UNPKG

@appsensorlike/appsensorlike

Version:

A port of OWASP AppSensor reference implementation

github.com/si076/-appsensorlike

si076/-appsensorlike

323 lines (322 loc) 10.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
import { AppsensorEntity, Interval, DetectionPoint, Utils, INTERVAL_UNITS, ObjectValidationError } from '../core.js'; /** * A Notification represents the {@link Interval} of time between a series * of {@link AppSensorEvent}s that trigger a {@link MonitorPoint}. * Where a {@link DetectionPoint} generates an {@link Attack}, * a {@link MonitorPoint} generates a Notification. */ class Notification extends Interval { constructor(duration = 0, unit = INTERVAL_UNITS.MINUTES, startTime = null, monitorPoint = null) { super(duration, unit); /** the start time of the interval */ this.startTime = new Date(); /** the MonitorPoint that generated the Notification */ this.monitorPoint = null; this.setStartTime(startTime !== null ? startTime : new Date()); this.setMonitorPoint(monitorPoint); } getStartTime() { return this.startTime; } setStartTime(startTime) { this.startTime = startTime; } getEndTime() { return new Date(this.startTime.getTime() + super.toMillis()); } getMonitorPoint() { return this.monitorPoint; } setMonitorPoint(monitorPoint) { this.monitorPoint = monitorPoint; } static getStartTimeAscendingComparator(n1, n2) { if (n1 === null || n2 === null) { throw new Error("n1 and n2 cannot be null"); } const n1StartTime = n1.getStartTime(); const n2StartTime = n2.getStartTime(); if (n1StartTime.getTime() < n2StartTime.getTime()) { return -1; } else if (n1StartTime.getTime() > n2StartTime.getTime()) { return 1; } else { return 0; } } static getEndTimeAscendingComparator(n1, n2) { if (n1 === null || n2 === null) { throw new Error("n1 and n2 cannot be null"); } const n1EndTime = n1.getEndTime(); const n2EndTime = n2.getEndTime(); if (n1EndTime.getTime() < n2EndTime.getTime()) { return -1; } else if (n1EndTime.getTime() > n2EndTime.getTime()) { return 1; } else { return 0; } } } /** * A MonitorPoint is a {@link DetectionPoint} that does not generate attacks, * but is rather a component of a {@link Rule} which generates attacks. */ class MonitorPoint extends DetectionPoint { constructor(detectionPoint, guid = '') { super(detectionPoint.getCategory(), (() => { //to satisfy TS const label = detectionPoint.getLabel(); const id = detectionPoint.getId(); return label !== undefined ? label : (id !== undefined ? id : ''); })(), detectionPoint.getThreshold(), detectionPoint.getResponses()); this.guid = guid !== '' ? guid : detectionPoint.getGuid(); } } /** * A Clause represents the terms in an {@link Expression} separated by an "OR" operator. * Each {@link MonitorPoint} in the monitorPoints field are the variables joined * by "AND" operators. * * For example: * In the expression: "MP1 AND MP2 OR MP3 AND MP4" * * "MP1 AND MP2" would be a single clause and "MP3 AND MP4" would be another. */ class Clause extends AppsensorEntity { constructor(monitorPoints = []) { super(); /** The monitor points being checked as variables in an Expression */ this.monitorPoints = []; this.setMonitorPoints(monitorPoints); } getMonitorPoints() { return this.monitorPoints; } setMonitorPoints(monitorPoints) { this.monitorPoints = monitorPoints; return this; } equals(obj) { if (!super.equals(obj)) return false; if (this === obj) return true; const other = obj; return Utils.equalsArrayEntitys(this.monitorPoints, other.getMonitorPoints()); } } /** * An Expression is a logical boolean expression where the variables are {@link MonitorPoint}s. * Each Expression in a {@link Rule} is separated by the "THEN" operator. * * An Expression contains a set of {@link Clause}s. Only one {@link Clause} needs to evaluate to true * for an Expression to evaluate to true. * * For example: * In the Rule: "MP1 AND MP2 THEN MP3 OR mP4" * * "MP1 AND MP2" would be the first Expression with a single Clause * and "MP3 OR MP4" would a second Expression with two Clauses. */ class Expression extends AppsensorEntity { constructor(window = null, clauses = []) { super(); /** The window of time a Clause must be triggered within */ this.window = null; /** The Clauses that build up the Expression. **/ this.clauses = []; this.setWindow(window); this.setClauses(clauses); } getWindow() { return this.window; } setWindow(window) { this.window = window; return this; } getClauses() { return this.clauses; } setClauses(clauses) { this.clauses = clauses; return this; } getDetectionPoints() { const detectionPoints = []; for (const clause of this.clauses) { for (const detectionPoint of clause.getMonitorPoints()) { detectionPoints.push(detectionPoint); } } return detectionPoints; } equals(obj) { if (!super.equals(obj)) return false; if (this === obj) return true; const other = obj; return Utils.equalsEntitys(this.window, other.getWindow()) && Utils.equalsArrayEntitys(this.clauses, other.getClauses()); } } /** * A Rule defines a logical aggregation of {@link MonitorPoint}s to determine if an * {@link Attack} is occurring. A Rule uses the boolean operators "AND" and "OR" as well * as the temporal operator "THEN" in joining {@link MonitorPoint}s into a Rule. * * For example: * A rule could be as simple as: "MP1 AND MP2" * Where the Rule will generate an attack if both MonitorPoint 1 and 2 * are violated within the Rule's window. * * More complex: "MP1 AND MP2 THEN MP3 OR MP4" * * Even more complex: "MP1 AND MP2 THEN MP3 OR MP4 THEN MP5 AND MP6 OR MP7" */ class Rule extends AppsensorEntity { constructor(guid = '', window = null, expressions = [], responses = [], name = '') { super(); /** * Unique identifier */ this.guid = ''; /** An optional human-friendly name for the Rule */ this.name = ''; /** * The window is the time all {@link Expression}s must be triggered within. * A Rule's window must be greater than or equal to the total of it's Expressions' windows. */ this.window = null; /** The {@link Expression}s that build up a Rule * The order of the list corresponds to the temporal order of the expressions. */ this.expressions = []; /** * Set of {@link Response}s associated with given Rule. */ this.responses = []; this.setGuid(guid); this.setWindow(window); this.setExpressions(expressions); this.setResponses(responses); this.setName(name); } getGuid() { return this.guid; } setGuid(guid) { this.guid = guid; return this; } getName() { return this.name; } setName(name) { this.name = name; return this; } getWindow() { return this.window; } setWindow(window) { this.window = window; return this; } getExpressions() { return this.expressions; } setExpressions(expression) { this.expressions = expression; return this; } getResponses() { return this.responses; } setResponses(responses) { this.responses = responses; return this; } /* returns the last expression in expressions */ getLastExpression() { return this.expressions[this.expressions.length - 1]; } /* checks whether the last expression contains a DetectionPoint * matching the type of triggerDetectionPoint */ checkLastExpressionForDetectionPoint(triggerDetectionPoint) { for (const detectionPoint of this.getLastExpression().getDetectionPoints()) { if (detectionPoint.typeMatches(triggerDetectionPoint)) { return true; } } return false; } /* returns all DetectionPoints contained within the Rule as a set*/ getAllDetectionPoints() { const detectionPoints = []; for (const expression of this.expressions) { const expDetP = expression.getDetectionPoints(); expDetP.forEach(el => { let found = false; for (let i = 0; i < detectionPoints.length; i++) { if (detectionPoints[i].equals(el)) { found = true; break; } ; } if (!found) { detectionPoints.push(el); } }); } return detectionPoints; } /* checks whether the Rule contains a detection point of the same type and threshold * as the detectionPoint parameter */ typeAndThresholdContainsDetectionPoint(detectionPoint) { for (const myPoint of this.getAllDetectionPoints()) { if (detectionPoint.typeAndThresholdMatches(myPoint)) { return true; } } return false; } /* checks whether other rule has same guid, i.e. is the same rule */ guidMatches(other) { if (other === null) { throw new Error("other must be non-null"); } let matches = true; matches && (matches = (this.guid !== null) ? this.guid === other.getGuid() : true); return matches; } equals(obj) { if (!super.equals(obj)) return false; if (this === obj) return true; const other = obj; return this.name === other.getName() && Utils.equalsEntitys(this.window, other.getWindow()) && Utils.equalsArrayEntitys(this.responses, other.getResponses()) && Utils.equalsArrayEntitys(this.expressions, other.getExpressions()) && this.guid === other.getGuid(); } checkValidInitialize() { if (this.guid.trim().length === 0) { throw new ObjectValidationError('guid cannot be empty string!', this); } if (this.window) { this.window.checkValidInitialize(); } } } export { Rule, Expression, Clause, Notification, MonitorPoint };