@ordojs/security
Version:
Security package for OrdoJS with XSS, CSRF, and injection protection
166 lines • 6.87 kB
JavaScript
import { RuntimeSecurityMonitor, SecurityAuditor, VulnerabilityScanner } from './index';
// Example 1: Basic Security Audit
async function basicSecurityAudit() {
console.log('🔍 Running Basic Security Audit...\n');
const auditor = new SecurityAuditor({
projectPath: process.cwd(),
enableDependencyCheck: true,
enableCodeAnalysis: true,
enableConfigurationCheck: true,
});
try {
const result = await auditor.audit();
console.log('📊 Audit Results:');
console.log(`Total vulnerabilities: ${result.summary.total}`);
console.log(`Critical: ${result.summary.critical}`);
console.log(`High: ${result.summary.high}`);
console.log(`Medium: ${result.summary.medium}`);
console.log(`Low: ${result.summary.low}`);
console.log(`OWASP Compliance Score: ${result.owaspCompliance.score}%\n`);
if (result.vulnerabilities.length > 0) {
console.log('🚨 Top 3 Vulnerabilities:');
result.vulnerabilities.slice(0, 3).forEach((vuln, index) => {
console.log(`${index + 1}. [${vuln.severity.toUpperCase()}] ${vuln.description}`);
if (vuln.file) {
console.log(` 📄 ${vuln.file}:${vuln.line || '?'}`);
}
console.log(` 💡 ${vuln.recommendation}\n`);
});
}
}
catch (error) {
console.error('❌ Audit failed:', error);
}
}
// Example 2: Runtime Security Monitoring
function runtimeSecurityMonitoring() {
console.log('🛡️ Setting up Runtime Security Monitoring...\n');
const monitor = new RuntimeSecurityMonitor({
enableLogging: true,
logLevel: 'warn',
alertThresholds: {
critical: 1,
high: 3,
medium: 5,
},
onAlert: (event) => {
console.log(`🚨 SECURITY ALERT: ${event.type} - ${event.severity}`);
console.log(` Source: ${event.source.ip || 'unknown'}`);
console.log(` Details: ${JSON.stringify(event.details)}\n`);
},
onMetricsUpdate: (metrics) => {
if (metrics.totalEvents > 0 && metrics.totalEvents % 5 === 0) {
console.log(`📈 Security Metrics Update:`);
console.log(` Total Events: ${metrics.totalEvents}`);
console.log(` Blocked Events: ${metrics.blockedEvents}`);
console.log(` Top Source: ${metrics.topSources[0]?.ip || 'none'}\n`);
}
},
});
// Simulate some security events
console.log('Simulating security events...\n');
// XSS attempt
monitor.recordXSSAttempt({
payload: '<script>alert("xss")</script>',
source: { ip: '192.168.1.100', userAgent: 'Mozilla/5.0...' },
blocked: true,
context: 'user comment field',
});
// CSRF violation
monitor.recordCSRFViolation({
expectedToken: 'abc123',
receivedToken: 'invalid',
source: { ip: '192.168.1.101', sessionId: 'sess_456' },
endpoint: '/api/transfer',
});
// SQL injection attempt
monitor.recordInjectionAttempt({
type: 'sql',
payload: "'; DROP TABLE users; --",
source: { ip: '192.168.1.102' },
blocked: true,
query: 'SELECT * FROM users WHERE id = ?',
});
// Rate limit exceeded
monitor.recordRateLimitExceeded({
limit: 100,
current: 150,
window: '1h',
source: { ip: '192.168.1.103' },
endpoint: '/api/data',
});
// Suspicious activity
monitor.recordSuspiciousActivity({
activity: 'Multiple failed login attempts',
riskScore: 85,
source: { ip: '192.168.1.104' },
context: { attempts: 10, timeWindow: '5m' },
});
// Display final metrics
setTimeout(() => {
const metrics = monitor.getMetrics();
console.log('📊 Final Security Metrics:');
console.log(` Total Events: ${metrics.totalEvents}`);
console.log(` Blocked Events: ${metrics.blockedEvents}`);
console.log(` Events by Type:`, metrics.eventsByType);
console.log(` Events by Severity:`, metrics.eventsBySeverity);
console.log(` Top Sources:`, metrics.topSources.slice(0, 3));
}, 1000);
}
// Example 3: Dependency Vulnerability Scanning
async function dependencyVulnerabilityScanning() {
console.log('📦 Running Dependency Vulnerability Scan...\n');
const scanner = new VulnerabilityScanner({
projectPath: process.cwd(),
includeDevDependencies: true,
});
try {
const result = await scanner.scanDependencies();
console.log('📊 Dependency Scan Results:');
console.log(`Total vulnerabilities: ${result.summary.total}`);
console.log(`Critical: ${result.summary.critical}`);
console.log(`High: ${result.summary.high}`);
console.log(`Medium: ${result.summary.medium}`);
console.log(`Low: ${result.summary.low}`);
console.log(`Total dependencies scanned: ${result.metadata.totalDependencies}\n`);
if (result.vulnerabilities.length > 0) {
console.log('🚨 Vulnerable Dependencies:');
result.vulnerabilities.forEach((vuln, index) => {
console.log(`${index + 1}. ${vuln.package}@${vuln.version}`);
console.log(` Issue: ${vuln.vulnerability.title}`);
console.log(` Severity: ${vuln.vulnerability.severity.toUpperCase()}`);
console.log(` ID: ${vuln.vulnerability.id}`);
if (vuln.vulnerability.cvss) {
console.log(` CVSS Score: ${vuln.vulnerability.cvss.score}`);
}
console.log(` Fix: ${vuln.fixAvailable.available ?
`Update to ${vuln.fixAvailable.version}` :
'No automatic fix available'}\n`);
});
// Generate fix script
const fixScript = await scanner.generateFixScript();
console.log('🔧 Generated Fix Script:');
console.log(fixScript);
}
}
catch (error) {
console.error('❌ Dependency scan failed:', error);
}
}
// Run examples
async function runExamples() {
console.log('🛡️ OrdoJS Security Audit Examples\n');
console.log('='.repeat(50));
await basicSecurityAudit();
console.log('='.repeat(50));
runtimeSecurityMonitoring();
console.log('='.repeat(50));
await dependencyVulnerabilityScanning();
}
// Export for use in other files
export { basicSecurityAudit, dependencyVulnerabilityScanning, runExamples, runtimeSecurityMonitoring };
// Run examples if this file is executed directly
if (require.main === module) {
runExamples().catch(console.error);
}
//# sourceMappingURL=example.js.map