@aikidosec/firewall
Version:
Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks
152 lines (151 loc) • 5.97 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getWrappers = getWrappers;
exports.protect = protect;
exports.lambda = lambda;
exports.cloudFunction = cloudFunction;
const ChildProcess_1 = require("../sinks/ChildProcess");
const Fetch_1 = require("../sinks/Fetch");
const FileSystem_1 = require("../sinks/FileSystem");
const HTTPRequest_1 = require("../sinks/HTTPRequest");
const MariaDB_1 = require("../sinks/MariaDB");
const MongoDB_1 = require("../sinks/MongoDB");
const MySQL_1 = require("../sinks/MySQL");
const MySQL2_1 = require("../sinks/MySQL2");
const Path_1 = require("../sinks/Path");
const Postgres_1 = require("../sinks/Postgres");
const Undici_1 = require("../sinks/Undici");
const Express_1 = require("../sources/Express");
const FunctionsFramework_1 = require("../sources/FunctionsFramework");
const Hono_1 = require("../sources/Hono");
const HTTPServer_1 = require("../sources/HTTPServer");
const Lambda_1 = require("../sources/Lambda");
const PubSub_1 = require("../sources/PubSub");
const Agent_1 = require("./Agent");
const AgentSingleton_1 = require("./AgentSingleton");
const ReportingAPINodeHTTP_1 = require("./api/ReportingAPINodeHTTP");
const ReportingAPIRateLimitedClientSide_1 = require("./api/ReportingAPIRateLimitedClientSide");
const ReportingAPIRateLimitedServerSide_1 = require("./api/ReportingAPIRateLimitedServerSide");
const ReportingAPIThatValidatesToken_1 = require("./api/ReportingAPIThatValidatesToken");
const Token_1 = require("./api/Token");
const getAPIURL_1 = require("./getAPIURL");
const LoggerConsole_1 = require("./logger/LoggerConsole");
const LoggerNoop_1 = require("./logger/LoggerNoop");
const GraphQL_1 = require("../sources/GraphQL");
const Xml2js_1 = require("../sources/Xml2js");
const FastXmlParser_1 = require("../sources/FastXmlParser");
const SQLite3_1 = require("../sinks/SQLite3");
const XmlMinusJs_1 = require("../sources/XmlMinusJs");
const Hapi_1 = require("../sources/Hapi");
const Shelljs_1 = require("../sinks/Shelljs");
const NodeSQLite_1 = require("../sinks/NodeSQLite");
const BetterSQLite3_1 = require("../sinks/BetterSQLite3");
const isDebugging_1 = require("../helpers/isDebugging");
const shouldBlock_1 = require("../helpers/shouldBlock");
const Postgresjs_1 = require("../sinks/Postgresjs");
const Fastify_1 = require("../sources/Fastify");
const Koa_1 = require("../sources/Koa");
const Restify_1 = require("../sources/Restify");
const ClickHouse_1 = require("../sinks/ClickHouse");
const Prisma_1 = require("../sinks/Prisma");
const AwsSDKVersion2_1 = require("../sinks/AwsSDKVersion2");
const OpenAI_1 = require("../sinks/OpenAI");
const AwsSDKVersion3_1 = require("../sinks/AwsSDKVersion3");
const AiSDK_1 = require("../sinks/AiSDK");
const Mistral_1 = require("../sinks/Mistral");
const Anthropic_1 = require("../sinks/Anthropic");
function getLogger() {
if ((0, isDebugging_1.isDebugging)()) {
return new LoggerConsole_1.LoggerConsole();
}
return new LoggerNoop_1.LoggerNoop();
}
function validatesToken(api) {
return new ReportingAPIThatValidatesToken_1.ReportingAPIThatValidatesToken(api);
}
function clientSideRateLimited(api) {
return new ReportingAPIRateLimitedClientSide_1.ReportingAPIRateLimitedClientSide(api, {
maxEventsPerInterval: 100,
intervalInMs: 60 * 60 * 1000,
});
}
function serverSideRateLimited(api) {
return new ReportingAPIRateLimitedServerSide_1.ReportingAPIRateLimitedServerSide(api);
}
function getAPI() {
return validatesToken(serverSideRateLimited(clientSideRateLimited(new ReportingAPINodeHTTP_1.ReportingAPINodeHTTP((0, getAPIURL_1.getAPIURL)()))));
}
function getTokenFromEnv() {
return process.env.AIKIDO_TOKEN
? new Token_1.Token(process.env.AIKIDO_TOKEN)
: undefined;
}
function startAgent({ serverless }) {
const current = (0, AgentSingleton_1.getInstance)();
if (current) {
return current;
}
const agent = new Agent_1.Agent((0, shouldBlock_1.shouldBlock)(), getLogger(), getAPI(), getTokenFromEnv(), serverless);
(0, AgentSingleton_1.setInstance)(agent);
agent.start(getWrappers());
return agent;
}
function getWrappers() {
return [
new Express_1.Express(),
new MongoDB_1.MongoDB(),
new Postgres_1.Postgres(),
new MySQL_1.MySQL(),
new MySQL2_1.MySQL2(),
new PubSub_1.PubSub(),
new FunctionsFramework_1.FunctionsFramework(),
new ChildProcess_1.ChildProcess(),
new FileSystem_1.FileSystem(),
new HTTPRequest_1.HTTPRequest(),
new Fetch_1.Fetch(),
new Undici_1.Undici(),
new Path_1.Path(),
new HTTPServer_1.HTTPServer(),
new Hono_1.Hono(),
new GraphQL_1.GraphQL(),
new OpenAI_1.OpenAI(),
new Mistral_1.Mistral(),
new Anthropic_1.Anthropic(),
new Xml2js_1.Xml2js(),
new FastXmlParser_1.FastXmlParser(),
new SQLite3_1.SQLite3(),
new XmlMinusJs_1.XmlMinusJs(),
new Shelljs_1.Shelljs(),
new Hapi_1.Hapi(),
new MariaDB_1.MariaDB(),
new NodeSQLite_1.NodeSQLite(),
new BetterSQLite3_1.BetterSQLite3(),
new Postgresjs_1.Postgresjs(),
new Fastify_1.Fastify(),
new Koa_1.Koa(),
new Restify_1.Restify(),
new ClickHouse_1.ClickHouse(),
new Prisma_1.Prisma(),
new AwsSDKVersion3_1.AwsSDKVersion3(),
// new Function(), Disabled because functionName.constructor === Function is false after patching global
new AwsSDKVersion2_1.AwsSDKVersion2(),
new AiSDK_1.AiSDK(),
];
}
function protect() {
startAgent({
serverless: undefined,
});
}
function lambda() {
startAgent({
serverless: "lambda",
});
return Lambda_1.createLambdaWrapper;
}
function cloudFunction() {
startAgent({
serverless: "gcp",
});
return FunctionsFramework_1.createCloudFunctionWrapper;
}