aimless-sdk/test-demo.js

Enhanced Runtime Application Self-Protection (RASP) and API Fuzzing Engine with advanced threat detection, behavioral analysis, and intelligent response scoring for Node.js applications

/**
 * Aimless Security SDK - Test Suite
 * 
 * This file demonstrates all major features of the SDK
 */

const Aimless = require('./dist/index.js');

console.log('='.repeat(60));
console.log('AIMLESS SECURITY SDK - FEATURE DEMONSTRATION');
console.log('='.repeat(60));

// Initialize with full configuration
const aimless = new Aimless.default({
  rasp: {
    enabled: true,
    blockMode: true,
    injectionProtection: true,
    xssProtection: true,
    csrfProtection: true,
    anomalyDetection: true,
    trustedOrigins: ['http://localhost:3000'],
    maxRequestSize: 10 * 1024 * 1024,
    rateLimiting: {
      enabled: true,
      maxRequests: 100,
      windowMs: 60000
    }
  },
  fuzzing: {
    enabled: true,
    maxPayloads: 20,
    authBypassTests: true,
    rateLimitTests: true,
    graphqlIntrospection: true
  },
  logging: {
    enabled: true,
    level: 'info'
  }
});

console.log('\n✓ Aimless Security initialized successfully\n');

// Test 1: SQL Injection Detection
console.log('TEST 1: SQL Injection Detection');
console.log('-'.repeat(60));
const sqlThreats = aimless.analyze({
  method: 'GET',
  path: '/api/users',
  query: {
    id: "1' OR '1'='1",
    name: 'test'
  },
  ip: '192.168.1.1'
});

console.log(`Found ${sqlThreats.length} threats`);
sqlThreats.forEach(t => {
  console.log(`  [${t.severity.toUpperCase()}] ${t.type}: ${t.description}`);
});

// Test 2: XSS Detection
console.log('\nTEST 2: XSS Attack Detection');
console.log('-'.repeat(60));
const xssThreats = aimless.analyze({
  method: 'POST',
  path: '/api/comments',
  body: {
    comment: '<script>alert("XSS")</script>',
    author: 'attacker'
  },
  ip: '192.168.1.2'
});

console.log(`Found ${xssThreats.length} threats`);
xssThreats.forEach(t => {
  console.log(`  [${t.severity.toUpperCase()}] ${t.type}: ${t.description}`);
});

// Test 3: XSS Sanitization
console.log('\nTEST 3: XSS Sanitization');
console.log('-'.repeat(60));
const maliciousInput = '<img src=x onerror=alert(1)>';
const sanitized = aimless.sanitize(maliciousInput);
console.log(`Original: ${maliciousInput}`);
console.log(`Sanitized: ${sanitized}`);

// Test 4: CSRF Token Generation
console.log('\nTEST 4: CSRF Token Generation');
console.log('-'.repeat(60));
const token1 = aimless.generateCSRFToken('session-123');
const token2 = aimless.generateCSRFToken('session-456');
console.log(`Session 123 Token: ${token1.substring(0, 20)}...`);
console.log(`Session 456 Token: ${token2.substring(0, 20)}...`);
console.log(`Tokens are unique: ${token1 !== token2}`);

// Test 5: Command Injection Detection
console.log('\nTEST 5: Command Injection Detection');
console.log('-'.repeat(60));
const cmdThreats = aimless.analyze({
  method: 'POST',
  path: '/api/exec',
  body: {
    command: 'ls -la; cat /etc/passwd'
  },
  ip: '192.168.1.3'
});

console.log(`Found ${cmdThreats.length} threats`);
cmdThreats.forEach(t => {
  console.log(`  [${t.severity.toUpperCase()}] ${t.type}: ${t.description}`);
});

// Test 6: Path Traversal Detection
console.log('\nTEST 6: Path Traversal Detection');
console.log('-'.repeat(60));
const pathThreats = aimless.analyze({
  method: 'GET',
  path: '/api/files',
  query: {
    file: '../../../etc/passwd'
  },
  ip: '192.168.1.4'
});

console.log(`Found ${pathThreats.length} threats`);
pathThreats.forEach(t => {
  console.log(`  [${t.severity.toUpperCase()}] ${t.type}: ${t.description}`);
});

// Test 7: NoSQL Injection Detection
console.log('\nTEST 7: NoSQL Injection Detection');
console.log('-'.repeat(60));
const nosqlThreats = aimless.analyze({
  method: 'POST',
  path: '/api/login',
  body: {
    username: { $ne: null },
    password: { $ne: null }
  },
  ip: '192.168.1.5'
});

console.log(`Found ${nosqlThreats.length} threats`);
nosqlThreats.forEach(t => {
  console.log(`  [${t.severity.toUpperCase()}] ${t.type}: ${t.description}`);
});

// Test 8: Clean Request (No Threats)
console.log('\nTEST 8: Clean Request (Should Pass)');
console.log('-'.repeat(60));
const cleanThreats = aimless.analyze({
  method: 'GET',
  path: '/api/users',
  query: {
    page: '1',
    limit: '10'
  },
  ip: '192.168.1.6'
});

console.log(`Found ${cleanThreats.length} threats ✓`);

// Test 9: API Fuzzing
console.log('\nTEST 9: API Fuzzing Test');
console.log('-'.repeat(60));
(async () => {
  const fuzzResult = await aimless.fuzz({
    url: 'http://example.com/api/users',
    method: 'GET',
    query: {
      id: '1',
      search: 'test'
    }
  });

  console.log(`Endpoint: ${fuzzResult.method} ${fuzzResult.endpoint}`);
  console.log(`Payloads Tested: ${fuzzResult.testedPayloads}`);
  console.log(`Vulnerabilities Found: ${fuzzResult.vulnerabilities.length}`);
  console.log(`Duration: ${fuzzResult.duration}ms`);

  // Summary
  console.log('\n' + '='.repeat(60));
  console.log('AIMLESS SECURITY - TEST SUMMARY');
  console.log('='.repeat(60));
  console.log('✓ SQL Injection Detection: WORKING');
  console.log('✓ XSS Detection: WORKING');
  console.log('✓ XSS Sanitization: WORKING');
  console.log('✓ CSRF Token Generation: WORKING');
  console.log('✓ Command Injection Detection: WORKING');
  console.log('✓ Path Traversal Detection: WORKING');
  console.log('✓ NoSQL Injection Detection: WORKING');
  console.log('✓ Clean Request Validation: WORKING');
  console.log('✓ API Fuzzing: WORKING');
  console.log('\nAll tests passed! Aimless Security is ready to use.');
  console.log('='.repeat(60));
})();