UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

46 lines (45 loc) 1.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.isWebScanPath = isWebScanPath; const directoryNames_1 = require("./paths/directoryNames"); const fileNames_1 = require("./paths/fileNames"); const fileExtensions = new Set([ "env", "bak", "sql", "sqlite", "sqlite3", "db", "old", "save", "orig", "sqlitedb", "sqlite3db", ]); const filenames = new Set(fileNames_1.fileNames.map((name) => name.toLowerCase())); const directories = new Set(directoryNames_1.directoryNames.map((name) => name.toLowerCase())); function isWebScanPath(path) { const normalized = path.toLowerCase(); const segments = normalized.split("/"); const filename = segments.pop(); if (filename) { // Check file name if (filenames.has(filename)) { return true; } if (filename.includes(".")) { const ext = filename.split(".").pop(); // Check file extension if (ext && fileExtensions.has(ext)) { return true; } } } // Check all directory names for (const dir of segments) { if (directories.has(dir)) { return true; } } return false; }