UNPKG

@himorishige/noren-plugin-security

Version:

Security-focused plugin for Noren (JWT tokens, API keys, HTTP headers, cookies)

github.com/himorishige/noren

himorishige/noren

66 lines (65 loc) 2.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
export interface SecurityConfig { /** List of allowed cookie names (these will not be masked) */ cookieAllowlist?: string[]; /** List of allowed header names (these will not be masked) */ headerAllowlist?: string[]; /** Strict mode - performs more conservative detection */ strictMode?: boolean; /** Minimum length for JWT detection (default: 50) */ jwtMinLength?: number; /** Minimum length for API key detection (default: 16) */ apiKeyMinLength?: number; } /** Security-related PII types */ export type SecurityPiiType = 'sec_auth_header' | 'sec_api_key' | 'sec_cookie' | 'sec_set_cookie' | 'sec_url_token' | 'sec_client_secret' | 'sec_jwt_token' | 'sec_uuid_token' | 'sec_hex_token' | 'sec_session_id' | 'sec_github_token' | 'sec_aws_access_key' | 'sec_google_api_key' | 'sec_stripe_api_key' | 'sec_slack_token' | 'sec_sendgrid_api_key' | 'sec_openai_api_key' | 'sec_google_oauth_token' | 'sec_azure_subscription_key' | 'sec_webhook_url' | 'sec_signed_url'; /** Cookie parsing result */ export interface CookieInfo { name: string; value: string; isAllowed: boolean; } /** HTTP header parsing result */ export interface HeaderInfo { name: string; value: string; isAllowed: boolean; } /** Security-specific features for Hit objects */ export interface SecurityFeatures { hasJwtStructure?: boolean; partCount?: number; validationPassed?: boolean; hasKnownPrefix?: boolean; keyLength?: number; prefix?: string; entropy?: number; requiresContext?: boolean; tokenLength?: number; riskLevel?: string; isSensitiveParam?: boolean; hasAuthStructure?: boolean; authType?: string; cookieCount?: number; hasSensitiveCookies?: boolean; hasSessionStructure?: boolean; parameterName?: string; valueLength?: number; credentialType?: string; isClientSecret?: boolean; hasUuidFormat?: boolean; isHexadecimal?: boolean; phoneType?: string; service?: string; provider?: string; environment?: 'live' | 'test' | 'development'; tokenType?: 'personal' | 'organization' | 'app' | 'user'; keyType?: 'access_key' | 'secret_key' | 'session_token'; isWebhook?: boolean; isSignedUrl?: boolean; urlLength?: number; hasKnownFormat?: boolean; passedValidation?: boolean; contextScore?: number; parameterCount?: number; hasRequiredParams?: boolean; }