UNPKG

@appsensorlike/appsensorlike

Version:

A port of OWASP AppSensor reference implementation

github.com/si076/-appsensorlike

si076/-appsensorlike

155 lines (154 loc) 7.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
import { AttackAnalysisEngine, EventAnalysisEngine, ResponseAnalysisEngine } from "../../core/analysis/analysis.js"; import { AppSensorEvent, AppSensorServer, Attack, Interval, Response, Threshold } from "../../core/core.js"; import { Clause, Expression, Notification, Rule } from "../../core/rule/rule.js"; declare class AggregateAttackAnalysisEngine extends AttackAnalysisEngine { private appSensorServer; getAppSensorServer(): AppSensorServer; setAppSensorServer(appSensorServer: AppSensorServer): void; /** * This method analyzes {@link Attack} objects that are added * to the system (either via direct addition or generated by the event analysis * engine), generates an appropriate {@link Response} object, * and adds it to the configured {@link ResponseStore} * * @param event the {@link Attack} that was added to the {@link AttackStore} */ analyze(attack: Attack): Promise<void>; /** * Find/generate {@link Response} appropriate for specified {@link Attack}. * * @param attack {@link Attack} that is being analyzed * @return {@link Response} to be executed for given {@link Attack} */ protected findAppropriateResponse(attack: Attack): Promise<Response>; /** * Lookup configured {@link Response} objects for specified {@link Rule} * * @param rule triggered {@link Rule} * @return collection of {@link Response} objects for given {@link Rule} */ protected findPossibleResponses(rule: Rule | null): Response[]; /** * Test a given {@link Response} to see if it's been executed before. * * @param response {@link Response} to test to see if it's been executed before * @param existingResponses set of previously executed {@link Response}s * @return true if {@link Response} has been executed before */ protected isPreviousResponse(response: Response, existingResponses: Response[]): boolean; } declare class AggregateEventAnalysisEngine extends EventAnalysisEngine { private appSensorServer; getAppSensorServer(): AppSensorServer; setAppSensorServer(appSensorServer: AppSensorServer): void; /** * This method determines whether an {@link Event} that has been added to the system * has triggered a {@link Rule}. If so, an {@link Attack} is generated. * * @param event the {@link Event} that was added to the {@link EventStore} */ analyze(triggerEvent: AppSensorEvent): Promise<void>; /** * Evaluates a {@link Rule}'s logic by compiling a list of all {@link Notification}s * and then evaluating each {@link Expression} within the {@link Rule}. All {@link Expression}s * must evaluate to true within the {@link Rule}'s window for the {@link Rule} to evaluate to * true. The process follows the "sliding window" pattern. * * @param event the {@link Event} that triggered analysis * @param rule the {@link Rule} being evaluated * @return the boolean evaluation of the {@link Rule} */ protected checkRule(triggerEvent: AppSensorEvent, rule: Rule): Promise<boolean>; /** * Evaluates an {@link Expression}'s logic by evaluating all {@link Clause}s. Any * {@link Clause} must evaluate to true for the {@link Expression} to evaluate to true. * * Equivalent to checking "OR" logic between {@link Clause}s. * * @param expression the {@link Expression} being evaluated * @param notifications the {@link Notification}s in the current "sliding window" * @return the boolean evaluation of the {@link Expression} */ checkExpression(expression: Expression | undefined, notifications: Notification[]): boolean; /** * Evaluates a {@link Clause}'s logic by checking if each {@link MonitorPoint} * within the {@link Clause} is in the current "sliding window". * * Equivalent to checking "AND" logic between {@link RuleDetectionPoint}s. * * @param clause the {@link Clause} being evaluated * @param notifications the {@link Notification}s in the current "sliding window" * @return the boolean evaluation of the {@link Clause} */ checkClause(clause: Clause, notifications: Notification[]): boolean; /** * Pops {@link Notification}s out of the queue until the start time of the queue's head * is after the parameter time. The queue of notifications MUST be sorted in ascending * order by start time. * * @param notifications the queue of {@link Notification}s being trimmed * @param time the time that all {@link Notification}s in the queue must be after */ trim(notifications: Notification[], time: Date): void; /** * Builds a queue of all {@link Notification}s from the events relating to the * current {@link Rule}. The {@link Notification}s are ordered in the Queue by * start time. * * @param triggerEvent the {@link Event} that triggered analysis * @param rule the {@link Rule} being evaluated * @return a queue of {@link TriggerEvents} */ protected getNotifications(triggerEvent: AppSensorEvent, rule: Rule): Promise<Notification[]>; /** * Determines whether a queue of {@link Event}s crosses a {@link Threshold} in the correct * amount of time. * * @param queue a queue of {@link Event}s * @param tailEvent the {@link Event} at the tail of the queue * @param threshold the {@link Threshold} to evaluate * @return boolean evaluation of the {@link Threshold} */ isThresholdViolated(queue: AppSensorEvent[], tailEvent: AppSensorEvent, threshold: Threshold | null): boolean; /** * Determines the time between the {@link Event} at the head of the queue and the * {@link Event} at the tail of the queue. * * @param queue a queue of {@link Event}s * @param tailEvent the {@link Event} at the tail of the queue * @return the duration of the queue as an {@link Interval} */ getQueueInterval(queue: AppSensorEvent[], tailEvent: AppSensorEvent): Interval; /** * Generates an attack from the given {@link Rule} and triggered {@link Event} * * @param triggerEvent the {@link Event} that triggered the {@link Rule} * @param rule the {@link Rule} being evaluated */ generateAttack(triggerEvent: AppSensorEvent, rule: Rule): Promise<void>; /** * Finds all {@link Event}s related to the {@link Rule} being evaluated. * * @param triggerEvent the {@link Event} that triggered the {@link Rule} * @param rule the {@link Rule} being evaluated * @return a list of {@link Event}s applicable to the {@link Rule} */ protected getApplicableEvents(triggerEvent: AppSensorEvent, rule: Rule): Promise<AppSensorEvent[]>; /** * Finds the most recent {@link Attack} from the {@link Rule} being evaluated. * * @param triggerEvent the {@link Event} that triggered the {@link Rule} * @param rule the {@link Rule} being evaluated * @return a {@link DateTime} of the most recent attack related to the {@link Rule} */ protected findMostRecentAttackTime(triggerEvent: AppSensorEvent, rule: Rule): Promise<Date>; } declare class AggregateResponseAnalysisEngine extends ResponseAnalysisEngine { /** * This method simply logs responses. * * @param response {@link Response} that has been added to the {@link ResponseStore}. */ analyze(response: Response): Promise<void>; } export { AggregateAttackAnalysisEngine, AggregateEventAnalysisEngine, AggregateResponseAnalysisEngine };