UNPKG

@lock-sdk/payload-guard

Version:

Payload guard detection module for Lock security framework

73 lines (59 loc) 2.64 kB
import * as _lock_sdk_core from '@lock-sdk/core'; declare enum PayloadGuardEventType { XSS_DETECTED = "xss.detected", SQL_INJECTION_DETECTED = "sql.injection.detected", COMMAND_INJECTION_DETECTED = "command.injection.detected", PATH_TRAVERSAL_DETECTED = "path.traversal.detected", GENERAL_INJECTION_DETECTED = "general.injection.detected", SSRF_DETECTED = "ssrf.detected" } interface PayloadGuardConfig { mode: 'detect' | 'block'; blockStatusCode?: number; blockMessage?: string; checkParts?: Array<'params' | 'query' | 'body' | 'headers' | 'cookies'>; excludeHeaders?: string[]; excludeFields?: string[]; detectXSS?: boolean; detectSSRF?: boolean; detectSQLi?: boolean; detectCommandInjection?: boolean; detectPathTraversal?: boolean; enableCaching?: boolean; cacheTtl?: number; cacheSize?: number; failBehavior?: 'open' | 'closed'; } interface PayloadCheckResult { detected: boolean; type?: PayloadGuardEventType; path?: string; value?: string; pattern?: RegExp; } /** * Recursively traverses an object to check each string value for injection attacks * @param obj The object to check * @param path Current path in the object (for reporting) * @param detectors Array of detector functions to run * @param excludeFields Fields to exclude from checking */ declare function traverseAndCheck(obj: any, path: string | undefined, detectors: Array<(value: string) => PayloadCheckResult>, excludeFields?: string[]): PayloadCheckResult; declare function detectCommandInjection(value: string): PayloadCheckResult; declare function generateHash(str: string): string; declare function detectNoSQLi(value: string): PayloadCheckResult; declare function detectPathTraversal(value: string): PayloadCheckResult; declare function detectSQLi(value: string): PayloadCheckResult; declare function detectSSRF(value: string): PayloadCheckResult; declare function detectTemplateInjection(value: string): PayloadCheckResult; declare function detectXSS(value: string): PayloadCheckResult; declare const PATTERNS: { xss: RegExp[]; sqli: RegExp[]; commandInjection: RegExp[]; pathTraversal: RegExp[]; nosql: RegExp[]; templateInjection: RegExp[]; }; declare const payloadGuard: (config?: Partial<PayloadGuardConfig> | undefined) => _lock_sdk_core.SecurityModule; export { PATTERNS, type PayloadCheckResult, type PayloadGuardConfig, PayloadGuardEventType, detectCommandInjection, detectNoSQLi, detectPathTraversal, detectSQLi, detectSSRF, detectTemplateInjection, detectXSS, generateHash, payloadGuard, traverseAndCheck };