UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

aikido.dev/zen

AikidoSec/firewall-node

100 lines (99 loc) 3.16 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
"use strict"; const EventEmitter = require("node:events").EventEmitter; const inherits = require("node:util").inherits; const getLimit = require("../../../lib/utils/getLimit"); const StreamSearch = require("../../streamsearch/sbmh"); const B_DCRLF = Buffer.from("\r\n\r\n"); const RE_CRLF = /\r\n/g; const RE_HDR = /^([^:]+):[ \t]?([\x00-\xFF]+)?$/; // eslint-disable-line no-control-regex function HeaderParser(cfg) { EventEmitter.call(this); cfg = cfg || {}; const self = this; this.nread = 0; this.maxed = false; this.npairs = 0; this.maxHeaderPairs = getLimit(cfg, "maxHeaderPairs", 2000); this.maxHeaderSize = getLimit(cfg, "maxHeaderSize", 80 * 1024); this.buffer = ""; this.header = {}; this.finished = false; this.ss = new StreamSearch(B_DCRLF); this.ss.on("info", function (isMatch, data, start, end) { if (data && !self.maxed) { if (self.nread + end - start >= self.maxHeaderSize) { end = self.maxHeaderSize - self.nread + start; self.nread = self.maxHeaderSize; self.maxed = true; } else { self.nread += end - start; } self.buffer += data.toString("binary", start, end); } if (isMatch) { self._finish(); } }); } inherits(HeaderParser, EventEmitter); HeaderParser.prototype.push = function (data) { const r = this.ss.push(data); if (this.finished) { return r; } }; HeaderParser.prototype.reset = function () { this.finished = false; this.buffer = ""; this.header = {}; this.ss.reset(); }; HeaderParser.prototype._finish = function () { if (this.buffer) { this._parseHeader(); } this.ss.matches = this.ss.maxMatches; const header = this.header; this.header = {}; this.buffer = ""; this.finished = true; this.nread = this.npairs = 0; this.maxed = false; this.emit("header", header); }; HeaderParser.prototype._parseHeader = function () { if (this.npairs === this.maxHeaderPairs) { return; } const lines = this.buffer.split(RE_CRLF); const len = lines.length; let m, h; for (var i = 0; i < len; ++i) { // eslint-disable-line no-var if (lines[i].length === 0) { continue; } if (lines[i][0] === "\t" || lines[i][0] === " ") { // folded header content // RFC2822 says to just remove the CRLF and not the whitespace following // it, so we follow the RFC and include the leading whitespace ... if (h) { this.header[h][this.header[h].length - 1] += lines[i]; continue; } } const posColon = lines[i].indexOf(":"); if (posColon === -1 || posColon === 0) { return; } m = RE_HDR.exec(lines[i]); h = m[1].toLowerCase(); this.header[h] = this.header[h] || []; this.header[h].push(m[2] || ""); if (++this.npairs === this.maxHeaderPairs) { break; } } }; module.exports = HeaderParser;