UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

aikido.dev/zen

AikidoSec/firewall-node

101 lines (100 loc) 3.19 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.isWellKnownURI = isWellKnownURI; const wellKnown = new Set([ "/.well-known/acme-challenge", "/.well-known/amphtml", "/.well-known/api-catalog", "/.well-known/appspecific", "/.well-known/ashrae", "/.well-known/assetlinks.json", "/.well-known/broadband-labels", "/.well-known/brski", "/.well-known/caldav", "/.well-known/carddav", "/.well-known/change-password", "/.well-known/cmp", "/.well-known/coap", "/.well-known/coap-eap", "/.well-known/core", "/.well-known/csaf", "/.well-known/csaf-aggregator", "/.well-known/csvm", "/.well-known/did.json", "/.well-known/did-configuration.json", "/.well-known/dnt", "/.well-known/dnt-policy.txt", "/.well-known/dots", "/.well-known/ecips", "/.well-known/edhoc", "/.well-known/enterprise-network-security", "/.well-known/enterprise-transport-security", "/.well-known/est", "/.well-known/genid", "/.well-known/gnap-as-rs", "/.well-known/gpc.json", "/.well-known/gs1resolver", "/.well-known/hoba", "/.well-known/host-meta", "/.well-known/host-meta.json", "/.well-known/hosting-provider", "/.well-known/http-opportunistic", "/.well-known/idp-proxy", "/.well-known/jmap", "/.well-known/keybase.txt", "/.well-known/knx", "/.well-known/looking-glass", "/.well-known/masque", "/.well-known/matrix", "/.well-known/mercure", "/.well-known/mta-sts.txt", "/.well-known/mud", "/.well-known/nfv-oauth-server-configuration", "/.well-known/ni", "/.well-known/nodeinfo", "/.well-known/nostr.json", "/.well-known/oauth-authorization-server", "/.well-known/oauth-protected-resource", "/.well-known/ohttp-gateway", "/.well-known/openid-federation", "/.well-known/open-resource-discovery", "/.well-known/openid-configuration", "/.well-known/openorg", "/.well-known/oslc", "/.well-known/pki-validation", "/.well-known/posh", "/.well-known/privacy-sandbox-attestations.json", "/.well-known/private-token-issuer-directory", "/.well-known/probing.txt", "/.well-known/pvd", "/.well-known/rd", "/.well-known/related-website-set.json", "/.well-known/reload-config", "/.well-known/repute-template", "/.well-known/resourcesync", "/.well-known/sbom", "/.well-known/security.txt", "/.well-known/ssf-configuration", "/.well-known/sshfp", "/.well-known/stun-key", "/.well-known/terraform.json", "/.well-known/thread", "/.well-known/time", "/.well-known/timezone", "/.well-known/tdmrep.json", "/.well-known/tor-relay", "/.well-known/tpcd", "/.well-known/traffic-advice", "/.well-known/trust.txt", "/.well-known/uma2-configuration", "/.well-known/void", "/.well-known/webfinger", "/.well-known/webweaver.json", "/.well-known/wot", ]); // Check if a path is a well-known URI // e.g. /.well-known/acme-challenge // https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml function isWellKnownURI(path) { return wellKnown.has(path); }