UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

63 lines (62 loc) 2.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.markUnsafe = markUnsafe; const isPlainObject_1 = require("../../helpers/isPlainObject"); const AgentSingleton_1 = require("../AgentSingleton"); const Context_1 = require("../Context"); const ContextStorage_1 = require("./ContextStorage"); function markUnsafe(...data) { const agent = (0, AgentSingleton_1.getInstance)(); if (!agent) { return; } const context = ContextStorage_1.ContextStorage.getStore(); if (!context) { logWarningMarkUnsafeWithoutContext(); return; } if (data.length === 0) { // eslint-disable-next-line no-console console.warn("markUnsafe(...) was called without any data."); } for (const item of data) { if (!(0, isPlainObject_1.isPlainObject)(item) && !Array.isArray(item) && typeof item !== "string") { const type = item === null ? "null" : typeof item; // eslint-disable-next-line no-console console.warn(`markUnsafe(...) expects an object, array, or string. Received: ${type}`); continue; } addPayloadToContext(context, item); } } function addPayloadToContext(context, payload) { try { const current = context.markUnsafe || []; const a = JSON.stringify(payload); if (!current.some((item) => { // JSON.stringify is used to compare objects // without having to copy a deep equality function return JSON.stringify(item) === a; })) { current.push(payload); (0, Context_1.updateContext)(context, "markUnsafe", current); } } catch (e) { if (e instanceof Error) { // eslint-disable-next-line no-console console.warn("markUnsafe(...) failed to serialize the data"); } } } let loggedWarningMarkUnsafeWithoutContext = false; function logWarningMarkUnsafeWithoutContext() { if (loggedWarningMarkUnsafeWithoutContext) { return; } // eslint-disable-next-line no-console console.warn("markUnsafe(...) was called without a context. The data will not be tracked. Make sure to call markUnsafe(...) within an HTTP request. If you're using serverless functions, make sure to use the handler wrapper provided by Zen. Also ensure you import Zen at the top of your main app file (before any other imports)."); loggedWarningMarkUnsafeWithoutContext = true; }