitization.
Preconditions
- inputAttacker must be able to create or modify an n8n workflow that includes HTTP-Request-style node parameters (url, endpoint, webhook) containing sensitive data in the path or query string.
- configAnonymous telemetry must be enabled (not disabled via N8N_MCP_TELEMETRY_DISABLED, TELEMETRY_DISABLED, or DISABLE_TELEMETRY).
Generated on May 19, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-f3rg-xqjj-cj9wghsaADVISORY
- github.com/czlonkowski/n8n-mcp/commit/6cf6fef653fcd6d598f2f356aac4754931c7329fghsa
- github.com/czlonkowski/n8n-mcp/pull/782ghsa
- github.com/czlonkowski/n8n-mcp/releases/tag/v2.51.3ghsa
- github.com/czlonkowski/n8n-mcp/security/advisories/GHSA-f3rg-xqjj-cj9wghsa
News mentions
0No linked articles in our index yet.