@ordojs/core/dist/security/security-manager.d.ts

Core compiler and runtime for OrdoJS framework

/**
 * @fileoverview OrdoJS Security Manager - Comprehensive security implementation
 */
import { type ComponentAST } from '../types/index.js';
/**
 * Security configuration options
 */
export interface SecurityConfig {
    /** Whether to enable XSS protection */
    enableXSSProtection: boolean;
    /** Whether to enable CSRF protection */
    enableCSRFProtection: boolean;
    /** Whether to enable Content Security Policy */
    enableCSP: boolean;
    /** Whether to enable input validation */
    enableInputValidation: boolean;
    /** Whether to enable HTML escaping */
    enableHTMLEscaping: boolean;
    /** Whether to enable SQL injection protection */
    enableSQLInjectionProtection: boolean;
    /** Whether to enable path traversal protection */
    enablePathTraversalProtection: boolean;
    /** Custom CSP directives */
    cspDirectives: CSPDirectives;
    /** Allowed HTML tags for sanitization */
    allowedHTMLTags: string[];
    /** Allowed HTML attributes for sanitization */
    allowedHTMLAttributes: string[];
    /** Maximum input length */
    maxInputLength: number;
    /** Maximum nested depth for objects */
    maxNestedDepth: number;
}
/**
 * Content Security Policy directives
 */
export interface CSPDirectives {
    /** Default source for scripts, styles, etc. */
    'default-src': string[];
    /** Script sources */
    'script-src': string[];
    /** Style sources */
    'style-src': string[];
    /** Image sources */
    'img-src': string[];
    /** Font sources */
    'font-src': string[];
    /** Object sources */
    'object-src': string[];
    /** Media sources */
    'media-src': string[];
    /** Frame sources */
    'frame-src': string[];
    /** Worker sources */
    'worker-src': string[];
    /** Connect sources */
    'connect-src': string[];
    /** Frame ancestors */
    'frame-ancestors': string[];
    /** Base URI */
    'base-uri': string[];
    /** Form action */
    'form-action': string[];
    /** Upgrade insecure requests */
    'upgrade-insecure-requests': boolean;
}
/**
 * Security validation result
 */
export interface SecurityValidation {
    /** Whether the validation passed */
    passed: boolean;
    /** Security warnings */
    warnings: string[];
    /** Security errors */
    errors: string[];
    /** Security recommendations */
    recommendations: string[];
}
/**
 * XSS protection result
 */
export interface XSSProtectionResult {
    /** Whether XSS was detected */
    xssDetected: boolean;
    /** Detected XSS patterns */
    detectedPatterns: string[];
    /** Sanitized content */
    sanitizedContent: string;
    /** Escaped content */
    escapedContent: string;
}
/**
 * CSRF protection result
 */
export interface CSRFProtectionResult {
    /** Generated CSRF token */
    token: string;
    /** Token expiration time */
    expiresAt: Date;
    /** Token validation result */
    isValid: boolean;
}
/**
 * Input validation result
 */
export interface InputValidationResult {
    /** Whether input is valid */
    isValid: boolean;
    /** Validation errors */
    errors: string[];
    /** Sanitized input */
    sanitizedInput: any;
    /** Validation warnings */
    warnings: string[];
}
/**
 * Comprehensive security manager for OrdoJS applications
 */
export declare class SecurityManager {
    private config;
    private csrfTokens;
    private xssPatterns;
    private sqlInjectionPatterns;
    private pathTraversalPatterns;
    constructor(config?: Partial<SecurityConfig>);
    /**
     * Analyze component for security vulnerabilities
     */
    analyzeComponent(ast: ComponentAST): SecurityValidation;
    /**
     * Generate CSRF token
     */
    generateCSRFToken(sessionId: string): CSRFProtectionResult;
    /**
     * Validate CSRF token
     */
    validateCSRFToken(sessionId: string, token: string): boolean;
    /**
     * Validate and sanitize input
     */
    validateInput(input: any, type: 'string' | 'number' | 'boolean' | 'object' | 'array'): InputValidationResult;
    /**
     * Generate Content Security Policy header
     */
    generateCSPHeader(): string;
    /**
     * Escape HTML content
     */
    escapeHTML(content: string): string;
    /**
     * Sanitize HTML content
     */
    sanitizeHTML(content: string): string;
    /**
     * Initialize security patterns
     */
    private initializeSecurityPatterns;
    /**
     * Analyze XSS vulnerabilities in markup
     */
    private analyzeXSSVulnerabilities;
    /**
     * Analyze injection vulnerabilities in server functions
     */
    private analyzeInjectionVulnerabilities;
    /**
     * Analyze client-side security
     */
    private analyzeClientSecurity;
    /**
     * Check for missing security headers
     */
    private checkSecurityHeaders;
    /**
     * Detect XSS patterns in content
     */
    private detectXSS;
    /**
     * Detect SQL injection patterns
     */
    private detectSQLInjection;
    /**
     * Detect path traversal patterns
     */
    private detectPathTraversal;
    /**
     * Check if expression contains user input
     */
    private containsUserInput;
    /**
     * Generate secure token
     */
    private generateSecureToken;
    /**
     * Sanitize string input
     */
    private sanitizeString;
    /**
     * Sanitize number input
     */
    private sanitizeNumber;
    /**
     * Sanitize boolean input
     */
    private sanitizeBoolean;
    /**
     * Sanitize object input
     */
    private sanitizeObject;
    /**
     * Sanitize array input
     */
    private sanitizeArray;
}
//# sourceMappingURL=security-manager.d.ts.map