UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

123 lines (122 loc) 4.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
import { RateLimiter } from "../ratelimiting/RateLimiter"; import { ReportingAPI, ReportingAPIResponse } from "./api/ReportingAPI"; import { Token } from "./api/Token"; import { Kind } from "./Attack"; import { Endpoint } from "./Config"; import { Context } from "./Context"; import { Hostnames } from "./Hostnames"; import { InspectionStatistics } from "./InspectionStatistics"; import { Logger } from "./logger/Logger"; import { Routes } from "./Routes"; import { ServiceConfig } from "./ServiceConfig"; import { Source } from "./Source"; import { Users } from "./Users"; import { Wrapper } from "./Wrapper"; import { AIStatistics } from "./AIStatistics"; import { AttackWaveDetector } from "../vulnerabilities/attack-wave-detection/AttackWaveDetector"; type WrappedPackage = { version: string | null; supported: boolean; }; export declare class Agent { private block; private readonly logger; private readonly api; private readonly token; private readonly serverless; private started; private sendHeartbeatEveryMS; private checkIfHeartbeatIsNeededEveryMS; private lastHeartbeat; private sentHeartbeatCounter; private interval; private preventedPrototypePollution; private incompatiblePackages; private wrappedPackages; private packages; private timeoutInMS; private hostnames; private users; private serviceConfig; private routes; private rateLimiter; private statistics; private aiStatistics; private middlewareInstalled; private attackLogger; private attackWaveDetector; constructor(block: boolean, logger: Logger, api: ReportingAPI, token: Token | undefined, serverless: string | undefined); shouldBlock(): boolean; isServerless(): boolean; getHostnames(): Hostnames; getInspectionStatistics(): InspectionStatistics; getAIStatistics(): AIStatistics; unableToPreventPrototypePollution(incompatiblePackages: Record<string, string>): void; onPrototypePollutionPrevented(): void; /** * Reports to the API that this agent has started */ onStart(): Promise<void>; checkForReportingAPIError(result: ReportingAPIResponse): void; onErrorThrownByInterceptor({ error, module, method, }: { error: Error; module: string; method: string; }): void; /** * This function gets called when an attack is detected, it reports this attack to the API */ onDetectedAttack({ module, operation, kind, blocked, source, request, stack, paths, metadata, payload, }: { module: string; operation: string; kind: Kind; blocked: boolean; source: Source; request: Context; stack: string; paths: string[]; metadata: Record<string, string>; payload: unknown; }): void; /** * Sends a heartbeat via the API to the server (only when not in serverless mode) */ private heartbeat; getUsers(): Users; getConfig(): ServiceConfig; private updateServiceConfig; private sendHeartbeat; /** * Starts a heartbeat when not in serverless mode : Make contact with api every x seconds. */ private startHeartbeats; private updateBlockedLists; private startPollingForConfigChanges; private getAgentInfo; start(wrappers: Wrapper[]): void; onFailedToWrapMethod(module: string, name: string, error: Error): void; onFailedToWrapModule(module: string, error: Error): void; onPackageRequired(name: string, version: string): void; onPackageWrapped(name: string, details: WrappedPackage): void; onConnectHostname(hostname: string, port: number): void; onRouteExecute(context: Context): void; hasGraphQLSchema(method: string, path: string): boolean; onGraphQLSchema(method: string, path: string, schema: string): void; onGraphQLExecute(method: string, path: string, type: "query" | "mutation", topLevelFields: string[]): void; onRouteRateLimited(match: Endpoint): void; getRoutes(): Routes; log(message: string): void; flushStats(timeoutInMS: number): Promise<void>; getRateLimiter(): RateLimiter; onMiddlewareExecuted(): void; private getHeartbeatInterval; getAttackWaveDetector(): AttackWaveDetector; /** * This function gets called when an attack wave is detected, it reports this attack wave to the API */ onDetectedAttackWave({ request, metadata, }: { request: Context; metadata: Record<string, string>; }): void; } export {};