UNPKG

@thomkjel/logger

Version:

Security-focused event logging library for Next.js applications (Work in Progress)

202 lines (201 loc) 8.56 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.EnterpriseLogger = void 0; // Enterprise Logger Extension class EnterpriseLogger { constructor(complianceConfig, userInsightConfig, aiQueryConfig) { this.complianceAlerts = []; this.userJourneys = new Map(); this.aiInsights = []; this.complianceConfig = { owaspAlertsEnabled: true, iso27001Mode: true, vantaIntegration: false, auditReportsEnabled: true, alertWebhooks: [], ...complianceConfig }; this.userInsightConfig = { aiAnalysisEnabled: false, journeyTrackingEnabled: true, behaviorAnalysisEnabled: false, mcpServerEnabled: false, ...userInsightConfig }; this.aiQueryConfig = { naturalLanguageEnabled: false, aiProvider: 'claude', maxQueryHistory: 1000, ...aiQueryConfig }; } // OWASP Compliance Methods async checkOwaspCompliance(event) { const alerts = []; // OWASP Top 10 2021 Checks if (this.complianceConfig.owaspAlertsEnabled) { // A01:2021 - Broken Access Control if (event.type === 'authz_fail' && this.isRepeatedFailure(event.data.userid, 'authz_fail', 5)) { alerts.push(this.createOwaspAlert('A01:2021', 'Broken Access Control', 'HIGH', 'Multiple authorization failures detected', [event.id])); } // A02:2021 - Cryptographic Failures if (event.type === 'authn_password_change_fail' && event.data.reason === 'weak_password') { alerts.push(this.createOwaspAlert('A02:2021', 'Cryptographic Failures', 'MEDIUM', 'Weak password policy violation', [event.id])); } // A03:2021 - Injection if (event.type.includes('malicious') && event.data.attack_type === 'sql_injection') { alerts.push(this.createOwaspAlert('A03:2021', 'Injection', 'CRITICAL', 'SQL injection attack detected', [event.id])); } // A05:2021 - Security Misconfiguration if (event.type === 'sys_error' && event.data.error?.includes('configuration')) { alerts.push(this.createOwaspAlert('A05:2021', 'Security Misconfiguration', 'HIGH', 'Security configuration error detected', [event.id])); } // A07:2021 - Identification and Authentication Failures if (event.type === 'authn_impossible_travel') { alerts.push(this.createOwaspAlert('A07:2021', 'Identification and Authentication Failures', 'HIGH', 'Impossible travel pattern detected', [event.id])); } } return alerts; } // ISO 27001 Compliance Methods async generateIsoComplianceReport() { if (!this.complianceConfig.iso27001Mode) { throw new Error('ISO 27001 mode is not enabled'); } return { reportId: `ISO-${Date.now()}`, generatedAt: new Date().toISOString(), period: { start: new Date(Date.now() - 30 * 24 * 60 * 60 * 1000).toISOString(), // Last 30 days end: new Date().toISOString() }, controls: { 'A.9.1.1': this.checkAccessControlPolicy(), 'A.9.1.2': this.checkAccessToNetworks(), 'A.9.2.1': this.checkUserRegistration(), 'A.9.2.6': this.checkAccessRightsRemoval(), 'A.18.1.4': this.checkPrivacyProtection() }, compliance_score: this.calculateComplianceScore(), non_conformities: this.identifyNonConformities(), evidence_trails: this.compileEvidenceTrails() }; } // User Journey Analytics async analyzeUserJourney(userId) { if (!this.userInsightConfig.journeyTrackingEnabled) { return null; } const journey = this.userJourneys.get(userId); if (journey && this.userInsightConfig.aiAnalysisEnabled) { // AI-powered analysis journey.riskScore = await this.calculateRiskScore(journey); journey.anomalies = await this.detectAnomalies(journey); } return journey || null; } // Natural Language Query Interface async queryLogs(query) { if (!this.aiQueryConfig.naturalLanguageEnabled) { throw new Error('Natural language queries are not enabled'); } const insight = { id: `insight-${Date.now()}`, timestamp: new Date().toISOString(), query, response: '', confidence: 0, dataPoints: 0, category: 'SECURITY' }; // Process natural language queries if (query.toLowerCase().includes('failed login')) { insight.response = await this.processFailedLoginQuery(query); insight.category = 'SECURITY'; } else if (query.toLowerCase().includes('user journey')) { insight.response = await this.processUserJourneyQuery(query); insight.category = 'USER_BEHAVIOR'; } else if (query.toLowerCase().includes('compliance')) { insight.response = await this.processComplianceQuery(query); insight.category = 'COMPLIANCE'; } this.aiInsights.push(insight); return insight; } // MCP Server Integration async initializeMcpServer() { if (!this.userInsightConfig.mcpServerEnabled || !this.aiQueryConfig.mcpServerUrl) { throw new Error('MCP server is not configured'); } // Initialize connection to MCP server for Claude/ChatGPT integration console.log(`Initializing MCP server at ${this.aiQueryConfig.mcpServerUrl}`); // Setup endpoints for AI to query logs await this.setupMcpEndpoints(); } // Vanta Integration for Automated Compliance async syncToVanta() { if (!this.complianceConfig.vantaIntegration) { throw new Error('Vanta integration is not enabled'); } const evidencePackage = { timestamp: new Date().toISOString(), logs: this.compileAuditLogs(), compliance_checks: await this.runAllComplianceChecks(), security_controls: this.documentSecurityControls() }; // Send to Vanta API console.log('Syncing compliance evidence to Vanta...'); // Implementation would make API call to Vanta } // Private helper methods createOwaspAlert(rule, type, severity, description, evidenceIds) { return { id: `owasp-${Date.now()}`, timestamp: new Date().toISOString(), type: 'OWASP', severity, rule, description, evidenceLogIds: evidenceIds, status: 'ACTIVE' }; } isRepeatedFailure(userId, eventType, threshold) { // Logic to check for repeated failures return false; // Placeholder } checkAccessControlPolicy() { return { status: 'COMPLIANT' }; } checkAccessToNetworks() { return { status: 'COMPLIANT' }; } checkUserRegistration() { return { status: 'COMPLIANT' }; } checkAccessRightsRemoval() { return { status: 'COMPLIANT' }; } checkPrivacyProtection() { return { status: 'COMPLIANT' }; } calculateComplianceScore() { return 95; } identifyNonConformities() { return []; } compileEvidenceTrails() { return []; } async calculateRiskScore(journey) { // AI-powered risk calculation return Math.random() * 100; // Placeholder } async detectAnomalies(journey) { // AI-powered anomaly detection return []; // Placeholder } async processFailedLoginQuery(query) { return "Found 23 failed login attempts in the last week. Most common source: 192.168.1.100"; } async processUserJourneyQuery(query) { return "Most common user journey: Login → Dashboard → Profile → Logout (avg. 8 minutes)"; } async processComplianceQuery(query) { return "Current compliance score: 95%. 3 minor issues require attention."; } async setupMcpEndpoints() { // Setup MCP endpoints for AI integration } compileAuditLogs() { return []; } async runAllComplianceChecks() { return {}; } documentSecurityControls() { return {}; } } exports.EnterpriseLogger = EnterpriseLogger;